VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:20
Behavior list
Basic Information
MD5:a9b1403ca5901fae15936e4a5a408926
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0
Key behavior
Behavior description:设置特殊文件属性
details:C:\ginstall.exe
C:\gjava.exe
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\Python27\gpython.exe
C:\Python27\gpython2.7.exe
C:\Python27\gpython2.exe
C:\Python27\gpythonw.exe
C:\Python27\gpythonw2.7.exe
C:\Python27\gpythonw2.exe
C:\Python27\gw9xpopen.exe
C:\Python27\Lib\distutils\command\gwininst-6.0.exe
C:\Python27\Lib\distutils\command\gwininst-7.1.exe
C:\Python27\Lib\distutils\command\gwininst-8.0.exe
C:\Python27\Lib\distutils\command\gwininst-9.0-amd64.exe
Behavior description:查找文件方式探测虚拟机
details:FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.exe*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.*
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe
C:\install.exe
C:\ginstall.ico
C:\RCX13.tmp
C:\java.exe
C:\gjava.ico
C:\RCX14.tmp
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.ico
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\ginstallservices.ico
C:\222c25ed\IE8-Setup-Full\RCX15.tmp
C:\Python27\python.exe
C:\Python27\gpython.ico
C:\Python27\RCX16.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe
C:\install.exe
C:\RCX13.tmp
C:\java.exe
C:\RCX14.tmp
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\RCX15.tmp
C:\Python27\python.exe
C:\Python27\RCX16.tmp
C:\Python27\python2.7.exe
C:\Python27\RCX17.tmp
C:\Python27\python2.exe
C:\Python27\RCX18.tmp
C:\Python27\pythonw.exe
Behavior description:删除文件
details:C:\install.exe
C:\ginstall.ico
C:\java.exe
C:\gjava.ico
C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\222c25ed\IE8-Setup-Full\ginstallservices.ico
C:\Python27\python.exe
C:\Python27\gpython.ico
C:\Python27\python2.7.exe
C:\Python27\gpython2.7.ico
C:\Python27\python2.exe
C:\Python27\gpython2.ico
C:\Python27\pythonw.exe
C:\Python27\gpythonw.ico
C:\Python27\pythonw2.7.exe
Behavior description:覆盖已有文件
details:C:\RCX13.tmp
C:\RCX14.tmp
C:\222c25ed\IE8-Setup-Full\RCX15.tmp
C:\Python27\RCX16.tmp
C:\Python27\RCX17.tmp
C:\Python27\RCX18.tmp
C:\Python27\RCX19.tmp
C:\Python27\RCX1A.tmp
C:\Python27\RCX1B.tmp
C:\Python27\Lib\site-packages\pythonwin\RCX1C.tmp
C:\WINDOWS\RCX1D.tmp
C:\WINDOWS\RCX1E.tmp
C:\WINDOWS\RCX1F.tmp
C:\WINDOWS\RCX20.tmp
C:\WINDOWS\RCX21.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Program Files
FileName = C:\*.exe*
FileName = C:\*.*
FileName = C:\222c25ed\*.exe*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.exe*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.exe*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.exe*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.exe*
Behavior description:设置特殊文件属性
details:C:\ginstall.exe
C:\gjava.exe
C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\Python27\gpython.exe
C:\Python27\gpython2.7.exe
C:\Python27\gpython2.exe
C:\Python27\gpythonw.exe
C:\Python27\gpythonw2.7.exe
C:\Python27\gpythonw2.exe
C:\Python27\gw9xpopen.exe
C:\Python27\Lib\distutils\command\gwininst-6.0.exe
C:\Python27\Lib\distutils\command\gwininst-7.1.exe
C:\Python27\Lib\distutils\command\gwininst-8.0.exe
C:\Python27\Lib\distutils\command\gwininst-9.0-amd64.exe
Behavior description:重命名文件
details:C:\install.exe ---> C:\ginstall.exe
C:\RCX13.tmp ---> C:\install.exe
C:\java.exe ---> C:\gjava.exe
C:\RCX14.tmp ---> C:\java.exe
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE ---> C:\222c25ed\IE8-Setup-Full\gIE-REDIST.EXE
C:\222c25ed\IE8-Setup-Full\installservices.exe ---> C:\222c25ed\IE8-Setup-Full\ginstallservices.exe
C:\222c25ed\IE8-Setup-Full\RCX15.tmp ---> C:\222c25ed\IE8-Setup-Full\installservices.exe
C:\Python27\python.exe ---> C:\Python27\gpython.exe
C:\Python27\RCX16.tmp ---> C:\Python27\python.exe
C:\Python27\python2.7.exe ---> C:\Python27\gpython2.7.exe
C:\Python27\RCX17.tmp ---> C:\Python27\python2.7.exe
C:\Python27\python2.exe ---> C:\Python27\gpython2.exe
C:\Python27\RCX18.tmp ---> C:\Python27\python2.exe
C:\Python27\pythonw.exe ---> C:\Python27\gpythonw.exe
C:\Python27\RCX19.tmp ---> C:\Python27\pythonw.exe
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 2048
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 3072
C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> Offset = 4096
C:\install.exe ---> Offset = 0
C:\install.exe ---> Offset = 1024
C:\install.exe ---> Offset = 2048
C:\install.exe ---> Offset = 3072
C:\install.exe ---> Offset = 4096
C:\ginstall.ico ---> Offset = 0
C:\RCX13.tmp ---> Offset = 0
C:\RCX13.tmp ---> Offset = 864
C:\RCX13.tmp ---> Offset = 1024
C:\RCX13.tmp ---> Offset = 5120
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Ground\Ground
Other behavior
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Paint
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe ---> a9b1403ca5901fae15936e4a5a408926
C:\install.exe ---> a9b1403ca5901fae15936e4a5a408926
C:\RCX13.tmp ---> f918e5d04ff9af33d0e7529e175735b3
C:\java.exe ---> a9b1403ca5901fae15936e4a5a408926
C:\RCX14.tmp ---> eb7b329ec358a42f7de2d03c7b071f19
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE ---> a9b1403ca5901fae15936e4a5a408926
C:\222c25ed\IE8-Setup-Full\installservices.exe ---> a9b1403ca5901fae15936e4a5a408926
C:\222c25ed\IE8-Setup-Full\RCX15.tmp ---> 75bee6fb40a2f65477c6a0233b808d01
C:\Python27\python.exe ---> a9b1403ca5901fae15936e4a5a408926
C:\Python27\RCX16.tmp ---> a01f3df340ee890ab2adcef917a9c842
C:\Python27\python2.7.exe ---> a9b1403ca5901fae15936e4a5a408926
C:\Python27\RCX17.tmp ---> a01f3df340ee890ab2adcef917a9c842
C:\Python27\python2.exe ---> a9b1403ca5901fae15936e4a5a408926
C:\Python27\RCX18.tmp ---> a01f3df340ee890ab2adcef917a9c842
C:\Python27\pythonw.exe ---> a9b1403ca5901fae15936e4a5a408926
Behavior description:查找文件方式探测虚拟机
details:FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.exe*
FindFirstFileEx: FileName = C:\WINDOWS\Temp\vmware-SYSTEM\*.*
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Application Data\Ground.exe(签名验证: 未通过)
C:\install.exe(签名验证: 未通过)
C:\RCX13.tmp(签名验证: 未通过)
C:\java.exe(签名验证: 未通过)
C:\RCX14.tmp(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\IE-REDIST.EXE(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\installservices.exe(签名验证: 未通过)
C:\222c25ed\IE8-Setup-Full\RCX15.tmp(签名验证: 未通过)
C:\Python27\python.exe(签名验证: 未通过)
C:\Python27\RCX16.tmp(签名验证: 未通过)
C:\Python27\python2.7.exe(签名验证: 未通过)
C:\Python27\RCX17.tmp(签名验证: 未通过)
C:\Python27\python2.exe(签名验证: 未通过)
C:\Python27\RCX18.tmp(签名验证: 未通过)
C:\Python27\pythonw.exe(签名验证: 未通过)
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号