VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:ffb72e98cc8868022a1b2160d3e7feda
file type:7z
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0
Subfile information:upx_c_625fd1ecdumpFile / d5353617a017b0570e30ff7e6cc337fc / EXE
MCSGC开服器_3.3测试6.exedumpFile / 66366f9a6f68e09d7b1521938720e252 / EXE
MCSGC开服器_3.3测试6.exe / 66366f9a6f68e09d7b1521938720e252 / EXE
Key behavior
Behavior description:设置特殊文件属性
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\dinput.dll
Process behavior
Behavior description:创建本地线程
details:TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2424, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2464, StartAddress = 00414615, Parameter = 00E9FFD0
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2488, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2492, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2496, StartAddress = 004145F6, Parameter = 00000001
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2500, StartAddress = 004145F6, Parameter = 00000002
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2504, StartAddress = 004145F6, Parameter = 00000003
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2508, StartAddress = 004145F6, Parameter = 00000004
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2512, StartAddress = 004145F6, Parameter = 00000005
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2516, StartAddress = 004145F6, Parameter = 00000006
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2520, StartAddress = 004145F6, Parameter = 00000007
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2524, StartAddress = 004145F6, Parameter = 00000008
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2528, StartAddress = 004145F6, Parameter = 00000009
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2532, StartAddress = 004145F6, Parameter = 0000000A
TargetProcess: MCSGC开服器_3.3测试6.exe, InheritedFromPID = 1944, ProcessID = 2408, ThreadID = 2536, StartAddress = 004145F6, Parameter = 0000000B
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\皮肤.she
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\tb[1].ico
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\tb.ico
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\gjsztp[1].png
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\gjsztp.png
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\MCSGC.ini
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\MLQZ.db
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\tb.ico
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\gjsztp.png
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\tb[1].ico
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\gjsztp[1].png
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump/MCSGC/Resources/tb.ico
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdumpgjsztp.png
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump/MCSGC/MCSGC.ini
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump/MCSGC/MLQZ.db
FileName = plugins/MCSGC\*.*
Behavior description:设置特殊文件属性
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\皮肤.she ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\tb.ico ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\gjsztp.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\MCSGC.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\MLQZ.db ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\MCSGC.ini ---> Offset = 296
Network behavior
Behavior description:下载文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\tb.ico
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\gjsztp.png
Behavior description:连接指定站点
details:InternetConnectA: ServerName = a4****pw, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = a4****pw, PORT = 80, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x00000000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0008
Behavior description:建立到一个指定的套接字连接
details:URL: a4****pw, IP: **.133.40.**:80, SOCKET = 0x0000047c
URL: a4****pw, IP: **.133.40.**:80, SOCKET = 0x00000514
Behavior description:读取网络文件
details:hFile = 0x00cc000c, BytesToRead =512, BytesRead = 512.
hFile = 0x00cc0010, BytesToRead =512, BytesRead = 512.
Behavior description:发送HTTP包
details:474554202FC6E4CBFBC8EDBCFE2F4D435347432F74622E69636F20485454502F312E310D0A4163636570743A20696D6167652F6769662C20696D6167652F782D786269746D61702C20696D6167652F6A7065672C20696D6167652F706A7065672C206170706C69636174696F6E2F782D73686F636B776176652D666C6173682C206170706C69636174696F6E2F766E642E6D732D657863656C2C206170706C69636174696F6E2F766E642E6D732D706F776572706F696E742C206170706C69636174696F6E2F6D73776F72642C202A2F2A0D0A526566657265723A20687474703A2F2F613436353437362E31392E3136323633362E70772FC6E4CBFBC8EDBCFE2F4D435347432F74622E69636F0D0A4163636570742D4C616E67756167653A207A682D636E0D0A557365722D4167656E743A204D6F7A696C6C612F342E302028636F6D70617469626C653B204D53494520362E303B2057696E646F7773204E5420352E30290D0A486F73743A20613436353437362E31392E3136323633362E70770D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D0A00
474554202FC6E4CBFBC8EDBCFE2F4D435347432F676A737A74702E706E6720485454502F312E310D0A4163636570743A20696D6167652F6769662C20696D6167652F782D786269746D61702C20696D6167652F6A7065672C20696D6167652F706A7065672C206170706C69636174696F6E2F782D73686F636B776176652D666C6173682C206170706C69636174696F6E2F766E642E6D732D657863656C2C206170706C69636174696F6E2F766E642E6D732D706F776572706F696E742C206170706C69636174696F6E2F6D73776F72642C202A2F2A0D0A526566657265723A20687474703A2F2F613436353437362E31392E3136323633362E70772FC6E4CBFBC8EDBCFE2F4D435347432F676A737A74702E706E670D0A4163636570742D4C616E67756167653A207A682D636E0D0A557365722D4167656E743A204D6F7A696C6C612F342E302028636F6D70617469626C653B204D53494520362E303B2057696E646F7773204E5420352E30290D0A486F73743A20613436353437362E31392E3136323633362E70770D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D0A00
Behavior description:打开HTTP请求
details:HttpOpenRequestA: a4****pw:80/其他软件/mcsgc/tb.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
HttpOpenRequestA: a4****pw:80/其他软件/mcsgc/gjsztp.png, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: GET, Referer: , Flags = 0x80000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: a4****pw
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
DirectSound DllMain mutex (0x00000968)
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = __REALITYLAB_INIT_EVENT__
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MGJ.IC
EventName = MSCTF.SendReceiveConection.Event.MGJ.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
DINPUTWINMM
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceive.Event.ELH.IC
MSCTF.SendReceiveConection.Event.ELH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Behavior description:调整进程token权限
details:SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2408, Hwnd=0x4037e, Text = 欢迎使用MCSGC开服器.当前版本为3.3beta6.使用菜单的更新版本来检查更新!, ClassName = msctls_statusbar32.
Pid = 2408, Hwnd=0x104d0, Text = 扩展设置, ClassName = Button(GroupBox).
Pid = 2408, Hwnd=0x104d2, Text = 启动扩展[是否启动开服器扩展功能], ClassName = Button(CheckBox).
Pid = 2408, Hwnd=0x104ce, Text = 我的扩展[右键进行操作], ClassName = Button(GroupBox).
Pid = 2408, Hwnd=0x104c0, Text = <-设置恢复默认, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2408, Hwnd=0x104be, Text = 别忘了点保存哦->, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2408, Hwnd=0x104aa, Text = 公告, ClassName = Button(GroupBox).
Pid = 2408, Hwnd=0x104ac, Text = 3.3测试版本6 更新日志 2016-2-23 1.优化资源中心 2.优化外网IP获取 3.优化版本更新功能 4.优化启动速度 5.删除VIP功能, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2408, Hwnd=0x104a4, Text = MCSGC介绍帖, ClassName = Button(GroupBox).
Pid = 2408, Hwnd=0x104a8, Text = 百度贴吧介绍帖, ClassName = Button.
Pid = 2408, Hwnd=0x104a6, Text = MCBBS论坛介绍帖, ClassName = Button.
Pid = 2408, Hwnd=0x1049c, Text = 蹦服记录查看, ClassName = Button(GroupBox).
Pid = 2408, Hwnd=0x1049a, Text = 查看控制台输出记录[上一次], ClassName = Button.
Pid = 2408, Hwnd=0x10494, Text = 设置内容, ClassName = Button(GroupBox).
Pid = 2408, Hwnd=0x104b0, Text = 生成BAT开服器, ClassName = Button.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\tb.ico(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\gjsztp.png(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,_EL_CommonDlg]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [----------当设置都准备就绪时---------- 点击"开服"按钮即可开始运行服务器 ,Edit]
[Window,Class] = [快捷指令1,Button]
[Window,Class] = [快捷指令2,Button]
[Window,Class] = [快捷指令3,Button]
[Window,Class] = [快捷指令4,Button]
[Window,Class] = [设置快捷指令1,Button]
[Window,Class] = [设置快捷指令2,Button]
[Window,Class] = [快捷指令5,Button]
[Window,Class] = [设置快捷指令3,Button]
[Window,Class] = [设置快捷指令4,Button]
[Window,Class] = [设置快捷指令5,Button]
[Window,Class] = [开服,Button]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll ---> 114054313070472cd1a6d7d28f7c5002
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\tb.ico ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\MCSGC\Resources\gjsztp.png ---> fe1d0ee5901dd167ee9b28eece31786c
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
Local\c:!documents and settings!administrator!ietldcache!
Behavior description:加载新释放的文件
details:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\jedata.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号