VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:f1fe4cd7497c64e9042e1661679b6098
file type:zip
Production company:
version:
Shell or compiler information:PACKER:PolyEnE 0.01+ by Lennart Hedlund *
Subfile information:机器猫PC V1.3版.exedumpFile / 3e3307b154cd80d1ad49e8380d887507 / EXE
机器猫PC V1.3版.exe / 3e3307b154cd80d1ad49e8380d887507 / EXE
启迪工作室完美破解文件.exedumpFile / b370fe2bd6cde10cd453421142a90209 / EXE
启迪工作室完美破解文件.exe / b370fe2bd6cde10cd453421142a90209 / EXE
winmm.dlldumpFile / fda0d79f6f7ce5c326e455393cf83161 / DLL
winmm.dll / fda0d79f6f7ce5c326e455393cf83161 / DLL
QQ2335583029dumpFile / 7bf3e823463de1e0a371d39ec43fab71 / Unknown
QQ2335583029 / 7bf3e823463de1e0a371d39ec43fab71 / Unknown
QQ965652669dumpFile / 8441eda55a8d050f78cfad69874a0d08 / Unknown
QQ965652669 / 8441eda55a8d050f78cfad69874a0d08 / Unknown
西西软件园.txtdumpFile / 1e63798c1f77c58cd38514f2d1eb6f15 / Unknown
西西软件园.txt / 1e63798c1f77c58cd38514f2d1eb6f15 / Unknown
西西软件园_游戏网下载_最安全的软件下载基地.urldumpFile / 1fd50cdbc2596bda9c5336759dc3af7e / Unknown
西西软件园_游戏网下载_最安全的软件下载基地.url / 1fd50cdbc2596bda9c5336759dc3af7e / Unknown
YY 小水滴Pc协议完美破解版本dumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
YY 小水滴Pc协议完美破解版本dumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\YY 小水滴Pc协议完美破解版本\YY 小水滴Pc协议完美破解版本\winmm.dll
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 机器猫PC V1.3版.exe, InheritedFromPID = 1944, ProcessID = 2828, ThreadID = 2900, StartAddress = 10026149, Parameter = 00190F28
TargetProcess: 机器猫PC V1.3版.exe, InheritedFromPID = 1944, ProcessID = 2828, ThreadID = 2932, StartAddress = 10026149, Parameter = 00185A28
TargetProcess: 机器猫PC V1.3版.exe, InheritedFromPID = 1944, ProcessID = 2828, ThreadID = 2936, StartAddress = 10026149, Parameter = 00185A38
TargetProcess: 机器猫PC V1.3版.exe, InheritedFromPID = 1944, ProcessID = 2828, ThreadID = 2952, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 机器猫PC V1.3版.exe, InheritedFromPID = 1944, ProcessID = 2828, ThreadID = 3128, StartAddress = 0044E12E, Parameter = 00000000
TargetProcess: 机器猫PC V1.3版.exe, InheritedFromPID = 1944, ProcessID = 2828, ThreadID = 3168, StartAddress = 719CD33A, Parameter = 001DC790
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\YY 小水滴Pc协议完美破解版本\YY 小水滴Pc协议完美破解版本\winmm.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\YY 小水滴Pc协议完美破解版本\YY 小水滴Pc协议完美破解版本\winmm.dll ---> Offset = 0
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: , IP: **.29.47.**:5500, SOCKET = 0x000005e8
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*_CLASSES\Interface\{FF19335D-F8C3-F55D-FE01-F31BE4917D49}\
\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DDrawWindowListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\YY 小水滴Pc协议完美破解版本\YY 小水滴Pc协议完美破解版本\winmm.dll ---> fda0d79f6f7ce5c326e455393cf83161
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.0000003F
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.0000003F
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
Behavior description:窗口信息
details:Pid = 2828, Hwnd=0x10412, Text = 联系客服②号:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x1040e, Text = 交流QQ群:256181108, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x1040c, Text = 辅助客服①号:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x10404, Text = 协议注册, ClassName = Button(GroupBox).
Pid = 2828, Hwnd=0x1041c, Text = 复制机器码, ClassName = Button.
Pid = 2828, Hwnd=0x1041a, Text = 7B****28178BFBFF000306C3, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x10418, Text = 尚未注册, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x10414, Text = 注册, ClassName = Button.
Pid = 2828, Hwnd=0x10406, Text = 机器码:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x10402, Text = 0, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x10400, Text = 别处登录:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x103fe, Text = 0, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x103fc, Text = 冻结封号:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x103fa, Text = 0, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2828, Hwnd=0x103f8, Text = 出验证码:, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\YY 小水滴Pc协议完美破解版本\YY 小水滴Pc协议完美破解版本\winmm.dll(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,_EL_CommonDlg]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [,_EL_ClientSock]
[Window,Class] = [,Afx:400000:b:10011:1900010:0]
[Window,Class] = [,tooltips_class32]
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [msvb_lib_updown,]
NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号