VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:1e2e569928931b143202319091716082
file type:EXE
Production company:hez2010
version:6.1.0.0---6.1.0.0
Shell or compiler information:COMPILER:Elan
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..JAOGH
MSCTF.MarshalInterface.FileMap.AEF.B.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.C.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.D.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.E.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.F.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.G.JAOGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.I.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.J.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.K.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.L.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.M.FHCLH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,SysListView32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [请稍等...,Afx:400000:b:10011:1900015:0]
[Window,Class] = [导出,Button]
[Window,Class] = [导出进度:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [保存,Button]
[Window,Class] = [创建,Button]
[Window,Class] = [删除,Button]
[Window,Class] = [修改,Button]
[Window,Class] = [重命名,Button]
[Window,Class] = [进程创建,Button]
[Window,Class] = [监控类型:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [操作处理:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [弹窗提示,Button]
[Window,Class] = [询问撤销,Button]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..JAOGH
MSCTF.MarshalInterface.FileMap.AEF.B.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.C.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.D.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.E.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.F.JAOGH
MSCTF.MarshalInterface.FileMap.AEF.G.JAOGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.I.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.J.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.K.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.L.FHCLH
MSCTF.MarshalInterface.FileMap.AEF.M.FHCLH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\FC_hez2010\config.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\FC_hez2010\first.mak---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Application Data\FC_hez2010
FileName = C:\Documents and Settings\Administrator\Application Data\FC_hez2010\config.ini
FileName = C:\Documents and Settings\Administrator\Application Data\FC_hez2010\first.mak
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = ftp01.site4future.com, PORT = 21
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 1476, Hwnd=0x10378, Text = 欢迎使用本程序! 如果您是第一次使用, 请仔细阅读此帮助文件, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x10408, Text = 无法正常使用, ClassName = Button(GroupBox).
Pid = 1476, Hwnd=0x1040a, Text = 全部重置, ClassName = Button.
Pid = 1476, Hwnd=0x10406, Text = 如果您的文件操作监控无法正常使用, 请点击 "全部重置" 重置本程序, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x10404, Text = 我不放心, ClassName = Button.
Pid = 1476, Hwnd=0x10402, Text = 希望您使用愉快, 谢谢, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x10400, Text = 开始使用本程序 (即关闭本窗口) 代表用户愿意接受并自行承担所产生的任何后果, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x103fe, Text = hez2010 版权所有 作者: hez2010 QQ:1030193847 E-mail:hez2010@126.com, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x103fc, Text = 郑重声明, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x103fa, Text = 本程序对您的计算机绝对没有任何恶意行为, 如果杀毒软件报毒请添加信任! 如果您还是不放心, 请点击 "我不放心" 退出本程序, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x103f8, Text = 强制删除, ClassName = Button(GroupBox).
Pid = 1476, Hwnd=0x103f6, Text = 本程序所有的删除操作都为强制删除, 因此启动本程序需以管理员权限运行以便加载驱动, 可能会导致杀毒软件误报, 添加信任即可 *注意: 请务, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x103ee, Text = 定期扫描系统内存, ClassName = Button(GroupBox).
Pid = 1476, Hwnd=0x103f4, Text = 处理——将强制删除恶意程序 忽略——本次软件启动将不再提醒该程序 定位——打开文件所在位置, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x103f0, Text = 开启监控后, 本程序将定期扫描系统内存, 发现病毒将会提示用户进行处理, 如图所示:, ClassName = _EL_Label.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,SysListView32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [请稍等...,Afx:400000:b:10011:1900015:0]
[Window,Class] = [导出,Button]
[Window,Class] = [导出进度:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [保存,Button]
[Window,Class] = [创建,Button]
[Window,Class] = [删除,Button]
[Window,Class] = [修改,Button]
[Window,Class] = [重命名,Button]
[Window,Class] = [进程创建,Button]
[Window,Class] = [监控类型:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [操作处理:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [弹窗提示,Button]
[Window,Class] = [询问撤销,Button]
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号