VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:0c42052ea5dbe47b6852aa488fcf6dcd
file type:7z
Production company:www.startisback.com
version:1.7.5.0---1.7.5
Shell or compiler information:PACKER:UPX V2.00-V3.00 -> Markus Oberhumer & Laszlo Molnar & John Reiser [Overlay] *
Subfile information:StartIsBackCfg.exe / 03ca30fefd13445136249c409bf62dfe / EXE
StartIsBack64.dll / 1aba4d41dfa35f3201d3a17828d2714d / DLL
StartIsBack32.dll / 88c44984b01610ddc40733a1b58038ac / DLL
upx30_404c26f6dumpFile / ba907b708658aeffe550ce0d0e0dad76 / EXE
AeroByDesign.msstyles / c09c314fad9cfd26f016b23787a2b20c / DLL
Plain8.msstyles / fa381325fa39ac932c2dbdcafda66993 / DLL
Aero 8.msstyles / 8c2b3444d432d4d2186503084d60c112 / DLL
shamrock_106.bmp / 44cbee8273caab2a8fc7be4601d25834 / Unknown
win7_106.bmp / 9dc0c1f8587781a259bd6f2ee1aa4403 / Unknown
shamrock_81.bmp / c42fe148b4f3bfa4d85ebefd1da114be / Unknown
win7_81.bmp / f76dc324922b4c372dd9eb57cdc0e94d / Unknown
Windows 7.msstyles / 1f3f22642095ceb343be0126f24e622f / DLL
startscreen.exe / 699d80b9fec48efc736f90e5d7171430 / EXE
shamrock_66.bmp / 6c9772779b7dd97df97d59e895e518b6 / Unknown
win7_66.bmp / b98aa17a67aae7fe8f2a89cd2a726312 / Unknown
shamrock_54.bmp / 1ca0a3abec3abe6ed36c07917f8648d7 / Unknown
StartIsBack_Ei8htOrb_v2_by_PainteR.bmp / 641328c75e6b117545211db22dafcaa0 / Unknown
win7_54.bmp / 832c00095fc2da44acf1fcc8fed1693c / Unknown
UpdateCheck.exe / d269148c207ab76191abd049334381c0 / EXE
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IFL..BMOFF
MSCTF.MarshalInterface.FileMap.IFL.B.BMOFF
MSCTF.MarshalInterface.FileMap.IFL.C.BMOFF
MSCTF.MarshalInterface.FileMap.IFL.D.BMOFF
MSCTF.MarshalInterface.FileMap.IFL.E.BMOFF
MSCTF.MarshalInterface.FileMap.IFL.F.BMOFF
MSCTF.MarshalInterface.FileMap.IFL.G.BNOFF
MSCTF.Shared.SFM.IFL
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Styles\Aero 8.msstyles
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Styles\AeroByDesign.msstyles
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Styles\Plain8.msstyles
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Styles\Windows 7.msstyles
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\StartIsBackCfg.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\startscreen.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\UpdateCheck.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\StartIsBack32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\StartIsBack64.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_106.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_54.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_66.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_81.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\StartIsBack_Ei8htOrb_v2_by_PainteR.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_106.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_54.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_66.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_81.bmp---> Offset = 0
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IFL
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2900, Hwnd=0x20350, Text = 确定, ClassName = Button.
Pid = 2900, Hwnd=0x20354, Text = %1 不是有效的 Win32 应用程序。 , ClassName = Static.
Pid = 2900, Hwnd=0x2034c, Text = 7-Zip, ClassName = #32770.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_106.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_54.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_66.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\shamrock_81.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\StartIsBack_Ei8htOrb_v2_by_PainteR.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_106.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_54.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_66.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS45B45375\Orbs\win7_81.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号