VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:ff40183dcf99f0ba5b35de62ca8ebcea
file type:EXE
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = explorer.exe, WriteAddress = 0x01ef0000, Size = 159744
C:\WINDOWS\explorer.exe
TargetProcess = explorer.exe, WriteAddress = 0x01f139b0, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01f139c4, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01f13e74, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01f13e78, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009a0000, Size = 159744
C:\WINDOWS\system32\ctfmon.exe
TargetProcess = ctfmon.exe, WriteAddress = 0x009c39b0, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009c39c4, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009c3e74, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009c3e78, Size = 4
TargetProcess = QQ.exe, WriteAddress = 0x00c60000, Size = 159744
C:\Program Files\Tencent\QQ\Bin\QQ.exe
TargetProcess = QQ.exe, WriteAddress = 0x00c839b0, Size = 4
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = explorer.exe, WriteAddress = 0x01ef0000, Size = 159744
C:\WINDOWS\explorer.exe
TargetProcess = explorer.exe, WriteAddress = 0x01f139b0, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01f139c4, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01f13e74, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01f13e78, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009a0000, Size = 159744
C:\WINDOWS\system32\ctfmon.exe
TargetProcess = ctfmon.exe, WriteAddress = 0x009c39b0, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009c39c4, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009c3e74, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009c3e78, Size = 4
TargetProcess = QQ.exe, WriteAddress = 0x00c60000, Size = 159744
C:\Program Files\Tencent\QQ\Bin\QQ.exe
TargetProcess = QQ.exe, WriteAddress = 0x00c839b0, Size = 4
Behavior description:创建新文件进程
details:ImagePath = C:\Documents and Settings\Administrator\Application Data\Onfaz\ikyn.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\Onfaz\ikyn.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Application Data\Onfaz\ikyn.exe
Other behavior
Behavior description:创建互斥体
details:Global\{708FEA87-3189-D22B-16F0-04055BFB1077}
Local\{CA96CFCC-14C2-6832-16F0-04055BFB1077}
Global\{B7F288C9-53C7-1556-5CC0-02E811CB169A}
Global\{B7F288C9-53C7-1556-44C2-02E809C9169A}
Global\{B7F288C9-53C7-1556-0CC2-02E841C9169A}
Global\{B7F288C9-53C7-1556-34C2-02E879C9169A}
Global\{B7F288C9-53C7-1556-C0C2-02E88DC9169A}
Global\{B7F288C9-53C7-1556-FCC2-02E8B1C9169A}
Global\{B7F288C9-53C7-1556-1CC3-02E851C8169A}
Global\{B7F288C9-53C7-1556-08C3-02E845C8169A}
Global\{B7F288C9-53C7-1556-24C3-02E869C8169A}
Global\{B7F288C9-53C7-1556-E4C3-02E8A9C8169A}
Global\{B7F288C9-53C7-1556-BCC3-02E8F1C8169A}
Global\{B7F288C9-53C7-1556-60C4-02E82DCF169A}
Global\{B7F288C9-53C7-1556-20C4-02E86DCF169A}
Behavior description:内联HOOK
details:C:\WINDOWS\system32\ntdll.dll--->ZwCreateThread Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->LdrLoadDll Offset = 0x0
C:\WINDOWS\system32\kernel32.dll--->GetFileAttributesExW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestExW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestExA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetCloseHandle Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetReadFile Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetReadFileExA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetQueryDataAvailable Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpQueryInfoA Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->closesocket Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->send Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSASend Offset = 0x0
Behavior description:获取系统权限
details:SE_SECURITY_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号