VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:52d95db40575ff719ad73fa97c2bec19
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Elan
Subfile information:aspack22_04576df5dumpFile / d44ef771bff4c5889f583f24eb9ee711 / EXE
iqtts.exedumpFile / 71ea2e4c0af87b3fd92048d2b81e5be5 / EXE
iqtts.exe / 71ea2e4c0af87b3fd92048d2b81e5be5 / EXE
xdgj.lxx / 4a0d728adc26a8baf896e297f966028c / Unknown
xdgj.lxxdumpFile / 4a0d728adc26a8baf896e297f966028c / Unknown
水费管理.exedumpFile / 53df4080beebc6489918709a0c6e20a6 / EXE
水费管理.exe / 53df4080beebc6489918709a0c6e20a6 / EXE
答问.docdumpFile / a46f87f510061417571d46038a9c0402 / Compound
答问.doc / a46f87f510061417571d46038a9c0402 / Compound
temp.pngdumpFile / de895441e4eba57e26595f46e660c167 / Unknown
temp.png / de895441e4eba57e26595f46e660c167 / Unknown
bqfdumpFile / 0b70d7cf8ffdd7068e1f542c011434d2 / Unknown
bqf / 0b70d7cf8ffdd7068e1f542c011434d2 / Unknown
清除 / 9d1d2c87e8045c49c28a332a7a395bf9 / Unknown
清除dumpFile / 9d1d2c87e8045c49c28a332a7a395bf9 / Unknown
减dumpFile / 48181165aea9fcd1ed0412fc42bc8919 / Unknown
等于 / 42a452e3b67582c474d9219bffa6021a / Unknown
等于dumpFile / 42a452e3b67582c474d9219bffa6021a / Unknown
减 / 48181165aea9fcd1ed0412fc42bc8919 / Unknown
Key behavior
Behavior description:获取TickCount值
details:TickCount = 5367656, SleepMilliseconds = 1000.
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\Program Files\IQ Technology\iqtts\reg.cmd" "
ImagePath = C:\WINDOWS\regedit.exe, CmdLine = regedit /s reg.reg
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /i /s mtts_eng.dll
File behavior
Behavior description:创建文件
details:C:\Program Files\IQ Technology\iqtts\__tmp_rar_sfx_access_check_5363843
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\dp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\mp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\pp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\S2P.dat
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\sp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\tdi.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\tpi.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\tsi.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\ENGW\dp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\ENGW\mp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\ENGW\pp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\ENGW\sp.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\ENGW\tdi.bin
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\ENGW\tpi.bin
Behavior description:修改文件内容
details:C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\dp.bin ---> Offset = 0
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\dp.bin ---> Offset = 28928
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\mp.bin ---> Offset = 0
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\pp.bin ---> Offset = 0
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\pp.bin ---> Offset = 256
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\pp.bin ---> Offset = 2560
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\pp.bin ---> Offset = 3328
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\pp.bin ---> Offset = 32768
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\S2P.dat ---> Offset = 0
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\sp.bin ---> Offset = 0
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\sp.bin ---> Offset = 65536
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\sp.bin ---> Offset = 131072
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\sp.bin ---> Offset = 196608
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\sp.bin ---> Offset = 262144
C:\Program Files\IQ Technology\iqtts\DATA\IQ John\CHN\tdi.bin ---> Offset = 0
Behavior description:创建可执行文件
details:C:\Program Files\IQ Technology\iqtts\mtts_eng.dll
Behavior description:删除文件
details:C:\Program Files\IQ Technology\iqtts\__tmp_rar_sfx_access_check_5363843
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\水费管理\iqtts.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Program Files\IQ Technology\iqtts
FileName = C:\Program Files\IQ Technology\iqtts\reg.cmd
FileName = C:\Program Files
FileName = C:\Program Files\IQ Technology
FileName = C:\Program Files\IQ Technology\iqtts\regedit.*
FileName = C:\Program Files\IQ Technology\iqtts\regedit
FileName = C:\Python27\regedit.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\WinRAR SFX\C%%Program Files%IQ Technology%iqtts
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\IQ Technology\iqtts\reg.cmd
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\804
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\CLSID
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\VoiceData
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\Attributes\Age
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\Attributes\Gender
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\Attributes\Internal
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\Attributes\Language
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\Attributes\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\Attributes\Vendor
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Annie\Lex\DataFile
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Cherry\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Speech\Voices\Tokens\IQ Cherry\804
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [RegEdit_RegEdit,]
Behavior description:获取TickCount值
details:TickCount = 5367656, SleepMilliseconds = 1000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description:可执行文件签名信息
details:C:\Program Files\IQ Technology\iqtts\mtts_eng.dll(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1000.
Behavior description:可执行文件MD5
details:C:\Program Files\IQ Technology\iqtts\mtts_eng.dll ---> 2aaaff4265fa417900b8b0d2e82fec7c
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
Behavior description:加载新释放的文件
details:Image: C:\Program Files\IQ Technology\iqtts\mtts_eng.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号