VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:41
Behavior list
Basic Information
MD5:de4bdc5f35360279e6a324a57b86cb13
file type:EXE
Production company:1111111111
version:1.1.1.1---1.1.1.1
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [调试]
Key behavior
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cao360
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\WINDOWS\system32\Terms.EXE
Behavior description:创建可执行文件
details:C:\WINDOWS\system32\Terms.EXE
Behavior description:修改文件内容
details:C:\WINDOWS\system32\Terms.EXE ---> Offset = 0
C:\WINDOWS\system32\Terms.EXE ---> Offset = 65536
C:\WINDOWS\system32\Terms.EXE ---> Offset = 4096
C:\WINDOWS\system32\Terms.EXE ---> Offset = 8192
C:\WINDOWS\system32\Terms.EXE ---> Offset = 98376
C:\WINDOWS\system32\Terms.EXE ---> Offset = 99400
C:\WINDOWS\system32\Terms.EXE ---> Offset = 100424
C:\WINDOWS\system32\Terms.EXE ---> Offset = 101448
C:\WINDOWS\system32\Terms.EXE ---> Offset = 102472
Behavior description:修改新生成的可执行文件
details:C:\WINDOWS\system32\Terms.EXE
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SuperProServermzq\ConnectGroup
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SuperProServermzq\MarkTime
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cao360
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
Behavior description:创建事件对象
details:EventName = Cao360
Behavior description:修改后的可执行文件MD5
details:C:\WINDOWS\system32\Terms.EXE ---> 0443d0c7884501bf93d72418f5c8917e
Behavior description:修改后的可执行文件签名信息
details:C:\WINDOWS\system32\Terms.EXE(签名验证: 未通过)
Behavior description:可执行文件签名信息
details:C:\WINDOWS\system32\Terms.EXE(签名验证: 未通过)
Behavior description:可执行文件MD5
details:C:\WINDOWS\system32\Terms.EXE ---> de4bdc5f35360279e6a324a57b86cb13
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号