VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 5e74aea9618ae989e4cf0ee88210fadb
file type: EXE
Production company:
version: 2.1.0.704---2.1.0.704
Shell or compiler information: COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *

Key behavior

Behavior description: 直接调用系统关键API
details: Index = 0x000000EA, Name: NtQueryInformationProcess, Instruction Address = 0x0042F111
Behavior description: 获取TickCount值
details: TickCount = 68912, SleepMilliseconds = 100.
TickCount = 69021, SleepMilliseconds = 100.
TickCount = 69131, SleepMilliseconds = 100.
TickCount = 69240, SleepMilliseconds = 100.
TickCount = 69350, SleepMilliseconds = 100.
TickCount = 69459, SleepMilliseconds = 100.
TickCount = 69568, SleepMilliseconds = 100.
TickCount = 69678, SleepMilliseconds = 100.
TickCount = 69709, SleepMilliseconds = 100.
TickCount = 69787, SleepMilliseconds = 100.
TickCount = 69896, SleepMilliseconds = 100.
TickCount = 70709, SleepMilliseconds = 100.
Behavior description: 直接获取CPU时钟
details: EAX = 0x75e5b207, EDX = 0x00000038
EAX = 0x786d8190, EDX = 0x00000038
EAX = 0x7b20810c, EDX = 0x00000038
EAX = 0xc78c5a57, EDX = 0x00000038
EAX = 0xc78c5aa3, EDX = 0x00000038
Behavior description: VMWare特殊指令检测虚拟机
details: N/A

Network behavior

Behavior description: 连接指定站点
details: WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x006f6878, hConnect = 0x0073d690, Flags = 0x00000000
WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x006f6878, hConnect = 0x0070e108, Flags = 0x00000000
WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x006f6878, hConnect = 0x00719bb0, Flags = 0x00000000
WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x006f6878, hConnect = 0x00719cb0, Flags = 0x00000000
WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x006f6878, hConnect = 0x0073da18, Flags = 0x00000000
WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x006f6878, hConnect = 0x0073c998, Flags = 0x00000000
WinHttpConnect: ServerName = ap****cc, PORT = 80, UserName = , Password = , hSession = 0x006f6878, hConnect = 0x00719db0, Flags = 0x00000000
Behavior description: 打开HTTP连接
details: WinHttpOpen: UserAgent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW32; Trident/5.0), hSession = 0x006f6878
Behavior description: 打开HTTP请求
details: WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x0073d690, hRequest = 0x0073d778, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x0070e108, hRequest = 0x00711670, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x00719bb0, hRequest = 0x0073d918, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x00719cb0, hRequest = 0x0073d918, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x0073da18, hRequest = 0x00711670, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x0073c998, hRequest = 0x00711670, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x00719db0, hRequest = 0x00711770, Verb: POST, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ap****cc:80/api/getlist, hConnect = 0x00719db0, hRequest = 0x00711670, Verb: POST, Referer: , Flags = 0x00000000
Behavior description: 按名称获取主机地址
details: GetAddrInfoW: ap****cc

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileDirectory

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 创建互斥体
details: RasPbFile
ATL:MemData03EAA-PC
Local\__DDrawExclMode__
Local\__DDrawCheckExclMode__
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ATL:DLGFrame032E]
Behavior description: 直接调用系统关键API
details: Index = 0x000000EA, Name: NtQueryInformationProcess, Instruction Address = 0x0042F111
Behavior description: 窗口信息
details: Pid = 2456, Hwnd=0x5016c, Text = 确定, ClassName = Button.
Pid = 2456, Hwnd=0x2017a, Text = 网络链接错误, ClassName = Static.
Pid = 2456, Hwnd=0x301e6, Text = 错误, ClassName = #32770.
Behavior description: 获取TickCount值
details: TickCount = 68912, SleepMilliseconds = 100.
TickCount = 69021, SleepMilliseconds = 100.
TickCount = 69131, SleepMilliseconds = 100.
TickCount = 69240, SleepMilliseconds = 100.
TickCount = 69350, SleepMilliseconds = 100.
TickCount = 69459, SleepMilliseconds = 100.
TickCount = 69568, SleepMilliseconds = 100.
TickCount = 69678, SleepMilliseconds = 100.
TickCount = 69709, SleepMilliseconds = 100.
TickCount = 69787, SleepMilliseconds = 100.
TickCount = 69896, SleepMilliseconds = 100.
TickCount = 70709, SleepMilliseconds = 100.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\KernelObjects\MaximumCommitCondition
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
Behavior description: 直接获取CPU时钟
details: EAX = 0x75e5b207, EDX = 0x00000038
EAX = 0x786d8190, EDX = 0x00000038
EAX = 0x7b20810c, EDX = 0x00000038
EAX = 0xc78c5a57, EDX = 0x00000038
EAX = 0xc78c5aa3, EDX = 0x00000038
Behavior description: VMWare特殊指令检测虚拟机
details: N/A

Run screenshot

VirSCAN