VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:e6fb4d29107790ec129b7149f1e52445
file type:Rar
Production company:
version:
Shell or compiler information:PACKER:UPolyX v0.5
Subfile information:teamviewer_12.0.72365_patch_uret_v4.7.exe / ef908ccebe28a7680696052b5699a89c / EXE
TeamViewer_12.0.72365_Patch_URET_v4.7.exe / ef908ccebe28a7680696052b5699a89c / EXE
sidchg_x32_x64_2.0j_Cracked_URET.rar / cdd0e1f895507bc2b97243064ff206fe / Rar
sidchg_x32_x64_2.0j_Cracked_URET.rar / cdd0e1f895507bc2b97243064ff206fe / Rar
TeamViewer_12.0.72365_Patch_URET_v4.7.jpg / a4157c1e1c33d9e24fb0a9eaddeec0e9 / Unknown
TeamViewer_12.0.72365_Patch_URET_v4.7.jpg / a4157c1e1c33d9e24fb0a9eaddeec0e9 / Unknown
URET.nfodumpFile / aa079615c273164110c2c5e7a81f0574 / Unknown
URET.nfo / aa079615c273164110c2c5e7a81f0574 / Unknown
URET.nfo / aa079615c273164110c2c5e7a81f0574 / Unknown
下载安装说明.txt / 4e48fd7d0b250338a1a3dbdfb061a21d / Unknown
未来软件园_百度搜索.url / 3512d1879eaafeba9a22786b8edbab17 / Unknown
Key behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Behavior description:获取TickCount值
details:TickCount = 764234, SleepMilliseconds = 500.
TickCount = 764265, SleepMilliseconds = 500.
TickCount = 764421, SleepMilliseconds = 500.
TickCount = 764531, SleepMilliseconds = 500.
TickCount = 764640, SleepMilliseconds = 500.
TickCount = 764656, SleepMilliseconds = 500.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x3001072d.
Foreground window Info: HWND = 0x00000000, DC = 0x2a010afa.
Foreground window Info: HWND = 0x00000000, DC = 0x470106f5.
Foreground window Info: HWND = 0x00000000, DC = 0x330109c1.
Foreground window Info: HWND = 0x00000000, DC = 0x780109d6.
Behavior description:设置特殊文件夹属性
details:C:\Users\Administrator\AppData\Roaming\Obsidium\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}
Behavior description:直接获取CPU时钟
details:EAX = 0x045acff2, EDX = 0x00000279
EAX = 0x09959eab, EDX = 0x00000279
EAX = 0x11836c94, EDX = 0x00000279
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,OllyDBg]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\Obsidium\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\00000ADC.obs
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Roaming\Obsidium\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\00000ADC.obs
Behavior description:设置特殊文件夹属性
details:C:\Users\Administrator\AppData\Roaming\Obsidium\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Roaming\Obsidium\{EAF3AA4B-98B402DE-21B3A957-A3EAA5C4}\*.obs
FileName = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorwks.dll
FileName = C:\Windows\Microsoft.NET\Framework\v4.0.40305\mscorwks.dll
Other behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:DBWinMutex
{87EE637B-6B0EF925-23A5FE20-A6534849}
Behavior description:创建事件对象
details:EventName = 鐚裤倐鏈ㄣ亱銈夎惤銇°倠
Behavior description:打开事件
details:Global\SvcctrlStartEvent_A3752DX
HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:检测自身是否被调试
details:N/A
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [ObsidianGUI,]
NtUserFindWindowEx: [Class,Window] = [WinDbgFrameClass,]
NtUserFindWindowEx: [Class,Window] = [ID,]
Behavior description:枚举窗口
details:N/A
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Behavior description:枚举系统设备驱动
details:N/A
Behavior description:窗口信息
details:Pid = 2780, Hwnd=0xa02ca, Text = 确定, ClassName = Button.
Pid = 2780, Hwnd=0x2401de, Text = 若要运行此应用程序,您必须首先安装 .NET Framework 的以下版本之一: v4.0.30319 有关如何获取 .NET Framework 的适当版本的说明,请与应用程序发行者联系。, ClassName = Static.
Pid = 2780, Hwnd=0x1f0124, Text = TeamViewer_12.0.72365_Patch_URET_v4.7.exe - .NET Framework 初始化错误, ClassName = #32770.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x3001072d.
Foreground window Info: HWND = 0x00000000, DC = 0x2a010afa.
Foreground window Info: HWND = 0x00000000, DC = 0x470106f5.
Foreground window Info: HWND = 0x00000000, DC = 0x330109c1.
Foreground window Info: HWND = 0x00000000, DC = 0x780109d6.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 500.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 500.
[5]: MilliSeconds = 500.
[6]: MilliSeconds = 500.
[7]: MilliSeconds = 500.
[8]: MilliSeconds = 500.
[9]: MilliSeconds = 500.
[10]: MilliSeconds = 500.
Behavior description:获取TickCount值
details:TickCount = 764234, SleepMilliseconds = 500.
TickCount = 764265, SleepMilliseconds = 500.
TickCount = 764421, SleepMilliseconds = 500.
TickCount = 764531, SleepMilliseconds = 500.
TickCount = 764640, SleepMilliseconds = 500.
TickCount = 764656, SleepMilliseconds = 500.
Behavior description:直接获取CPU时钟
details:EAX = 0x045acff2, EDX = 0x00000279
EAX = 0x09959eab, EDX = 0x00000279
EAX = 0x11836c94, EDX = 0x00000279
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,OllyDBg]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号