VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:3d458782344ef3f489c325723ac04fd9
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:fe51b424f35c48c13878bce77bea78a0.exe / fe51b424f35c48c13878bce77bea78a0 / EXE
Key behavior
Behavior description:设置线程上下文
details:C:\WINDOWS\system32\ntvdm.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trickler
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\ntvdm.exe, CmdLine = "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -o
Behavior description:设置线程上下文
details:C:\WINDOWS\system32\ntvdm.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1445330330.885565.exe_7zdump\fe51b424f35c48c13878bce77bea78a0_3202.exe
Behavior description:修改文件内容
details:C:\WINDOWS\Temp\scs4.tmp---> Offset = 36
C:\WINDOWS\Temp\scs5.tmp---> Offset = 77
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445330330.931883.exe_7zdump\fe51b424f35c48c13878bce77bea78a0.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445330330.935566.exe_7zdump
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445330330.969568.exe
FileName = c:\documents and settings
FileName = c:\documents and settings\administrator
FileName = c:\documents and settings\administrator\local settings
FileName = C:\MSDOS.SYS
FileName = C:\IO.SYS
Behavior description:修改新生成的可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1445330330.903200.exe_7zdump\fe51b424f35c48c13878bce77bea78a0_3202.exe---> Offset = 201043
C:\Documents and Settings\Administrator\Local Settings\%temp%\1445330330.906769.exe_7zdump\fe51b424f35c48c13878bce77bea78a0_3202.exe---> Offset = 201054
C:\Documents and Settings\Administrator\Local Settings\%temp%\1445330330.910360.exe_7zdump\fe51b424f35c48c13878bce77bea78a0_3202.exe---> Offset = 201045
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}\uets
\REGISTRY\MACHINE\SOFTWARE\Gator.com\Trickler\AppPath
\REGISTRY\MACHINE\SOFTWARE\Gator.com\Trickler\OldTrickler
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trickler
Other behavior
Behavior description:枚举窗口
details:N/A
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [ConsoleWindowClass,ntvdm-804.808.3d0002]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号