VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:69ad25c70fa669644b3f80e4135533bc
file type:EXE
Production company:AeroAdmin Inc.
version:2.6.4.7---2647
Shell or compiler information:
Key behavior
Behavior description:获取TickCount值
details:TickCount = 546328, SleepMilliseconds = 60000.
TickCount = 546343, SleepMilliseconds = 60000.
TickCount = 546375, SleepMilliseconds = 60000.
TickCount = 546390, SleepMilliseconds = 60000.
TickCount = 546406, SleepMilliseconds = 60000.
TickCount = 546453, SleepMilliseconds = 60000.
TickCount = 546468, SleepMilliseconds = 60000.
TickCount = 546484, SleepMilliseconds = 60000.
TickCount = 546640, SleepMilliseconds = 60000.
TickCount = 547031, SleepMilliseconds = 60000.
TickCount = 547046, SleepMilliseconds = 60000.
TickCount = 547062, SleepMilliseconds = 60000.
TickCount = 548250, SleepMilliseconds = 60000.
TickCount = 548265, SleepMilliseconds = 60000.
TickCount = 548281, SleepMilliseconds = 60000.
Behavior description:修改注册表_安全模式启动项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AeroadminService\
Behavior description:进程提权信息
details:NT AUTHORITY\SYSTEM
Process behavior
Behavior description:枚举进程
details:N/A
Behavior description:进程提权信息
details:NT AUTHORITY\SYSTEM
File behavior
Behavior description:创建文件
details:C:\log.txt
Behavior description:修改文件内容
details:C:\log.txt ---> Offset = 0
C:\log.txt ---> Offset = 16
Behavior description:查找文件
details:FileName = C:\Documents and Settings\All Users\Application Data/boost_interprocess\*.*
FileName = C:\WINDOWS\system32\config\systemprofile
FileName = C:\WINDOWS\system32\config\systemprofile\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp
Network behavior
Behavior description:按名称获取主机地址
details:gethostbyname: computer
gethostbyname: au****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec
Behavior description:修改注册表_安全模式启动项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AeroadminService\
Other behavior
Behavior description:创建互斥体
details:bipc_gmap_sem_lock_1356_13084971555.937750
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
bipc_gmap_sem_lock_1880_13107005596.235750
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [,Edit]
[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [CustomWndCls,CustomWndCls]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取TickCount值
details:TickCount = 546328, SleepMilliseconds = 60000.
TickCount = 546343, SleepMilliseconds = 60000.
TickCount = 546375, SleepMilliseconds = 60000.
TickCount = 546390, SleepMilliseconds = 60000.
TickCount = 546406, SleepMilliseconds = 60000.
TickCount = 546453, SleepMilliseconds = 60000.
TickCount = 546468, SleepMilliseconds = 60000.
TickCount = 546484, SleepMilliseconds = 60000.
TickCount = 546640, SleepMilliseconds = 60000.
TickCount = 547031, SleepMilliseconds = 60000.
TickCount = 547046, SleepMilliseconds = 60000.
TickCount = 547062, SleepMilliseconds = 60000.
TickCount = 548250, SleepMilliseconds = 60000.
TickCount = 548265, SleepMilliseconds = 60000.
TickCount = 548281, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_DEBUG_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1880, Hwnd=0x302d8, Text = Your ID ?, ClassName = Static.
Pid = 1880, Hwnd=0x202c2, Text = IP, ClassName = Static.
Pid = 1880, Hwnd=0x202c4, Text = Client ID/IP, ClassName = Static.
Pid = 1880, Hwnd=0x202c8, Text = Connection mode, ClassName = Static.
Pid = 1880, Hwnd=0x202ca, Text = Allow remote control, ClassName = Static.
Pid = 1880, Hwnd=0x202c6, Text = Connect to remote PC, ClassName = Static.
Pid = 1880, Hwnd=0x302da, Text = Active connections, ClassName = Static.
Pid = 1880, Hwnd=0x302b8, Text = LICENSE: FREE, ClassName = Static.
Pid = 1880, Hwnd=0x402be, Text = Connect, ClassName = Button.
Pid = 1880, Hwnd=0x702c0, Text = Stop, ClassName = Button.
Pid = 1880, Hwnd=0x202d0, Text = Remote control, ClassName = ComboBox.
Pid = 1880, Hwnd=0x102de, Text = Offline (Can"t connect to Authorization Server), ClassName = Static.
Pid = 1880, Hwnd=0x202d6, Text = AeroAdmin, ClassName = CustomWndCls.
Pid = 1880, Hwnd=0x202ac, Text = 123456, ClassName = Edit.
Pid = 1880, Hwnd=0x202d0, Text = View only, ClassName = ComboBox.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 200.
[5]: MilliSeconds = 200.
[7]: MilliSeconds = 200.
[9]: MilliSeconds = 200.
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号