VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 42b39e3f50727b778af0da0faafc30e6
file type: EXE
Production company: Sogou.com Inc.
version: 1.0.0.1---5.2.0.5374
Shell or compiler information: COMPILER:Microsoft Visual C++ 6.0

Key behavior

Behavior description: 创建系统服务
details: [服务创建成功]: Please Input Service Name, C:\Program Files\svchost.exe
Behavior description: 获取TickCount值
details: TickCount = 215646, SleepMilliseconds = 100.
TickCount = 215662, SleepMilliseconds = 100.
TickCount = 636109, SleepMilliseconds = 420000.
TickCount = 636125, SleepMilliseconds = 420000.
TickCount = 636250, SleepMilliseconds = 420000.
TickCount = 1416281, SleepMilliseconds = 1200000.
TickCount = 221428, SleepMilliseconds = 100.
TickCount = 221443, SleepMilliseconds = 100.
TickCount = 222834, SleepMilliseconds = 100.
TickCount = 229459, SleepMilliseconds = 100.
TickCount = 232865, SleepMilliseconds = 100.
TickCount = 232959, SleepMilliseconds = 100.
TickCount = 233037, SleepMilliseconds = 100.
TickCount = 233084, SleepMilliseconds = 100.
TickCount = 236350, SleepMilliseconds = 100.

File behavior

Behavior description: 创建文件
details: C:\Program Files\svchost.exe
Behavior description: 创建可执行文件
details: C:\Program Files\svchost.exe
Behavior description: 复制文件
details: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\Program Files\svchost.exe
Behavior description: 删除文件
details: C:\Program Files\svchost.exe
Behavior description: 重命名文件
details: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\Program Files\svchost.exe
Behavior description: 修改文件内容
details: C:\Program Files\svchost.exe ---> Offset = 0
C:\Program Files\svchost.exe ---> Offset = 65536
C:\Program Files\svchost.exe ---> Offset = 131072
C:\Program Files\svchost.exe ---> Offset = 4096

Network behavior

Behavior description: 建立到一个指定的套接字连接
details: URL: 68****et, IP: **.133.40.**:38438, SOCKET = 0x0000009c
URL: 68****et, IP: **.133.40.**:38438, SOCKET = 0x000000b8
URL: 68****et, IP: **.133.40.**:38438, SOCKET = 0x000000d4
URL: ww****om, IP: **.133.40.**:8080, SOCKET = 0x00000148
URL: ww****om, IP: **.133.40.**:8080, SOCKET = 0x00000138
URL: 68****et, IP: **.133.40.**:38438, SOCKET = 0x000000f0
URL: 68****et, IP: **.133.40.**:38438, SOCKET = 0x000000e0
URL: 68****et, IP: **.133.40.**:38438, SOCKET = 0x00000194
Behavior description: 按名称获取主机地址
details: gethostbyname: 68****et
gethostbyname: ww****om

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Please Input Service Name\Description

Other behavior

Behavior description: 创建互斥体
details: 68703099.f3322.net+20130223
www.g0oo0gle.com:8080
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
Behavior description: 启动系统服务
details: [服务启动成功]: LocalSystem, Please Input Service Display, C:\Program Files\svchost.exe
Behavior description: 获取TickCount值
details: TickCount = 215646, SleepMilliseconds = 100.
TickCount = 215662, SleepMilliseconds = 100.
TickCount = 636109, SleepMilliseconds = 420000.
TickCount = 636125, SleepMilliseconds = 420000.
TickCount = 636250, SleepMilliseconds = 420000.
TickCount = 1416281, SleepMilliseconds = 1200000.
TickCount = 221428, SleepMilliseconds = 100.
TickCount = 221443, SleepMilliseconds = 100.
TickCount = 222834, SleepMilliseconds = 100.
TickCount = 229459, SleepMilliseconds = 100.
TickCount = 232865, SleepMilliseconds = 100.
TickCount = 232959, SleepMilliseconds = 100.
TickCount = 233037, SleepMilliseconds = 100.
TickCount = 233084, SleepMilliseconds = 100.
TickCount = 236350, SleepMilliseconds = 100.
Behavior description: 打开事件
details: Global\SvcctrlStartEvent_A3752DX
HookSwitchHookEnabledEvent
Behavior description: 可执行文件签名信息
details: C:\Program Files\svchost.exe(签名验证: 未通过)
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 100.
[1]: MilliSeconds = 500.
[2]: MilliSeconds = 1000.
[2]: MilliSeconds = 420000.
[3]: MilliSeconds = 420000.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[5]: MilliSeconds = 1200000.
[6]: MilliSeconds = 1200000.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
Behavior description: 可执行文件MD5
details: C:\Program Files\svchost.exe ---> 42b39e3f50727b778af0da0faafc30e6
Behavior description: 打开互斥体
details: DBWinMutex
Behavior description: 创建系统服务
details: [服务创建成功]: Please Input Service Name, C:\Program Files\svchost.exe

Run screenshot

VirSCAN