VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:83
Behavior list
Basic Information
MD5:ca79787d83f42726f7a390e8f91a029a
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:Install WGestures.msi / 9091991f4b9b9adeacf7528197c70617 / Compound
Process behavior
Behavior description:创建本地线程
details:TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 2128, ThreadID = 2144, StartAddress = 765E964D, Parameter = 00101658
TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 2128, ThreadID = 2148, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 2128, ThreadID = 2152, StartAddress = 759D8761, Parameter = 00000000
TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 2128, ThreadID = 2208, StartAddress = 757D4D37, Parameter = 0014F328
TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 2128, ThreadID = 2220, StartAddress = 77E56C7D, Parameter = 001040F8
TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 2128, ThreadID = 2224, StartAddress = 769AE43B, Parameter = 001544C0
TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 2128, ThreadID = 2256, StartAddress = 77E56C7D, Parameter = 00135500
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi
C:\Documents and Settings\Administrator\Local Settings\Temp\Cab4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Cab6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI76531.LOG
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi
C:\Documents and Settings\Administrator\Local Settings\Temp\Cab4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Cab6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI76531.LOG
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Cab4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Cab6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi ---> Offset = 90624
C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi ---> Offset = 156160
C:\Documents and Settings\Administrator\Local Settings\Temp\76530.msi ---> Offset = 181248
C:\Documents and Settings\Administrator\Local Settings\Temp\Cab4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\Cab6.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar7.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar7.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar7.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\Tar7.tmp ---> Offset = 98304
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x011d2000, hConnect = 0x011d2100, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x011d2000
Behavior description:建立到一个指定的套接字连接
details:URL: w****., IP: **.133.40.**:80, SOCKET = 0x00000324
URL: w****., IP: **.133.40.**:80, SOCKET = 0x0000032c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000328
Behavior description:发送HTTP包
details:GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: **.133.40.** Connection: Keep-Alive
GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: ww****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: ww****om:80/msdownload/update/v3/static/trustedr/en/authrootseq.txt, hConnect = 0x011d2100, hRequest = 0x01240000, Verb: GET, Referer: , Flags = 0x00000100
Behavior description:按名称获取主机地址
details:gethostbyname: w****.
GetAddrInfoW: ww****om
Other behavior
Behavior description:创建互斥体
details:RasPbFile
MSCTF.Shared.MUTEX.EFI
Global\_MSIExecute
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.EFI.IC
EventName = MSCTF.SendReceiveConection.Event.EFI.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:调整进程token权限
details:SE_CREATE_TOKEN_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2128, Hwnd=0x102e0, Text = 确定, ClassName = Button.
Pid = 2128, Hwnd=0x102e2, Text = WGestures只支持Windows 7以及更新版本的系统。, ClassName = Static.
Pid = 2128, Hwnd=0x102e4, Text = 信息图标, ClassName = Static.
Pid = 2128, Hwnd=0x202d2, Text = WGestures 1.8 安装程序, ClassName = MsiDialogCloseClass.
Pid = 2128, Hwnd=0x402be, Text = 取消, ClassName = Button.
Pid = 2128, Hwnd=0x702c0, Text = WixUI_Bmp_Dialog, ClassName = Static.
Pid = 2128, Hwnd=0x202b0, Text = 欢迎使用 WGestures 1.8 安装向导, ClassName = Static.
Pid = 2128, Hwnd=0x202ae, Text = 安装向导正准备指导您完成安装过程,请稍候。, ClassName = Static.
Pid = 2128, Hwnd=0x202aa, Text = 上一步(&B), ClassName = Button.
Pid = 2128, Hwnd=0x202ac, Text = 下一步(&N), ClassName = Button.
Pid = 2128, Hwnd=0x202d0, Text = 正在评估启动条件, ClassName = Static.
Pid = 2128, Hwnd=0x302da, Text = WGestures 1.8 安装程序, ClassName = MsiDialogCloseClass.
Pid = 2128, Hwnd=0x202e0, Text = 完成(&F), ClassName = Button.
Pid = 2128, Hwnd=0x102e8, Text = 取消, ClassName = Button.
Pid = 2128, Hwnd=0x102ea, Text = WixUI_Bmp_Dialog, ClassName = Static.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [WGestures 1.8 安装程序,MsiDialogCloseClass]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号