VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:c5f8e9059122963aed11f431efa7c2de
file type:Cab
Production company:深圳市迅雷网络技术有限公司
version:4.4.1.304---4, 4, 1, 304
Shell or compiler information:
Key behavior
Behavior description:按名称获取主机地址
details:fodder.neoimaging.cn
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\atl71.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\atl90.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\libexpat.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\libpng13.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\minizip.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\msvcp71.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\msvcp90.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\msvcr71.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\msvcr90.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\vcomp90.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\XLBugHandler.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\XLBugReport.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\XLFSIO.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\XLGraphic.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\XLLuaRuntime.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupUI.cab---> Offset = 2048000
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\Microsoft.VC90.ATL.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\Microsoft.VC90.CRT.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupXar\layout.xar---> Offset = 79402
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupXar\nametable.cfg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupXar\onload.lua---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupXar\package.cfg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupXar\res\default.zip---> Offset = 85908
Network behavior
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:按名称获取主机地址
details:fodder.neoimaging.cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\c:\%temp%\1418798642.234630.exe
Other behavior
Behavior description:设置对象安全信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupXar
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sample\4.4.1.304\SetupXar\res
Behavior description:窗口信息
details:Pid = 1268, Hwnd=0xb016a, Text = 安装光影魔术手, ClassName = XLUEFrameHostWnd.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [NeoImageSetup{01572D65-8C9A-484b-8B31-F2890BF1FB21},NeoImageSetupName]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号