VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:22
Behavior list
Basic Information
MD5:3cb3251ce24695677046aa22a435c32b
file type:DLL
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:跨进程写入数据
details:TargetProcess = svchost.exe, WriteAddress = 0x00400000, Size = 4096
TargetProcess = svchost.exe, WriteAddress = 0x00401000, Size = 0
TargetProcess = svchost.exe, WriteAddress = 0x0051e000, Size = 52736
Behavior description:DLL样本(x86)
details:N/A
Behavior description:设置线程上下文
details:C:\WINDOWS\system32\svchost.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\系统输入法
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = svchost.exe
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\svchost.exe, CmdLine = svchost.exe
Behavior description:设置线程上下文
details:C:\WINDOWS\system32\svchost.exe
Behavior description:枚举进程
details:N/A
Behavior description:跨进程写入数据
details:TargetProcess = svchost.exe, WriteAddress = 0x00400000, Size = 4096
TargetProcess = svchost.exe, WriteAddress = 0x00401000, Size = 0
TargetProcess = svchost.exe, WriteAddress = 0x0051e000, Size = 52736
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\svchost.exe
FileName = C:\Program Files\BLDBaseService\*.*
FileName = C:\Program Files (x86)\HomeSafe\*.*
FileName = C:\Program Files\HomeSafe\*.*
Registry behavior
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\系统输入法
Behavior description:删除注册表键值_本地安全策略
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Lsa\Notification Packages
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [IEFrame,]
NtUserFindWindowEx: [Class,Window] = [WorkerW,]
NtUserFindWindowEx: [Class,Window] = [ReBarWindow32,]
NtUserFindWindowEx: [Class,Window] = [Address Band Root,]
NtUserFindWindowEx: [Class,Window] = [Edit,]
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:DLL样本(x86)
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号