VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:2623884efe6046ad85244176576166b2
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:Setup Capture.exe / big file / EXE
logging.dll / 9b5a0d0803257d77255d7d19f9ed6a0d / DLL
thinreg.exe / 028f3ac22e42fe724f59ec33a180e86b / EXE
vregtool.exe / 86d578a5b97af7c1ff084c3c3cbd3abd / EXE
vftool.exe / 365b951522f256a768140ca052ee2aed / EXE
tlink.exe / 38addbe19fc3909ed0b2d24c1fe5e343 / EXE
AppSync.exe / 73407750ac0bcaba6ec58950ea72d8e0 / EXE
EULA.rtf / d2cbb3ef39b9ecf693c9b88c52b49a35 / Unknown
log_monitor.exe / a0183e7f16ae3d45b2f8b63f4082ebd5 / EXE
snapshot.exe / 3f08fea9e14db755528f4a54af0c7f82 / EXE
dll_dump.exe / 790ff957af2656493823bcabee0f25d1 / EXE
sbmerge.exe / b7a5a680af2b171e2178301d09b0c5b5 / EXE
template.msi / 8b2530681781c2837144181baf851678 / Compound
!_StringDatadumpFile / ec779847753cc0f50d68a5be90e048d6 / Unknown
snapshot.ini / 8135029059d8560ee0aa1bad8505b7fc / Unknown
open_source_licenses.txt / 58c60df92a1c7cda87300b29a864848c / Unknown
!_ValidationdumpFile / aaeb5930cc676eab4dd70727adf3c9df / Unknown
!_StringPooldumpFile / 6d9f5cbe106859dcd9c49aee80860a74 / Unknown
!ErrordumpFile / 48e699e8c681081675a1aa0f4c0b8262 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
00000a78-th.ib
\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.rw.tvr.transact
\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.tlog.cache
2680.thmst
2680.themm
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
00000a78-th.ib
\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.rw.tvr.transact
\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.tlog.cache
2680.thmst
2680.themm
Behavior description:重命名文件
details:C:\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.rw.tvr.lck.COMPUTER.ffffffffa7c ---> C:\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.rw.tvr.lck
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.rw.tvr.lck.COMPUTER.ffffffffa7c---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.rw.tvr.transact---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Thinstall\ThinstallBuilder\Registry.tlog.cache---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445219640.334161.exe_7zdump\Setup Capture.*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\Administrator\Favorites
FileName = C:\Documents and Settings\Administrator\Templates
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\Documents and Settings\All Users\Favorites
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\Program Files
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
{7BE1ADE5-9779-47E9-AA9D-3246C8BC4BC7}_tlog_lock
{7BE1ADE5-9779-47E9-AA9D-3246C8BC4BC7}_tqmap_lock
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号