VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:82
Behavior list
Basic Information
MD5:2629a30929006252681bb01e09445497
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Borland C++ 1999
Subfile information:aspack212r_22fd4b0edumpFile / big file / EXE
upx_c_09b6edf6dumpFile / 2e75742141192e23a9b785a65f17de62 / EXE
UltraISO.v.9.6.2.3059.exedumpFile / abd4ebc7de524df7df09438534a2dd31 / Cab
UltraISO.exedumpFile / 41629f48c7912467e6209ef312abe469 / EXE
安装程序.exedumpFile / a0ad2bfc371e7422a6a098d55dda4f2e / EXE
0154dumpFile / 8a6297c3daad74837d59442d422f8b8d / EXE
0154dumpFile / 8a6297c3daad74837d59442d422f8b8d / EXE
isoshl64.dlldumpFile / 986e6a677bc459272f307e3101ebac60 / DLL
ISODrv64.sysdumpFile / e489d12ff435aeef4a5474c47d329590 / SYS
ISODrive.sysdumpFile / 5645290b24d23612d8ae10bbe8bf03ce / SYS
lang_cn.dlldumpFile / a33bd950b03d40e79c7e323e7c1c71c1 / DLL
isoshell.dlldumpFile / bd0c08ee0ff6305e65546b70720da645 / DLL
bootpt64.sysdumpFile / fc510ed30754be3a9201f1360731eb69 / SYS
bootpart.sysdumpFile / c7a38b95fb5ebe18bf2bd7decd933805 / SYS
bootpart.exedumpFile / c11190e032a9076a66e50bebab1819e4 / EXE
IsoCmd.exedumpFile / c0618803912bea2270ff7126772d8090 / EXE
System.dlldumpFile / 00a0194c20ee912257df53bfe258ee4a / DLL
[NSIS].nsidumpFile / 0f0567923d2fcc07c8c849a293914fc4 / Unknown
ultraiso.inidumpFile / fc3bad7de95c67bcb246630a7f15cec8 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = cr173.com, PORT = 80
InternetConnectA: ServerName = c.xq12.com, PORT = 80
Behavior description:打开HTTP请求
details:HttpOpenRequestA: cr173.com:80/exe/?a=1&exefile=ultraiso_one_gr.zip&filedate=1408549983, hConnect = 0x0000068c
HttpOpenRequestA: c.xq12.com:80/rj/?v=1&webname=cr173, hConnect = 0x000006a4
HttpOpenRequestA: cr173.com:80/exe/?a=1&exefile=ultraiso_one_gr.zip&filedate=1408549983, hConnect = 0x000006a0
Other behavior
Behavior description:创建驱动文件镜像
details:C:\WINDOWS\system32\drivers\fastfat.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:创建互斥体
details:cmonitorsampleexe_7zdump安装程序exe
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
Behavior description:窗口信息
details:Pid = 1648, Hwnd=0xb01c6, Text = 完成, ClassName = Button.
Pid = 1648, Hwnd=0xb0184, Text = 创建桌面快捷方式, ClassName = Button.
Pid = 1648, Hwnd=0xa01aa, Text = 完成后打开软件, ClassName = Button.
Pid = 1648, Hwnd=0xa0198, Text = c:\%temp%\1416138267.777028.exe_7zdump\UltraISO_one_gr\, ClassName = Edit.
Pid = 1648, Hwnd=0xd01a4, Text = 浏览, ClassName = Button.
Pid = 1648, Hwnd=0xb0164, Text = 设置 为主页, ClassName = Button.
Pid = 1648, Hwnd=0xd0166, Text = 安装程序, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号