VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 7835875c3814846c1e3ba97d404b4b4c
file type: EXE
Production company: Tencent Inc.
version: 9.5.9874.400---9.5.9874.400
Shell or compiler information: COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0x58c36dc5, EDX = 0x00000038
EAX = 0x58c36e11, EDX = 0x00000038
EAX = 0x58c36e5d, EDX = 0x00000038
EAX = 0x803d42c7, EDX = 0x00000038

Network behavior

Behavior description: 连接指定站点
details: WinHttpConnect: ServerName = up****om, PORT = 443, UserName = , Password = , hSession = 0x0027dc70, hConnect = 0x00292e00, Flags = 0x00000000
WinHttpConnect: ServerName = up****om, PORT = 443, UserName = , Password = , hSession = 0x0027dc70, hConnect = 0x00298e40, Flags = 0x00000000
Behavior description: 打开HTTP连接
details: WinHttpOpen: UserAgent: QQBrowser, hSession = 0x0027dc70
Behavior description: 打开HTTP请求
details: WinHttpOpenRequest: up****om:443/qbrowser, hConnect = 0x00292e00, hRequest = 0x00290c30, Verb: POST, Referer: , Flags = 0x00800100
WinHttpOpenRequest: up****om:443/qbrowser, hConnect = 0x00298e40, hRequest = 0x0028c2c0, Verb: POST, Referer: , Flags = 0x00800100
Behavior description: 按名称获取主机地址
details: GetAddrInfoW: up****om

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 创建互斥体
details: {3C6D43EA-1F61-4b46-90C4-1AA48B9C887E}
Behavior description: 启动系统服务
details: [服务启动成功]: NT AUTHORITY\LocalService, WinHTTP Web Proxy Auto-Discovery Service, C:\Windows\system32\svchost.exe -k LocalService
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
Behavior description: 直接操作物理设备
details: \??\PhysicalDrive0
Behavior description: 直接获取CPU时钟
details: EAX = 0x58c36dc5, EDX = 0x00000038
EAX = 0x58c36e11, EDX = 0x00000038
EAX = 0x58c36e5d, EDX = 0x00000038
EAX = 0x803d42c7, EDX = 0x00000038

Run screenshot

VirSCAN