VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 95a2c2489ddaefdecd9efe7fb3353403
file type: EXE
Production company:
version:
Shell or compiler information: COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *

Key behavior

Behavior description: 查找PE资源信息
details: (FindResourceA) hModule = 0x00400000, ResName: DECOMPRESSOR, ResType:

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\CET_Archive.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\%temp%\****.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\CET_TRAINER.CETRAINER
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\defines.lua
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\lua53-64.dll
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\CET_TRAINER.CETRAINER
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\defines.lua
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\lua53-64.dll
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\%temp%\****.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\lua53-64.dll
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\CET_Archive.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\%temp%\****.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 393216
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 524288
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\defines.lua ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe ---> Offset = 393216
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe ---> Offset = 524288
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\lua53-64.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\lua53-64.dll ---> Offset = 131072
Behavior description: 查找文件
details: FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET3.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET3.tmp\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET3.tmp\extracted\*.*

Other behavior

Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 10000.
[2]: MilliSeconds = 10000.
[3]: MilliSeconds = 10000.
[4]: MilliSeconds = 10000.
[5]: MilliSeconds = 10000.
[6]: MilliSeconds = 10000.
[7]: MilliSeconds = 10000.
[8]: MilliSeconds = 10000.
[9]: MilliSeconds = 10000.
[10]: MilliSeconds = 10000.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\%temp%\****.exe ---> 6852660b8cbb67ee3f1e31bf2f1e0afd
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\lua53-64.dll ---> 476cbd8e116ef838a0b161100ff744be
Behavior description: 查找PE资源信息
details: (FindResourceA) hModule = 0x00400000, ResName: DECOMPRESSOR, ResType:
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\%temp%\****.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\%temp%\****.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET3.tmp\extracted\lua53-64.dll(签名验证: 通过)

Run screenshot

VirSCAN