VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:7422fdf5af3eefe89fe5f92d5f4b66f4
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x7a0104ed.
Foreground window Info: HWND = 0x00000000, DC = 0xfa010557.
Behavior description: 设置消息钩子
details: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe
Behavior description: 获取TickCount值
details: TickCount = 5489609, SleepMilliseconds = 60000.
TickCount = 5489671, SleepMilliseconds = 60000.
TickCount = 5489703, SleepMilliseconds = 60000.
TickCount = 5489718, SleepMilliseconds = 60000.
TickCount = 5489734, SleepMilliseconds = 60000.
TickCount = 5489812, SleepMilliseconds = 60000.
TickCount = 5489906, SleepMilliseconds = 60000.
TickCount = 5489921, SleepMilliseconds = 60000.
TickCount = 5489937, SleepMilliseconds = 60000.
TickCount = 5489968, SleepMilliseconds = 60000.
TickCount = 5489984, SleepMilliseconds = 60000.
TickCount = 5490078, SleepMilliseconds = 60000.
TickCount = 5490093, SleepMilliseconds = 60000.
TickCount = 5490109, SleepMilliseconds = 60000.
TickCount = 5490125, SleepMilliseconds = 60000.

Process behavior

Behavior description: 隐藏窗口创建进程
details: ImagePath = , CmdLine = reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /d "C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}"
ImagePath = , CmdLine = reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /f /v "Check_Associations" /d "no"
Behavior description: 创建进程
details: ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /d "C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}"
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /f /v "Check_Associations" /d "no"
Behavior description: 创建本地线程
details: TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1276, ThreadID = 1136, StartAddress = 77E56C7D, Parameter = 00191BC8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1276, ThreadID = 412, StartAddress = 769AE43B, Parameter = 001A4F00
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1276, ThreadID = 1664, StartAddress = 77E56C7D, Parameter = 001A5638
TargetProcess: nvidiafg.exe, InheritedFromPID = 1276, ProcessID = 2284, ThreadID = 2328, StartAddress = 77E56C7D, Parameter = 00191EC0
TargetProcess: nvidiafg.exe, InheritedFromPID = 1276, ProcessID = 2284, ThreadID = 2332, StartAddress = 769AE43B, Parameter = 001A51E0
TargetProcess: nvidiafg.exe, InheritedFromPID = 1276, ProcessID = 2284, ThreadID = 2336, StartAddress = 77E56C7D, Parameter = 001A5838
TargetProcess: nvidiafg.exe, InheritedFromPID = 1276, ProcessID = 2284, ThreadID = 2352, StartAddress = 77E56C7D, Parameter = 001ADF50
Behavior description: 创建新文件进程
details: ImagePath = C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe"

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe ---> Offset = 4096
C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe ---> Offset = 8192
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\*.*
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Identities
FileName = C:\DOCUME~1\ADMINI~1\APPLIC~1\IDENTI~1\help\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\reg.exe
FileName = C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe
Behavior description: 复制文件
details: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Check_Associations
Behavior description: 修改注册表_系统常用文件夹
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description: 隐藏指定窗口
details: [Window,Class] = [Nvidiafg,ThunderRT6Main]
[Window,Class] = [,ThunderRT6FormDC]
Behavior description: 获取TickCount值
details: TickCount = 5489609, SleepMilliseconds = 60000.
TickCount = 5489671, SleepMilliseconds = 60000.
TickCount = 5489703, SleepMilliseconds = 60000.
TickCount = 5489718, SleepMilliseconds = 60000.
TickCount = 5489734, SleepMilliseconds = 60000.
TickCount = 5489812, SleepMilliseconds = 60000.
TickCount = 5489906, SleepMilliseconds = 60000.
TickCount = 5489921, SleepMilliseconds = 60000.
TickCount = 5489937, SleepMilliseconds = 60000.
TickCount = 5489968, SleepMilliseconds = 60000.
TickCount = 5489984, SleepMilliseconds = 60000.
TickCount = 5490078, SleepMilliseconds = 60000.
TickCount = 5490093, SleepMilliseconds = 60000.
TickCount = 5490109, SleepMilliseconds = 60000.
TickCount = 5490125, SleepMilliseconds = 60000.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.1276
MSFT.VSA.IEC.STATUS.6c736db0
MSFT.VSA.COM.DISABLE.2284
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x7a0104ed.
Foreground window Info: HWND = 0x00000000, DC = 0xfa010557.
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe(签名验证: 未通过)
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 60000.
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Application Data\Identities\{354f2f-20k-4472-ba37-63301alac280}\nvidiafg.exe ---> 7422fdf5af3eefe89fe5f92d5f4b66f4
Behavior description: 打开互斥体
details: ShimCacheMutex