VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:79b3f0b48af3ef87947678f74ae1272e
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:SD1.4.0.629_Setup.exedumpFile / 43c4d9e853f0df570030eca2667a76df / 7z
SD1.4.0.629_Setup.exe / 43c4d9e853f0df570030eca2667a76df / 7z
Key behavior
Behavior description:获取TickCount值
details:TickCount = 1082381, SleepMilliseconds = 100.
TickCount = 1082396, SleepMilliseconds = 100.
TickCount = 1082412, SleepMilliseconds = 100.
TickCount = 1085521, SleepMilliseconds = 100.
TickCount = 1085537, SleepMilliseconds = 100.
TickCount = 1085693, SleepMilliseconds = 100.
TickCount = 1085709, SleepMilliseconds = 100.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: SD1.4.0.629_Setup.exe, InheritedFromPID = 1944, ProcessID = 1048, ThreadID = 932, StartAddress = 77C0A341, Parameter = 003F4448
TargetProcess: SD1.4.0.629_Setup.exe, InheritedFromPID = 1944, ProcessID = 1048, ThreadID = 1008, StartAddress = 77C0A341, Parameter = 003FD480
TargetProcess: SD1.4.0.629_Setup.exe, InheritedFromPID = 1944, ProcessID = 1048, ThreadID = 1356, StartAddress = 77C0A341, Parameter = 003FD510
TargetProcess: SD1.4.0.629_Setup.exe, InheritedFromPID = 1944, ProcessID = 1048, ThreadID = 912, StartAddress = 77C0A341, Parameter = 003FD5A0
TargetProcess: Setup_x86.exe, InheritedFromPID = 2104, ProcessID = 2112, ThreadID = 2120, StartAddress = 77C0A341, Parameter = 003F4298
TargetProcess: Setup_x86.exe, InheritedFromPID = 2104, ProcessID = 2112, ThreadID = 2124, StartAddress = 77C0A341, Parameter = 003FD710
TargetProcess: Setup_x86.exe, InheritedFromPID = 2104, ProcessID = 2112, ThreadID = 2128, StartAddress = 77C0A341, Parameter = 003FD7A0
TargetProcess: Setup_x86.exe, InheritedFromPID = 2104, ProcessID = 2112, ThreadID = 2132, StartAddress = 77C0A341, Parameter = 003FD710
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS14.tmp\Setup.exe, CmdLine = .\Setup.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS14.tmp\Setup_x86.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS14.tmp\Setup_x86.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Help.chm
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\CmdTool.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\res.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\eula.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\vssver2.scc
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\CmdTool.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Commit.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Daemon.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Defender.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Service.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe ---> Offset = 36624
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe ---> Offset = 102160
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe ---> Offset = 167696
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe ---> Offset = 233232
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe ---> Offset = 52648
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe ---> Offset = 118184
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe ---> Offset = 183720
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe ---> Offset = 249256
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Help.chm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\CmdTool.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\res.ini ---> Offset = 0
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\CmdTool.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Commit.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Daemon.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Defender.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Service.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Uninstall.exe
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\CmdTool.exe
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS14.tmp
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.EEI
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EEI.IC
EventName = MSCTF.SendReceiveConection.Event.EEI.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 1082381, SleepMilliseconds = 100.
TickCount = 1082396, SleepMilliseconds = 100.
TickCount = 1082412, SleepMilliseconds = 100.
TickCount = 1085521, SleepMilliseconds = 100.
TickCount = 1085537, SleepMilliseconds = 100.
TickCount = 1085693, SleepMilliseconds = 100.
TickCount = 1085709, SleepMilliseconds = 100.
Behavior description:窗口信息
details:Pid = 2112, Hwnd=0xf031e, Text = Cancel, ClassName = Button.
Pid = 2112, Hwnd=0xa032c, Text = Progress1, ClassName = msctls_progress32.
Pid = 2112, Hwnd=0x7034e, Text = 60% Extracting, ClassName = #32770.
Pid = 2112, Hwnd=0xa0300, Text = 是(&Y), ClassName = Button.
Pid = 2112, Hwnd=0x29031a, Text = 否(&N), ClassName = Button.
Pid = 2112, Hwnd=0xa030a, Text = 取消, ClassName = Button.
Pid = 2112, Hwnd=0x4036c, Text = Are you sure you want to cancel?, ClassName = Static.
Pid = 2112, Hwnd=0x70338, Text = Extracting, ClassName = #32770.
Pid = 2112, Hwnd=0x5036c, Text = 是(&Y), ClassName = Button.
Pid = 2112, Hwnd=0xb030a, Text = 否(&N), ClassName = Button.
Pid = 2112, Hwnd=0x2a031a, Text = 取消, ClassName = Button.
Pid = 2112, Hwnd=0xb0300, Text = Are you sure you want to cancel?, ClassName = Static.
Pid = 2112, Hwnd=0x80338, Text = Extracting, ClassName = #32770.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\CmdTool.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Commit.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Daemon.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Defender.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Service.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Setup.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Uninstall.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup.exe ---> 60e80a90e9038ed17c98a64946b2bb3c
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x64.exe ---> 889b6ec55f8655f4efb890557070224d
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS14.tmp\Setup_x86.exe ---> fa5d609a2e4f26bca19dd44c81d0b493
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\CmdTool.exe ---> 64f7dc8552436ce00dc49cff293dae84
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Commit.exe ---> 02882dddbb9eeb5db7189bc3afa3ec35
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Daemon.exe ---> edebd6b11a0b4f83362b8dabab4a8fbb
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Defender.exe ---> 5e990ddd5451f2de8f78e6e63c083d11
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Service.exe ---> 8c9fb7cb0284bdcba1268e9905b31e22
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Setup.exe ---> bcb0c96c89f04d33e811a10127c2f7e6
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS15.tmp\Uninstall.exe ---> ca1063d9db38023a2e71d0ad66a1d1f6
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号