VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:b763f5c900a91543daae6933949fb719
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPolyX v0.5
Subfile information:强制软件.exedumpFile / 90e393b419f4a5e52c7ebd1238d58c0b / EXE
强制软件.exe / 90e393b419f4a5e52c7ebd1238d58c0b / EXE
QQ截图20160715114010.pngdumpFile / 6d162ea2d03a6d075c3d4cbb40e9ac69 / Unknown
QQ截图20160715114010.png / 6d162ea2d03a6d075c3d4cbb40e9ac69 / Unknown
QQ截图20160715113621.pngdumpFile / c45d0620e7704ec2bd5334fba419b726 / Unknown
QQ截图20160715113621.png / c45d0620e7704ec2bd5334fba419b726 / Unknown
QQ图片20160715113852.pngdumpFile / 0e6daa50c59f2c570917bda8ad56eb10 / Unknown
QQ图片20160715113852.png / 0e6daa50c59f2c570917bda8ad56eb10 / Unknown
QQ图片20160715113324.pngdumpFile / d9f0f203f5050ebadacb5c33ffb44c62 / Unknown
QQ图片20160715113324.png / d9f0f203f5050ebadacb5c33ffb44c62 / Unknown
QQ截图20160715113824.pngdumpFile / 47abc00d0d539462ac274f921b869aff / Unknown
QQ截图20160715113824.png / 47abc00d0d539462ac274f921b869aff / Unknown
QQ截图20160715113200.pngdumpFile / 307f4811b16c9521f34cdf7f6bc8c1c7 / Unknown
QQ截图20160715113200.png / 307f4811b16c9521f34cdf7f6bc8c1c7 / Unknown
QQ截图20160715113030.pngdumpFile / 464909a3eaee458741254ffe810c9017 / Unknown
QQ截图20160715113030.png / 464909a3eaee458741254ffe810c9017 / Unknown
使用教程.txtdumpFile / 39000cb0889c320aaa4e2cf39f3f611d / Unknown
使用教程.txt / 39000cb0889c320aaa4e2cf39f3f611d / Unknown
怎么在小刀网投稿?.urldumpFile / 6ee21163412936c358ec18d2b1762c93 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\软件\配置文件
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 强制软件.exe, InheritedFromPID = 1944, ProcessID = 2644, ThreadID = 2660, StartAddress = 719CD33A, Parameter = 001DFCA8
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\软件\配置文件\config.ini
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\软件\配置文件
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\软件\配置文件\config.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\软件\配置文件\config.ini ---> Offset = 21
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\软件\配置文件\config.ini ---> Offset = 13
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\软件\配置文件\config.ini ---> Offset = 26
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: , IP: **.255.176.**:20155, SOCKET = 0x000006b8
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IFK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IFK.IC
EventName = MSCTF.SendReceiveConection.Event.IFK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
Behavior description:窗口信息
details:Pid = 2644, Hwnd=0x1d02bc, Text = 加载皮肤, ClassName = Button(CheckBox).
Pid = 2644, Hwnd=0x9039c, Text = 记住帐号密码, ClassName = Button(CheckBox).
Pid = 2644, Hwnd=0x1702d8, Text = 账号:, ClassName = _EL_Label.
Pid = 2644, Hwnd=0x1902ce, Text = 密码:, ClassName = _EL_Label.
Pid = 2644, Hwnd=0x703ba, Text = 登录, ClassName = Button.
Pid = 2644, Hwnd=0x1802fe, Text = 蝌蚪网络强制绑定QQ业务软件登陆, ClassName = WTWindow.
Pid = 2644, Hwnd=0x40392, Text = 123456, ClassName = Edit.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,_EL_ClientSock]
[Window,Class] = [,_EL_RgnButton]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号