VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:002fa2cfb94b292a55d246aa4377c789
file type:EXE
Production company:NirSoft
version:2.1.5.0---2.15
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:upx_c_7b99533edumpFile / 694654ce9b94e150a307eada6d82b5ca / EXE
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IPJ..HJIFF
MSCTF.MarshalInterface.FileMap.IPJ.B.HJIFF
MSCTF.MarshalInterface.FileMap.IPJ.C.HJIFF
MSCTF.MarshalInterface.FileMap.IPJ.D.HJIFF
MSCTF.MarshalInterface.FileMap.IPJ.E.HKIFF
MSCTF.MarshalInterface.FileMap.IPJ.F.HKIFF
MSCTF.MarshalInterface.FileMap.IPJ.G.HKIFF
MSCTF.Shared.SFM.IPJ
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IPJ
Behavior description:枚举窗口
details:N/A
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [CurrPorts,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [NirSoft_IPNetInfo,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2548, Hwnd=0x10350, Text = 11 Total Ports, No Remote Connections, 1 Selected, ClassName = msctls_statusbar32.
Pid = 2548, Hwnd=0x1034c, Text = CurrPorts, ClassName = CurrPorts.
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号