VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: e15fba7ccf9b7a68ddb26338e313a1b9
file type: EXE
Production company: www.sordum.org
version: 1.4.0.0---1.4.0.0
Shell or compiler information: COMPILER:PE+(64)

Key behavior

Behavior description: 设置消息钩子
details: C:\Users\Administrator\AppData\Local\%temp%\****.exe, idHook = 0x0000000d
C:\Users\Administrator\AppData\Local\%temp%\****.exe, idHook = 0x0000000e

File behavior

Behavior description: 创建文件
details: C:\Users\Administrator\AppData\Local\Temp\aut721E.tmp
C:\Users\Administrator\AppData\Local\Temp\ovudzre
C:\Users\Administrator\AppData\Local\%temp%\996E.ini
C:\Users\Administrator\AppData\Local\Temp\~eeiqttu.wav
Behavior description: 覆盖已有文件
details: C:\Users\Administrator\AppData\Local\Temp\aut721E.tmp
Behavior description: 删除文件
details: C:\Users\Administrator\AppData\Local\Temp\aut721E.tmp
C:\Users\Administrator\AppData\Local\Temp\ovudzre
C:\Users\Administrator\AppData\Local\Temp\~eeiqttu.wav
Behavior description: 修改文件内容
details: C:\Users\Administrator\AppData\Local\Temp\aut721E.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut721E.tmp ---> Offset = 20480
C:\Users\Administrator\AppData\Local\Temp\ovudzre ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\ovudzre ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\ovudzre ---> Offset = 81920
C:\Users\Administrator\AppData\Local\%temp%\996E.ini ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\996E.ini ---> Offset = 2
C:\Users\Administrator\AppData\Local\Temp\~eeiqttu.wav ---> Offset = 0
Behavior description: 查找文件
details: FileName = C:\Users\ADMINI~1\AppData\Local\Temp\ovudzre
FileName = C:\Users\Administrator\AppData\Local\%temp%\996E.ini
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.exe
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\~eeiqttu.wav

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwSupport
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFormatTags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aFormatTagCache
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cFilterTags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwSupport
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFormatTags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aFormatTagCache
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cFilterTags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwSupport
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFormatTags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aFormatTagCache
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cFilterTags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwSupport
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cFormatTags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aFormatTagCache

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 创建互斥体
details: KeyFreeze1.4_BlueLife
Local\MidiMapper_modLongMessage_RefCnt
Behavior description: 隐藏指定窗口
details: [Window,Class] = [AutoIt v3,AutoIt v3]
Behavior description: 窗口信息
details: Pid = 3572, Hwnd=0xb0052, Text = 3 - Cancel Keys Locking ..., ClassName = Static.
Pid = 3572, Hwnd=0x60262, Text = X, ClassName = Static.
Pid = 3572, Hwnd=0x40260, Text = To lock or unlock keys Press: Ctrl + Alt + F , ClassName = Static.
Pid = 3572, Hwnd=0xb0052, Text = 0 - Cancel Keys Locking ..., ClassName = Static.
Behavior description: 查找指定窗口
details: FindWindowW: [Class,Window] = [Shell_TrayWnd,]
Behavior description: 打开事件
details: Global\SvcctrlStartEvent_A3752DX
DINPUTWINMM
\KernelObjects\MaximumCommitCondition
Behavior description: 获取光标位置
details: CursorPos = (42,18755), SleepMilliseconds = 10.
CursorPos = (6335,26788), SleepMilliseconds = 10.
CursorPos = (19170,16012), SleepMilliseconds = 10.
CursorPos = (11479,29646), SleepMilliseconds = 10.
CursorPos = (26963,24752), SleepMilliseconds = 10.
CursorPos = (5706,28433), SleepMilliseconds = 10.
CursorPos = (23282,17115), SleepMilliseconds = 10.
CursorPos = (9962,779), SleepMilliseconds = 10.
CursorPos = (2996,12230), SleepMilliseconds = 10.
CursorPos = (4828,5724), SleepMilliseconds = 10.
CursorPos = (32392,14892), SleepMilliseconds = 10.
CursorPos = (3903,441), SleepMilliseconds = 10.
CursorPos = (293,12670), SleepMilliseconds = 10.
CursorPos = (17422,19004), SleepMilliseconds = 10.
CursorPos = (19719,20183), SleepMilliseconds = 10.
Behavior description: 枚举窗口
details: N/A
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 10.
[2]: MilliSeconds = 10.
[3]: MilliSeconds = 10.
[4]: MilliSeconds = 10.
[5]: MilliSeconds = 10.
[6]: MilliSeconds = 10.
[7]: MilliSeconds = 10.
[8]: MilliSeconds = 10.
[9]: MilliSeconds = 10.
[10]: MilliSeconds = 10.
Behavior description: 打开互斥体
details: Local\ShimViewer
Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1

Run screenshot

VirSCAN