VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:a54ec83fe7d9aeb964ef6de064d58720
file type:Rar
Production company:
version:
Shell or compiler information:PACKER:UPolyX v0.5
Subfile information:C_hzj1.06.exedumpFile / 6da22259baff7772e863a77c458f9995 / EXE
C_hzj1.06.exe / 6da22259baff7772e863a77c458f9995 / EXE
updata.dlldumpFile / 19609dcc5f213ed60c0b15a531027b4c / EXE
updata.dll / 19609dcc5f213ed60c0b15a531027b4c / EXE
upx_c_3ac7cc24dumpFile / 88c91afe297122bb4b4b8ffade40a189 / DLL
AntiVC.dlldumpFile / 8fea41d07b5ffbb7f8ed5cab7594698f / DLL
AntiVC.dll / 8fea41d07b5ffbb7f8ed5cab7594698f / DLL
ll.cdsdumpFile / c91bc04f047d5928ed19bd111e50f213 / Unknown
ll.cds / c91bc04f047d5928ed19bd111e50f213 / Unknown
7U.cdsdumpFile / e722a63b237b06ea667dcbfde87a9d27 / Unknown
7U.cds / e722a63b237b06ea667dcbfde87a9d27 / Unknown
shine.cdsdumpFile / 9c716c74fa4c0a5d2d03ae8245f1b95d / Unknown
shine.cds / 9c716c74fa4c0a5d2d03ae8245f1b95d / Unknown
niaoyun.cdsdumpFile / 9058e433a9aa4fed96c84c65b6f54d70 / Unknown
niaoyun.cds / 9058e433a9aa4fed96c84c65b6f54d70 / Unknown
189mv.cdsdumpFile / ecef20ae8dd8c8c67a02e06267916a58 / Unknown
189mv.cds / ecef20ae8dd8c8c67a02e06267916a58 / Unknown
datadumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:直接获取CPU时钟
details:EAX = 0x6f51b800, EDX = 0x00001196
EAX = 0x6f51b84c, EDX = 0x00001196
EAX = 0x6f51b898, EDX = 0x00001196
EAX = 0x6f51b8e4, EDX = 0x00001196
EAX = 0x6f51b930, EDX = 0x00001196
EAX = 0x6f51b97c, EDX = 0x00001196
EAX = 0x6f51b9c8, EDX = 0x00001196
EAX = 0x6f51ba14, EDX = 0x00001196
EAX = 0x6f51ba60, EDX = 0x00001196
EAX = 0x6f51baac, EDX = 0x00001196
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0016032e, DC = 0x01010055.
Foreground window Info: HWND = 0x000c02f6, DC = 0x1a010529.
Foreground window Info: HWND = 0x002902f0, DC = 0xeb0103ee.
Foreground window Info: HWND = 0x00050384, DC = 0x24010301.
Foreground window Info: HWND = 0x000a03c4, DC = 0xcb01059a.
Foreground window Info: HWND = 0x00100320, DC = 0xc6010524.
Foreground window Info: HWND = 0x0008038c, DC = 0x0801065a.
Foreground window Info: HWND = 0x001502c8, DC = 0x01010055.
Foreground window Info: HWND = 0x002102bc, DC = 0x440105da.
Foreground window Info: HWND = 0x001502c8, DC = 0x0801065a.
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005FB7C2
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x005922AC
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005C9CA6
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Process behavior
Behavior description:创建本地线程
details:TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2864, StartAddress = 0055898D, Parameter = 001A8A68
TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2868, StartAddress = 0055898D, Parameter = 001A8A68
TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2872, StartAddress = 0055898D, Parameter = 001A8A68
TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2876, StartAddress = 0055898D, Parameter = 001A8A68
TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2880, StartAddress = 0055898D, Parameter = 001A8AC0
TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2884, StartAddress = 0055898D, Parameter = 001A8A68
TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2888, StartAddress = 0055898D, Parameter = 001A8A68
TargetProcess: C_hzj1.06.exe, InheritedFromPID = 1944, ProcessID = 2824, ThreadID = 2904, StartAddress = 4AEA7456, Parameter = 00000000
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = ch****om, PORT = 80, UserName = , Password = , hSession = 0x023a5000, hConnect = 0x023a5100, Flags = 0x00000000
Behavior description:建立到一个指定的套接字连接
details:URL: ch****om, IP: **.133.40.**:80, SOCKET = 0x00000140
Behavior description:发送HTTP包
details:POST /sms/show.asp HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Host: ch****om Content-Length: 23 Connection: Keep-Alive sid=F8CF-5B07-F5F4-CD42
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: ch****om:80/sms/show.asp, hConnect = 0x023a5100, hRequest = 0x02400000, Verb: POST, Referer: , Flags = 0x00000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: ch****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005FB7C2
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x005922AC
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005C9CA6
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MAL
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MAL.IC
EventName = MSCTF.SendReceiveConection.Event.MAL.IC
EventName = Global\userenv: User Profile setup event
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [4823-00000029,]
NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:窗口信息
details:Pid = 2824, Hwnd=0xc0330, Text = 不同意, ClassName = Button.
Pid = 2824, Hwnd=0x703b6, Text = 同意, ClassName = Button.
Pid = 2824, Hwnd=0xc0332, Text = 请务必认真阅读和理解本《软件许可使用协议》(以下简称《协议》)中规定的所有权利和限制。除非您接受本《协议》条款,否则您无权下载、安装或使用本”软件”及其相关服务。您一旦安装、复制、下载、访问或以其它方式使用本软件产品,将视为对本《协议》的接受,即表示您同意接受本《协议》各项条款的约束。如果您不同意本《协议》中的条款,请不要安装、复制或使用本软件。   1. 权利声明   本”软件”的一切知识产权,以及与”软件”相关的所有信息内容,包括但不限于:文字表述及其组合、图标、图饰、图像、图表、色彩、界面设计、版面框架, ClassName = Edit.
Pid = 2824, Hwnd=0x50386, Text = 免责声明, ClassName = WTWindow.
Pid = 2824, Hwnd=0xc02f6, Text = 9999, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2824, Hwnd=0x2902f0, Text = 今日人数:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2824, Hwnd=0x50384, Text = chungeseo.com, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2824, Hwnd=0xa03c4, Text = 级别:普通版, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0016032e, DC = 0x01010055.
Foreground window Info: HWND = 0x000c02f6, DC = 0x1a010529.
Foreground window Info: HWND = 0x002902f0, DC = 0xeb0103ee.
Foreground window Info: HWND = 0x00050384, DC = 0x24010301.
Foreground window Info: HWND = 0x000a03c4, DC = 0xcb01059a.
Foreground window Info: HWND = 0x00100320, DC = 0xc6010524.
Foreground window Info: HWND = 0x0008038c, DC = 0x0801065a.
Foreground window Info: HWND = 0x001502c8, DC = 0x01010055.
Foreground window Info: HWND = 0x002102bc, DC = 0x440105da.
Foreground window Info: HWND = 0x001502c8, DC = 0x0801065a.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:直接获取CPU时钟
details:EAX = 0x6f51b800, EDX = 0x00001196
EAX = 0x6f51b84c, EDX = 0x00001196
EAX = 0x6f51b898, EDX = 0x00001196
EAX = 0x6f51b8e4, EDX = 0x00001196
EAX = 0x6f51b930, EDX = 0x00001196
EAX = 0x6f51b97c, EDX = 0x00001196
EAX = 0x6f51b9c8, EDX = 0x00001196
EAX = 0x6f51ba14, EDX = 0x00001196
EAX = 0x6f51ba60, EDX = 0x00001196
EAX = 0x6f51baac, EDX = 0x00001196
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号