VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:26
Behavior list
Basic Information
MD5:d104b6842538aa972d091a6ecf9813be
file type:EXE
Production company:小酱团队
version:10.0.0.0---10.0.0.0
Shell or compiler information:COMPILER:Elan
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取系统权限
details:SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 545984, SleepMilliseconds = 60000.
TickCount = 546000, SleepMilliseconds = 60000.
TickCount = 546015, SleepMilliseconds = 60000.
TickCount = 546718, SleepMilliseconds = 60000.
TickCount = 546781, SleepMilliseconds = 60000.
TickCount = 547218, SleepMilliseconds = 60000.
TickCount = 547234, SleepMilliseconds = 60000.
TickCount = 547250, SleepMilliseconds = 60000.
TickCount = 547328, SleepMilliseconds = 60000.
TickCount = 547421, SleepMilliseconds = 60000.
TickCount = 547437, SleepMilliseconds = 60000.
TickCount = 547468, SleepMilliseconds = 60000.
TickCount = 547484, SleepMilliseconds = 60000.
TickCount = 548625, SleepMilliseconds = 60000.
TickCount = 548687, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin文件夹.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\announcement.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\background\背景文件夹说明.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\bubble\气泡文件夹说明.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\EasyLogin.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\EasyLogin文件夹说明.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\launcher\启动模块文件夹说明.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\music\背景音乐文件夹说明.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\name.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\plugin\插件文件夹说明.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\music\music.mp3
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\bubble\default.png
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\background\background.jpg
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\bgskin\*.jpg
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\background\*.jpg
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\background\online_background.jpg
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\announcement.png
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\bubble
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\bubble\*.png
FileName = javaw.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\plugin
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\plugin\*.el.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\music
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\music\*.mp3
Behavior description:删除文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin文件夹.zip
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin文件夹.zip---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\announcement.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\background\背景文件夹说明.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\bubble\气泡文件夹说明.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\EasyLogin.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\EasyLogin文件夹说明.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\launcher\启动模块文件夹说明.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\music\背景音乐文件夹说明.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\name.txt---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\plugin\插件文件夹说明.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\music\music.mp3---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\bubble\default.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EasyLogin\background\background.jpg---> Offset = 49152
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = service.easylogin.cc, PORT = 80
Behavior description:读取网络文件
details:hFile = 0x00000518, BytesToRead =1024, BytesRead = 1024.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: service.easylogin.cc:80/message.php, hConnect = 0x00000514
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EHF
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EHF.IC
EventName = MSCTF.SendReceiveConection.Event.EHF.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 545984, SleepMilliseconds = 60000.
TickCount = 546000, SleepMilliseconds = 60000.
TickCount = 546015, SleepMilliseconds = 60000.
TickCount = 546718, SleepMilliseconds = 60000.
TickCount = 546781, SleepMilliseconds = 60000.
TickCount = 547218, SleepMilliseconds = 60000.
TickCount = 547234, SleepMilliseconds = 60000.
TickCount = 547250, SleepMilliseconds = 60000.
TickCount = 547328, SleepMilliseconds = 60000.
TickCount = 547421, SleepMilliseconds = 60000.
TickCount = 547437, SleepMilliseconds = 60000.
TickCount = 547468, SleepMilliseconds = 60000.
TickCount = 547484, SleepMilliseconds = 60000.
TickCount = 548625, SleepMilliseconds = 60000.
TickCount = 548687, SleepMilliseconds = 60000.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 60000.
Behavior description:窗口信息
details:Pid = 1344, Hwnd=0x302dc, Text = 确定, ClassName = Button.
Pid = 1344, Hwnd=0x202d8, Text = 自动寻找Java路径失败,请手动设置, ClassName = Static.
Pid = 1344, Hwnd=0x202d4, Text = EasyLogin, ClassName = #32770.
Pid = 1344, Hwnd=0x202b4, Text = Easylogin启动器10.0, ClassName = WTWindow.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号