VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 6987dc6137619eb224777c89de7c2e91
file type: EXE
Production company: ASTROGAMES
version: 5.2.8.9---5.2.8.9
Shell or compiler information: COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]

Key behavior

Behavior description: 设置特殊文件属性
details: C:\Program\bit.exe
C:\Program\conr.bat
C:\Program\conr.vbs
C:\Program\Go.bat
C:\Program\Go.vbs
C:\Program\Hide.bat
C:\Program\Hide.vbs
C:\Program\msvcr120.dll
Behavior description: 杀掉进程
details: TASKKILL = taskkill /F /IM bit.exe
Behavior description: 设置特殊文件夹属性
details: C:\Program
Behavior description: 查找文件方式探测虚拟机
details: FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\VMware\Program
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VMwareDnD\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VMwareDnD\Program
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\Program
FindFirstFileEx: FileName = C:\Documents and Settings\All Users\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\All Users\Application Data\VMware\Program
FindFirstFileEx: FileName = C:\Documents and Settings\root\Local Settings\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\root\Local Settings\Application Data\VMware\Program
FindFirstFileEx: FileName = C:\Program Files\Common Files\VMware\*.*
FindFirstFileEx: FileName = C:\Program Files\Common Files\VMware\Program
FindFirstFileEx: FileName = C:\Program Files\Oracle\VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\Program Files\Oracle\VirtualBox Guest Additions\Program
FindFirstFileEx: FileName = C:\Program Files\VMware\*.*
Behavior description: 设置启动项
details: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\OneDriveSetup.lnk

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\2.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\temp_0.tmp
C:\WINDOWS\Arigon\52.exe
C:\Program\__tmp_rar_sfx_access_check_217937
C:\Program\conr.vbs
C:\Program\Go.vbs
C:\Program\msvcr120.dll
C:\Program\Hide.vbs
C:\Program\bit.exe
C:\Program\Hide.bat
C:\Program\conr.bat
C:\Program\Go.bat
Behavior description: 创建可执行文件
details: C:\WINDOWS\Arigon\52.exe
C:\Program\msvcr120.dll
C:\Program\bit.exe
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Windows
FileName = C:\Windows\Arigon
FileName = C:\Windows\Arigon\52.exe
FileName = C:\WINDOWS
FileName = C:\WINDOWS\Arigon
FileName = C:\WINDOWS\Arigon\52.exe
FileName = conr.vbs
FileName = \\?\C:\Program\conr.vbs
Behavior description: 设置启动项
details: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\OneDriveSetup.lnk
Behavior description: 设置特殊文件属性
details: C:\Program\bit.exe
C:\Program\conr.bat
C:\Program\conr.vbs
C:\Program\Go.bat
C:\Program\Go.vbs
C:\Program\Hide.bat
C:\Program\Hide.vbs
C:\Program\msvcr120.dll
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\temp_0.tmp
C:\Program\__tmp_rar_sfx_access_check_217937
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\2.tmp
Behavior description: 修改BAT脚本文件
details: C:\Program\conr.vbs ---> Offset = 0
C:\Program\Go.vbs ---> Offset = 0
C:\Program\Hide.vbs ---> Offset = 0
C:\Program\Hide.bat ---> Offset = 0
C:\Program\conr.bat ---> Offset = 0
C:\Program\Go.bat ---> Offset = 0
Behavior description: 设置特殊文件夹属性
details: C:\Program
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\2.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\2.tmp ---> Offset = 4
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\temp_0.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\temp_0.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\temp_0.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\temp_0.tmp ---> Offset = 196608
C:\WINDOWS\Arigon\52.exe ---> Offset = 0
C:\WINDOWS\Arigon\52.exe ---> Offset = 32768
C:\WINDOWS\Arigon\52.exe ---> Offset = 65536
C:\WINDOWS\Arigon\52.exe ---> Offset = 98304
C:\WINDOWS\Arigon\52.exe ---> Offset = 131072
C:\Program\msvcr120.dll ---> Offset = 0
C:\Program\msvcr120.dll ---> Offset = 3072
C:\Program\msvcr120.dll ---> Offset = 18944
C:\Program\msvcr120.dll ---> Offset = 22784

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\VersionMajor
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\VersionMinor
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\HelpLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\InstallSource
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\InstallDate
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\Language
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\EstimatedSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astron Protector Gift 5.2.8.9\NoModify

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
Global\crypt32LogoffEvent
MSFT.VSA.COM.DISABLE.2856
MSFT.VSA.IEC.STATUS.6c736db0
MSFT.VSA.COM.DISABLE.2872
MSFT.VSA.COM.DISABLE.3004
MSFT.VSA.COM.DISABLE.3084
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description: 枚举窗口
details: N/A
Behavior description: 可执行文件签名信息
details: C:\WINDOWS\Arigon\52.exe(签名验证: 未通过)
C:\Program\msvcr120.dll(签名验证: 通过)
C:\Program\bit.exe(签名验证: 未通过)
Behavior description: 隐藏指定窗口
details: [Window,Class] = [玉蜞眍怅?Astron Protector Gift 5.2.8.9,obj_App]
[Window,Class] = [Smart Install Maker,obj_Form]
[Window,Class] = [,obj_STATIC]
[Window,Class] = [玉蜞眍怅?Astron Protector Gift 5.2.8.9,obj_Form]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [&Обзор...,Button]
[Window,Class] = [C:\Program\,ComboBox]
Behavior description: 可执行文件MD5
details: C:\WINDOWS\Arigon\52.exe ---> 3278ffa2ad404dcf607b4b69904e7ef4
C:\Program\msvcr120.dll ---> 034ccadc1c073e4216e9466b720f9849
C:\Program\bit.exe ---> be8470c41b99ccfac7e1d5b890d082fe
Behavior description: 打开互斥体
details: ShimCacheMutex
Local\!IETld!Mutex
Behavior description: 查找文件方式探测虚拟机
details: FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\VMware\Program
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VMwareDnD\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VMwareDnD\Program
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\Program
FindFirstFileEx: FileName = C:\Documents and Settings\All Users\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\All Users\Application Data\VMware\Program
FindFirstFileEx: FileName = C:\Documents and Settings\root\Local Settings\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\root\Local Settings\Application Data\VMware\Program
FindFirstFileEx: FileName = C:\Program Files\Common Files\VMware\*.*
FindFirstFileEx: FileName = C:\Program Files\Common Files\VMware\Program
FindFirstFileEx: FileName = C:\Program Files\Oracle\VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\Program Files\Oracle\VirtualBox Guest Additions\Program
FindFirstFileEx: FileName = C:\Program Files\VMware\*.*

Run screenshot

VirSCAN