VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:2b36e6c238c6f3b7b16b131c187a07ac
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 2.0 [Overlay]
Subfile information:365抽奖软件V3.53.exe / big file / EXE
下载之家下载说明.html / 4d6ddc350cbcec59158fda3b97742608 / Unknown
使用说明.txt / 7b7a2e67b7732d294bc69e8de5e42193 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EAI..CLMGH
MSCTF.MarshalInterface.FileMap.EAI.B.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.C.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.D.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.E.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.F.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.G.CLMGH
MSCTF.Shared.SFM.EAI
MSCTF.MarshalInterface.FileMap.EAI.H.EBALH
MSCTF.MarshalInterface.FileMap.EAI.I.DDALH
MSCTF.MarshalInterface.FileMap.EAI.J.DDALH
MSCTF.MarshalInterface.FileMap.EAI.K.DDALH
MSCTF.MarshalInterface.FileMap.EAI.L.DEALH
MSCTF.MarshalInterface.FileMap.EAI.M.CFALH
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\365抽奖软件3.53.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QU732.tmp\365抽奖软件V3.53.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QU732.tmp\365抽奖软件V3.53.tmp" /SL5="$202A2,8810937,52224,C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445426011.214095.exe_7zdump\365
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QU732.tmp\365抽奖软件V3.53.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-1QFSR.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-1QFSR.tmp\_isetup\_shfoldr.dll
C:\DiskD\Program Files\draw365\is-QB45V.tmp
C:\DiskD\Program Files\draw365\is-16OIQ.tmp
C:\DiskD\Program Files\draw365\is-32HF7.tmp
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QU732.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QU732.tmp\365抽奖软件V3.53.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = D:\*.*
FileName = D:\Program Files\draw365\unins???.*
FileName = D:\Program Files
FileName = D:\Program Files\draw365
FileName = D:\Program Files\draw365\draw365.exe
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\365抽奖软件3.53.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EAI..CLMGH
MSCTF.MarshalInterface.FileMap.EAI.B.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.C.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.D.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.E.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.F.CLMGH
MSCTF.MarshalInterface.FileMap.EAI.G.CLMGH
MSCTF.Shared.SFM.EAI
MSCTF.MarshalInterface.FileMap.EAI.H.EBALH
MSCTF.MarshalInterface.FileMap.EAI.I.DDALH
MSCTF.MarshalInterface.FileMap.EAI.J.DDALH
MSCTF.MarshalInterface.FileMap.EAI.K.DDALH
MSCTF.MarshalInterface.FileMap.EAI.L.DEALH
MSCTF.MarshalInterface.FileMap.EAI.M.CFALH
Behavior description:重命名文件
details:C:\DiskD\Program Files\draw365\is-QB45V.tmp ---> C:\DiskD\Program Files\draw365\unins000.exe
C:\DiskD\Program Files\draw365\is-16OIQ.tmp ---> C:\DiskD\Program Files\draw365\draw365.exe
C:\DiskD\Program Files\draw365\is-32HF7.tmp ---> C:\DiskD\Program Files\draw365\bass.dll
C:\DiskD\Program Files\draw365\is-T9KAH.tmp ---> C:\DiskD\Program Files\draw365\set.dat
C:\DiskD\Program Files\draw365\is-SFALA.tmp ---> C:\DiskD\Program Files\draw365\data.txt
C:\DiskD\Program Files\draw365\is-J1AMF.tmp ---> C:\DiskD\Program Files\draw365\log.txt
C:\DiskD\Program Files\draw365\is-OQ4KJ.tmp ---> C:\DiskD\Program Files\draw365\ARecord.dat
C:\DiskD\Program Files\draw365\is-KGF4D.tmp ---> C:\DiskD\Program Files\draw365\tmda.jpg
C:\DiskD\Program Files\draw365\is-F4NHL.tmp ---> C:\DiskD\Program Files\draw365\colip.jpg
C:\DiskD\Program Files\draw365\is-R7DB7.tmp ---> C:\DiskD\Program Files\draw365\draw365.chm
C:\DiskD\Program Files\draw365\img\is-H6SVB.tmp ---> C:\DiskD\Program Files\draw365\img\0.jpg
C:\DiskD\Program Files\draw365\img\is-PR097.tmp ---> C:\DiskD\Program Files\draw365\img\1.jpg
C:\DiskD\Program Files\draw365\img\is-OU2KP.tmp ---> C:\DiskD\Program Files\draw365\img\10.jpg
C:\DiskD\Program Files\draw365\img\is-88FHQ.tmp ---> C:\DiskD\Program Files\draw365\img\11.JPG
C:\DiskD\Program Files\draw365\img\is-GETJ8.tmp ---> C:\DiskD\Program Files\draw365\img\12.jpg
Behavior description:修改文件内容
details:C:\DiskD\Program Files\draw365\is-T9KAH.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\is-SFALA.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\is-J1AMF.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\is-OQ4KJ.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\is-KGF4D.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\is-F4NHL.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\is-R7DB7.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\img\is-H6SVB.tmp---> Offset = 262144
C:\DiskD\Program Files\draw365\img\is-PR097.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\img\is-OU2KP.tmp---> Offset = 262144
C:\DiskD\Program Files\draw365\img\is-88FHQ.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\img\is-GETJ8.tmp---> Offset = 0
C:\DiskD\Program Files\draw365\img\is-53FBO.tmp---> Offset = 262144
C:\DiskD\Program Files\draw365\img\is-N99SD.tmp---> Offset = 262144
C:\DiskD\Program Files\draw365\img\is-4VUUV.tmp---> Offset = 0
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EAI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 940, Hwnd=0x302da, Text = 欢迎使用 365抽奖软件V3.53 安装向导 , ClassName = TNewStaticText.
Pid = 940, Hwnd=0x202c6, Text = 现在将安装 365抽奖软件V3.53 到您的电脑中。 推荐您在继续安装前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消”退出安, ClassName = TNewStaticText.
Pid = 940, Hwnd=0x202c8, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 940, Hwnd=0x202c4, Text = 取消, ClassName = TNewButton.
Pid = 940, Hwnd=0x402bc, Text = 安装 - 365抽奖软件V3.53, ClassName = TWizardForm.
Pid = 940, Hwnd=0x302b6, Text = 选择目标位置, ClassName = TNewStaticText.
Pid = 940, Hwnd=0x502ce, Text = 您想将 365抽奖软件V3.53 安装在什么地方?, ClassName = TNewStaticText.
Pid = 940, Hwnd=0x402be, Text = 安装程序将安装 365抽奖软件V3.53 到下列文件夹中。, ClassName = TNewStaticText.
Pid = 940, Hwnd=0x202ac, Text = 单击“下一步”继续。如果您想选择其它文件夹,单击“浏览”。, ClassName = TNewStaticText.
Pid = 940, Hwnd=0x202aa, Text = D:\Program Files\draw365, ClassName = TEdit.
Pid = 940, Hwnd=0x202ae, Text = 浏览(&R)..., ClassName = TNewButton.
Pid = 940, Hwnd=0x202b0, Text = 至少需要有 11.0 MB 的可用磁盘空间。, ClassName = TNewStaticText.
Pid = 940, Hwnd=0x202d0, Text = < 上一步(&B), ClassName = TNewButton.
Pid = 940, Hwnd=0x302b6, Text = 选择开始菜单文件夹, ClassName = TNewStaticText.
Pid = 940, Hwnd=0x502ce, Text = 您想在哪里放置程序的快捷方式?, ClassName = TNewStaticText.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:打开图片文件
details:\DiskD\Program Files\draw365\tmda.jpg
\DiskD\Program Files\draw365\colip.jpg
\DiskD\Program Files\draw365\img\0.jpg
\DiskD\Program Files\draw365\img\1.jpg
\DiskD\Program Files\draw365\img\10.jpg
\DiskD\Program Files\draw365\img\11.JPG
\DiskD\Program Files\draw365\img\12.jpg
\DiskD\Program Files\draw365\img\13.jpg
\DiskD\Program Files\draw365\img\14.jpg
\DiskD\Program Files\draw365\img\15.jpg
\DiskD\Program Files\draw365\img\2.jpg
\DiskD\Program Files\draw365\img\3.jpg
\DiskD\Program Files\draw365\img\4.jpg
\DiskD\Program Files\draw365\img\5.jpg
\DiskD\Program Files\draw365\img\6.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号