VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:0a70b01117a162e989be2cebf335404d
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:谷歌访问助手_v2.3.0.crx / 8f36ddaa32b7ad7b3c31613d9428c406 / zip
bg.js / 2bea3595353181a4baffbdee12eaaee7 / Unknown
sea.js / 2aa6d075395b81d6e1dad7636af4891c / Unknown
options.js / 2d3a140a01f96e6c96f97d336e32c169 / Unknown
messages.json / 069460dbeafdde453ecf90e375473363 / Unknown
messages.json / 069460dbeafdde453ecf90e375473363 / Unknown
icon-128.png / 49188f07cd4e07c2acb7d143ff76f01c / Unknown
google.png / 32b72a7fe6fe75e5d5502e6d23f9ee33 / Unknown
first.html / 557caed06b17e159bbb7fa3babec83aa / Unknown
abs-icon-big.png / 1b3d7cba77a48f580ae2ac4706aef2f8 / Unknown
chrome.png / b731889d4da7f0d572abbd67d3e50728 / Unknown
popup.html / b33d5230e939cba5f4e4098fdd4a65bc / Unknown
options.html / 43ca51bbd1687aff92f0552f402d9a5a / Unknown
verified_contents.json / 0785dab304b9109f083cda3c786e83ce / Unknown
gmail.png / e31b9f3f3cf5fe60ec999395d722cdad / Unknown
googleplus.png / 88004c33a452380975d4fe00b503ac83 / Unknown
warming.html / 0365ac75e171a6503ea9e905c70c5da3 / Unknown
popup.js / 836fc4fa107bf2fcec5deef06552ded2 / Unknown
icon-40.png / 3edade45af57300b2decd9849bc0cc12 / Unknown
Process behavior
Behavior description:创建本地线程
details:TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3060, ThreadID = 3072, StartAddress = 01002FD4, Parameter = 008E44E8
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3060, ThreadID = 3076, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3060, ThreadID = 3080, StartAddress = 765E964D, Parameter = 001DBDA8
File behavior
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\谷歌访问助手chrome版\谷歌访问助手_v2.3.0.crx_7zdump\bg.js
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:MSFT.VSA.COM.DISABLE.3060
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 3060, Hwnd=0x1034c, Text = 确定, ClassName = Button.
Pid = 3060, Hwnd=0x10350, Text = 脚本: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\谷歌访问助手chrome版\谷歌访问助手_v2.3.0.crx_7zdump\bg.js 行: 1 字符: 828 错误: 缺少标识符、字符串或数字 代码: 800A0404 源: Microsoft JScript 编译错误 , ClassName = Static.
Pid = 3060, Hwnd=0x10348, Text = Windows Script Host, ClassName = #32770.
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号