VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:82
Behavior list
Basic Information
MD5:649222a8dbc4f44dc55efe94fc9f8e31
file type:7z
Production company:JFX
version:3.8.7.0---3,8,7.0
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:WinNTSetup_x64.exe / 1d3f267d0b694240e153fa3bdb7c40d1 / EXE
wimgapi.dll / f9bb4a709903d28d6b7436ea7aa7d546 / DLL
libwim-15.dll / a8c1055940fb378412c9175bc5112c1c / DLL
wimgapi.old / 248d35235912b3ab90754be74d406aa5 / DLL
BOOTICEx64.exe / c8dd28f1135c11861eb7d93b7a931433 / EXE
bcdedit.exe / 9535e3809322a2a34aacb9ba6461c416 / EXE
wofadk.sys / 6f9248f6c354e39a20e27c5229b9b5db / SYS
bcdboot.exe / 6fc4e47506182128712da4e5e7d3455a / EXE
bootsect.exe / bbcd51279be0b3e8705853ae2a0a62ce / EXE
wimlib-imagex.exe / 60cf62e26e88aeb347a7d409d5d32948 / EXE
MSSTMake.exe / 64d41e1e1a0410bf669c1d0820ed4c1f / EXE
offreg.dll / b2b03261a0d03cc674713477a1249cc9 / DLL
MinHook.dll / 997ec2601a0dcd44a0ee17be828650c5 / DLL
WimBootCompress.ini / 8b6863f0284800f434c15a1cf03607c8 / Unknown
WinNTSetup_iso.cmd / a774f9811e2703b829f4ce9db6e59595 / Unknown
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\WimBootCompress.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\WinNTSetup_iso.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.old
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bootsect.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\DISM\wofadk.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MinHook.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MSSTMake.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\offreg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\libwim-15.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\wimlib-imagex.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\WinNTSetup_x64.exe
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\WimBootCompress.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\WinNTSetup_iso.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.old
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bootsect.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\DISM\wofadk.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MinHook.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MSSTMake.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\offreg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\libwim-15.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\wimlib-imagex.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\WinNTSetup_x64.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\WimBootCompress.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\WinNTSetup_iso.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.old ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe ---> Offset = 12800
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe ---> Offset = 78336
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe ---> Offset = 143872
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe ---> Offset = 209408
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe ---> Offset = 37888
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe ---> Offset = 103424
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe ---> Offset = 168960
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\WinNTSetup_x64.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Tools\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Tools\x64\*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\WinNTSetup_x64.exe
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1160, Hwnd=0x202d8, Text = Error during execution ""WinNTSetup_x64.exe"". "WinNTSetup_x64.exe" 不是有效的 Win32 应用程序。 , ClassName = Static.
Pid = 1160, Hwnd=0x202c8, Text = OK, ClassName = Button.
Pid = 1160, Hwnd=0x402d4, Text = 996E: error, ClassName = #32770.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.old(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bootsect.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\DISM\wofadk.sys(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MinHook.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MSSTMake.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\offreg.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\libwim-15.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\wimlib-imagex.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\WinNTSetup_x64.exe(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.old ---> 248d35235912b3ab90754be74d406aa5
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdboot.exe ---> 6fc4e47506182128712da4e5e7d3455a
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bcdedit.exe ---> 9535e3809322a2a34aacb9ba6461c416
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\BOOTICEx64.exe ---> c8dd28f1135c11861eb7d93b7a931433
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\bootsect.exe ---> bbcd51279be0b3e8705853ae2a0a62ce
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\DISM\wofadk.sys ---> 6f9248f6c354e39a20e27c5229b9b5db
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MinHook.dll ---> 997ec2601a0dcd44a0ee17be828650c5
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\MSSTMake.exe ---> 64d41e1e1a0410bf669c1d0820ed4c1f
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\offreg.dll ---> b2b03261a0d03cc674713477a1249cc9
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimgapi.dll ---> f9bb4a709903d28d6b7436ea7aa7d546
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\libwim-15.dll ---> a8c1055940fb378412c9175bc5112c1c
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Tools\x64\wimlib\wimlib-imagex.exe ---> 60cf62e26e88aeb347a7d409d5d32948
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\WinNTSetup_x64.exe ---> 1d3f267d0b694240e153fa3bdb7c40d1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号