VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:bb271fa3a324fb2166a346d97db95dde
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 检测自身是否被调试
details: N/A
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [全局设置,Button]
[Window,Class] = [,ComboBox]
[Window,Class] = [宠物名,Afx:400000:b:10011:1900015:0]
[Window,Class] = [工作设置,Button]
[Window,Class] = [保存,Button]
[Window,Class] = [自动喂洗,Button]
[Window,Class] = [幸福树,Button]
[Window,Class] = [定时关机,Button]
[Window,Class] = [窗口总在最前,Button]
[Window,Class] = [刷爱心值,Button]
[Window,Class] = [中国之旅,Button]
[Window,Class] = [亚洲之旅,Button]
[Window,Class] = [古堡通关(秒),Button]
[Window,Class] = [密室通关(秒),Button]
Behavior description: 获取QQ验证码图片
details: HttpOpenRequestA: captcha.qq.com:80/getimage?&uin=123456&aid=21002701&0.7079023490403982, hConnect = 0x00000660

Process behavior

Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 修改文件内容
details: C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 0
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 21
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 42
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 62
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 116
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 220
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 244
C:\monitor\sample.exe_7zdump\1.ini---> Offset = 0
C:\monitor\sample.exe_7zdump\1.ini---> Offset = 19
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 309
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 343
C:\monitor\sample.exe_7zdump\log\2014年9月22日\系统.txt---> Offset = 381

Network behavior

Behavior description: 连接指定站点
details: InternetConnectA: ServerName = www.369ok.net, PORT = 80
InternetConnectA: ServerName = orochi2001.blog.163.com, PORT = 80
InternetConnectA: ServerName = dl.vmall.com, PORT = 80
InternetConnectA: ServerName = check.ptlogin2.qq.com, PORT = 80
InternetConnectA: ServerName = captcha.qq.com, PORT = 80
InternetConnectA: ServerName = act.pet.qq.com, PORT = 80
InternetConnectA: ServerName = img.pet.qq.com, PORT = 80
InternetConnectA: ServerName = web.pet.qq.com, PORT = 80
Behavior description: 获取QQ验证码图片
details: HttpOpenRequestA: captcha.qq.com:80/getimage?&uin=123456&aid=21002701&0.7079023490403982, hConnect = 0x00000660
Behavior description: 打开HTTP请求
details: HttpOpenRequestA: www.369ok.net:80/tools/ipquery/default.aspx?n=0/, hConnect = 0x0000065c
HttpOpenRequestA: orochi2001.blog.163.com:80/blog/static/21941700220143282358680/, hConnect = 0x0000065c
HttpOpenRequestA: dl.vmall.com:80/c05grspg83, hConnect = 0x000006d0
HttpOpenRequestA: check.ptlogin2.qq.com:80/check?uin=123456&appid=21002701&js_ver=10080&js_type=0&login_sig=i3ultdolkvxvf7tn4*mvvvri2qxf4t6i7twiokjn7dzfc7p4trli6sjn9bjtbiva&u1=http%3a%2f%2fgame.ld2.qq.com%2flogin_frame.html&r=01095978031025181, hConnect = 0x0
HttpOpenRequestA: act.pet.qq.com:80/gundam/config.xml?time=1, hConnect = 0x00000650
HttpOpenRequestA: img.pet.qq.com:80/swf/games/gaoda/mz, hConnect = 0x00000580
HttpOpenRequestA: web.pet.qq.com:80/updated_pages/rank_growth.xml, hConnect = 0x00000650
HttpOpenRequestA: web.pet.qq.com:80/updated_pages/rank_growth.xml, hConnect = 0x00000584
HttpOpenRequestA: web.pet.qq.com:80/updated_pages/rank_strong.xml, hConnect = 0x00000650
HttpOpenRequestA: web.pet.qq.com:80/updated_pages/rank_strong.xml, hConnect = 0x00000584
HttpOpenRequestA: act.pet.qq.com:80/updated_pages/rank_iq.xml, hConnect = 0x00000584
HttpOpenRequestA: act.pet.qq.com:80/updated_pages/rank_iq.xml, hConnect = 0x00000650
HttpOpenRequestA: act.pet.qq.com:80/updated_pages/rank_charm.xml, hConnect = 0x00000650
HttpOpenRequestA: act.pet.qq.com:80/updated_pages/rank_charm.xml, hConnect = 0x00000584
HttpOpenRequestA: web.pet.qq.com:80/updated_pages/rank_yuanbao.xml, hConnect = 0x00000584
Behavior description: 读取网络文件
details: hFile = 0x00000660, BytesToRead =512, BytesRead = 512.
hFile = 0x000006a4, BytesToRead =10240, BytesRead = 10240.
hFile = 0x00000654, BytesToRead =10240, BytesRead = 10240.
hFile = 0x0000058c, BytesToRead =10240, BytesRead = 10240.
hFile = 0x00000584, BytesToRead =10240, BytesRead = 10240.
hFile = 0x00000650, BytesToRead =512, BytesRead = 512.

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\DrawDib\vga.drv 1676x885x32(BGR 0)

Other behavior

Behavior description: 检测自身是否被调试
details: N/A
Behavior description: 创建互斥体
details: RasPbFile
Behavior description: 内联HOOK
details: C:\WINDOWS\system32\ntdll.dll--->LdrFindResource_U Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->LdrAccessResource Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->LoadStringA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->LoadStringW Offset = 0x0
C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [,Microsoft Internet Explorer]
Behavior description: 获取系统权限
details: SE_DEBUG_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 1212, Hwnd=0xc01d6, Text = Q宠迷你小保姆, ClassName = Button(GroupBox).
Pid = 1212, Hwnd=0x106e4, Text = 斗2无视号(不检测对方是否有伤直接虐), ClassName = Button(GroupBox).
Pid = 1212, Hwnd=0x106e2, Text = 打豆豆, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106d8, Text = 斗2熔炼, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106d2, Text = 美洲之旅, ClassName = Button(GroupBox).
Pid = 1212, Hwnd=0x106ce, Text = 只去巴西, ClassName = ComboBox.
Pid = 1212, Hwnd=0x106cc, Text = 自动召回, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106ca, Text = 斗2炼丹, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106c8, Text = 糖果大作战, ClassName = Button(GroupBox).
Pid = 1212, Hwnd=0x106c6, Text = 自动执行, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106c4, Text = 自算gtk, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106c2, Text = post参数, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1212, Hwnd=0x106be, Text = post, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106bc, Text = 自动换相应装备, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x106b8, Text = 家族接力, ClassName = Button(GroupBox).
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [全局设置,Button]
[Window,Class] = [,ComboBox]
[Window,Class] = [宠物名,Afx:400000:b:10011:1900015:0]
[Window,Class] = [工作设置,Button]
[Window,Class] = [保存,Button]
[Window,Class] = [自动喂洗,Button]
[Window,Class] = [幸福树,Button]
[Window,Class] = [定时关机,Button]
[Window,Class] = [窗口总在最前,Button]
[Window,Class] = [刷爱心值,Button]
[Window,Class] = [中国之旅,Button]
[Window,Class] = [亚洲之旅,Button]
[Window,Class] = [古堡通关(秒),Button]
[Window,Class] = [密室通关(秒),Button]