VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 6b304d13fff8a82d4fdf24abeb9176f9
file type: EXE
Production company:
version:
Shell or compiler information: PACKER:UPolyX v0.5

Key behavior

Behavior description: 直接调用系统关键API
details: Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00459D93
Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Behavior description: 直接获取CPU时钟
details: EAX = 0x077fb166, EDX = 0x000000b9
EAX = 0x077fb1b2, EDX = 0x000000b9
EAX = 0x077fb1fe, EDX = 0x000000b9
EAX = 0x077fb24a, EDX = 0x000000b9
EAX = 0x077fb296, EDX = 0x000000b9
EAX = 0x077fb2e2, EDX = 0x000000b9
EAX = 0x077fb32e, EDX = 0x000000b9
EAX = 0x077fb37a, EDX = 0x000000b9
EAX = 0x077fb3c6, EDX = 0x000000b9
EAX = 0x077fb412, EDX = 0x000000b9

Network behavior

Behavior description: 按名称获取主机地址
details: gethostbyname: ****

Registry behavior

Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Other behavior

Behavior description: 直接调用系统关键API
details: Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00459D93
Behavior description: 直接获取CPU时钟
details: EAX = 0x077fb166, EDX = 0x000000b9
EAX = 0x077fb1b2, EDX = 0x000000b9
EAX = 0x077fb1fe, EDX = 0x000000b9
EAX = 0x077fb24a, EDX = 0x000000b9
EAX = 0x077fb296, EDX = 0x000000b9
EAX = 0x077fb2e2, EDX = 0x000000b9
EAX = 0x077fb32e, EDX = 0x000000b9
EAX = 0x077fb37a, EDX = 0x000000b9
EAX = 0x077fb3c6, EDX = 0x000000b9
EAX = 0x077fb412, EDX = 0x000000b9
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
Behavior description: 直接操作物理设备
details: \??\PhysicalDrive0

Run screenshot

VirSCAN