VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:cfe2729eb246a2aff627baa5609854a7
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
Subfile information:Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.EXEdumpFile / 3ae42157e069a8b900841a8da7a36fc7 / EXE
Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.EXE / 3ae42157e069a8b900841a8da7a36fc7 / EXE
下载说明.txtdumpFile / e53c330a1abe703450a4aa9b1c8953e6 / Unknown
下载说明.txt / e53c330a1abe703450a4aa9b1c8953e6 / Unknown
游民星空 Gamersky.com.urldumpFile / 1e2afd10cc59022d1a1e5e5955785cda / Unknown
游民星空 Gamersky.com.url / 1e2afd10cc59022d1a1e5e5955785cda / Unknown
Sid.MrAntiFun.161120.TrainerdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:查找PE资源信息
details:(FindResourceA) hModule = 0x00400000, ResName: DECOMPRESSOR, ResType:
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET51.tmp\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET51.tmp\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe" -ORIGIN:"C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Sid.MrAntiFun.161120.Trainer\"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\CET_Archive.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\CET_TRAINER.CETRAINER
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\defines.lua
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\lua53-64.dll
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\CET_TRAINER.CETRAINER
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\defines.lua
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\lua53-64.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\lua53-64.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\CET_Archive.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 393216
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\CET_TRAINER.CETRAINER ---> Offset = 524288
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\defines.lua ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> Offset = 393216
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> Offset = 524288
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\lua53-64.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\lua53-64.dll ---> Offset = 131072
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET51.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cetrainers\CET51.tmp\extracted\*.*
Other behavior
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 10000.
[2]: MilliSeconds = 10000.
[3]: MilliSeconds = 10000.
[4]: MilliSeconds = 10000.
[5]: MilliSeconds = 10000.
[6]: MilliSeconds = 10000.
[7]: MilliSeconds = 10000.
[8]: MilliSeconds = 10000.
[9]: MilliSeconds = 10000.
[10]: MilliSeconds = 10000.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> 6852660b8cbb67ee3f1e31bf2f1e0afd
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\lua53-64.dll ---> 476cbd8e116ef838a0b161100ff744be
Behavior description:查找PE资源信息
details:(FindResourceA) hModule = 0x00400000, ResName: DECOMPRESSOR, ResType:
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\Sid Meier Civilization VI V1.0.0.38 Trainer +12 MrAntiFun.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\cetrainers\CET51.tmp\extracted\lua53-64.dll(签名验证: 通过)
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号