VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:61
Behavior list
Basic Information
MD5:a23e7e565432b8d7ff070d8a3eaa3683
file type:EXE
Production company:KQ
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:PESpin 0.3x - 1.xx -> cyberbob
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:设置线程上下文
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.234019.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.237499.exe
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.072504.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.072504.exe
Behavior description:进程退出
details:N/A
Behavior description:设置线程上下文
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.234019.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.237499.exe
Behavior description:创建本地线程
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.452354.exe
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:TFWYNMIH
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x004d9408
Behavior description:窗口信息
details:Pid = 872, Hwnd=0x202a8, Text = 确定, ClassName = Button.
Pid = 872, Hwnd=0x202b4, Text = This is a third-party compiled AutoIt script., ClassName = Static.
Behavior description:程序异常崩溃信息
details:EAX=0x00000000, EBX=0x00000000, ECX=0x004D9920, EDX=0x7C81CAFA,ESI=0x00000000, EDI=0x00000000, EBP=0x000D3B4E, ESP=0x008EFF98,EIP=0x004D9966, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.388060.exe Disassembly: 0x004D9966: sub dword ptr [edx], eax 0x004D9968: jmp 004D9963h 0x004D996A: pop edx 0x004D996B: jmp 004D9966h 0x004D996D: push dword ptr [edx] 0x004D996F: jmp 004D996Ah 0x004D9971: lea edx, dword ptr [ebp+00405987h] 0x004D9977: jmp 004D996Dh 0x004D9979: pop eax 0x004D997A: pop edx 0x004D997B: pop ebp 0x004D997C: ret 0x004D997D: call FFFFFFFF8E4D6505h 0x004D9982: test dword ptr [esi+ebx*2+40h], eax 0x004D9986: add byte ptr [ecx+0073E828h], al 0x004D998C: add byte ptr [ebx+74h], al 0x004D998F: add edi, edi 0x004D9991: jmp 004DE9B3h 0x004D9996: jmp far eax
EAX=0x008EFFE0, EBX=0x004D764D, ECX=0xFFFFFFFF, EDX=0x004D9E75,ESI=0x00000000, EDI=0xFFFFFFFF, EBP=0x000D3B4E, ESP=0x008EFF9C,EIP=0x004D764A, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.392169.exe Disassembly: 0x004D764A: rep scasb 0x004D764C: push 000013B9h 0x004D7651: add al, ch 0x004D7653: add byte ptr [eax], al 0x004D7655: add byte ptr [eax], al 0x004D7657: pop edi 0x004D7658: sub edi, 0Ah 0x004D765B: mov esi, 004D95C0h 0x004D7660: rep movsb 0x004D7662: sub ebx, ebx 0x004D7664: jmp 004D764Dh 0x004D7666: or ebp, FFFFFFFFh 0x004D7669: call 004D766Eh 0x004D766E: add ebp, 00403B20h 0x004D7674: pop ebx 0x004D7675: xchg ebp, ebx 0x004D7677: sub ebp, ebx 0x004D7679: dec ebp 0x004D767A: sub eax, eax
EAX=0x00000000, EBX=0x00000000, ECX=0x004D9FBF, EDX=0x008EFF94,ESI=0x00000000, EDI=0x00000000, EBP=0x008EFBEC, ESP=0x008EFBCC,EIP=0x004D9FCF, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446438587.396202.exe Disassembly: 0x004D9FCF: xlatb 0x004D9FD0: call 004D9FE7h 0x004D9FD5: jmp dword ptr [esp-04h] 0x004D9FD9: dec dword ptr [ebx+2B082464h] 0x004D9FDF: sal byte ptr [ebp+1Ch], cl 0x004D9FE2: je 004D9FE5h 0x004D9FE4: jmp 004DA04Ah 0x004D9FE6: pop dword ptr [edx] 0x004D9FE8: pop edx 0x004D9FE9: and edx, 31343130h 0x004D9FEF: popfd 0x004D9FF0: pop ebp 0x004D9FF1: call 004D9FF7h
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号