VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:b897372cea8e0c80a75efdc81a154ecc
file type:EXE
Production company:
version:2.2.0.0---2.02
Shell or compiler information:PACKER:UPolyX v0.5
Key behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\SIWVID
\??\NTICE
Behavior description:获取TickCount值
details:TickCount = 1077956, SleepMilliseconds = 50.
TickCount = 1078253, SleepMilliseconds = 50.
TickCount = 1078284, SleepMilliseconds = 50.
TickCount = 1078300, SleepMilliseconds = 50.
TickCount = 1078362, SleepMilliseconds = 50.
TickCount = 1078378, SleepMilliseconds = 50.
TickCount = 1078393, SleepMilliseconds = 50.
TickCount = 1078409, SleepMilliseconds = 50.
TickCount = 1078534, SleepMilliseconds = 50.
TickCount = 1078550, SleepMilliseconds = 50.
TickCount = 1079550, SleepMilliseconds = 50.
TickCount = 1079565, SleepMilliseconds = 50.
TickCount = 1079581, SleepMilliseconds = 50.
TickCount = 1079862, SleepMilliseconds = 50.
TickCount = 1082550, SleepMilliseconds = 50.
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description:查找指定内核模块
details:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6CD9.tmp
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6CD9.tmp
Registry behavior
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Other behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AJJ
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AJJ.IC
EventName = MSCTF.SendReceiveConection.Event.AJJ.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\SIWVID
\??\NTICE
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x00789a78
Behavior description:调整进程token权限
details:SE_DEBUG_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2444, Hwnd=0x4036c, Text = 确定, ClassName = Button.
Pid = 2444, Hwnd=0x40368, Text = 注册之前,请先关闭Camtasia Studio 8.5,以免引起未知错误!另外,本程序中带有一首劲爆的音乐,希望不要惊吓到您!嘻嘻 \(^o^)/, ClassName = Static.
Pid = 2444, Hwnd=0xa030a, Text = 提示:, ClassName = #32770.
Pid = 2444, Hwnd=0x6034e, Text = 一键解除 CS8.5的30天试用期限制, ClassName = ThunderRT6CommandButton.
Pid = 2444, Hwnd=0x70338, Text = 部分龙江微课群列表: 龙江微课一群 250942769 龙江微课二群 106039965 龙江微课二群(高)489937570 龙江微课技术培训群 340238757 , ClassName = ThunderRT6TextBox.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ThunderRT6FormDC]
Behavior description:获取TickCount值
details:TickCount = 1077956, SleepMilliseconds = 50.
TickCount = 1078253, SleepMilliseconds = 50.
TickCount = 1078284, SleepMilliseconds = 50.
TickCount = 1078300, SleepMilliseconds = 50.
TickCount = 1078362, SleepMilliseconds = 50.
TickCount = 1078378, SleepMilliseconds = 50.
TickCount = 1078393, SleepMilliseconds = 50.
TickCount = 1078409, SleepMilliseconds = 50.
TickCount = 1078534, SleepMilliseconds = 50.
TickCount = 1078550, SleepMilliseconds = 50.
TickCount = 1079550, SleepMilliseconds = 50.
TickCount = 1079565, SleepMilliseconds = 50.
TickCount = 1079581, SleepMilliseconds = 50.
TickCount = 1079862, SleepMilliseconds = 50.
TickCount = 1082550, SleepMilliseconds = 50.
Behavior description:查找指定内核模块
details:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号