VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:8227a387e6277bb0bb152e1edf0e4375
file type:Autoit
Production company:
version:2013.0.0.0---2013,06,04,5880
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:kusbgd.exe / 2ad58346e54d4a4739b3848a8c2b3871 / EXE
kdgui.dll / beb2dc5c318fa184be8edb84ca30a30c / DLL
kskinmgr.dll / 0e1d9a1ede63e5a17ff67560b0c9907d / DLL
upx_c_8a7354a1dumpFile / 9bc862d339b0afe88ab89585178b5abe / EXE
msvcr80.dll / e4fece18310e23b1d8fee993e35e7a6f / DLL
msvcp80.dll / 4c8a880eabc0b4d462cc4b2472116ea1 / DLL
kusbtool.dll / bdf9d3bb751c85273e2d247bd49269b6 / DLL
ksapi.dll / 54cdfb1c20e7c0f268e1e6ccde5caa0a / DLL
kusbquery64.sys / c1651597a2d47e978f307458dfc590ab / SYS
kusbquery.sys / 347f46f76dcab8c2dcbe268fe3fc6f7c / SYS
AutoItScript / 5c53e2a7caca8aaeaa20d9623e6d0b08 / Unknown
AutoITdumpFile / a4dfdaffd084770c1c7409939fbc3cf7 / Unknown
microsoft.vc80.crt.manifest / 89ca53ae1155058a5f93234b13b17c7d / Unknown
microsoft.vc80.mfc.manifest / 7a1160b8c147e8a38747f4f41302fdf9 / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [,ATL:005263D0]
[Window,Class] = [,CPie3dDlg]
[Window,Class] = [设备描述: 设备ID: 设备序列号: 设备供应商: 设备名称: 设备修订版: 芯片厂商: 协议版本: 当前速度: 电力消耗:,RichEdit20W]
[Window,Class] = [,ATL:00524FC0]
[Window,Class] = [,CGradualProgressBar]
[Window,Class] = [,ATL:00525050]
[Window,Class] = [,Internet Explorer Server]
[Window,Class] = [,tooltips_class32]
Behavior description:常规加载驱动
details:\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery.sys
Behavior description:设置特殊文件夹属性
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0
Behavior description:创建系统服务
details:[服务创建成功]: KUsbGuard, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery.sys
Behavior description:按名称获取主机地址
details:localhost
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbgd.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbgd.exe
File behavior
Behavior description:写权限映射文件
details:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kdgui.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\ksapi.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kskinmgr.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbgd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery64.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbtool.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\msvcp80.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\msvcr80.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut3.tmp---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut4.tmp---> Offset = 81920
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut5.tmp---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut6.tmp---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut7.tmp---> Offset = 8192
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut8.tmp---> Offset = 8192
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut9.tmp---> Offset = 118784
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\autA.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\microsoft.vc80.crt.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\autB.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\microsoft.vc80.mfc.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\autC.tmp---> Offset = 172032
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\autD.tmp---> Offset = 196608
Behavior description:设置特殊文件夹属性
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0
Network behavior
Behavior description:按名称获取主机地址
details:localhost
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\GDIPlus\FontCachePath
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\Antivirus\operation_kusbguarddiskwndskinidx
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\Antivirus\operation_udiskwndtopmost
Other behavior
Behavior description:创建驱动文件镜像
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery.sys
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:97685382-3A8B-46fe-9217-B2ECF6B14F8F
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [,ATL:005263D0]
[Window,Class] = [,CPie3dDlg]
[Window,Class] = [设备描述: 设备ID: 设备序列号: 设备供应商: 设备名称: 设备修订版: 芯片厂商: 协议版本: 当前速度: 电力消耗:,RichEdit20W]
[Window,Class] = [,ATL:00524FC0]
[Window,Class] = [,CGradualProgressBar]
[Window,Class] = [,ATL:00525050]
[Window,Class] = [,Internet Explorer Server]
[Window,Class] = [,tooltips_class32]
Behavior description:常规加载驱动
details:\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery.sys
Behavior description:启动系统服务
details:[服务启动成功]: , KUsbGuard, \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery.sys
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_UNDOCK_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1012, Hwnd=0xa018c, Text = 金山U盘卫士, ClassName = ATL:00524D08.
Pid = 1012, Hwnd=0xc01b4, Text = 设备描述: 设备ID: 设备序列号: 设备供应商: 设备名称: 设备修订版: 芯片厂商: 协议版本: 当前速度: 电力消耗:, ClassName = RichEdit20W.
Pid = 1012, Hwnd=0xa0196, Text = 真实大小: 显示大小: 真实比例: 鉴定用时: 鉴定结论:, ClassName = RichEdit20W.
Pid = 1012, Hwnd=0xa01aa, Text = 金山U盘卫士, ClassName = ATL:005280E0.
Behavior description:创建系统服务
details:[服务创建成功]: KUsbGuard, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\金山U盘卫士4.0\kusbquery.sys
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号