VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :75
基本信息
MD5:961358985a5cb60a4198ac82672a8a20
文件类型:EXE
出品公司:www.botpoker.ru
版本:7.2.3.0---7.2.3
壳或编译器信息:COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00020340, Text = 玉蜞眍怅?Poker-Robot 7.2.3, ClassName = obj_Form.
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\2.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\8.tmp
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\2.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\2.tmp ---> Offset = 4
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\5.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\5.tmp ---> Offset = 25800
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\7.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\7.tmp ---> Offset = 5994
C:\Documents and Settings\Administrator\Local Settings\Temp\$inst\8.tmp ---> Offset = 0
行为描述:查找文件
详情信息:FileName = C:\Program Files
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AGK
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AGK.IC
EventName = MSCTF.SendReceiveConection.Event.AGK.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
_fCanRegisterWithShellService
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00020340, Text = 玉蜞眍怅?Poker-Robot 7.2.3, ClassName = obj_Form.
行为描述:窗口信息
详情信息:Pid = 2652, Hwnd=0x10354, Text = 青矬耱栩?Poker-Robot 7.2.3, ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x10356, Text = 项耢铗疱螯 Readme, ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x10358, Text = 项皴蜩螯 web-襦轵 镳钽疣祆?﹈, ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x20380, Text = 锣?镳桠弪耱怏弪 锑耱屦 篑蜞眍怅?Poker-Robot 7.2.3, ClassName = obj_STATIC.
Pid = 2652, Hwnd=0x4039e, Text = 蒡?镳钽疣祆?篑蜞眍忤?Poker-Robot 7.2.3 磬 忄?觐祜蝈? 襄疱?磬鬣腩?篑蜞眍怅?疱觐戾礓箦蝰 玎牮?怦?玎矬眄 镳桦铈屙?. 蒡?镱玮铍栩 镳钽疣祆?篑蜞眍怅?钺眍忤螯 耔耱屐睇?羿殡?徨?镥疱玎沭箸觇. 袜骒栩?泥脲?黩钺?镳钿铍骅螯., ClassName = obj_STATIC.
Pid = 2652, Hwnd=0x1036c, Text = 袜骒栩?泥脲? 潆 镳钿铍驽龛 篑蜞眍怅? 篷腓 蔓 躅蜩蝈 恹狃囹?漯筱簋 镟镪?潆 篑蜞眍怅? 磬骒栩?吾珙? 碾 篑蜞眍怅?铋 镳钽疣祆?蝠遽箦蝰 赅?扈龛祗?6,42 Mb 疋钺钿眍泐 滂耜钼钽?镳铖蝠囗耱忄., ClassName = obj_STATIC.
Pid = 2652, Hwnd=0x10370, Text = 枢蜞腩?篑蜞眍怅?蘩, ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x10372, Text = C:\Program Files\Poker-Robot, ClassName = obj_EDIT.
Pid = 2652, Hwnd=0x103b2, Text = 吾珙?.., ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x10384, Text = 蔓徨痂蝈 漕镱腠栩咫 痣?Poker-Robot 7.2.3, 觐蝾瘥?狍潴?耦玟囗?镳?篑蜞眍怅?, ClassName = obj_STATIC.
Pid = 2652, Hwnd=0x10386, Text = 杨玟囹?痣 磬 疣犷麇?耱铍?Poker-Robot 7.2钾矑矑Ά , ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x10388, Text = 杨玟囹?痣 ?耱囵蝾忸?戾睨, ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x1038a, Text = 杨玟囹?痣 磬 镟礤腓 猁耱痤泐 玎矬耜?, ClassName = obj_BUTTON.
Pid = 2652, Hwnd=0x1038e, Text = 袜骒栩?玉蜞眍忤螯 潆 磬鬣豚 篑蜞眍怅?桦?袜玎? 黩钺?镳钼屦栩?桦?玎眍忸 忖羼蜩 桧纛痨圉棹 潆 篑蜞眍怅?, ClassName = obj_STATIC.
Pid = 2652, Hwnd=0x20398, Text = < 袜玎?, ClassName = obj_BUTTON.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [Smart Install Maker,obj_Form]
[Window,Class] = [,obj_BUTTON]
[Window,Class] = [,obj_STATIC]
[Window,Class] = [锣?镳桠弪耱怏弪 锑耱屦 篑蜞眍怅?Poker-Robot 7.2.3,obj_STATIC]
[Window,Class] = [蒡?镳钽疣祆?篑蜞眍忤?Poker-Robot 7.2.3 磬 忄?觐祜蝈? 襄疱?磬鬣腩?篑蜞眍怅?疱觐戾礓箦蝰 玎牮?怦?玎矬眄 镳桦铈屙?. 蒡?镱玮铍栩 镳钽疣祆?篑蜞眍怅?钺眍忤螯 耔耱屐睇?羿殡?徨?镥疱玎沭箸觇. 袜骒栩?泥脲?黩钺?镳钿铍骅螯.,obj_STATIC]
[Window,Class] = [青矬耱栩?Poker-Robot 7.2.3,obj_BUTTON]
[Window,Class] = [项耢铗疱螯 Readme,obj_BUTTON]
[Window,Class] = [项皴蜩螯 web-襦轵 镳钽疣祆??,obj_BUTTON]
[Window,Class] = [,obj_RichEdit50W]
[Window,Class] = [袜骒栩?泥脲? 潆 镳钿铍驽龛 篑蜞眍怅? 篷腓 蔓 躅蜩蝈 恹狃囹?漯筱簋 镟镪?潆 篑蜞眍怅? 磬骒栩?吾珙? 碾 篑蜞眍怅?铋 镳钽疣祆?蝠遽箦蝰 赅?扈龛祗?6,42 Mb 疋钺钿眍泐 滂耜钼钽?镳铖蝠囗耱忄.,obj_STATIC]
[Window,Class] = [枢蜞腩?篑蜞眍怅?蘩,obj_BUTTON]
[Window,Class] = [C:\Program Files\Poker-Robot,obj_EDIT]
[Window,Class] = [吾珙?..,obj_BUTTON]
[Window,Class] = [,obj_EDIT]
[Window,Class] = [,obj_SysListView32]
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号