VirSCAN VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.
4, Si su navegador no puede cargar el archivo, por favor descargue el archivo virscan.

Idioma
Carga del Servidor
Server Load

VirSCAN
VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.

   Información del archivo

Informe de escaneo de motores múltiples de Virscan.org
Informe de análisis de comportamiento:         Análisis de archivos Habo

Información básica

MD5:0169ea0b635d59ab3a609373e9341192
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Nombre del paquete:
Ambiente operativo mínimo:
Copyright:

Comportamiento clave

Descripción del comportamiento: 屏蔽窗口关闭消息
Detalles: hWnd = 0x00010340, Text = KORG Legacy Collection KeyGen v1.0, ClassName = hspwnd0.
Descripción del comportamiento: 获取TickCount值
Detalles: TickCount = 220594, SleepMilliseconds = 1.
TickCount = 220610, SleepMilliseconds = 1.
TickCount = 220626, SleepMilliseconds = 1.
TickCount = 220641, SleepMilliseconds = 1.
TickCount = 220657, SleepMilliseconds = 1.
TickCount = 220672, SleepMilliseconds = 1.
TickCount = 220704, SleepMilliseconds = 1.
TickCount = 220829, SleepMilliseconds = 1.
TickCount = 225704, SleepMilliseconds = 1.
TickCount = 225782, SleepMilliseconds = 1.
TickCount = 225797, SleepMilliseconds = 1.
TickCount = 225829, SleepMilliseconds = 1.
TickCount = 230360, SleepMilliseconds = 1.
TickCount = 230376, SleepMilliseconds = 1.
TickCount = 247188, SleepMilliseconds = 1.

Comportamiento del proceso

Descripción del comportamiento: 创建新文件进程
Detalles: [0x00000c4c]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keygen.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keygen.exe

Comportamiento del archivo

Descripción del comportamiento: 创建文件
Detalles: C:\Documents and Settings\Administrator\Local Settings\Temp\nss7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD473.tmp
Descripción del comportamiento: 创建可执行文件
Detalles: C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll
Descripción del comportamiento: 覆盖已有文件
Detalles: C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
Descripción del comportamiento: 查找文件
Detalles: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keygen.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R2RKORGKG.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BASSMOD.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bgm.xm
Descripción del comportamiento: 删除文件
Detalles: C:\Documents and Settings\Administrator\Local Settings\Temp\nss7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD473.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm
Descripción del comportamiento: 修改文件内容
Detalles: C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 19617
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 35854
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 68622
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp ---> Offset = 101390
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\bgm.xm ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe ---> Offset = 16384

Otro comportamiento

Descripción del comportamiento: 创建互斥体
Detalles: oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AFM
Descripción del comportamiento: 创建事件对象
Detalles: EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AFM.IC
EventName = MSCTF.SendReceiveConection.Event.AFM.IC
Descripción del comportamiento: 查找指定窗口
Detalles: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Descripción del comportamiento: 窗口信息
Detalles: Pid = 3148, Hwnd=0x10340, Text = KORG Legacy Collection KeyGen v1.0, ClassName = hspwnd0.
Pid = 3148, Hwnd=0x30348, Text = KORG Legacy Collection Analog Edition 2007 v1.2, ClassName = ComboBox.
Pid = 3148, Hwnd=0x1034e, Text = - Reverse 2 Revolutionize -, ClassName = Edit.
Pid = 3148, Hwnd=0x10350, Text = GENERATE, ClassName = Button.
Pid = 3148, Hwnd=0x10352, Text = ABOUT, ClassName = Button.
Pid = 3148, Hwnd=0x10354, Text = EXIT, ClassName = Button.
Pid = 3148, Hwnd=0x30348, Text = KORG Legacy Collection Digital Edition v1.3, ClassName = ComboBox.
Pid = 3148, Hwnd=0x1034c, Text = 123456, ClassName = Edit.
Pid = 3148, Hwnd=0x5042c, Text = 确定, ClassName = Button.
Pid = 3148, Hwnd=0x10430, Text = Fine release by TEAM R2R 2017, ClassName = Static.
Pid = 3148, Hwnd=0x503b2, Text = KORG Legacy Collection KeyGen v1.0, ClassName = #32770.
Descripción del comportamiento: 获取TickCount值
Detalles: TickCount = 220594, SleepMilliseconds = 1.
TickCount = 220610, SleepMilliseconds = 1.
TickCount = 220626, SleepMilliseconds = 1.
TickCount = 220641, SleepMilliseconds = 1.
TickCount = 220657, SleepMilliseconds = 1.
TickCount = 220672, SleepMilliseconds = 1.
TickCount = 220704, SleepMilliseconds = 1.
TickCount = 220829, SleepMilliseconds = 1.
TickCount = 225704, SleepMilliseconds = 1.
TickCount = 225782, SleepMilliseconds = 1.
TickCount = 225797, SleepMilliseconds = 1.
TickCount = 225829, SleepMilliseconds = 1.
TickCount = 230360, SleepMilliseconds = 1.
TickCount = 230376, SleepMilliseconds = 1.
TickCount = 247188, SleepMilliseconds = 1.
Descripción del comportamiento: 调整进程token权限
Detalles: SE_LOAD_DRIVER_PRIVILEGE
Descripción del comportamiento: 屏蔽窗口关闭消息
Detalles: hWnd = 0x00010340, Text = KORG Legacy Collection KeyGen v1.0, ClassName = hspwnd0.
Descripción del comportamiento: 打开事件
Detalles: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Descripción del comportamiento: 可执行文件签名信息
Detalles: C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll(签名验证: 未通过)
Descripción del comportamiento: 调用Sleep函数
Detalles: [1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
Descripción del comportamiento: 隐藏指定窗口
Detalles: [Window,Class] = [KORG Legacy Collection KeyGen v1.0,hspwnd0]
[Window,Class] = [,ComboLBox]
Descripción del comportamiento: 可执行文件MD5
Detalles: C:\Documents and Settings\Administrator\Local Settings\Temp\BASSMOD.dll ---> e4ec57e8508c5c4040383ebe6d367928
C:\Documents and Settings\Administrator\Local Settings\Temp\keygen.exe ---> a682e8fb606db53353dab58504d10e5f
C:\Documents and Settings\Administrator\Local Settings\Temp\R2RKORGKG.dll ---> 98ef5ab44a1b6ec1beb2ed7543aced52
Descripción del comportamiento: 打开互斥体
Detalles: ShimCacheMutex
Descripción del comportamiento: 加载新释放的文件
Detalles: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BASSMOD.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\R2RKORGKG.dll.