VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:cc41adcaaf571cc41a40b616b5025e0b
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 隐藏指定窗口
details: [Window,Class] = [Form1,ThunderRT6FormDC]
[Window,Class] = [Project1,ThunderRT6Main]
[Window,Class] = [,ThunderRT6CheckBox]
[Window,Class] = [,ThunderRT6UserControlDC]
Behavior description: 修改注册表_任务管理器关键属性
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Behavior description: 设置特殊文件属性
details: C:\WINDOWS\userinit.exe
C:\WINDOWS\h2s.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\nacl.exe
Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
DfSharedHeap3D3F93
DFMap0-4013993
DfRoot0003D3F93
Behavior description: 修改注册表_禁用CMD 相关属性
details: \REGISTRY\USER\S-*\Software\Policies\Microsoft\Windows\System\DisableCMD
Behavior description: 修改注册表_禁用注册表编辑器项
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Behavior description: 修改注册表_启动项
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\pikachu
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit

Process behavior

Behavior description: 隐藏窗口创建进程
details: ImagePath = , CmdLine = cmd /k net share "phim_hai_hay=c:\documents and settings\temp" & exit &
Behavior description: 创建进程
details: ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /k net share "phim_hai_hay=C:\Documents and Settings\Temp" & exit &
ImagePath = C:\WINDOWS\explorer.exe, CmdLine = explorer 996E
ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net share "phim_hai_hay=C:\Documents and Settings\Temp"
ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 share "phim_hai_hay=C:\Documents and Settings\Temp"
Behavior description: 创建新文件进程
details: ImagePath = C:\WINDOWS\h2s.exe, CmdLine = C:\WINDOWS\h2s.exe
ImagePath = C:\WINDOWS\system\lsass.exe, CmdLine = C:\WINDOWS\system\lsass.exe
ImagePath = C:\WINDOWS\nacl.exe, CmdLine = C:\WINDOWS\nacl.exe
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
DfSharedHeap3D3F93
DFMap0-4013993
DfRoot0003D3F93
Behavior description: 设置特殊文件属性
details: C:\WINDOWS\userinit.exe
C:\WINDOWS\h2s.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\nacl.exe
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Temp\tuyen_tap_hai_2008.exe
C:\WINDOWS\userinit.exe
C:\WINDOWS\h2s.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\nacl.exe
Behavior description: 查找文件
details: FileName = C:\Documents and Settings\Temp
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = 996E
FileName = C:\WINDOWS\explorer.exe
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\net.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\net
FileName = C:\Python27\net.*
FileName = C:\Python27\net

Registry behavior

Behavior description: 修改注册表_组策略
details: \REGISTRY\USER\S-*\Software\Policies\Microsoft\MMC\RestrictToPermittedSnapins
Behavior description: 修改注册表_任务管理器关键属性
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Behavior description: 修改注册表_文件夹关键属性
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\UncheckedValue
Behavior description: 修改注册表_Explorer文件显示相关属性
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoFolderOptions
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\UncheckedValue
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoRun
Behavior description: 修改注册表_禁用CMD 相关属性
details: \REGISTRY\USER\S-*\Software\Policies\Microsoft\Windows\System\DisableCMD
Behavior description: 修改注册表_禁用注册表编辑器项
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Behavior description: 修改注册表_启动项
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\pikachu
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.ELH
Behavior description: 隐藏指定窗口
details: [Window,Class] = [Form1,ThunderRT6FormDC]
[Window,Class] = [Project1,ThunderRT6Main]
[Window,Class] = [,ThunderRT6CheckBox]
[Window,Class] = [,ThunderRT6UserControlDC]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 获取TickCount值
details: TickCount = 547625, SleepMilliseconds = 60000.
TickCount = 547640, SleepMilliseconds = 60000.
TickCount = 547656, SleepMilliseconds = 60000.
TickCount = 547671, SleepMilliseconds = 60000.
TickCount = 547687, SleepMilliseconds = 60000.
TickCount = 547718, SleepMilliseconds = 60000.
TickCount = 547734, SleepMilliseconds = 60000.
TickCount = 547921, SleepMilliseconds = 60000.
TickCount = 547937, SleepMilliseconds = 60000.
TickCount = 548031, SleepMilliseconds = 60000.
TickCount = 548046, SleepMilliseconds = 60000.
TickCount = 548375, SleepMilliseconds = 60000.
TickCount = 548390, SleepMilliseconds = 60000.
TickCount = 548406, SleepMilliseconds = 60000.
TickCount = 548453, SleepMilliseconds = 60000.
Behavior description: 获取光标位置
details: CursorPos = (106,18467), SleepMilliseconds = 60000.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.