VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :75
基本信息
MD5:1a0b54c8035e045519da5aa95d9af6d1
文件类型:EXE
出品公司:
版本:
壳或编译器信息:COMPILER:Microsoft Visual C++ vx.x DLL
关键行为
行为描述:直接获取CPU时钟
详情信息:EAX = 0xb0674070, EDX = 0x00001195
EAX = 0xb06740bc, EDX = 0x00001195
EAX = 0xb0674108, EDX = 0x00001195
EAX = 0xb0674154, EDX = 0x00001195
EAX = 0xb06741a0, EDX = 0x00001195
EAX = 0xb06741ec, EDX = 0x00001195
EAX = 0xb0674238, EDX = 0x00001195
EAX = 0xb0674284, EDX = 0x00001195
EAX = 0xb06742d0, EDX = 0x00001195
EAX = 0xb067431c, EDX = 0x00001195
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IJF
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IJF.IC
EventName = MSCTF.SendReceiveConection.Event.IJF.IC
行为描述:打开互斥体
详情信息:ShimCacheMutex
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述:窗口信息
详情信息:Pid = 2004, Hwnd=0x140306, Text = Generate, ClassName = Button.
Pid = 2004, Hwnd=0xa03b0, Text = Alex/LineZer0, ClassName = Static.
Pid = 2004, Hwnd=0x303dc, Text = Comfort Clipboard Pro v7, ClassName = Button(GroupBox).
Pid = 2004, Hwnd=0x1b02b6, Text = Another Great Release by LineZer0!, ClassName = #32770.
Pid = 2004, Hwnd=0x10033c, Text = 250D71DD9429271906284008840080343A75868A6CAE0B70513376711LZ0, ClassName = Edit.
Pid = 2004, Hwnd=0x10033c, Text = 78FA5E7C19FB0E8F56622508677628707A2107357499261C779A2E933LZ0, ClassName = Edit.
Pid = 2004, Hwnd=0x10033c, Text = 6D924A2C6DCFAC5344849208695886249A78464C0BDDF92F982237737LZ0, ClassName = Edit.
Pid = 2004, Hwnd=0x10033c, Text = F1749BF45CF0D8A127486608489059071A828544357368735CEC6746ALZ0, ClassName = Edit.
Pid = 2004, Hwnd=0x10033c, Text = E81CA9A1EBE3421851477108811348575A1155F97C9F2383E15BF6CD8LZ0, ClassName = Edit.
Pid = 2004, Hwnd=0x10033c, Text = 38185E2D879560ED83104708168346439A20674B555B483B9997610BDLZ0, ClassName = Edit.
Pid = 2004, Hwnd=0x10033c, Text = 56373F2AA49AB58D19989308763242262A5450586CD196BA1A387942ELZ0, ClassName = Edit.
行为描述:直接获取CPU时钟
详情信息:EAX = 0xb0674070, EDX = 0x00001195
EAX = 0xb06740bc, EDX = 0x00001195
EAX = 0xb0674108, EDX = 0x00001195
EAX = 0xb0674154, EDX = 0x00001195
EAX = 0xb06741a0, EDX = 0x00001195
EAX = 0xb06741ec, EDX = 0x00001195
EAX = 0xb0674238, EDX = 0x00001195
EAX = 0xb0674284, EDX = 0x00001195
EAX = 0xb06742d0, EDX = 0x00001195
EAX = 0xb067431c, EDX = 0x00001195
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号