VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:9481ed46c06e02902fdc5d44dc146d67
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:PanDownloaddumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
PanDownload.exe / 1a5834ee804dd1e7a1cf8c5b128a74c5 / EXE
Key behavior
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
Behavior description:直接获取CPU时钟
details:EAX = 0xb1716ff8, EDX = 0x00000079
EAX = 0xc3d4dabb, EDX = 0x00000079
Behavior description:获取TickCount值
details:TickCount = 145563, SleepMilliseconds = 1.
TickCount = 145579, SleepMilliseconds = 1.
TickCount = 145626, SleepMilliseconds = 1.
TickCount = 145719, SleepMilliseconds = 1.
TickCount = 145735, SleepMilliseconds = 1.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\log\20170916192901.log
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\directui license.txt
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\duilib license.txt
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\directui license.txt ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\duilib license.txt ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\log\20170916192901.log ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\log\20170916192901.log ---> Offset = 43
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\log
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\log\20170916192901.log
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\temp
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\directui license.txt
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\duilib license.txt
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:PanDownload
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:获取TickCount值
details:TickCount = 145563, SleepMilliseconds = 1.
TickCount = 145579, SleepMilliseconds = 1.
TickCount = 145626, SleepMilliseconds = 1.
TickCount = 145719, SleepMilliseconds = 1.
TickCount = 145735, SleepMilliseconds = 1.
Behavior description:窗口信息
details:Pid = 3412, Hwnd=0x501ac, Text = 本软件仅供学习交流使用,不得用于商业用途!, ClassName = MsgBoxUI.
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
[10]: MilliSeconds = 1.
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PanDownload\PanData\aria2c.exe ---> 4943ba11f55a2140a95847f09ead2fe6
Behavior description:直接获取CPU时钟
details:EAX = 0xb1716ff8, EDX = 0x00000079
EAX = 0xc3d4dabb, EDX = 0x00000079
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号