VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:6102d84c344598e7f86e2735fd0bb4ee
file type:EXE
Production company:
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:upx_c_b00e2e58dumpFile / 161fd56f54fe7c51a29d3b53b1e2ba4e / EXE
Key behavior
Behavior description:设置特殊文件属性
details:C:\Server.exe
C:\svshost.exe
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
Behavior description:获取TickCount值
details:TickCount = 5355646, SleepMilliseconds = 100.
TickCount = 5355803, SleepMilliseconds = 100.
TickCount = 5355742, SleepMilliseconds = 8.
TickCount = 5355758, SleepMilliseconds = 8.
TickCount = 5358961, SleepMilliseconds = 8.
TickCount = 5360695, SleepMilliseconds = 8.
TickCount = 5364148, SleepMilliseconds = 8.
TickCount = 5366086, SleepMilliseconds = 8.
TickCount = 5369414, SleepMilliseconds = 8.
TickCount = 5371445, SleepMilliseconds = 8.
TickCount = 5374912, SleepMilliseconds = 100.
TickCount = 5376818, SleepMilliseconds = 100.
TickCount = 5380008, SleepMilliseconds = 8.
TickCount = 5381648, SleepMilliseconds = 8.
TickCount = 5384961, SleepMilliseconds = 8.
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Server
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svshost
Process behavior
Behavior description:创建本地线程
details:TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2520, StartAddress = 00410F51, Parameter = 00000000
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2524, StartAddress = 77C0A341, Parameter = 003F4120
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2528, StartAddress = 77C0A341, Parameter = 003F41B0
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2548, StartAddress = 77C0A341, Parameter = 003F4120
TargetProcess: svshost.exe, InheritedFromPID = 2476, ProcessID = 2552, ThreadID = 2560, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: svshost.exe, InheritedFromPID = 2476, ProcessID = 2552, ThreadID = 2576, StartAddress = 77C0A341, Parameter = 003F5010
TargetProcess: svshost.exe, InheritedFromPID = 2476, ProcessID = 2552, ThreadID = 2580, StartAddress = 77C0A341, Parameter = 003F5010
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2596, StartAddress = 77C0A341, Parameter = 003F4120
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2600, StartAddress = 77C0A341, Parameter = 003F4120
TargetProcess: svshost.exe, InheritedFromPID = 2476, ProcessID = 2552, ThreadID = 2616, StartAddress = 77C0A341, Parameter = 003F5698
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2636, StartAddress = 77C0A341, Parameter = 003F4120
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2648, StartAddress = 77C0A341, Parameter = 00DE02E8
TargetProcess: svshost.exe, InheritedFromPID = 2476, ProcessID = 2552, ThreadID = 2656, StartAddress = 77C0A341, Parameter = 003F5010
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2764, StartAddress = 77C0A341, Parameter = 00DE0190
TargetProcess: Server.exe, InheritedFromPID = 2476, ProcessID = 2512, ThreadID = 2792, StartAddress = 77C0A341, Parameter = 00DE0190
Behavior description:创建新文件进程
details:ImagePath = C:\Server.exe, CmdLine = C:\Server.exe
ImagePath = C:\svshost.exe, CmdLine = C:\svshost.exe
File behavior
Behavior description:创建文件
details:C:\Server.exe
C:\svshost.exe
C:\WINDOWS\system32\svshost.exe
Behavior description:创建可执行文件
details:C:\Server.exe
C:\svshost.exe
C:\WINDOWS\system32\svshost.exe
Behavior description:复制文件
details:C:\svshost.exe ---> \\.\agmkis2
Behavior description:设置特殊文件属性
details:C:\Server.exe
C:\svshost.exe
Behavior description:查找文件
details:FileName = C:\Server.exe
FileName = C:\svshost.exe
Behavior description:重命名文件
details:C:\Server.exe ---> C:\windows\system32\Server.exe
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
Behavior description:修改文件内容
details:C:\Server.exe ---> Offset = 0
C:\svshost.exe ---> Offset = 0
C:\WINDOWS\system32\svshost.exe ---> Offset = 0
C:\WINDOWS\system32\svshost.exe ---> Offset = 65536
C:\WINDOWS\system32\svshost.exe ---> Offset = 4096
C:\WINDOWS\system32\svshost.exe ---> Offset = 8192
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: , IP: **.207.227.**:1997, SOCKET = 0x000000cc
URL: , IP: **.207.227.**:1150, SOCKET = 0x000000dc
URL: , IP: **.207.227.**:1150, SOCKET = 0x000000e0
URL: , IP: **.207.227.**:1150, SOCKET = 0x000000f0
URL: , IP: **.207.227.**:1150, SOCKET = 0x00000104
URL: , IP: **.207.227.**:1997, SOCKET = 0x00000150
URL: , IP: **.207.227.**:1150, SOCKET = 0x000000f8
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Server
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svshost
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
C:\svshost.exe
123.207.227.124:1150
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:获取TickCount值
details:TickCount = 5355646, SleepMilliseconds = 100.
TickCount = 5355803, SleepMilliseconds = 100.
TickCount = 5355742, SleepMilliseconds = 8.
TickCount = 5355758, SleepMilliseconds = 8.
TickCount = 5358961, SleepMilliseconds = 8.
TickCount = 5360695, SleepMilliseconds = 8.
TickCount = 5364148, SleepMilliseconds = 8.
TickCount = 5366086, SleepMilliseconds = 8.
TickCount = 5369414, SleepMilliseconds = 8.
TickCount = 5371445, SleepMilliseconds = 8.
TickCount = 5374912, SleepMilliseconds = 100.
TickCount = 5376818, SleepMilliseconds = 100.
TickCount = 5380008, SleepMilliseconds = 8.
TickCount = 5381648, SleepMilliseconds = 8.
TickCount = 5384961, SleepMilliseconds = 8.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
Behavior description:可执行文件签名信息
details:C:\Server.exe(签名验证: 未通过)
C:\svshost.exe(签名验证: 未通过)
C:\WINDOWS\system32\svshost.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
Behavior description:可执行文件MD5
details:C:\Server.exe ---> 829ea67a80894431239a1080194d2f87
C:\svshost.exe ---> 7c1996b0af1b8185b478c01ecb3f7bb4
C:\WINDOWS\system32\svshost.exe ---> 7c1996b0af1b8185b478c01ecb3f7bb4
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号