VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:f3d45b70211bd35b1f5318dbacbb51c8
file type:EXE
Production company:Crystal Dew World
version:7.0.5.2016---7.0.5.2017
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:diskinfo_x64.exe / 074a98a1e689318e08ae36af12ff20f5 / EXE
diskinfo_x86.exe / c809d76eff6eab8cbbe12c10f003aea1 / EXE
upx_c_ac4e01b0dumpFile / fa07339053f7e0c9e291f83a8360dc44 / EXE
Shizuku.Gadget / 157c9081a5591b76a906cdd1a67370f1 / Cab
opusdec.exe / 1f3cf9f2eda491e461a44d956033d7ff / EXE
CrystalDiskInfo.Gadget / cd29f3eba014568f3278c84ce35ec654 / Cab
logo-250.png / 1336b3ea367e9d2e61c532653195273d / Unknown
logo-300.png / 1a5a9daac24270cabbbbc42fc90586ca / Unknown
AlertMail4.exe / 7e919b00aee429607ff663a6511f179f / EXE
AlertMail.exe / 46a29dab77e0c3ff5b7e0ea2f1e5b7c8 / EXE
logo-200.png / 5d759140f4233affee03a5d1d40c2d81 / Unknown
jquery.min.js / a9331828c517ac5d97f93b3cfdbcc9bc / Unknown
jquery.flot.min.js / f1843acdb53f2c88903f89e4e175cd32 / Unknown
English.lang / 15732e9144d0eb3ea5854a87e623f1d1 / Unknown
logo-150.png / 775f9311450012a853bb65a17ed43794 / Unknown
Simplified Chinese.lang / dd04e7a6b027c1880e6cbb416f939674 / Unknown
logo-125.png / 9615b62f0c866e137cd293ff1b06934e / Unknown
Copying.txt / 61d88eb3eb88d13e5670d46066bc5363 / Unknown
logo-100.png / 578156f45bb8479375b9de984665b185 / Unknown
Key behavior
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0001036c, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001036e, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010370, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010372, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010374, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010376, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010378, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001037a, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010382, DC = 0x01010057.
Foreground window Info: HWND = 0x00010384, DC = 0x01010057.
Foreground window Info: HWND = 0x00010392, DC = 0x0c0101e7.
Behavior description:获取TickCount值
details:TickCount = 287390, SleepMilliseconds = 60000.
TickCount = 287421, SleepMilliseconds = 60000.
TickCount = 287437, SleepMilliseconds = 60000.
TickCount = 287453, SleepMilliseconds = 60000.
TickCount = 287500, SleepMilliseconds = 60000.
TickCount = 287578, SleepMilliseconds = 60000.
TickCount = 287609, SleepMilliseconds = 60000.
TickCount = 287625, SleepMilliseconds = 60000.
TickCount = 287640, SleepMilliseconds = 60000.
TickCount = 287656, SleepMilliseconds = 60000.
TickCount = 287687, SleepMilliseconds = 60000.
TickCount = 288171, SleepMilliseconds = 60000.
TickCount = 288218, SleepMilliseconds = 60000.
TickCount = 288234, SleepMilliseconds = 60000.
TickCount = 288437, SleepMilliseconds = 60000.
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\diskinfo.bat"
Behavior description:创建进程
details:[0x00000d6c]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe" -sfxwaitall:1 "diskinfo.bat"
[0x00000d94]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\diskinfo.bat" "
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3268, ThreadID = 3328, StartAddress = 004012E3, Parameter = 00B38A00
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3268, ThreadID = 3376, StartAddress = 77C0A341, Parameter = 0093A390
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3268, ThreadID = 3380, StartAddress = 77C0A341, Parameter = 00B3FF58
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3268, ThreadID = 3384, StartAddress = 77C0A341, Parameter = 0093A390
TargetProcess: %temp%\****.exe, InheritedFromPID = 3268, ProcessID = 3436, ThreadID = 3468, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: diskinfo_x86.exe, InheritedFromPID = 3476, ProcessID = 3484, ThreadID = 3492, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: diskinfo_x86.exe, InheritedFromPID = 3476, ProcessID = 3484, ThreadID = 3496, StartAddress = 77E56C7D, Parameter = 001B8E98
TargetProcess: diskinfo_x86.exe, InheritedFromPID = 3476, ProcessID = 3484, ThreadID = 3500, StartAddress = 769AE43B, Parameter = 001BB588
TargetProcess: diskinfo_x86.exe, InheritedFromPID = 3476, ProcessID = 3484, ThreadID = 3504, StartAddress = 77E56C7D, Parameter = 001BBD20
Behavior description:创建新文件进程
details:[0x00000d9c]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\diskinfo_x86.exe, CmdLine = diskinfo_x86.exe
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\flot\excanvas.min.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\flot\jquery.flot.min.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\flot\jquery.min.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\Graph.css
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\Graph.html
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\Graph8.html
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\background.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\blank.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\buttonDisable.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\buttonEnable.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\buttonHover.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\file.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\GraphAllOff.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\GraphAllOn.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\graphMenuBar.png
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\AlertMail.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\AlertMail4.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\opus\opusdec.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo_x64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo_x86.exe
Behavior description:修改脚本文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo.bat ---> Offset = 0
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\diskinfo.bat
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo.bat
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\diskinfo_x86.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\CdiResource\language\\*.lang
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\flot\excanvas.min.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\flot\jquery.flot.min.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\flot\jquery.min.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\Graph.css ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\Graph.html ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\Graph8.html ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\background.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\blank.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\buttonDisable.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\buttonEnable.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\buttonHover.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\file.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\GraphAllOff.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\GraphAllOn.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\dialog\image\graphMenuBar.png ---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\diskinfo.bat
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
oleacc-msaa-loaded
CrystalDiskInfo
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AKN
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AKN.IC
EventName = MSCTF.SendReceiveConection.Event.AKN.IC
Behavior description:使用SCSI指令读写硬盘
details:N/A
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
MSFT.VSA.COM.DISABLE.3484
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:获取TickCount值
details:TickCount = 287390, SleepMilliseconds = 60000.
TickCount = 287421, SleepMilliseconds = 60000.
TickCount = 287437, SleepMilliseconds = 60000.
TickCount = 287453, SleepMilliseconds = 60000.
TickCount = 287500, SleepMilliseconds = 60000.
TickCount = 287578, SleepMilliseconds = 60000.
TickCount = 287609, SleepMilliseconds = 60000.
TickCount = 287625, SleepMilliseconds = 60000.
TickCount = 287640, SleepMilliseconds = 60000.
TickCount = 287656, SleepMilliseconds = 60000.
TickCount = 287687, SleepMilliseconds = 60000.
TickCount = 288171, SleepMilliseconds = 60000.
TickCount = 288218, SleepMilliseconds = 60000.
TickCount = 288234, SleepMilliseconds = 60000.
TickCount = 288437, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3484, Hwnd=0x1036c, Text = ---- -- °C C:, ClassName = Button.
Pid = 3484, Hwnd=0x10382, Text = 未知, ClassName = Button.
Pid = 3484, Hwnd=0x10384, Text = -- °C, ClassName = Button.
Pid = 3484, Hwnd=0x10392, Text = VBOX HARDDISK 10.7 GB, ClassName = Static.
Pid = 3484, Hwnd=0x10394, Text = 固件, ClassName = Static.
Pid = 3484, Hwnd=0x10396, Text = 1.0, ClassName = Static.
Pid = 3484, Hwnd=0x10398, Text = 序列号, ClassName = Static.
Pid = 3484, Hwnd=0x1039a, Text = VBb9aa1bc8-d795265b, ClassName = Static.
Pid = 3484, Hwnd=0x1039c, Text = 接口, ClassName = Static.
Pid = 3484, Hwnd=0x1039e, Text = Parallel ATA, ClassName = Static.
Pid = 3484, Hwnd=0x103a0, Text = 传输模式, ClassName = Static.
Pid = 3484, Hwnd=0x103a2, Text = UDMA/33 | UDMA/133, ClassName = Static.
Pid = 3484, Hwnd=0x103a4, Text = 驱动器号, ClassName = Static.
Pid = 3484, Hwnd=0x103a6, Text = C:, ClassName = Static.
Pid = 3484, Hwnd=0x103a8, Text = 标准, ClassName = Static.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0001036c, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001036e, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010370, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010372, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010374, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010376, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010378, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001037a, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010382, DC = 0x01010057.
Foreground window Info: HWND = 0x00010384, DC = 0x01010057.
Foreground window Info: HWND = 0x00010392, DC = 0x0c0101e7.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\AlertMail.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\AlertMail4.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\opus\opusdec.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo_x64.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo_x86.exe(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
[2]: MilliSeconds = 250.
[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [,tooltips_class32]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\AlertMail.exe ---> 46a29dab77e0c3ff5b7e0ea2f1e5b7c8
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\AlertMail4.exe ---> 7e919b00aee429607ff663a6511f179f
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\cdiresource\opus\opusdec.exe ---> 1f3cf9f2eda491e461a44d956033d7ff
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo_x64.exe ---> 074a98a1e689318e08ae36af12ff20f5
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\diskinfo_x86.exe ---> c809d76eff6eab8cbbe12c10f003aea1
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号