VirSCAN VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.

Idioma
Carga del Servidor
Server Load

Información del archivo
Calificación de seguridad:86
Lista de comportamiento
Información básica
MD5:0169ea0b635d59ab3a609373e9341192
Tipo de archivo:EXE
Compañía de producción:
Versión:
Información de shell o compilador:COMPILER:NSIS
Información de subarchivo:BASSMOD.dll / e4ec57e8508c5c4040383ebe6d367928 / DLL
bgm.xm / 84d09a89de4998aad278ef8dbb9be982 / Unknown
keygen.exe / a682e8fb606db53353dab58504d10e5f / EXE
R2RKORGKG.dll / d41d8cd98f00b204e9800998ecf8427e / Unknown
Comportamiento clave
Descripción del comportamiento:屏蔽窗口关闭消息
Detalles:hWnd = 0x00010340, Text = KORG Legacy Collection KeyGen v1.0, ClassName = hspwnd0.
Descripción del comportamiento:获取TickCount值
Detalles:TickCount = 220594, SleepMilliseconds = 1.
TickCount = 220610, SleepMilliseconds = 1.
TickCount = 220626, SleepMilliseconds = 1.
TickCount = 220641, SleepMilliseconds = 1.
TickCount = 220657, SleepMilliseconds = 1.
TickCount = 220672, SleepMilliseconds = 1.
TickCount = 220704, SleepMilliseconds = 1.
TickCount = 220829, SleepMilliseconds = 1.
TickCount = 225704, SleepMilliseconds = 1.
TickCount = 225782, SleepMilliseconds = 1.
TickCount = 225797, SleepMilliseconds = 1.
TickCount = 225829, SleepMilliseconds = 1.
TickCount = 230360, SleepMilliseconds = 1.
TickCount = 230376, SleepMilliseconds = 1.
TickCount = 247188, SleepMilliseconds = 1.
Comportamiento del proceso
Descripción del comportamiento:创建新文件进程
Detalles:[0x00000c4c]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keygen.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keygen.exe
Comportamiento del archivo
Descripción del comportamiento:创建文件
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\nss7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD473.tmp
Descripción del comportamiento:创建可执行文件
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll
Descripción del comportamiento:覆盖已有文件
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
Descripción del comportamiento:查找文件
Detalles:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keygen.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R2RKORGKG.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BASSMOD.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bgm.xm
Descripción del comportamiento:删除文件
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\nss7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD473.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm
Descripción del comportamiento:修改文件内容
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 19617
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 35854
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 68622
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 101390
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe ---> Offset = 16384
Otro comportamiento
Descripción del comportamiento:创建互斥体
Detalles:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AFM
Descripción del comportamiento:创建事件对象
Detalles:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AFM.IC
EventName = MSCTF.SendReceiveConection.Event.AFM.IC
Descripción del comportamiento:查找指定窗口
Detalles:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Descripción del comportamiento:窗口信息
Detalles:Pid = 3148, Hwnd=0x10340, Text = KORG Legacy Collection KeyGen v1.0, ClassName = hspwnd0.
Pid = 3148, Hwnd=0x30348, Text = KORG Legacy Collection Analog Edition 2007 v1.2, ClassName = ComboBox.
Pid = 3148, Hwnd=0x1034e, Text = - Reverse 2 Revolutionize -, ClassName = Edit.
Pid = 3148, Hwnd=0x10350, Text = GENERATE, ClassName = Button.
Pid = 3148, Hwnd=0x10352, Text = ABOUT, ClassName = Button.
Pid = 3148, Hwnd=0x10354, Text = EXIT, ClassName = Button.
Pid = 3148, Hwnd=0x30348, Text = KORG Legacy Collection Digital Edition v1.3, ClassName = ComboBox.
Pid = 3148, Hwnd=0x1034c, Text = 123456, ClassName = Edit.
Pid = 3148, Hwnd=0x5042c, Text = 确定, ClassName = Button.
Pid = 3148, Hwnd=0x10430, Text = Fine release by TEAM R2R 2017, ClassName = Static.
Pid = 3148, Hwnd=0x503b2, Text = KORG Legacy Collection KeyGen v1.0, ClassName = #32770.
Descripción del comportamiento:获取TickCount值
Detalles:TickCount = 220594, SleepMilliseconds = 1.
TickCount = 220610, SleepMilliseconds = 1.
TickCount = 220626, SleepMilliseconds = 1.
TickCount = 220641, SleepMilliseconds = 1.
TickCount = 220657, SleepMilliseconds = 1.
TickCount = 220672, SleepMilliseconds = 1.
TickCount = 220704, SleepMilliseconds = 1.
TickCount = 220829, SleepMilliseconds = 1.
TickCount = 225704, SleepMilliseconds = 1.
TickCount = 225782, SleepMilliseconds = 1.
TickCount = 225797, SleepMilliseconds = 1.
TickCount = 225829, SleepMilliseconds = 1.
TickCount = 230360, SleepMilliseconds = 1.
TickCount = 230376, SleepMilliseconds = 1.
TickCount = 247188, SleepMilliseconds = 1.
Descripción del comportamiento:调整进程token权限
Detalles:SE_LOAD_DRIVER_PRIVILEGE
Descripción del comportamiento:屏蔽窗口关闭消息
Detalles:hWnd = 0x00010340, Text = KORG Legacy Collection KeyGen v1.0, ClassName = hspwnd0.
Descripción del comportamiento:打开事件
Detalles:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Descripción del comportamiento:可执行文件签名信息
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll(签名验证: 未通过)
Descripción del comportamiento:调用Sleep函数
Detalles:[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
Descripción del comportamiento:隐藏指定窗口
Detalles:[Window,Class] = [KORG Legacy Collection KeyGen v1.0,hspwnd0]
[Window,Class] = [,ComboLBox]
Descripción del comportamiento:可执行文件MD5
Detalles:C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> e4ec57e8508c5c4040383ebe6d367928
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe ---> a682e8fb606db53353dab58504d10e5f
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll ---> 98ef5ab44a1b6ec1beb2ed7543aced52
Descripción del comportamiento:打开互斥体
Detalles:ShimCacheMutex
Descripción del comportamiento:加载新释放的文件
Detalles:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BASSMOD.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R2RKORGKG.dll.
Ejecutar captura de pantalla
VirSCAN

Acerca de VirSCAN | Política de Privacidad | Contactanos | Enlace amigable | Ayudá a VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号