VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:c37f6a280a0f49dfe0cdbfe6d432f6e0
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:upx_c_1f054f62dumpFile / 619d14d161f965091fdae2a051154ae3 / EXE
upx_c_ec6f0711dumpFile / 619d14d161f965091fdae2a051154ae3 / EXE
libiconv.dlldumpFile / b66865df07fe09851a464628707e857d / DLL
libiconv.dll / b66865df07fe09851a464628707e857d / DLL
Sqlite3_Crypt.dlldumpFile / 3e7f774b8aeb38ff003208fd06168c9c / DLL
Sqlite3_Crypt.dll / 3e7f774b8aeb38ff003208fd06168c9c / DLL
MoonWeChat.exedumpFile / 3d717553a0e23cf7b286d3b350f57b56 / EXE
MoonWeChat.exe / 3d717553a0e23cf7b286d3b350f57b56 / EXE
gzip.dlldumpFile / a6c40de24f00f240089b073c38e2569b / DLL
gzip.dll / a6c40de24f00f240089b073c38e2569b / DLL
LibdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:获取TickCount值
details:TickCount = 1076771, SleepMilliseconds = 100.
TickCount = 1076787, SleepMilliseconds = 100.
TickCount = 1076881, SleepMilliseconds = 100.
TickCount = 1077006, SleepMilliseconds = 100.
TickCount = 1077115, SleepMilliseconds = 100.
TickCount = 1077225, SleepMilliseconds = 100.
TickCount = 1077334, SleepMilliseconds = 100.
TickCount = 1086850, SleepMilliseconds = 100.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: MoonWeChat.exe, InheritedFromPID = 1944, ProcessID = 1096, ThreadID = 2052, StartAddress = 00408249, Parameter = 00000000
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = wx****om, PORT = 443, UserName = , Password = , hSession = 0x00f63100, hConnect = 0x00f63200, Flags = 0x00000000
WinHttpConnect: ServerName = lo****om, PORT = 443, UserName = , Password = , hSession = 0x00f63100, hConnect = 0x00f63300, Flags = 0x00000000
WinHttpConnect: ServerName = lo****om, PORT = 443, UserName = , Password = , hSession = 0x00f63100, hConnect = 0x00f63200, Flags = 0x00000000
WinHttpConnect: ServerName = lo****om, PORT = 443, UserName = , Password = , hSession = 0x013b1100, hConnect = 0x013b1200, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00f63100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x013b1100
Behavior description:建立到一个指定的套接字连接
details:URL: wx****om, IP: **.133.40.**:443, SOCKET = 0x00000678
URL: lo****om, IP: **.133.40.**:443, SOCKET = 0x00000678
URL: lo****om, IP: **.133.40.**:443, SOCKET = 0x00000628
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: wx****om:443/cgi-bin/mmwebwx-bin/webwxlogout?redirect=1&type=0&skey=, hConnect = 0x00f63200, hRequest = 0x01110000, Verb: POST, Referer: , Flags = 0x00800080
WinHttpOpenRequest: lo****om:443/jslogin?appid=wx782c26e4c19acffb&redirect_uri=https%3a%2f%2fwx.qq.com%2fcgi-bin%2fmmwebwx-bin%2fwebwxnewloginpage&fun=new&lang=zh_cn&_=1465143262001, hConnect = 0x00f63300, hRequest = 0x01110000, Verb: GET, Referer: , Flags = 0x00800080
WinHttpOpenRequest: lo****om:443/qrcode/, hConnect = 0x00f63200, hRequest = 0x01110000, Verb: GET, Referer: , Flags = 0x00800080
WinHttpOpenRequest: lo****om:443/cgi-bin/mmwebwx-bin/login?loginicon=true&uuid=&tip=0&r=-559415065&_=1465143262002, hConnect = 0x013b1200, hRequest = 0x013f0000, Verb: GET, Referer: , Flags = 0x00800080
Behavior description:按名称获取主机地址
details:GetAddrInfoW: wx****om
GetAddrInfoW: lo****om
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IBE
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IBE.IC
EventName = MSCTF.SendReceiveConection.Event.IBE.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 1076771, SleepMilliseconds = 100.
TickCount = 1076787, SleepMilliseconds = 100.
TickCount = 1076881, SleepMilliseconds = 100.
TickCount = 1077006, SleepMilliseconds = 100.
TickCount = 1077115, SleepMilliseconds = 100.
TickCount = 1077225, SleepMilliseconds = 100.
TickCount = 1077334, SleepMilliseconds = 100.
TickCount = 1086850, SleepMilliseconds = 100.
Behavior description:窗口信息
details:Pid = 1096, Hwnd=0xe031e, Text = 二维码, ClassName = WTWindow.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号