VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:73
Behavior list
Basic Information
MD5:b2e1625d2bcb503a07a8798324724d9a
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Armadillo 1.82 - 1.83 beta1-> Silicon Realms Toolworks [Overlay]
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = sample.TMP0, WriteAddress = 0x00401000, Size = 65014
TargetProcess = sample.TMP0, WriteAddress = 0x00410df6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x00420bf6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004309f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004407f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004505f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004603f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004701f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x0047fff6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x0048fdf6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x0049fbf6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004af9f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004bf7f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004cf5f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004df3f6, Size = 65024
Behavior description:跨进程写代码段数据
details:C:\monitor\sample.TMP0, WriteAddress = 0x00410DF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x00420BF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004309F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004407F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004505F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004603F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004701F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x0047FFF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x0048FDF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x0049FBF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004AF9F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004BF7F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004CF5F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004DF3F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004EF1F6, EntryPoint = 0x00445CBD
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = sample.TMP0, WriteAddress = 0x00401000, Size = 65014
TargetProcess = sample.TMP0, WriteAddress = 0x00410df6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x00420bf6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004309f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004407f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004505f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004603f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004701f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x0047fff6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x0048fdf6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x0049fbf6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004af9f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004bf7f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004cf5f6, Size = 65024
TargetProcess = sample.TMP0, WriteAddress = 0x004df3f6, Size = 65024
Behavior description:创建新文件进程
details:ImagePath = c:\monitor\sample.TMP0, CmdLine = c:\%temp%\1424863627.434120.exe
Behavior description:枚举进程
details:N/A
Behavior description:跨进程写代码段数据
details:C:\monitor\sample.TMP0, WriteAddress = 0x00410DF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x00420BF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004309F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004407F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004505F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004603F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004701F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x0047FFF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x0048FDF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x0049FBF6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004AF9F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004BF7F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004CF5F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004DF3F6, EntryPoint = 0x00445CBD
C:\monitor\sample.TMP0, WriteAddress = 0x004EF1F6, EntryPoint = 0x00445CBD
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
c:.monitor.sample.exe
MSCTF.MarshalInterface.FileMap.MNJ..CDBGF
MSCTF.MarshalInterface.FileMap.MNJ.B.CDBGF
MSCTF.MarshalInterface.FileMap.MNJ.C.CDBGF
MSCTF.MarshalInterface.FileMap.MNJ.D.CDBGF
MSCTF.MarshalInterface.FileMap.MNJ.E.CDBGF
MSCTF.MarshalInterface.FileMap.MNJ.F.CDBGF
MSCTF.MarshalInterface.FileMap.MNJ.G.CDBGF
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Arm3.tmp
C:\monitor\sample.TMP0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{665C94CF-F293-11D1-B2E4-0060975B8649}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\The Silicon Realms Toolworks\Armadillo\{3BE69020E11FA404}
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号