VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:d0da29bb6a5786d87863a0227288a918
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:upx_c_ca21f7cfdumpFile / 5982003aecf4a8d221394d45714051c1 / EXE
upx_c_72699636dumpFile / 5982003aecf4a8d221394d45714051c1 / EXE
ESET_VC52_UPID.exedumpFile / 495a5b2ea2e1da743762e38f79c5b0e5 / Autoit
ESET_VC52_UPID.exe / 495a5b2ea2e1da743762e38f79c5b0e5 / Autoit
XP510下载须知.txtdumpFile / 996fcedd03f33601691e182fe1bc16d3 / Unknown
XP510下载须知.txt / 996fcedd03f33601691e182fe1bc16d3 / Unknown
tool.batdumpFile / dee5e6cc3654d69afc273dbc7c572e50 / Unknown
tool.bat / dee5e6cc3654d69afc273dbc7c572e50 / Unknown
636网址导航.urldumpFile / 3688d42285b5e6a8a3c9f5658483ddba / Unknown
636网址导航.url / 3688d42285b5e6a8a3c9f5658483ddba / Unknown
软件使用说明.htmldumpFile / d9ca7d1f89782cd376a0eef1e487335f / Unknown
软件使用说明.html / d9ca7d1f89782cd376a0eef1e487335f / Unknown
list.txtdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
ESETUPIDdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
list.txt / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Process behavior
Behavior description:创建本地线程
details:TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2188, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2200, StartAddress = 0044FA78, Parameter = 01694378
TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2204, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2208, StartAddress = 7C930230, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg ---> Offset = 94208
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\ESET_UP\yzfwq
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 2168, Hwnd=0x6034e, Text = 确定, ClassName = Button.
Pid = 2168, Hwnd=0x70338, Text = 未找到 ESET 安全软件,我只能退出!, ClassName = Static.
Pid = 2168, Hwnd=0xa0302, Text = ESET VC52 UPID 6.3.1.2, ClassName = #32770.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号