VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:96e69381633e9b6a47df7573ab197842
file type:EXE
Production company:COSCO SHIPPING SAFETY DEPT.
version:2.0.0.0---2.0.0.0
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:upx_c_09e83433dumpFile / 8234f837bf7904123c16449b1cdf6d1d / EXE
Key behavior
Behavior description:获取TickCount值
details:TickCount = 5411750, SleepMilliseconds = 60000.
TickCount = 5411906, SleepMilliseconds = 60000.
TickCount = 5411921, SleepMilliseconds = 60000.
TickCount = 5412078, SleepMilliseconds = 60000.
TickCount = 5412093, SleepMilliseconds = 60000.
TickCount = 5412187, SleepMilliseconds = 60000.
TickCount = 5412203, SleepMilliseconds = 60000.
TickCount = 5412453, SleepMilliseconds = 60000.
TickCount = 5412468, SleepMilliseconds = 60000.
TickCount = 5412562, SleepMilliseconds = 60000.
TickCount = 5412578, SleepMilliseconds = 60000.
TickCount = 5412609, SleepMilliseconds = 60000.
TickCount = 5412703, SleepMilliseconds = 60000.
TickCount = 5412718, SleepMilliseconds = 60000.
TickCount = 5412796, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2344, ThreadID = 2440, StartAddress = 77E56C7D, Parameter = 001C68B8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2344, ThreadID = 2444, StartAddress = 769AE43B, Parameter = 001C9238
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2344, ThreadID = 2456, StartAddress = 756D3AAF, Parameter = 001D5A8C
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2344, ThreadID = 2460, StartAddress = 1B004723, Parameter = 1B120E10
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2344, ThreadID = 2464, StartAddress = 1B004723, Parameter = 1B120E10
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2344, ThreadID = 2468, StartAddress = 1B004723, Parameter = 1B120E10
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\JET975F.tmp
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\JET975F.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\system.mdb
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Windows、Linux、Unix
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MCJ
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MCJ.IC
EventName = MSCTF.SendReceiveConection.Event.MCJ.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2344
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:获取TickCount值
details:TickCount = 5411750, SleepMilliseconds = 60000.
TickCount = 5411906, SleepMilliseconds = 60000.
TickCount = 5411921, SleepMilliseconds = 60000.
TickCount = 5412078, SleepMilliseconds = 60000.
TickCount = 5412093, SleepMilliseconds = 60000.
TickCount = 5412187, SleepMilliseconds = 60000.
TickCount = 5412203, SleepMilliseconds = 60000.
TickCount = 5412453, SleepMilliseconds = 60000.
TickCount = 5412468, SleepMilliseconds = 60000.
TickCount = 5412562, SleepMilliseconds = 60000.
TickCount = 5412578, SleepMilliseconds = 60000.
TickCount = 5412609, SleepMilliseconds = 60000.
TickCount = 5412703, SleepMilliseconds = 60000.
TickCount = 5412718, SleepMilliseconds = 60000.
TickCount = 5412796, SleepMilliseconds = 60000.
Behavior description:获取光标位置
details:CursorPos = (71,18468), SleepMilliseconds = 10.
CursorPos = (6364,26501), SleepMilliseconds = 10.
CursorPos = (19199,15725), SleepMilliseconds = 10.
CursorPos = (11508,29359), SleepMilliseconds = 10.
CursorPos = (26992,24465), SleepMilliseconds = 10.
CursorPos = (5735,28146), SleepMilliseconds = 10.
CursorPos = (23311,16828), SleepMilliseconds = 10.
CursorPos = (9991,492), SleepMilliseconds = 10.
CursorPos = (3025,11943), SleepMilliseconds = 10.
CursorPos = (4857,5437), SleepMilliseconds = 10.
CursorPos = (32421,14605), SleepMilliseconds = 10.
CursorPos = (3932,154), SleepMilliseconds = 10.
CursorPos = (322,12383), SleepMilliseconds = 10.
CursorPos = (17451,18717), SleepMilliseconds = 10.
CursorPos = (19748,19896), SleepMilliseconds = 10.
Behavior description:窗口信息
details:Pid = 2344, Hwnd=0x503b0, Text = DG Policy for COSCO SHIPPING Lines, ClassName = WTWindow.
Pid = 2344, Hwnd=0x9039c, Text = 中远海运集运危险货物接运政策(对内) DG Policy for COSCO SHIPPING Lines, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2344, Hwnd=0x1702d8, Text = 字体选择 Select Fonts, ClassName = _EL_Label.
Pid = 2344, Hwnd=0x7038a, Text = 总则 General Provisions, ClassName = _EL_Label.
Pid = 2344, Hwnd=0x1902ce, Text = 危险货物接运限制查询 Find Restriction, ClassName = _EL_Label.
Pid = 2344, Hwnd=0x403a2, Text = 中远自有船名录 COSCO own vessel listing, ClassName = _EL_Label.
Pid = 2344, Hwnd=0x40392, Text = 中海自有船名录 CSCL own vessel listing, ClassName = _EL_Label.
Pid = 2344, Hwnd=0x703ba, Text = 危险货物申请表 DG Application Form, ClassName = _EL_Label.
Pid = 2344, Hwnd=0xe0358, Text = DG Policy for COSCO SHIPPING Lines, ClassName = WTWindow.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,_EL_CommonDlg]
[Window,Class] = [DG Policy for COSCO SHIPPING Lines,WTWindow]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号