VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Scanner(s) (0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-09-18 21:27:45 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 11
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2017-03-22 Found nothing 4
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23840 0.97.5 2017-09-16 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
fortinet 1.000, 51.717, 51.597, 51.621 5.4.247 2017-09-18 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.14225 25.14225 2017-09-18 Found nothing 23
ikarus 3.02.08 V1.32.31.0 2017-09-17 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-09-17 Found nothing 3
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-09-17 Found nothing 60
mcafee 8620 5400.1158 2017-08-12 Found nothing 60
nod32 6091 3.0.21 2017-09-16 Found nothing 60
panda 9.05.01 9.05.01 2017-09-17 Found nothing 5
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 7
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-09-16 Found nothing 5
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 16
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 6
thehacker 6.8.0.5 6.8.0.5 2017-09-16 Found nothing 8
tws 17.47.17308 1.0.2.2108 2017-09-17 Found nothing 25
vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-15 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:adbe6831df48d80539897b5e8935c4f6
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 直接调用系统关键API
详情信息: Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x005B5007
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005BB9C7
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x005BD388
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\SICE
\??\SIWVID
\??\NTICE
行为描述: 获取TickCount值
详情信息: TickCount = 218784, SleepMilliseconds = 50.
TickCount = 218800, SleepMilliseconds = 50.
TickCount = 218878, SleepMilliseconds = 50.
TickCount = 218956, SleepMilliseconds = 50.
TickCount = 219003, SleepMilliseconds = 50.
TickCount = 219018, SleepMilliseconds = 50.
TickCount = 219034, SleepMilliseconds = 50.
TickCount = 219987, SleepMilliseconds = 50.
TickCount = 220003, SleepMilliseconds = 50.
TickCount = 220018, SleepMilliseconds = 50.
行为描述: 打开注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x96ec195c, EDX = 0x000000b4
EAX = 0x96ec19a8, EDX = 0x000000b4
EAX = 0x96ec19f4, EDX = 0x000000b4
EAX = 0x96ec1a40, EDX = 0x000000b4
EAX = 0x96ec1a8c, EDX = 0x000000b4
EAX = 0x96ec1ad8, EDX = 0x000000b4
EAX = 0x96ec1b24, EDX = 0x000000b4
EAX = 0x96ec1b70, EDX = 0x000000b4
EAX = 0x96ec1bbc, EDX = 0x000000b4
EAX = 0x96ec1c08, EDX = 0x000000b4
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
行为描述: VMWare特殊指令检测虚拟机
详情信息: N/A
进程行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 直接调用系统关键API
详情信息: Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x005B5007
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005BB9C7
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x005BD388
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\SICE
\??\SIWVID
\??\NTICE
行为描述: 获取TickCount值
详情信息: TickCount = 218784, SleepMilliseconds = 50.
TickCount = 218800, SleepMilliseconds = 50.
TickCount = 218878, SleepMilliseconds = 50.
TickCount = 218956, SleepMilliseconds = 50.
TickCount = 219003, SleepMilliseconds = 50.
TickCount = 219018, SleepMilliseconds = 50.
TickCount = 219034, SleepMilliseconds = 50.
TickCount = 219987, SleepMilliseconds = 50.
TickCount = 220003, SleepMilliseconds = 50.
TickCount = 220018, SleepMilliseconds = 50.
行为描述: 打开注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x96ec195c, EDX = 0x000000b4
EAX = 0x96ec19a8, EDX = 0x000000b4
EAX = 0x96ec19f4, EDX = 0x000000b4
EAX = 0x96ec1a40, EDX = 0x000000b4
EAX = 0x96ec1a8c, EDX = 0x000000b4
EAX = 0x96ec1ad8, EDX = 0x000000b4
EAX = 0x96ec1b24, EDX = 0x000000b4
EAX = 0x96ec1b70, EDX = 0x000000b4
EAX = 0x96ec1bbc, EDX = 0x000000b4
EAX = 0x96ec1c08, EDX = 0x000000b4
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
行为描述: VMWare特殊指令检测虚拟机
详情信息: N/A
文件行为
VirSCANVirSCAN
行为描述: 查找文件
详情信息: FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
注册表行为
VirSCANVirSCAN
行为描述: 打开注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
其他行为
VirSCANVirSCAN
行为描述: 直接调用系统关键API
详情信息: Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x005B5007
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005BB9C7
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x005BD388
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
行为描述: 打开互斥体
详情信息: DBWinMutex
ShimCacheMutex
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\SICE
\??\SIWVID
\??\NTICE
行为描述: 搜索kernel32.dll基地址
详情信息: Instruction Address = 0x0052191b
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述: 窗口信息
详情信息: Pid = 2632, Hwnd=0x10346, Text = 确定, ClassName = Button.
Pid = 2632, Hwnd=0x1034a, Text = Cannot find "sqlite3.dll". Please, re-install this application, ClassName = Static.
Pid = 2632, Hwnd=0x30340, Text = Themida, ClassName = #32770.
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 50.
行为描述: 获取TickCount值
详情信息: TickCount = 218784, SleepMilliseconds = 50.
TickCount = 218800, SleepMilliseconds = 50.
TickCount = 218878, SleepMilliseconds = 50.
TickCount = 218956, SleepMilliseconds = 50.
TickCount = 219003, SleepMilliseconds = 50.
TickCount = 219018, SleepMilliseconds = 50.
TickCount = 219034, SleepMilliseconds = 50.
TickCount = 219987, SleepMilliseconds = 50.
TickCount = 220003, SleepMilliseconds = 50.
TickCount = 220018, SleepMilliseconds = 50.
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x96ec195c, EDX = 0x000000b4
EAX = 0x96ec19a8, EDX = 0x000000b4
EAX = 0x96ec19f4, EDX = 0x000000b4
EAX = 0x96ec1a40, EDX = 0x000000b4
EAX = 0x96ec1a8c, EDX = 0x000000b4
EAX = 0x96ec1ad8, EDX = 0x000000b4
EAX = 0x96ec1b24, EDX = 0x000000b4
EAX = 0x96ec1b70, EDX = 0x000000b4
EAX = 0x96ec1bbc, EDX = 0x000000b4
EAX = 0x96ec1c08, EDX = 0x000000b4
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
行为描述: VMWare特殊指令检测虚拟机
详情信息: N/A
运行截图
VirSCANVirSCAN
VirSCAN