VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:d9b0277639e6082b5ae0fdab81ab1bfa
file type:RAR5
Production company:
version:
Shell or compiler information:COMPILER:UPolyX v0.5
Subfile information:packages.egg / 5bc8da8eec1f2a36772a4a517e5086da / zip
python27.dll / 676fc65e4a49a525df0ecde3596f3ae5 / DLL
python27.zip / d785a03d88148298ae7ec7c06cc61d6e / zip
GeoIP.dat / 0c447f1de2099786b637c038031ed74f / Unknown
msvcr90.dll / e7d91d008fe76423962b91c43c88e4eb / DLL
goagent-uv.exe / 8562278fb2720d15bcb31b072c20b394 / EXE
cacert.pem / df8d015b1c666c8b49853d186cb51853 / Unknown
proxylib.py / 087675a9a9d752fe5718c1431ccf59d6 / Unknown
proxy.py / 2980a549f0c96e86fbacf6f12fbccd77 / Unknown
proxy2.py / cb79eec4ee05c72a24da01dbec0d40b1 / Unknown
proxy.pac / c02da8014a178e56008d44f3a94f7f5a / Unknown
python27.exe / fdfd24f2c90dc05ac24f7da4d3498197 / EXE
proxy.ini_backup / 3b69085dd357a78ee8b28db486b1ba7a / Unknown
proxy.ini / 10b5cb8ca9edcb071bdf6b9d9b21f38f / Unknown
goagent.exe / 06ee70f42aa9a2b81969e5bb77f0614a / EXE
checkip.py / 82f1bb1fbc60c56b0cfe7fbbec23581e / Unknown
dnsproxy.py / c91d353d5855c99f5aa5df68ed71388f / Unknown
goagent-gtk.py / aa0aa8da46421dfe9e773d037c36f0d9 / Unknown
G.ip.txt / 7693356866e3eb19260b849cb624fcce / Unknown
Process behavior
Behavior description:创建进程
details:ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.exe, CmdLine = python27.exe proxy.py
Behavior description:创建本地线程
details:TargetProcess: goagent-uv.exe, InheritedFromPID = 1944, ProcessID = 3452, ThreadID = 3468, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.dll ---> Offset = 856064
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.dll ---> Offset = 921600
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.dll ---> Offset = 987136
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.dll ---> Offset = 1052672
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.dll ---> Offset = 1118208
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.zip
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.zip\encodings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\packages.egg\noarch
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\packages.egg
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\packages.egg\win32
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\packages.egg\win32\gevent
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\python27.zip\ctypes
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\packages.egg\win32\OpenSSL
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\proxylib.py
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\packages.egg\noarch\dnslib
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_unrar5\Agent\packages.egg\win32\Crypto
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:隐藏指定窗口
details:[Window,Class] = [GoAgent Notify,taskbar]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Behavior description:窗口信息
details:Pid = 3452, Hwnd=0x1002c8, Text = GoAgent v3.2.3, ClassName = ConsoleWindowClass.
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号