VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:33
Behavior list
Basic Information
MD5:9b4a74fa8198d7811171abd82cb97fc4
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Elan
Subfile information:一件领取装备.exedumpFile / 8c47075205c6e32b61e59adecdf82c90 / EXE
一件领取装备.exe / 8c47075205c6e32b61e59adecdf82c90 / EXE
使用方法.txtdumpFile / d2ecc3b9d56e43eb547c13e9ef16a8a1 / Unknown
使用方法.txt / d2ecc3b9d56e43eb547c13e9ef16a8a1 / Unknown
一件领取装备dumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取TickCount值
details:TickCount = 1137859, SleepMilliseconds = 60000.
TickCount = 1137890, SleepMilliseconds = 60000.
TickCount = 1137906, SleepMilliseconds = 60000.
TickCount = 1137921, SleepMilliseconds = 60000.
TickCount = 1137953, SleepMilliseconds = 60000.
TickCount = 1138000, SleepMilliseconds = 60000.
TickCount = 1138031, SleepMilliseconds = 60000.
TickCount = 1138046, SleepMilliseconds = 60000.
TickCount = 1138062, SleepMilliseconds = 60000.
TickCount = 1138171, SleepMilliseconds = 60000.
TickCount = 1138484, SleepMilliseconds = 60000.
TickCount = 1138796, SleepMilliseconds = 60000.
TickCount = 1139109, SleepMilliseconds = 60000.
TickCount = 1139421, SleepMilliseconds = 60000.
TickCount = 1139734, SleepMilliseconds = 60000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00070338, Text = 火线福利轻松领, ClassName = MainInterface.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 火线福利轻松领.exe, InheritedFromPID = 1008, ProcessID = 2064, ThreadID = 2072, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 火线福利轻松领.exe, InheritedFromPID = 1008, ProcessID = 2064, ThreadID = 2092, StartAddress = 0043CFF5, Parameter = 00000000
TargetProcess: 火线福利轻松领.exe, InheritedFromPID = 1008, ProcessID = 2064, ThreadID = 2096, StartAddress = 77C0A341, Parameter = 003FFAE8
TargetProcess: 火线福利轻松领.exe, InheritedFromPID = 1008, ProcessID = 2064, ThreadID = 2100, StartAddress = 77E56C7D, Parameter = 001E21B0
TargetProcess: 火线福利轻松领.exe, InheritedFromPID = 1008, ProcessID = 2064, ThreadID = 2104, StartAddress = 769AE43B, Parameter = 001E6E88
TargetProcess: 火线福利轻松领.exe, InheritedFromPID = 1008, ProcessID = 2064, ThreadID = 2496, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: 火线福利轻松领.exe, InheritedFromPID = 1008, ProcessID = 2064, ThreadID = 2500, StartAddress = 7C930230, Parameter = 00000000
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = no****om, PORT = 80, UserName = , Password = , hSession = 0x02783100, hConnect = 0x02783200, Flags = 0x00000000
WinHttpConnect: ServerName = mi****cn, PORT = 80, UserName = , Password = , hSession = 0x02783100, hConnect = 0x02783300, Flags = 0x00000000
WinHttpConnect: ServerName = mi****cn, PORT = 80, UserName = , Password = , hSession = 0x02783100, hConnect = 0x02783200, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02783100
Behavior description:建立到一个指定的套接字连接
details:URL: no****om, IP: **.133.40.**:80, SOCKET = 0x000001fc
URL: mi****cn, IP: **.133.40.**:80, SOCKET = 0x0000024c
URL: mi****cn, IP: **.133.40.**:80, SOCKET = 0x0000025c
Behavior description:发送HTTP包
details:GET /yws/public/note/a91f71835a559515c45149cca7366be5?keyfrom=public HTTP/1.1 Accept: */* Referer: http://note.youdao.com/yws/public/note/a91f71835a559515c45149cca7366be5?keyfrom=public Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Host: no****om Connection: Keep-Alive
GET /View-2458493.html HTTP/1.1 Accept: */* Referer: http://mini.xiaoshen.game2000.cn/View-2458493.html Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Host: mi****cn Connection: Keep-Alive
GET / HTTP/1.1 Accept: */* Referer: http://mini.xiaoshen.game2000.cn Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Host: mi****cn Connection: Keep-Alive
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: no****om:80/yws/public/note/a91f71835a559515c45149cca7366be5?keyfrom=public, hConnect = 0x02783200, hRequest = 0x028b0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: mi****cn:80/view-2458493.html, hConnect = 0x02783300, hRequest = 0x028b0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: mi****cn:80/, hConnect = 0x02783200, hRequest = 0x028b0000, Verb: GET, Referer: , Flags = 0x00000080
Behavior description:按名称获取主机地址
details:GetAddrInfoW: no****om
GetAddrInfoW: mi****cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EBI
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Edit]
[Window,Class] = [,ListBox]
[Window,Class] = [,_EL_ShapeBox]
[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [网盘更新,Button]
[Window,Class] = [稍后再试,Button]
[Window,Class] = [返回,Button]
[Window,Class] = [选择大区,Button]
[Window,Class] = [查询范围为即日起7天内有效数据,Afx:400000:b:10011:1900015:0]
[Window,Class] = [↑ 更新内容,Afx:400000:b:10011:1900015:0]
[Window,Class] = [cdkey兑换专区,Afx:400000:b:10011:1900015:0]
[Window,Class] = [cdkey:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [选择大区:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [验证码:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,_EL_PicBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 1137859, SleepMilliseconds = 60000.
TickCount = 1137890, SleepMilliseconds = 60000.
TickCount = 1137906, SleepMilliseconds = 60000.
TickCount = 1137921, SleepMilliseconds = 60000.
TickCount = 1137953, SleepMilliseconds = 60000.
TickCount = 1138000, SleepMilliseconds = 60000.
TickCount = 1138031, SleepMilliseconds = 60000.
TickCount = 1138046, SleepMilliseconds = 60000.
TickCount = 1138062, SleepMilliseconds = 60000.
TickCount = 1138171, SleepMilliseconds = 60000.
TickCount = 1138484, SleepMilliseconds = 60000.
TickCount = 1138796, SleepMilliseconds = 60000.
TickCount = 1139109, SleepMilliseconds = 60000.
TickCount = 1139421, SleepMilliseconds = 60000.
TickCount = 1139734, SleepMilliseconds = 60000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00070338, Text = 火线福利轻松领, ClassName = MainInterface.
Behavior description:窗口信息
details:Pid = 2064, Hwnd=0x103b8, Text = 1 您可以为非商业目的在任意设备上下载、使用、登录本软件; 2 您可以制作本软件的一个副本,仅用作备份。备份副本必须包 含原软件中, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103b6, Text = 火线福利轻松领(以下简称“本软件”)许可及服务协议, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103b4, Text = 自动登录, ClassName = Button(CheckBox).
Pid = 2064, Hwnd=0x103b2, Text = [ 版权声明 ], ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103b0, Text = 积分:X, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103ae, Text = 如果你下载只是出于好奇想看看而已,请于24小时内删除!, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103ac, Text = [ 客服小神 ], ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103aa, Text = 扫一扫财付通支付, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103a8, Text = 扫一扫微信支付, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x103a4, Text = 扫描以下二维码支持后续更新 ↓ ↓ ↓, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x1039c, Text = 输入下图中的字符, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x10392, Text = 验证码:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2064, Hwnd=0x10390, Text = 10Q币, ClassName = Button(CheckBox).
Pid = 2064, Hwnd=0x1038e, Text = 绿钻, ClassName = Button(CheckBox).
Pid = 2064, Hwnd=0x1038c, Text = 黄钻, ClassName = Button(CheckBox).
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EBI.IC
EventName = MSCTF.SendReceiveConection.Event.EBI.IC
EventName = Global\userenv: User Profile setup event
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号