VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:fe152e32f01aef3cf6f311823fbf2a97
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation *
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0xdfa8ce64, EDX = 0x00000074
EAX = 0x632a0a0b, EDX = 0x00000075
EAX = 0x65dd0987, EDX = 0x00000075
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: fu****id, IP: **.133.40.**:128, SOCKET = 0x00000150
Behavior description:发送HTTP包
details:GET http://fun.losscook.bid/h_redir.php?offer_id=4&aff_id=4354&source= 6117&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=xht-alibaba&aff_sub5=1392207640&url=http%3A%2F%2Ffun.losscook.bid/offer.php%3FaffId%3D{aff_id}%26trackingId%3D266975517%26instId%3D 6117%26ho_trackingid%3D{transaction_id}%26cc%3D{country_code}%26cc_typ%3Dho%26sb%3Dx86%26net%3D4.6.01590%26ie%3D8%2e0%2e7601%2e17514%26wv%3D7sp1%26db%3DInternetExplorer%26uac%3D1%26cid%3Ddc1d2bf3bccd61107844328b86cdb1d3%26v%3D3 HTTP/1.1 Host: fu****id Connection: close Accept: */* User-Agent: InstallCapital
Behavior description:按名称获取主机地址
details:GetAddrInfoW: fu****id
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Behavior description:窗口信息
details:Pid = 2700, Hwnd=0x401ac, Text = Preparing setup..., ClassName = Preparing setup....
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:直接获取CPU时钟
details:EAX = 0xdfa8ce64, EDX = 0x00000074
EAX = 0x632a0a0b, EDX = 0x00000075
EAX = 0x65dd0987, EDX = 0x00000075
Behavior description:解密数据
details:[CryptDecrypt] Data: 0x0038F688, CipherTextLen: 3256, PlainTextLen: 3254, Flags: 0x00000000
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_3DES (0x00006603), Data: 0x00B7F0AC, DataLen: 36, Flags: 0x00000001
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号