VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:101ee518ebe80683917dcd4fe052dfaf
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:PDFReader.exe / 57b5af79d1d76c35224bc4efa303ee97 / EXE
TLPDB阅读器.exe / cf5ab82e46eb21ff4e945699ad93ce39 / EXE
Mscomctl.ocx / 12c2755d14b2e51a4bb5cbdfc22ecb11 / DLL
PDG文件阅读器PDG文件阅读器(超星).exe / 1ea16e07cda9a7fcb47858d7b1427f8a / EXE
PDB阅读器.exe / b8f0973cc774dae4f5d20ae648df7453 / EXE
HXEBookV23.exe / abcbff509e03c7747f1c89bbf1fdf30d / EXE
Comdlg32.ocx / d76f0eab36f83a31d411aeaf70da7396 / DLL
preview3.dll / f357444f9ebded01496248f787521b4a / DLL
mscms.dll / 24e903eae18e05040c8170cbc36d7286 / DLL
msimg32.dll / 028957c2b7205b2b4e1923febd34fd40 / DLL
page.wav / 7f4f5176b2d06f0ba4bc6a34e6f4f537 / Unknown
readme.txt / 8321a3ed0c44e95de2e4b21084317aa2 / Unknown
Reader EULA.txt / ddfdc3225af6355659ec102a8faea16f / Unknown
rd_eula.txt / f265fb2b070a9a548a9901594786dab3 / Unknown
tlpdb.ini / ce9e29da33f8057c48e2b0f0d8ea0134 / Unknown
readme.txt / 1656d4bf684514a1f24ca4b13f60e45f / Unknown
绿盟.url / 4780be41163102b8eb70e093ea403390 / Unknown
bxvfq.ini / b362822d13725ebc0964aab354a857e3 / Unknown
File behavior
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 81
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 91
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 101
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 111
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 127
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 138
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 147
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 177
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 204
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 326
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 345
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 367
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 389
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 410
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\tlpdb.ini ---> Offset = 419
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
{2BE6D96E-827F-4BF9-B33E-GMXFEIFEI}
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EKM
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.EKM.IC
EventName = MSCTF.SendReceiveConection.Event.EKM.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:窗口信息
details:Pid = 3232, Hwnd=0x1034e, Text = , ClassName = TRxRichEdit.
Pid = 3232, Hwnd=0x30362, Text = ToolBar1, ClassName = TToolBar.
Pid = 3232, Hwnd=0x10346, Text = TL-PDB 多语言版 V0.98.4d (31/03/2004), ClassName = TfrmDocReader.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:枚举窗口
details:N/A
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
Behavior description:隐藏指定窗口
details:[Window,Class] = [TL-PDB 多语言版 V0.98.4d (31/03/2004),TfrmDocReader]
Behavior description:打开互斥体
details:ShimCacheMutex
{2BE6D96E-827F-4BF9-B33E-GMXFEIFEI}
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号