VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:54c6254e6ecb579c06f597a4e81bf580
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 修改注册表_IE首页
details: \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description: 修改注册表_启动项
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Drivers for Internet Explorer

Process behavior

Behavior description: 创建本地线程
details: N/A
Behavior description: 进程退出
details: N/A
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 创建文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gert0.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ci0-temp\web.set
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ci0-temp\web.set---> Offset = 0
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gert0.dll
Behavior description: 删除文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ci0-temp\web.set
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ci0-temp\web.set-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ci0-temp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gert0.dll
Behavior description: 查找文件
details: FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ci0-temp\*.*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\启动
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\WINDOWS
FileName = C:\WINDOWS\Fonts

Registry behavior

Behavior description: 修改注册表_IE首页
details: \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description: 修改注册表_启动项
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Drivers for Internet Explorer

Other behavior

Behavior description: 创建互斥体
details: 70c557601c664fb
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description: 可执行文件MD5
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gert0.dll ---> 17f25804018f53627d1edfb3f7407e76
Behavior description: 加载新释放的文件
details: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gert0.dll.
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 可执行文件签名信息
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gert0.dll(签名验证: 未通过)