VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:357dd53df03baa40564ad7a99632972a
file type:Rar
Production company:
version:1.0.0.0
Shell or compiler information:
Subfile information:w7ldr / f8d487926c8f0925e704b7ceee6a6a92 / Unknown
bootinst.exedumpFile / a841800dbc71eb00bf7b841738c48b92 / EXE
w7ldrdumpFile / f8d487926c8f0925e704b7ceee6a6a92 / Unknown
bootrest.exedumpFile / e1921dea226b244f83ac5f59681d48a2 / EXE
bootinst.exe / a841800dbc71eb00bf7b841738c48b92 / EXE
bootrest.exe / e1921dea226b244f83ac5f59681d48a2 / EXE
showdrive.exedumpFile / 23bee4b5b4d117c63d8650080c690d2e / EXE
showdrive.exe / 23bee4b5b4d117c63d8650080c690d2e / EXE
Win7.cmddumpFile / 15748c7d01af21a2e18cc32436f19aec / Unknown
Win7.cmd / 15748c7d01af21a2e18cc32436f19aec / Unknown
Certificate.xrm-msdumpFile / 4baa251d0af2e67eb5d7e231175e9e94 / Unknown
Certificate.xrm-ms / 4baa251d0af2e67eb5d7e231175e9e94 / Unknown
msg.vbsdumpFile / 545ae6a469af091b1035032e9072794d / Unknown
msg.vbs / 545ae6a469af091b1035032e9072794d / Unknown
filesdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Win7.cmd" "
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\showdrive.exe, CmdLine = files\showdrive.exe
File behavior
Behavior description:写权限映射文件
details:Local\UrlZonesSM_Administrator
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\bootinst.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\bootrest.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\showdrive.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\msg.vbs---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Win7.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\w7ldr---> Offset = 131072
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\files\Certificate.xrm-ms---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Win7.cmd
Other behavior
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 560, Hwnd=0xd01e8, Text = 阿非修改的Windows 7激活程序 v1.0, ClassName = ConsoleWindowClass.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号