VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:61fc76841c2bd8dac296b3ea933845d7
file type:7z
Production company:Mo Hong
version:3.2.0.1---3.2.0.1
Shell or compiler information:PACKER:WinUpack 0.39 final -> By Dwing [Overlay]
Subfile information:Ghost64.exe / big file / EXE
imagex.exe / 464ec9a2805f66331530a96b66443acd / EXE
PECMD.EXE / bfedc9bc63fc32c0bda8c8c50d455e04 / EXE
upack0.39_b9a6b7d8dumpFile / 28d8c5e9f1bd789128655fc5fbd94a91 / EXE
bcdboot.exe / 32cefa4064f83a6e394012112ff00193 / EXE
bootsect.exe / fb7fb153b0029eff18d62976abee57ab / EXE
ISODrv64.sys / 9c6f3f69163133fb8e56ac4a6e163452 / SYS
MARK.EXE / 8dc9908f20af72286682c91bd9f15f05 / EXE
CGI.WCZ / ce5ddcffdcd6edd308823d5712e9e808 / Unknown
USORT.EXE / 2a0ad45c6778fe82c23570a83ea74cc7 / EXE
IsoCmd.exe / 66f5341a29e602c25637e83ea31ddf32 / EXE
HDSIZEID.EXE / 582f56bd71a5551f295ffe3678277fe5 / EXE
GP.EXE / 3d73e856631ef9997b5e15e61c5e1397 / EXE
OSVOLNumber.exe / 803d3c62b5c0ca646c1da3f46538bd1d / EXE
Dicon1.ico / cdf99409adaa1de82b5d06ffa80d4f37 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MPH..OOMHH
MSCTF.MarshalInterface.FileMap.MPH.B.OPMHH
MSCTF.MarshalInterface.FileMap.MPH.C.OPMHH
MSCTF.MarshalInterface.FileMap.MPH.D.OPMHH
MSCTF.MarshalInterface.FileMap.MPH.E.NANHH
MSCTF.MarshalInterface.FileMap.MPH.F.NANHH
MSCTF.MarshalInterface.FileMap.MPH.G.NANHH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MPH..OOMHH
MSCTF.MarshalInterface.FileMap.MPH.B.OPMHH
MSCTF.MarshalInterface.FileMap.MPH.C.OPMHH
MSCTF.MarshalInterface.FileMap.MPH.D.OPMHH
MSCTF.MarshalInterface.FileMap.MPH.E.NANHH
MSCTF.MarshalInterface.FileMap.MPH.F.NANHH
MSCTF.MarshalInterface.FileMap.MPH.G.NANHH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\bcdboot.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\bootsect.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\Ghost64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\GP.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\HDSIZEID.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\imagex.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\IsoCmd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\MARK.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\OSVOLNumber.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\PECMD.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\USORT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\ISODrv64.sys
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\Dicon1.ico---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\CGI.WCZ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\PECMD.EXE
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\CLDs64
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\CLDs64\PECMD.EXE
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\PECMD.EXE
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 1584, Hwnd=0x202b4, Text = 执行 ""CLDs64\PECMD.EXE" LOAD C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CLDs64\CGI.WCZ" 时出错。 %1 不是有效的 Win32 应用程序。 , ClassName = Static.
Pid = 1584, Hwnd=0x502a4, Text = 确定(&O), ClassName = Button.
Pid = 1584, Hwnd=0x202a6, Text = 数据解压: 错误, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号