VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:2a873e3bdf99159d3714e037459c9c56
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Wise Installer stub [Overlay]
Subfile information:avvcs30demo.exe / 9c703ab2fbd2d290912aaeafa6a7e21d / EXE
avvcs30_H.exe / c3de3b279cffa5cb703f33f921bf1a9e / EXE
avvcs30full.exe / 7ca856ab7416c368786fffb18c602635 / EXE
keygen.exe / a799858bad86d760540892956e54c388 / EXE
ror.nfo / c17b2f101f377cf83a27f0a8e03c3759 / Unknown
173软件下载.txt / 24f19b13a0c043e0c10166e96aa7b278 / Unknown
安装说明.txt / 930e6601da223fe9318d3b757f0c741a / Unknown
趣味变声软件——男声变女声 3.0.89 完全版.TXT / dfe600637c20993ae5f0ebb6885d4268 / Unknown
173绿色软件.url / ae411f6833c75cc0d0579c93b9129959 / Unknown
quweibiansheng3dumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:常规加载驱动
details:\??\C:\WINDOWS\system32\Drivers\Vcs.sys
Behavior description:创建系统服务
details:[服务创建成功]: Vcs, C:\WINDOWS\system32\Drivers\Vcs.sys
Behavior description:获取TickCount值
details:TickCount = 224156, SleepMilliseconds = 750.
TickCount = 224187, SleepMilliseconds = 750.
TickCount = 224203, SleepMilliseconds = 750.
TickCount = 226375, SleepMilliseconds = 750.
TickCount = 226468, SleepMilliseconds = 750.
TickCount = 226484, SleepMilliseconds = 750.
TickCount = 226781, SleepMilliseconds = 750.
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLJ4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLK5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLB6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLG7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLF8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP
C:\WINDOWS\system32\GLBSINST.%$D
C:\WINDOWS\system32\drivers\~GLH0001.TMP
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0002.TMP
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0003.TMP
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLBS383.TMP
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLJ4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLK5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP
C:\WINDOWS\system32\drivers\~GLH0001.TMP
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLJ4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLK5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLG7.tmp
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLF8.tmp
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\Drivers
FileName = C:\WINDOWS\system32\drivers\Vcs.sys
FileName = C:\Program Files
FileName = C:\Program Files\AV VCS 3.0
FileName = C:\Program Files\AV VCS 3.0\INSTALL.LOG
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\Readme.rtf
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\License.rtf
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\WizeSupp.dll
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GLB6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\GLF8.tmp
C:\WINDOWS\system32\GLBSINST.%$D
C:\Documents and Settings\Administrator\Local Settings\Temp\Readme.rtf
Behavior description:重命名文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF8.tmp
C:\WINDOWS\system32\drivers\~GLH0001.TMP ---> C:\WINDOWS\system32\Drivers\Vcs.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0002.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Readme.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0003.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\License.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WizeSupp.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLBS383.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Readme.rtf
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\GLJ4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GLK5.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GLK5.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\GLG7.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP ---> Offset = 0
C:\WINDOWS\system32\drivers\~GLH0001.TMP ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\GLG7.tmp ---> Offset = 253
C:\Documents and Settings\Administrator\Local Settings\Temp\GLG7.tmp ---> Offset = 345
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0002.TMP ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0003.TMP ---> Offset = 0
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MJL
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MJL.IC
EventName = MSCTF.SendReceiveConection.Event.MJL.IC
Behavior description:常规加载驱动
details:\??\C:\WINDOWS\system32\Drivers\Vcs.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:启动系统服务
details:[服务启动成功]: , Vcs support, \??\C:\WINDOWS\system32\Drivers\Vcs.sys
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
Behavior description:获取TickCount值
details:TickCount = 224156, SleepMilliseconds = 750.
TickCount = 224187, SleepMilliseconds = 750.
TickCount = 224203, SleepMilliseconds = 750.
TickCount = 226375, SleepMilliseconds = 750.
TickCount = 226468, SleepMilliseconds = 750.
TickCount = 226484, SleepMilliseconds = 750.
TickCount = 226781, SleepMilliseconds = 750.
Behavior description:窗口信息
details:Pid = 2968, Hwnd=0x10346, Text = AV Voice Changer Software 3.0.89 Demo , ClassName = GLBSInstall.
Pid = 2968, Hwnd=0x20396, Text = &Next >, ClassName = Button.
Pid = 2968, Hwnd=0x20394, Text = Cancel, ClassName = Button.
Pid = 2968, Hwnd=0x1039a, Text = Welcome to AV Voice Changer Software 3.0.89 Setup program. This program will install AV Voice Changer Software 3.0.89 on your computer., ClassName = Static.
Pid = 2968, Hwnd=0x1039c, Text = It is strongly recommended that you exit all Windows programs before running this Setup Program. Click Cancel to quit Setup and close any programs you have running. Click Next to continue with the Setup program. WARNING: This program is protected by co, ClassName = Static.
Pid = 2968, Hwnd=0x4038e, Text = AV Voice Changer Software 3.0.89, ClassName = GLBSWizard.
Pid = 2968, Hwnd=0x2039e, Text = &Next >, ClassName = Button.
Pid = 2968, Hwnd=0x2039c, Text = Cancel, ClassName = Button.
Pid = 2968, Hwnd=0x30394, Text = AV VCS 3.0.89 - the Next Generation Voice Changer Software for Windows - Demo Version -----------------------------------------, ClassName = RICHEDIT.
Pid = 2968, Hwnd=0x40394, Text = &Next >, ClassName = Button.
Pid = 2968, Hwnd=0x30398, Text = Cancel, ClassName = Button.
Pid = 2968, Hwnd=0x3039e, Text = AV VCS Voice Changer Software Version 3.0.89 Copyright (c) 2002-2004 Avnex Ltd (CY) All Rights Reserved PLEASE READ THIS DOCU, ClassName = RICHEDIT.
Pid = 2968, Hwnd=0x50396, Text = &Accepted, ClassName = Button(RadioButton).
Pid = 2968, Hwnd=0x403a0, Text = &Declined, ClassName = Button(RadioButton).
Pid = 2968, Hwnd=0x403a2, Text = < &Back, ClassName = Button.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GLJ4.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\GLK5.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP(签名验证: 未通过)
C:\WINDOWS\system32\drivers\~GLH0001.TMP(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 750.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [AV Voice Changer Software 3.0.89,#32770]
[Window,Class] = [No,Button]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp ---> 8c97d8bb1470c6498e47b12c5a03ce39
C:\Documents and Settings\Administrator\Local Settings\Temp\GLJ4.tmp ---> 6f608d264503796bebd7cd66b687be92
C:\Documents and Settings\Administrator\Local Settings\Temp\GLK5.tmp ---> 517419cae37f6c78c80f9b7d0fbb8661
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0000.TMP ---> 3b2e23d259394c701050486e642d14fa
C:\WINDOWS\system32\drivers\~GLH0001.TMP ---> ce9b7df9af5b01884beeab3f703c3bf6
C:\Documents and Settings\Administrator\Local Settings\Temp\~GLH0004.TMP ---> 561229fea6da452fc7b9af0c7be8d756
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:创建系统服务
details:[服务创建成功]: Vcs, C:\WINDOWS\system32\Drivers\Vcs.sys
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC3.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLK5.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF8.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WizeSupp.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号