VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 9c047e8f02f8df22ea9151b92a423454
file type: EXE
Production company: MetaQuotes Software Corp.
version: 5.0.0.1598---5.0.0.1598
Shell or compiler information: PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
{$lang.habo.subfile_info}>: upx_c_ed8fd833dumpFile / 1a7cf9d5ffd4e3efd969917518944ca7 / EXE
upx_c_ed8fd833dumpFile / 1a7cf9d5ffd4e3efd969917518944ca7 / EXE

Key behavior

Behavior description: 探测 Virtual PC是否存在
details: N/A
Behavior description: VMWare特殊指令检测虚拟机
details: N/A
Behavior description: 直接获取CPU时钟
details: EAX = 0x89da315d, EDX = 0x00000039
EAX = 0x89da31a9, EDX = 0x00000039
EAX = 0x8c8d3125, EDX = 0x00000039
EAX = 0x8c8d3171, EDX = 0x00000039
EAX = 0xa6de69d1, EDX = 0x00000039
Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

File behavior

Behavior description: 创建文件
details: C:\Program Files\checkwritepermissions.test
Behavior description: 删除文件
details: C:\Program Files\checkwritepermissions.test
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\CbsProvider.dll
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\CompatProvider.dll
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\DismCore.dll
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\DismCorePS.dll
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\DismHost.exe
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\DismProv.dll
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\DmiProvider.dll
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\CbsProvider.dll.mui
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\CompatProvider.dll.mui
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\DmiProvider.dll.mui
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\IntlProvider.dll.mui
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\OSProvider.dll.mui
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\SmiProvider.dll.mui
C:\Users\Administrator\AppData\Local\Temp\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\UnattendProvider.dll.mui
Behavior description: 查找文件
details: FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\en-US\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\28D5267F-DE5A-4A84-A3C3-CEFBF6C22C3A\zh-CN\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\CBE78B32-6E14-47BB-8214-692624382A4A\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\CBE78B32-6E14-47BB-8214-692624382A4A\en-US\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\CBE78B32-6E14-47BB-8214-692624382A4A\zh-CN\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\EB93A6\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\EB93A6\b70c\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\EB93A6\b70c.exe.dump\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\Low\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\RarSFX0\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\RarSFX0\data\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\VBE\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\\WPDNSE\*.*

Network behavior

Behavior description: 连接指定站点
details: WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002eaf38, hConnect = 0x002e8aa0, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ebe30, hConnect = 0x002e8b88, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ec710, hConnect = 0x00317f18, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ec7f8, hConnect = 0x00318000, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ebf18, hConnect = 0x003180e8, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ecf48, hConnect = 0x003183a0, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ec540, hConnect = 0x00318488, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ec000, hConnect = 0x003181d0, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002eb7c8, hConnect = 0x00318658, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ed200, hConnect = 0x00318740, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ec458, hConnect = 0x003182b8, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ec8e0, hConnect = 0x00318828, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ec628, hConnect = 0x00318570, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ed030, hConnect = 0x00318910, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 443, UserName = , Password = , hSession = 0x002ed118, hConnect = 0x003189f8, Flags = 0x00000000
Behavior description: 打开HTTP连接
details: WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002eaf38
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ebe30
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ebf18
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ec000
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ec458
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ec540
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ec628
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ec710
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ec7f8
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ecf48
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002eb7c8
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ed200
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ec8e0
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ed030
WinHttpOpen: UserAgent: MetaTrader Setup/5.1598 (Windows NT 6.1), hSession = 0x002ed118
Behavior description: 打开HTTP请求
details: WinHttpOpenRequest: ap****om:443/\, hConnect = 0x002e8aa0, hRequest = 0x00311a40, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x002e8b88, hRequest = 0x00314e68, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00317f18, hRequest = 0x00319f00, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00318000, hRequest = 0x0031d298, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x003180e8, hRequest = 0x00320328, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x003183a0, hRequest = 0x00323f50, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00318488, hRequest = 0x00326ef0, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x003181d0, hRequest = 0x00329f80, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00318658, hRequest = 0x0032d4f8, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00318740, hRequest = 0x00330598, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x003182b8, hRequest = 0x00334a30, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00318828, hRequest = 0x00342450, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00318570, hRequest = 0x003478b8, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x00318910, hRequest = 0x0034d6e0, Verb: HEAD, Referer: , Flags = 0x00800100
WinHttpOpenRequest: ap****om:443/\, hConnect = 0x003189f8, hRequest = 0x02ef16a8, Verb: HEAD, Referer: , Flags = 0x00800100
Behavior description: 按名称获取主机地址
details: GetAddrInfoW: a-PC
GetAddrInfoW: ap****om

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\MetaQuotes Software\ID
\REGISTRY\USER\S-*\Software\MetaQuotes Software\ID
\REGISTRY\USER\S-*\Software\MetaQuotes Software\Install.Time
Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 创建事件对象
details: EventName = api_speed_tester
Behavior description: 探测 Virtual PC是否存在
details: N/A
Behavior description: 打开互斥体
details: Local\MSCTF.Asm.MutexDefault1
Behavior description: 窗口信息
details: Pid = 2636, Hwnd=0x30164, Text = , ClassName = #32770.
Pid = 2636, Hwnd=0x20170, Text = METAQUOTES SOFTWARE CORP. End-User License, ClassName = Edit.
Pid = 2636, Hwnd=0x2016e, Text = 是的,我同意该许可证协议的全部条款。, ClassName = Button(CheckBox).
Pid = 2636, Hwnd=0x20180, Text = < 上一步(&B), ClassName = Button.
Pid = 2636, Hwnd=0x201ba, Text = 下一步(&N) >, ClassName = Button.
Pid = 2636, Hwnd=0x201e6, Text = 完成, ClassName = Button.
Pid = 2636, Hwnd=0x4016c, Text = 取消, ClassName = Button.
Pid = 2636, Hwnd=0x2017a, Text = 帮助, ClassName = Button.
Pid = 2636, Hwnd=0x20166, Text = 设置, ClassName = ATL:008BF7A0.
Pid = 2636, Hwnd=0x20156, Text = Cong Lei Fung Gold Dealer Limited, ClassName = WTL_HyperLink.
Pid = 2636, Hwnd=0x30188, Text = Cong Lei Fung Terminal 设置 (32 bit), ClassName = #32770.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description: 直接操作物理设备
details: \??\PHYSICALDRIVE0
Behavior description: 隐藏指定窗口
details: [Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [< 上一步(&B),Button]
Behavior description: 直接获取CPU时钟
details: EAX = 0x89da315d, EDX = 0x00000039
EAX = 0x89da31a9, EDX = 0x00000039
EAX = 0x8c8d3125, EDX = 0x00000039
EAX = 0x8c8d3171, EDX = 0x00000039
EAX = 0xa6de69d1, EDX = 0x00000039
Behavior description: 导入密钥
details: [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002B82B8, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002B92B8, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002B93C8, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002BB2C0, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002B9550, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x02F02DA0, DataLen: 276, Flags: 0x00000000
Behavior description: VMWare特殊指令检测虚拟机
details: N/A

Run screenshot

VirSCAN