VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:d5c35aa3a0f1191dd56a4c4b1e66e124
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0
Subfile information:upx_c_b9ce37ebdumpFile / 534c4664de40c79a145a1d81ba8ff7a0 / EXE
CPA挂机联盟自动赚钱系统(官方正版).exedumpFile / cf780ba01b2d7aa824676a8df99944e3 / EXE
CPA挂机联盟自动赚钱系统(官方正版).exe / cf780ba01b2d7aa824676a8df99944e3 / EXE
使用指南.docxdumpFile / fbb7736960d7172f6a6621c558267cf6 / zip
使用指南.docx / fbb7736960d7172f6a6621c558267cf6 / zip
image1.pngdumpFile / 850fe89e19e0b95b0be72216b58981ae / Unknown
image2.pngdumpFile / 78097d5fa3c9e3a9e63cf27a765c8b3f / Unknown
styles.xmldumpFile / 246a91718506a0507483859172ea20d7 / Unknown
document.xmldumpFile / 23ed7a07ae85a998073e83bbab0016d5 / Unknown
theme1.xmldumpFile / ff5f45015df216f82f2f1d36a8cafa58 / Unknown
fontTable.xmldumpFile / 76e0e872654e7cca805c6a283069dd59 / Unknown
settings.xmldumpFile / c33331961c1ca089ab7b723eb9c7066a / Unknown
document.xml.relsdumpFile / 96ff8777a14a5a0ef9263ff609d13531 / Unknown
[Content_Types].xmldumpFile / e6ddb5920370adc1e6f8dabdff688b5a / Unknown
numbering.xmldumpFile / d2ba8b7e2141e7857b13678ec955bf78 / Unknown
.relsdumpFile / fb5c1daec93d6d624b75b649fba6b815 / Unknown
core.xmldumpFile / 6a7dacc5b7fafe3ed3c5f836c0080ed2 / Unknown
app.xmldumpFile / 0df03dabc36130865f3983b13ae4fb65 / Unknown
custom.xmldumpFile / ecf19f8ef480b8feb9de1e2a5c504dae / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000d035e, Text = CPA挂机联盟自动赚钱系统(官方正版), ClassName = WTWindow.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 2784, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 2804, StartAddress = 004040ED, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 2808, StartAddress = 0040BB2B, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 2828, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 2832, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 2876, StartAddress = 0040BB1F, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 2900, StartAddress = 004040E1, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3012, StartAddress = 0040BB1F, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3100, StartAddress = 0040BB1F, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3104, StartAddress = 004040E1, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3172, StartAddress = 0040BB1F, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3188, StartAddress = 004040E1, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3192, StartAddress = 0040BB1F, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3224, StartAddress = 0040BB1F, Parameter = 00000000
TargetProcess: CPA挂机联盟自动赚钱系统(官方正版).exe, InheritedFromPID = 1944, ProcessID = 2704, ThreadID = 3244, StartAddress = 004040E1, Parameter = 00000000
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\api[1].php
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\api[1].php
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\*.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016061420160615\*.*
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1), hSession = 0x00cc0004
Behavior description:建立到一个指定的套接字连接
details:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000054c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000548
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000005b8
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000005d8
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000528
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000053c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000538
Behavior description:读取网络文件
details:hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
Behavior description:发送HTTP包
details:POST /api.php HTTP/1.1 Accept: */* Referer: http://www.cpapayfor888.com/api.php Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: ww****om Content-Length: 6 Cache-Control: no-cache time=1
Behavior description:打开HTTP请求
details:HttpOpenRequestA: ww****om:80/api.php, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0x80004010
Behavior description:按名称获取主机地址
details:GetAddrInfoW: ww****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.EJK
MSCTF.Shared.MUTEX.EML
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = 路上的风3243s%对方的上手f092ds2对方的景上是(ldjjld……&方的手手3上了景上是(ldjjld……&方的手了是了是对sjh到了
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceiveConection.Event.EJK.IC
EventName = MSCTF.SendReceive.Event.EJK.IC
EventName = MSCTF.SendReceiveConection.Event.EML.IC
EventName = MSCTF.SendReceive.Event.EML.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 2704, Hwnd=0x40392, Text = 修改密码, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2704, Hwnd=0x703ba, Text = 注册帐号, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2704, Hwnd=0x503b0, Text = 初始化中,请稍等, ClassName = Button.
Pid = 2704, Hwnd=0x1002c8, Text = 互联网简单赚钱, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2704, Hwnd=0xd035e, Text = CPA挂机联盟自动赚钱系统(官方正版), ClassName = WTWindow.
Pid = 2704, Hwnd=0x603ac, Text = 是(&Y), ClassName = Button.
Pid = 2704, Hwnd=0xc03a0, Text = 否(&N), ClassName = Button.
Pid = 2704, Hwnd=0x1302c4, Text = 服务器连接失败,是否现在重新尝试连接?, ClassName = Static.
Pid = 2704, Hwnd=0xa039c, Text = 信息:, ClassName = #32770.
Pid = 2704, Hwnd=0x1802fe, Text = 123456, ClassName = Edit.
Pid = 2704, Hwnd=0x1402c4, Text = 是(&Y), ClassName = Button.
Pid = 2704, Hwnd=0xd03a0, Text = 否(&N), ClassName = Button.
Pid = 2704, Hwnd=0x703ac, Text = 服务器连接失败,是否现在重新尝试连接?, ClassName = Static.
Pid = 2704, Hwnd=0x14033a, Text = 信息:, ClassName = #32770.
Pid = 2704, Hwnd=0x803ac, Text = 是(&Y), ClassName = Button.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
路上的风3243s%对方的上手f092ds2对方的景上是(ldjjld……&方的手手3上了景上是(ldjjld……&方的手了是了是对sjh到了
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000d035e, Text = CPA挂机联盟自动赚钱系统(官方正版), ClassName = WTWindow.
Behavior description:枚举窗口
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号