VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:7b923a729d7acf31f255e6da3a6c5b78
file type:7z
Production company:
version:
Shell or compiler information:COMPILER:不是有效的PE文件
Subfile information:CCleaner64.exedumpFile / big file / EXE
CCleaner64.exe / big file / EXE
CCleaner.exedumpFile / big file / EXE
CCleaner.exe / big file / EXE
Key behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\Software\VMware, Inc.\VMware Player
\REGISTRY\MACHINE\Software\VMware, Inc.\Installer\VMware Workstation
Behavior description:获取文件属性探测虚拟机
details:GetFileAttributes: FileName = C:\Documents and Settings\All Users\Application Data\VMware\VMware Workstation
Behavior description:获取TickCount值
details:TickCount = 5366096, SleepMilliseconds = 50.
TickCount = 5366112, SleepMilliseconds = 50.
TickCount = 5366206, SleepMilliseconds = 50.
TickCount = 5366253, SleepMilliseconds = 50.
TickCount = 5366440, SleepMilliseconds = 50.
TickCount = 5367268, SleepMilliseconds = 50.
TickCount = 5367284, SleepMilliseconds = 50.
TickCount = 5368081, SleepMilliseconds = 50.
TickCount = 5368096, SleepMilliseconds = 50.
TickCount = 5368112, SleepMilliseconds = 50.
TickCount = 5369300, SleepMilliseconds = 50.
TickCount = 5369346, SleepMilliseconds = 50.
TickCount = 5369378, SleepMilliseconds = 50.
TickCount = 5369393, SleepMilliseconds = 50.
TickCount = 5369409, SleepMilliseconds = 50.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2756, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2760, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2764, StartAddress = 0061097D, Parameter = 012F4340
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2772, StartAddress = 765E964D, Parameter = 001AA530
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2776, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2780, StartAddress = 759D8761, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2876, StartAddress = 004B8CFF, Parameter = 012FE008
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2880, StartAddress = 004B8CFF, Parameter = 012FE008
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2900, StartAddress = 004B8CFF, Parameter = 012FE008
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2904, StartAddress = 004B8CFF, Parameter = 012FE008
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 2912, StartAddress = 004B8CFF, Parameter = 012FE008
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2740, ThreadID = 3080, StartAddress = 004B8CFF, Parameter = 012FE008
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:获取文件属性探测虚拟机
details:GetFileAttributes: FileName = C:\Documents and Settings\All Users\Application Data\VMware\VMware Workstation
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 148
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 184
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 209
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 226
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 242
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 260
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner\CCleaner.ini ---> Offset = 279
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\Windows.old*
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Opera\*
FileName = C:\Program Files\Opera\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Flock\User Data\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\CCleaner\DEBUG\Trace Level
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT\EventMessageFile
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT\CategoryMessageFile
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\CCleaner\DEBUG\Trace Level
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\Software\VMware, Inc.\VMware Player
\REGISTRY\MACHINE\Software\VMware, Inc.\Installer\VMware Workstation
Other behavior
Behavior description:获取光标位置
details:CursorPos = (71,18468), SleepMilliseconds = 50.
CursorPos = (6364,26501), SleepMilliseconds = 50.
CursorPos = (19199,15725), SleepMilliseconds = 50.
CursorPos = (11508,29359), SleepMilliseconds = 50.
CursorPos = (26992,24465), SleepMilliseconds = 50.
CursorPos = (5735,28146), SleepMilliseconds = 50.
CursorPos = (23311,16828), SleepMilliseconds = 50.
CursorPos = (9991,492), SleepMilliseconds = 50.
CursorPos = (3025,11943), SleepMilliseconds = 50.
CursorPos = (4857,5437), SleepMilliseconds = 50.
CursorPos = (32421,14605), SleepMilliseconds = 50.
CursorPos = (3932,154), SleepMilliseconds = 50.
CursorPos = (322,12383), SleepMilliseconds = 50.
CursorPos = (17451,18717), SleepMilliseconds = 50.
CursorPos = (19748,19896), SleepMilliseconds = 50.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Piriform_CCleaner_PreventSecondInstance
Piriform_CCleaner_SystemTrayIconActive
Piriform_CCleaner_PreventSecondRegistration
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ILK
Piriform_CCleaner_Monitoring
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.ILK.IC
EventName = MSCTF.SendReceiveConection.Event.ILK.IC
EventName = CCLEANER_UI_LOCKING_EVENT
Behavior description:使用SCSI指令读写硬盘
details:N/A
Behavior description:窗口信息
details:Pid = 2740, Hwnd=0x7038e, Text = 分析(&A), ClassName = Button.
Pid = 2740, Hwnd=0x10032e, Text = 运行清理(&R), ClassName = Button.
Pid = 2740, Hwnd=0xb032a, Text = 清理(&C), ClassName = Button.
Pid = 2740, Hwnd=0x503b0, Text = 注册表(&G), ClassName = Button.
Pid = 2740, Hwnd=0x703ba, Text = 工具(&T), ClassName = Button.
Pid = 2740, Hwnd=0x40392, Text = 选项(&O), ClassName = Button.
Pid = 2740, Hwnd=0x403a2, Text = &Upgrade, ClassName = Button.
Pid = 2740, Hwnd=0xe035e, Text = Piriform CCleaner - Professional Edition, ClassName = PiriformCCleaner.
Behavior description:获取TickCount值
details:TickCount = 5366096, SleepMilliseconds = 50.
TickCount = 5366112, SleepMilliseconds = 50.
TickCount = 5366206, SleepMilliseconds = 50.
TickCount = 5366253, SleepMilliseconds = 50.
TickCount = 5366440, SleepMilliseconds = 50.
TickCount = 5367268, SleepMilliseconds = 50.
TickCount = 5367284, SleepMilliseconds = 50.
TickCount = 5368081, SleepMilliseconds = 50.
TickCount = 5368096, SleepMilliseconds = 50.
TickCount = 5368112, SleepMilliseconds = 50.
TickCount = 5369300, SleepMilliseconds = 50.
TickCount = 5369346, SleepMilliseconds = 50.
TickCount = 5369378, SleepMilliseconds = 50.
TickCount = 5369393, SleepMilliseconds = 50.
TickCount = 5369409, SleepMilliseconds = 50.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
Global\userenv: Machine Group Policy has been applied
userenv: User Group Policy has been applied
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagIAJACIAAELKAAAAA
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.0000003F
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.0000003F
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [&Upgrade,Button]
[Window,Class] = [,Edit]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [Piriform CCleaner - Professional Edition,PiriformCCleaner]
[Window,Class] = [,#32770]
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号