VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:080e00dcb804a3a76bb7db0ba2ed9935
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Not a valid PE file
Subfile information:WinRAR.exe / fae3aab0bc201557f6eaa79d98926833 / EXE
Rar.exe / c3c9a0ed2183835800a8b6a53c1b3897 / EXE
UnRAR.exe / 39176a03f3eca96c042eb77791762df8 / EXE
RarExt.dll / 655e8ce2b0d38bdcffb96814b612a1cf / DLL
WinRAR.chm / d825d5328a97f2f47df236b0b53993db / Chm
RarExt32.dll / 9b447b97360e07d579dcf018429e507e / DLL
Default64.SFX / 302424b4685b3e4ab31a295cb4e5c3e8 / EXE
WinCon64.SFX / 747ef6e418a6da35b776f40361478860 / EXE
Default.SFX / a20d5250b91f19a91df9522ddb2ca172 / EXE
WinCon.SFX / f44bd019a629511379a22cee20feb937 / EXE
Uninstall.exe / c18aa8762653acadf1daa677b2f58b0f / EXE
Zip64.SFX / 1805da669a85a966e06d24d0b0f95a1f / EXE
7zxa.dll / 78bbe19a9c2b67bc56f205df0a7af1e4 / DLL
Zip.SFX / ae92e21ecf50c3ea3abd370f9ed4ffc7 / EXE
Rar.txt / 438b4dd1a76e5e031d73b85abe9e12d9 / Unknown
UNACEV2.DLL / de02c4d04088b69e64ecc30a3d9e22e5 / DLL
Ace32Loader.exe / c3df0b2ecaa50ef4bda2f0e67e47b363 / EXE
WhatsNew.txt / a2b5fdb7f1cb5058151a3bc01ad9ba4f / Unknown
License.txt / 672064cf19db0b083b981cf0be7662b0 / Unknown
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\WinRAR\uninstall.exe, CmdLine = "C:\Program Files\WinRAR\uninstall.exe" /setup
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR 帮助.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\控制台 RAR 手册.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\最新版本里有哪些新功能.lnk
Behavior description:创建可执行文件
details:C:\Program Files\WinRAR\RarExt.dll
C:\Program Files\WinRAR\RarExt32.dll
C:\Program Files\WinRAR\UNACEV2.DLL
C:\Program Files\WinRAR\Uninstall.exe
C:\Program Files\WinRAR\UnRAR.exe
C:\Program Files\WinRAR\WinCon.SFX
C:\Program Files\WinRAR\WinCon64.SFX
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\Zip.SFX
C:\Program Files\WinRAR\Zip64.SFX
C:\Program Files\WinRAR\7zxa.dll
C:\Program Files\WinRAR\Ace32Loader.exe
C:\Program Files\WinRAR\Default.SFX
C:\Program Files\WinRAR\Default64.SFX
C:\Program Files\WinRAR\Rar.exe
Behavior description:修改文件内容
details:C:\Program Files\WinRAR\Rar.txt---> Offset = 0
C:\Program Files\WinRAR\RarFiles.lst---> Offset = 0
C:\Program Files\WinRAR\rarreg.key---> Offset = 0
C:\Program Files\WinRAR\ReadMe.txt---> Offset = 0
C:\Program Files\WinRAR\Uninstall.lst---> Offset = 0
C:\Program Files\WinRAR\WhatsNew.txt---> Offset = 0
C:\Program Files\WinRAR\WinRAR.chm---> Offset = 0
C:\Program Files\WinRAR\下载站下载说明.htm---> Offset = 0
C:\Program Files\WinRAR\Descript.ion---> Offset = 0
C:\Program Files\WinRAR\License.txt---> Offset = 0
C:\Program Files\WinRAR\Order.htm---> Offset = 0
C:\Program Files\WinRAR\rarnew.dat---> Offset = 0
C:\Program Files\WinRAR\zipnew.dat---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR 帮助.lnk---> Offset = 0
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew
\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ShellNew
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\WinRAR SFX\C%%Program Files%WinRAR
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.rar\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.zip\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.cab\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.arj\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.lzh\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.ace\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.7z\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.tar\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.gz\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.uue\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.bz2\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.jar\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.iso\Set
\REGISTRY\USER\S-*\Software\WinRAR\Setup\.z\Set
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r00\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r01\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r02\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r03\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r04\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r05\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r06\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r07\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r08\Content Type
\REGISTRY\MACHINE\SOFTWARE\Classes\.r09\Content Type
Other behavior
Behavior description:窗口信息
details:Pid = 1452, Hwnd=0x30288, Text = TITLE_BMP, ClassName = Static.
Pid = 1452, Hwnd=0x30284, Text = 版权所有 (C) 1993-2013, ClassName = Static.
Pid = 1452, Hwnd=0x30282, Text = Alexander Roshal, ClassName = Static.
Pid = 1452, Hwnd=0x3027e, Text = 目标文件夹(&D), ClassName = Static.
Pid = 1452, Hwnd=0x4027c, Text = C:\Program Files\WinRAR, ClassName = ComboBox.
Pid = 1452, Hwnd=0x40274, Text = C:\Program Files\WinRAR, ClassName = Edit.
Pid = 1452, Hwnd=0x50272, Text = 浏览(&W)..., ClassName = Button.
Pid = 1452, Hwnd=0x402a4, Text = 如果你同意最终用户许可协议 (EULA),请点击 [安装]。如果你不同意,请点击 [取消]。, ClassName = Static.
Pid = 1452, Hwnd=0x4029a, Text = 安装, ClassName = Button.
Pid = 1452, Hwnd=0x40298, Text = 取消, ClassName = Button.
Pid = 1452, Hwnd=0xb028c, Text = WinRAR 5.30 beta5 简体中文版 By www.downg.com, ClassName = #32770.
Pid = 1452, Hwnd=0x50266, Text = 正解压文件到 "C:\Program Files\WinRAR" 文件夹 , ClassName = RichEdit20W.
Pid = 2796, Hwnd=0x4028a, Text = WinRAR 关联文件, ClassName = Button(GroupBox).
Pid = 2796, Hwnd=0xc020a, Text = RAR, ClassName = Button(CheckBox).
Pid = 2796, Hwnd=0x40108, Text = ZIP, ClassName = Button(CheckBox).
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号