VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:ea54e26485ed2292e5d95b0cbf899724
file type:EXE
Production company:中国飘云阁初学者破解组织
version:2007.1.0.1---2007.01.0001
Shell or compiler information:PACKER:NothingFound
Key behavior
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Process behavior
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3A5A.tmp
Behavior description:删除文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3A5A.tmp
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MJB
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.MJB.IC
EventName = MSCTF.SendReceiveConection.Event.MJB.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,P.Y.G_KeyGen]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x0043117b
Behavior description:窗口信息
details:Pid = 1400, Hwnd=0x202b4, Text = P.Y.G官方作品使用协议, ClassName = ThunderRT6FormDC.
Behavior description:隐藏指定窗口
details:[Window,Class] = [P.Y.G官方作品使用协议,ThunderRT6FormDC]
Behavior description:程序异常崩溃信息
details:EAX=0x00000000, EBX=0x00000000, ECX=0x00431687, EDX=0x7C81CAFA,ESI=0x00000000, EDI=0x00000000, EBP=0x0002C33D, ESP=0x0012FF98,EIP=0x004316CD, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1449543072.422711.exe Disassembly: 0x004316CD: sub dword ptr [edx], eax 0x004316CF: jmp 004316CAh 0x004316D1: pop edx 0x004316D2: jmp 004316CDh 0x004316D4: push dword ptr [edx] 0x004316D6: jmp 004316D1h 0x004316D8: lea edx, dword ptr [ebp+00404EFFh] 0x004316DE: jmp 004316D4h 0x004316E0: pop eax 0x004316E1: pop edx 0x004316E2: pop ebp 0x004316E3: ret 0x004316E4: call FFFFFFFF8E42E26Ch 0x004316E9: test dword ptr [ebx+edx*2+28810040h], edi 0x004316F0: call 43431768h 0x004316F5: je 004316F8h 0x004316F7: jmp far ecx 0x004316F9: nop 0x004316FA: push ecx 0x004316FB: add byte ptr [eax], al 0x004316FD: jmp far eax
EAX=0x0012FFE0, EBX=0x0042F527, ECX=0xFFFFFFFF, EDX=0x00431BDF,ESI=0x00000000, EDI=0xFFFFFFFF, EBP=0x0002C33D, ESP=0x0012FF9C,EIP=0x0042F524, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1449543072.426901.exe Disassembly: 0x0042F524: rep scasb 0x0042F526: push 000013B9h 0x0042F52B: add al, ch 0x0042F52D: add byte ptr [eax], al 0x0042F52F: add byte ptr [eax], al 0x0042F531: pop edi 0x0042F532: sub edi, 0Ah 0x0042F535: mov esi, 00431327h 0x0042F53A: rep movsb 0x0042F53C: sub ebx, ebx 0x0042F53E: jmp 0042F527h 0x0042F540: or ebp, FFFFFFFFh 0x0042F543: call 0042F548h 0x0042F548: add ebp, 0040320Bh 0x0042F54E: pop ebx 0x0042F54F: xchg ebp, ebx 0x0042F551: sub ebp, ebx 0x0042F553: dec ebp
EAX=0x00000000, EBX=0x00000000, ECX=0x00431D29, EDX=0x0012FF94,ESI=0x00000000, EDI=0x00000000, EBP=0x0012FBEC, ESP=0x0012FBCC,EIP=0x00431D39, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1449543072.430955.exe Disassembly: 0x00431D39: xlatb 0x00431D3A: call 00431D51h 0x00431D3F: jmp dword ptr [esp-04h] 0x00431D43: dec dword ptr [ebx+2B082464h] 0x00431D49: sal byte ptr [ebp+1Ch], cl 0x00431D4C: je 00431D4Fh 0x00431D4E: jmp 00431DB4h 0x00431D50: pop dword ptr [edx] 0x00431D52: pop edx 0x00431D53: and edx, 31343130h 0x00431D59: popfd 0x00431D5A: pop ebp 0x00431D5B: call 00431D61h
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号