VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-04 11:19:22 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14122 10.0.1405 2017-06-29 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23530 0.97.5 2017-07-03 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.938, 49.796 5.4.247 2017-07-04 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13200 25.13200 2017-07-03 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-07-02 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-07-03 Found nothing 4
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-07-03 Found nothing 3
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Android mobile malware 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-07-03 Found nothing 2
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-07-02 Found nothing 1
tws 17.47.17308 1.0.2.2108 2017-07-03 Found nothing 14
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-30 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:bcf0055e49dae1880825eb1289f763bb
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 查找PE资源信息
详情信息: (FindResourceW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xe028c810, EDX = 0x000000cb
EAX = 0xf338f29f, EDX = 0x000000cb
EAX = 0xf338f2eb, EDX = 0x000000cb
EAX = 0x061ded87, EDX = 0x000000cc
行为描述: 获取TickCount值
详情信息: TickCount = 219751, SleepMilliseconds = 1.
TickCount = 219969, SleepMilliseconds = 1.
TickCount = 219985, SleepMilliseconds = 1.
TickCount = 229829, SleepMilliseconds = 1.
TickCount = 229844, SleepMilliseconds = 1.
TickCount = 229860, SleepMilliseconds = 1.
TickCount = 231032, SleepMilliseconds = 1.
TickCount = 231063, SleepMilliseconds = 1.
TickCount = 243360, SleepMilliseconds = 1.
TickCount = 243376, SleepMilliseconds = 1.
TickCount = 243391, SleepMilliseconds = 1.
TickCount = 243438, SleepMilliseconds = 1.
TickCount = 243469, SleepMilliseconds = 1.
TickCount = 243485, SleepMilliseconds = 1.
TickCount = 243594, SleepMilliseconds = 1.
进程行为
VirSCANVirSCAN
行为描述: 查找PE资源信息
详情信息: (FindResourceW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xe028c810, EDX = 0x000000cb
EAX = 0xf338f29f, EDX = 0x000000cb
EAX = 0xf338f2eb, EDX = 0x000000cb
EAX = 0x061ded87, EDX = 0x000000cc
行为描述: 获取TickCount值
详情信息: TickCount = 219751, SleepMilliseconds = 1.
TickCount = 219969, SleepMilliseconds = 1.
TickCount = 219985, SleepMilliseconds = 1.
TickCount = 229829, SleepMilliseconds = 1.
TickCount = 229844, SleepMilliseconds = 1.
TickCount = 229860, SleepMilliseconds = 1.
TickCount = 231032, SleepMilliseconds = 1.
TickCount = 231063, SleepMilliseconds = 1.
TickCount = 243360, SleepMilliseconds = 1.
TickCount = 243376, SleepMilliseconds = 1.
TickCount = 243391, SleepMilliseconds = 1.
TickCount = 243438, SleepMilliseconds = 1.
TickCount = 243469, SleepMilliseconds = 1.
TickCount = 243485, SleepMilliseconds = 1.
TickCount = 243594, SleepMilliseconds = 1.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\log\20170704105001.log
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\aria2c.exe
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\aria2c.exe
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\log\20170704105001.log ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\aria2c.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\log\20170704105001.log ---> Offset = 34
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\log\20170704105001.log ---> Offset = 81
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\log\20170704105001.log ---> Offset = 140
行为描述: 查找文件
详情信息: FileName = PanData
FileName = PanData\log
FileName = PanData\log\20170704105001.log
FileName = PanData\temp
FileName = PanData\aria2c.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\aria2c.exe
FileName = C:/Documents and Settings/Administrator/.aria2/aria2.conf
FileName = C:/Documents and Settings/Administrator/.aria2/dht.dat
FileName = C:/Documents and Settings/Administrator/.aria2/dht6.dat
FileName = C:/Documents and Settings/Administrator/.config/aria2/aria2.conf
FileName = C:/Documents and Settings/Administrator/.netrc
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: WinHttpConnect: ServerName = **.112.211.**, PORT = 80, UserName = , Password = , hSession = 0x02e61100, hConnect = 0x02e61200, Flags = 0x00000000
WinHttpConnect: ServerName = **.112.211.**, PORT = 80, UserName = , Password = , hSession = 0x02ef1100, hConnect = 0x02ef1200, Flags = 0x00000000
WinHttpConnect: ServerName = pa****ub, PORT = 80, UserName = , Password = , hSession = 0x02d43100, hConnect = 0x02d43200, Flags = 0x00000000
WinHttpConnect: ServerName = pa****ub, PORT = 80, UserName = , Password = , hSession = 0x02eb1100, hConnect = 0x02eb1200, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02d43100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02ef1100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02e61100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02eb1100
行为描述: 建立到一个指定的套接字连接
详情信息: IP: **.112.211.**:80, SOCKET = 0x000002f0
IP: **.112.211.**:80, SOCKET = 0x000002ec
URL: pa****ub, IP: **.133.40.**:80, SOCKET = 0x000002e4
IP: **.0.0.**:6801, SOCKET = 0x000002ac
行为描述: 发送HTTP包
详情信息: GET /cgi-bin/update?version=1.3.5&plus=0&t=1499136658 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept: */* Host: **.112.211.** Connection: Keep-Alive
GET /cgi-bin/update?version=1.3.5&plus=0&t=1499136658 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept: */* Host: pa****ub Connection: Keep-Alive
POST /jsonrpc HTTP/1.1 Host: **.0.0.**:6801 Content-Length: 83 Connection:close {"id":1,"jsonrpc":"2.0","method":"aria2.getVersion","params":["token:9g14pre895"]}
行为描述: 打开HTTP请求
详情信息: WinHttpOpenRequest: **.112.211.**:80/cgi-bin/update?version=1.3.5&plus=0&t=1499136658, hConnect = 0x02ef1200, hRequest = 0x02fb0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: **.112.211.**:80/cgi-bin/update?version=1.3.5&plus=0&t=1499136658, hConnect = 0x02e61200, hRequest = 0x02fd0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pa****ub:80/cgi-bin/update?version=1.3.5&plus=0&t=1499136658, hConnect = 0x02d43200, hRequest = 0x03010000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: pa****ub:80/cgi-bin/update?version=1.3.5&plus=0&t=1499136658, hConnect = 0x02eb1200, hRequest = 0x03050000, Verb: GET, Referer: , Flags = 0x00000080
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: pa****ub
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\aria2c\DEBUG\Trace Level
行为描述: 删除注册表键值
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\aria2c\DEBUG\Trace Level
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: PanDownload
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ADK
RasPbFile
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.ADK.IC
EventName = MSCTF.SendReceiveConection.Event.ADK.IC
EventName = Global\crypt32LogoffEvent
行为描述: 打开互斥体
详情信息: ShimCacheMutex
RasPbFile
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\crypt32LogoffEvent
行为描述: 获取TickCount值
详情信息: TickCount = 219751, SleepMilliseconds = 1.
TickCount = 219969, SleepMilliseconds = 1.
TickCount = 219985, SleepMilliseconds = 1.
TickCount = 229829, SleepMilliseconds = 1.
TickCount = 229844, SleepMilliseconds = 1.
TickCount = 229860, SleepMilliseconds = 1.
TickCount = 231032, SleepMilliseconds = 1.
TickCount = 231063, SleepMilliseconds = 1.
TickCount = 243360, SleepMilliseconds = 1.
TickCount = 243376, SleepMilliseconds = 1.
TickCount = 243391, SleepMilliseconds = 1.
TickCount = 243438, SleepMilliseconds = 1.
TickCount = 243469, SleepMilliseconds = 1.
TickCount = 243485, SleepMilliseconds = 1.
TickCount = 243594, SleepMilliseconds = 1.
行为描述: 窗口信息
详情信息: Pid = 2604, Hwnd=0x10342, Text = 本软件仅供学习交流使用,不得用于商业用途!, ClassName = MsgBoxUI.
Pid = 2604, Hwnd=0x4039a, Text = 获取数据失败, ClassName = MsgBoxUI.
Pid = 2604, Hwnd=0x20342, Text = PanDownload, ClassName = PanFrameUI.
行为描述: 查找PE资源信息
详情信息: (FindResourceW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\aria2c.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[10]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\百度网盘下载器 v1.3.5\PanData\aria2c.exe ---> 4943ba11f55a2140a95847f09ead2fe6
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xe028c810, EDX = 0x000000cb
EAX = 0xf338f29f, EDX = 0x000000cb
EAX = 0xf338f2eb, EDX = 0x000000cb
EAX = 0x061ded87, EDX = 0x000000cc
运行截图
VirSCANVirSCAN
VirSCAN