VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:41
Behavior list
Basic Information
MD5:6fd95d25e3d4c6ad2aba9595e0b357ea
file type:EXE
Production company:肥佬播放器更新程序
version:1.9.9.8---1, 9, 9, 8
Shell or compiler information:PACKER:UPolyX v0.5
Key behavior
Behavior description:获取TickCount值
details:TickCount = 217031, SleepMilliseconds = 500.
TickCount = 217046, SleepMilliseconds = 500.
TickCount = 217062, SleepMilliseconds = 500.
TickCount = 217359, SleepMilliseconds = 500.
TickCount = 217375, SleepMilliseconds = 500.
TickCount = 217390, SleepMilliseconds = 500.
TickCount = 217484, SleepMilliseconds = 500.
TickCount = 217500, SleepMilliseconds = 500.
TickCount = 217890, SleepMilliseconds = 500.
TickCount = 217906, SleepMilliseconds = 500.
TickCount = 218156, SleepMilliseconds = 500.
TickCount = 218171, SleepMilliseconds = 500.
TickCount = 218484, SleepMilliseconds = 500.
TickCount = 218703, SleepMilliseconds = 500.
TickCount = 218718, SleepMilliseconds = 500.
Behavior description:创建系统服务
details:[服务创建成功]: caicai, C:\WINDOWS\oooyou.exe
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
Process behavior
Behavior description:创建新文件进程
details:[0x00000af4]ImagePath = C:\WINDOWS\oooyou.exe, CmdLine = C:\WINDOWS\oooyou.exe
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2724, ThreadID = 2776, StartAddress = 00A3478B, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2812, StartAddress = 00A3478B, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2816, StartAddress = 77DC3519, Parameter = 00189100
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2820, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2848, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2852, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2884, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2888, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2916, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 2920, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 3052, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 3056, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 3148, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 3152, StartAddress = 004075DC, Parameter = 00000000
TargetProcess: oooyou.exe, InheritedFromPID = 652, ProcessID = 2804, ThreadID = 3184, StartAddress = 004075DC, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\WINDOWS\oooyou.exe
Behavior description:创建可执行文件
details:C:\WINDOWS\oooyou.exe
Behavior description:修改文件内容
details:C:\WINDOWS\oooyou.exe ---> Offset = 0
C:\WINDOWS\oooyou.exe ---> Offset = 65536
C:\WINDOWS\oooyou.exe ---> Offset = 131072
C:\WINDOWS\oooyou.exe ---> Offset = 196608
C:\WINDOWS\oooyou.exe ---> Offset = 262144
Behavior description:复制文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\WINDOWS\oooyou.exe
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\caicai\Description
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
C:\WINDOWS\oooyou.exe
caicai
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [4823-00000029,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, xiaodao, C:\WINDOWS\oooyou.exe
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
Behavior description:获取TickCount值
details:TickCount = 217031, SleepMilliseconds = 500.
TickCount = 217046, SleepMilliseconds = 500.
TickCount = 217062, SleepMilliseconds = 500.
TickCount = 217359, SleepMilliseconds = 500.
TickCount = 217375, SleepMilliseconds = 500.
TickCount = 217390, SleepMilliseconds = 500.
TickCount = 217484, SleepMilliseconds = 500.
TickCount = 217500, SleepMilliseconds = 500.
TickCount = 217890, SleepMilliseconds = 500.
TickCount = 217906, SleepMilliseconds = 500.
TickCount = 218156, SleepMilliseconds = 500.
TickCount = 218171, SleepMilliseconds = 500.
TickCount = 218484, SleepMilliseconds = 500.
TickCount = 218703, SleepMilliseconds = 500.
TickCount = 218718, SleepMilliseconds = 500.
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x00439277
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
Behavior description:可执行文件签名信息
details:C:\WINDOWS\oooyou.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 500.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 500.
[5]: MilliSeconds = 500.
[6]: MilliSeconds = 500.
[7]: MilliSeconds = 500.
[8]: MilliSeconds = 300.
[9]: MilliSeconds = 500.
[10]: MilliSeconds = 500.
Behavior description:可执行文件MD5
details:C:\WINDOWS\oooyou.exe ---> 6fd95d25e3d4c6ad2aba9595e0b357ea
Behavior description:创建系统服务
details:[服务创建成功]: caicai, C:\WINDOWS\oooyou.exe
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号