VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: f2bdfa94ac60c73c52afbb8a7c145967
file type: EXE
Production company: TODO: <公司名>
version: 0.999.0.1831---1.0.0.1
Shell or compiler information: COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *

Key behavior

Behavior description: 获取TickCount值
details: TickCount = 277781, SleepMilliseconds = 60000.
TickCount = 277812, SleepMilliseconds = 60000.
TickCount = 277843, SleepMilliseconds = 60000.
TickCount = 277875, SleepMilliseconds = 60000.
TickCount = 277921, SleepMilliseconds = 60000.
TickCount = 277937, SleepMilliseconds = 60000.
TickCount = 278015, SleepMilliseconds = 60000.
TickCount = 278062, SleepMilliseconds = 60000.
TickCount = 278312, SleepMilliseconds = 60000.
TickCount = 278390, SleepMilliseconds = 60000.
TickCount = 278562, SleepMilliseconds = 60000.
TickCount = 278625, SleepMilliseconds = 60000.
TickCount = 278671, SleepMilliseconds = 60000.
TickCount = 278687, SleepMilliseconds = 60000.
TickCount = 278703, SleepMilliseconds = 60000.

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Application Data\Adbrowse\uccontext
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\Adbrowse\uccontext ---> Offset = 0
Behavior description: 查找文件
details: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe

Network behavior

Behavior description: 建立到一个指定的套接字连接
details: URL: do****cn, IP: **.133.40.**:80, SOCKET = 0x00000258
Behavior description: 按名称获取主机地址
details: gethostbyname: do****cn

Other behavior

Behavior description: 创建互斥体
details: oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MEK
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = AdBrowserNamedEvent
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.MEK.IC
EventName = MSCTF.SendReceiveConection.Event.MEK.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 获取TickCount值
details: TickCount = 277781, SleepMilliseconds = 60000.
TickCount = 277812, SleepMilliseconds = 60000.
TickCount = 277843, SleepMilliseconds = 60000.
TickCount = 277875, SleepMilliseconds = 60000.
TickCount = 277921, SleepMilliseconds = 60000.
TickCount = 277937, SleepMilliseconds = 60000.
TickCount = 278015, SleepMilliseconds = 60000.
TickCount = 278062, SleepMilliseconds = 60000.
TickCount = 278312, SleepMilliseconds = 60000.
TickCount = 278390, SleepMilliseconds = 60000.
TickCount = 278562, SleepMilliseconds = 60000.
TickCount = 278625, SleepMilliseconds = 60000.
TickCount = 278671, SleepMilliseconds = 60000.
TickCount = 278687, SleepMilliseconds = 60000.
TickCount = 278703, SleepMilliseconds = 60000.
Behavior description: 调整进程token权限
details: SE_DEBUG_PRIVILEGE
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2632
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\SvcctrlStartEvent_A3752DX
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 60000.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Afx:TabWnd:400000:8:10011:10]
Behavior description: 打开互斥体
details: ShimCacheMutex

Run screenshot

VirSCAN