VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 964966b4fc07487700d74b5a4e34aef9
file type: EXE
Production company: NPAG Corporation
version: 1.0.0.0---1.0.0.0
Shell or compiler information: PACKER:UPolyX v0.5

Key behavior

Behavior description: 直接调用系统关键API
details: Index = 0x00000074, Name: NtOpenFile, Instruction Address = 0x00800200
Index = 0x00000019, Name: NtClose, Instruction Address = 0x00800200
Index = 0x0000007D, Name: NtOpenSection, Instruction Address = 0x00800200
Behavior description: 直接获取CPU时钟
details: EAX = 0x06db32f2, EDX = 0x000000b5
EAX = 0x06db333e, EDX = 0x000000b5
EAX = 0x06db338a, EDX = 0x000000b5
EAX = 0x06db33d6, EDX = 0x000000b5
EAX = 0x06db3422, EDX = 0x000000b5
EAX = 0x06db346e, EDX = 0x000000b5
EAX = 0x096303f7, EDX = 0x000000b5
EAX = 0x09630443, EDX = 0x000000b5
EAX = 0x0c1603bf, EDX = 0x000000b5
EAX = 0x0c16040b, EDX = 0x000000b5
Behavior description: VMWare特殊指令检测虚拟机
details: N/A

Other behavior

Behavior description: 直接调用系统关键API
details: Index = 0x00000074, Name: NtOpenFile, Instruction Address = 0x00800200
Index = 0x00000019, Name: NtClose, Instruction Address = 0x00800200
Index = 0x0000007D, Name: NtOpenSection, Instruction Address = 0x00800200
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Behavior description: 直接获取CPU时钟
details: EAX = 0x06db32f2, EDX = 0x000000b5
EAX = 0x06db333e, EDX = 0x000000b5
EAX = 0x06db338a, EDX = 0x000000b5
EAX = 0x06db33d6, EDX = 0x000000b5
EAX = 0x06db3422, EDX = 0x000000b5
EAX = 0x06db346e, EDX = 0x000000b5
EAX = 0x096303f7, EDX = 0x000000b5
EAX = 0x09630443, EDX = 0x000000b5
EAX = 0x0c1603bf, EDX = 0x000000b5
EAX = 0x0c16040b, EDX = 0x000000b5
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 搜索kernel32.dll基地址
details: Instruction Address = 0x008025c5
Behavior description: 窗口信息
details: Pid = 2632, Hwnd=0x10342, Text = 确定, ClassName = Button.
Pid = 2632, Hwnd=0x10346, Text = Sorry, this application cannot run under a Virtual Machine., ClassName = Static.
Pid = 2632, Hwnd=0x1033e, Text = %temp%\****.exe, ClassName = #32770.
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: VMWare特殊指令检测虚拟机
details: N/A

Run screenshot

VirSCAN