VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:73
Behavior list
Basic Information
MD5:06a33b64589e6003d1c46da15a9ba0ee
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0
Subfile information:upx30_6308d5c0dumpFile / 914c3da9cb05921ee9cfff29965db7a1 / EXE
Pal5qAssist.v2.6.2.exe / 866dd422918985e721cf93577340397b / EXE
rlpack_12x_full_aplib_7b622610dumpFile / ca0cdce3dead2db9a7a82b7c5c04370b / DLL
pal5qspeechs.dat / 9cf8c8f308d761a631e4a1285fd5738f / Unknown
xiaoxing.dat / 1dd2a4a0f4d21eb65db5895fca2ca489 / DLL
pal5q.ini / a072f685bc6c042bae014ea7e055a733 / Unknown
说明.txt / 8ea7227bfe94a313b9f0b62e616cab3f / Unknown
2013年全部热门单机游戏及汉化下载.url / 0790caea55126acd9baa3a528a452a15 / Unknown
3DMGAME 中国第一单机游戏门户 全球最大汉化游戏论坛.url / 49cbfed4fa9b3fafdc9d499b6163fa62 / Unknown
Key behavior
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x120105d5, DC = 0x120105d5.
Foreground window Info: HWND = 0x770103f8, DC = 0x770103f8.
Process behavior
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.581938.exe_7zdump\pal5q.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.585467.exe_7zdump\pal5q.ini---> Offset = 770
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.589015.exe_7zdump\pal5q.ini---> Offset = 783
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.592549.exe_7zdump\pal5q.ini---> Offset = 755
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.596100.exe_7zdump\pal5q.ini---> Offset = 670
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.599651.exe_7zdump\pal5q.ini---> Offset = 681
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.603184.exe_7zdump\pal5q.ini---> Offset = 695
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.606732.exe_7zdump\pal5q.ini---> Offset = 741
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.610259.exe_7zdump\pal5q.ini---> Offset = 795
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.613807.exe_7zdump\pal5q.ini---> Offset = 819
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.617341.exe_7zdump\pal5q.ini---> Offset = 729
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450091796.620892.exe_7zdump\pal5q.ini---> Offset = 709
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EDC
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EDC.IC
EventName = MSCTF.SendReceiveConection.Event.EDC.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 1840, Hwnd=0x102f2, Text = 使用帮助, ClassName = Button.
Pid = 1840, Hwnd=0x102f0, Text = 前台剧情, ClassName = Button.
Pid = 1840, Hwnd=0x102ec, Text = 自动战斗, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102e8, Text = =, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102e6, Text = 开, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102e2, Text = 配音补完, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x102de, Text = 5 = 步速, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x202d2, Text = 画面辅助, ClassName = Button.
Pid = 1840, Hwnd=0x302b6, Text = 特别感谢, ClassName = Button.
Pid = 1840, Hwnd=0x702c0, Text = 地图全开, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x402be, Text = 无限连携, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x202aa, Text = 关闭自动, ClassName = Button.
Pid = 1840, Hwnd=0x202ae, Text = 飞行瞬移, ClassName = Button.
Pid = 1840, Hwnd=0x202b0, Text = 检查更新3DM第一游戏论坛, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1840, Hwnd=0x202c6, Text = 作者:@小幸姐, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x120105d5, DC = 0x120105d5.
Foreground window Info: HWND = 0x770103f8, DC = 0x770103f8.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,Button]
[Window,Class] = [开,Afx:400000:b:10011:1900015:0]
[Window,Class] = [=,Afx:400000:b:10011:1900015:0]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号