VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:182af671bb4edcaaa6bf56d31cef921e
file type:EXE
Production company:WinTools Software, Ltd.
version:15.0.1.0
Shell or compiler information:
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,msctls_progress32]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\Software\VMware, Inc.
\REGISTRY\USER\S-*\Software\VMware, Inc.
\REGISTRY\USER\.DEFAULT\Software\VMware, Inc.
\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = WinTools.net 15.0.1 Professional, ClassName = WINTOOLSNETCLASS.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..HGJHH
MSCTF.MarshalInterface.FileMap.AEF.B.GIJHH
MSCTF.MarshalInterface.FileMap.AEF.C.GIJHH
MSCTF.MarshalInterface.FileMap.AEF.D.GIJHH
MSCTF.MarshalInterface.FileMap.AEF.E.FKJHH
MSCTF.MarshalInterface.FileMap.AEF.F.EOJHH
MSCTF.MarshalInterface.FileMap.AEF.G.EOJHH
MSCTF.Shared.SFM.AEF
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..HGJHH
MSCTF.MarshalInterface.FileMap.AEF.B.GIJHH
MSCTF.MarshalInterface.FileMap.AEF.C.GIJHH
MSCTF.MarshalInterface.FileMap.AEF.D.GIJHH
MSCTF.MarshalInterface.FileMap.AEF.E.FKJHH
MSCTF.MarshalInterface.FileMap.AEF.F.EOJHH
MSCTF.MarshalInterface.FileMap.AEF.G.EOJHH
MSCTF.Shared.SFM.AEF
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\wintoolsnet.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\wintoolsnet.ini---> Offset = 19
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\wintoolsnet.ini---> Offset = 37
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\wintoolsnet.ini---> Offset = 70
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\wintoolsnet.ini---> Offset = 79
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\wintoolsnet.ini---> Offset = 90
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\wintoolsnet.ini---> Offset = 102
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\tweakguide.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\data\*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Cookies
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\bkup\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\undo\*
FileName = C:\Documents and Settings\Administrator\「开始」菜单
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideClock
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoManageMyComputerVerb
\REGISTRY\USER\S-*\Control Panel\Desktop\SmoothScroll
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000\EnableUDMA66
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCDBurning
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DisableTaskOffload
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoUserNameInStartMenu
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartmenuLogoff
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders
Behavior description:修改注册表_组策略
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableMSI
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
Other behavior
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 50.
CursorPos = (6399,26500), SleepMilliseconds = 50.
CursorPos = (19234,15724), SleepMilliseconds = 50.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,msctls_progress32]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [WINTOOLSNETCLASS,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_INC_BASE_PRIORITY_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 487346, SleepMilliseconds = 50.
TickCount = 488956, SleepMilliseconds = 50.
TickCount = 488971, SleepMilliseconds = 50.
TickCount = 488987, SleepMilliseconds = 50.
TickCount = 489378, SleepMilliseconds = 50.
TickCount = 489409, SleepMilliseconds = 50.
TickCount = 489425, SleepMilliseconds = 50.
TickCount = 489440, SleepMilliseconds = 50.
TickCount = 489456, SleepMilliseconds = 50.
TickCount = 489471, SleepMilliseconds = 50.
TickCount = 489487, SleepMilliseconds = 50.
TickCount = 489550, SleepMilliseconds = 50.
TickCount = 489565, SleepMilliseconds = 50.
TickCount = 489581, SleepMilliseconds = 50.
TickCount = 489659, SleepMilliseconds = 50.
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\Software\VMware, Inc.
\REGISTRY\USER\S-*\Software\VMware, Inc.
\REGISTRY\USER\.DEFAULT\Software\VMware, Inc.
\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = WinTools.net 15.0.1 Professional, ClassName = WINTOOLSNETCLASS.
Behavior description:窗口信息
details:Pid = 1476, Hwnd=0x10336, Text = ..., ClassName = ButtonExClass.
Pid = 1476, Hwnd=0x10636, Text = - - -, ClassName = Edit.
Pid = 1476, Hwnd=0x10638, Text = - - -, ClassName = Edit.
Pid = 1476, Hwnd=0x1063a, Text = - - -, ClassName = Edit.
Pid = 1476, Hwnd=0x10640, Text = &Win.ini, ClassName = ButtonExClass.
Pid = 1476, Hwnd=0x10644, Text = &System.ini, ClassName = ButtonExClass.
Pid = 1476, Hwnd=0x10648, Text = &Config.sys, ClassName = ButtonExClass.
Pid = 1476, Hwnd=0x1064c, Text = &Autoexec.bat, ClassName = ButtonExClass.
Pid = 1476, Hwnd=0x10650, Text = C&onfig.nt, ClassName = ButtonExClass.
Pid = 1476, Hwnd=0x10654, Text = A&utoexec.nt, ClassName = ButtonExClass.
Pid = 1476, Hwnd=0x106c4, Text = computer, ClassName = Edit.
Pid = 1476, Hwnd=0x106c8, Text = Microsoft Windows XP, ClassName = Edit.
Pid = 1476, Hwnd=0x106ca, Text = 76481-640-0059266-23285, ClassName = Edit.
Pid = 1476, Hwnd=0x106cc, Text = 2600.xpsp.080413-2111, ClassName = Edit.
Pid = 1476, Hwnd=0x106ce, Text = Service Pack 3, ClassName = Edit.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\tittle00.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\tittle01.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\tittle02.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\tittle03.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\tittle04.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\tittle05.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\tittle06.bmp
\oemlogo.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\lang\English\vert.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号