VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us VirSCAN  URL detection VirSCAN  API VirSCAN  uploader for windows(test)
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:30
Behavior list
Basic Information
MD5:48a75bf8e54f4be5e6c005f26d3c2a54
file type:EXE
Production company:
version:1.90.45.1251
Shell or compiler information:COMPILER:Microsoft Visual C++ 5.0 [Overlay]
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Behavior description:获取TickCount值
details:TickCount = 1076710, SleepMilliseconds = 117.
TickCount = 1076726, SleepMilliseconds = 117.
TickCount = 1076788, SleepMilliseconds = 117.
TickCount = 1076820, SleepMilliseconds = 117.
TickCount = 1076835, SleepMilliseconds = 117.
TickCount = 1076851, SleepMilliseconds = 117.
TickCount = 1077709, SleepMilliseconds = 600.
TickCount = 1078365, SleepMilliseconds = 600.
TickCount = 1086367, SleepMilliseconds = 117.
TickCount = 1086413, SleepMilliseconds = 117.
TickCount = 1086460, SleepMilliseconds = 117.
TickCount = 1086538, SleepMilliseconds = 117.
TickCount = 1086570, SleepMilliseconds = 117.
TickCount = 1086695, SleepMilliseconds = 117.
TickCount = 1086710, SleepMilliseconds = 117.
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\wpad[1].dat
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\wpad[1].dat
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
Behavior description:连接指定站点
details:InternetConnectA: ServerName = de****ru, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Downloader 18.7, hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
Behavior description:建立到一个指定的套接字连接
details:URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000003c0
URL: de****ru, IP: **.133.40.**:80, SOCKET = 0x000003ac
URL: de****ru, IP: **.133.40.**:80, SOCKET = 0x000003c4
URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000004e0
URL: de****ru, IP: **.133.40.**:80, SOCKET = 0x000004e4
Behavior description:读取网络文件
details:hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =8192, BytesRead = 8192.
Behavior description:发送HTTP包
details:GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
Behavior description:按名称获取主机地址
details:GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: de****ru
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\________\DEBUG\Trace Level
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\________\DEBUG\Trace Level
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\c:!documents and settings!administrator!ietldcache!
MSCTF.Shared.MUTEX.MOK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MOK.IC
EventName = MSCTF.SendReceiveConection.Event.MOK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 1076710, SleepMilliseconds = 117.
TickCount = 1076726, SleepMilliseconds = 117.
TickCount = 1076788, SleepMilliseconds = 117.
TickCount = 1076820, SleepMilliseconds = 117.
TickCount = 1076835, SleepMilliseconds = 117.
TickCount = 1076851, SleepMilliseconds = 117.
TickCount = 1077709, SleepMilliseconds = 600.
TickCount = 1078365, SleepMilliseconds = 600.
TickCount = 1086367, SleepMilliseconds = 117.
TickCount = 1086413, SleepMilliseconds = 117.
TickCount = 1086460, SleepMilliseconds = 117.
TickCount = 1086538, SleepMilliseconds = 117.
TickCount = 1086570, SleepMilliseconds = 117.
TickCount = 1086695, SleepMilliseconds = 117.
TickCount = 1086710, SleepMilliseconds = 117.
Behavior description:窗口信息
details:Pid = 2528, Hwnd=0x303c6, Text = Windows Update, ClassName = Window #1087912.
Pid = 2536, Hwnd=0x103d4, Text = Windows Update, ClassName = Window #1087912.
Pid = 2528, Hwnd=0x203f4, Text = 确定, ClassName = Button.
Pid = 2528, Hwnd=0x10400, Text = Ошибка: файл не найден, ClassName = Static.
Pid = 2528, Hwnd=0x203c0, Text = Ошибка, ClassName = #32770.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 117.
[2]: MilliSeconds = 600.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号