VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:2ed0cbd4c2ac03853db06c75369cefc7
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 DLL
Subfile information:sshd_5.30-26.windows.fip / 0e5a74380de6e56dcfc31e6fb5cd2778 / zip
setup_5.22-653-sshd.windows.fip / 1d7a7b2a23aea2e4fcc6fa6071c09c86 / zip
fsclm.dll / dd98d1626870b8e3205696d63d5e1cc7 / DLL
fssfm.dll / 942195f38da63a274c045e4641fba68d / DLL
fsisu.dll / 822c5c2478959bfaddcd067c98047d5b / DLL
setup.exe / 88e5f2511a4c794428edd9c8b26c3f9c / EXE
fsisuNT.dll / 9dfe81a9748296a3e57cc7d1e6a535b0 / DLL
fsisu95.dll / 8d5ceccd6e9d834aba121f1958a24041 / DLL
Readme_sshd.rtf / 105af71c42913c0a8bbf57d759851ab7 / Unknown
sshd_5.30-26.package.fip / cd7df225ace4fdc9b4625c7cfd266e33 / zip
jfsky.com说明.txt / 02513ace88a64ddc68881c332a3dde06 / Unknown
prodsett.ini / 10ce2671fc266c54946cd1bcbce7a5fc / Unknown
setup.ini / 78f95cb1ba7f24ce5b61555fa8bc2a20 / Unknown
更多软件.url / 89749a7b5ad86fb3cb58265336b6d719 / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00150134, Text = F-Secure Setup, ClassName = #32770.
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\FSSetup.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\FSSetup.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fssfm.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsisu.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsisu95.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsisunt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsclm.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsdeph.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsld32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsprod.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsrif.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fssetup.eng
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fssetup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fssgui.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsuninst.eng
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsuninst.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fsxml.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\prodsett.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\dep.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\product.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\rifs\000001E5.rif---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\rifs\rifs.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\eula.eng.rtf---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\lang.eng.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\prodsett.ini---> Offset = 76
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\prodsett.ini---> Offset = 169
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\prodsett.ini---> Offset = 183
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\prodsett.ini---> Offset = 192
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\prodsett.ini---> Offset = 214
C:\WINDOWS\FSSETUP.log---> Offset = 20
C:\WINDOWS\FSSGUI.log---> Offset = 20
C:\WINDOWS\FSDEPH.log---> Offset = 20
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\FSSetup.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\fssetup.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FsSetup\00000001\rifs\*.*
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 2344, Hwnd=0x202b2, Text = Cancel, ClassName = Button.
Pid = 2344, Hwnd=0x302ba, Text = < &Back, ClassName = Button.
Pid = 2344, Hwnd=0x302bc, Text = &Next >, ClassName = Button.
Pid = 2344, Hwnd=0x202d4, Text = Installation &language:, ClassName = Static.
Pid = 2344, Hwnd=0x202c4, Text = Welcome to F-Secure Setup, ClassName = Static.
Pid = 2344, Hwnd=0x202c8, Text = It is strongly recommended that you close all open documents before proceeding. You can cancel the installation at any time by cl, ClassName = Static.
Pid = 2344, Hwnd=0x202ca, Text = F-Secure SSH Server 5.30 installation., ClassName = Static.
Pid = 2344, Hwnd=0x202c6, Text = Click Next to continue., ClassName = Static.
Pid = 2344, Hwnd=0x302da, Text = This wizard will guide you through, ClassName = Static.
Pid = 2344, Hwnd=0x202cc, Text = F-Secure Setup, ClassName = #32770.
Pid = 2344, Hwnd=0x302b6, Text = I &accept this agreement, ClassName = Button(RadioButton).
Pid = 2344, Hwnd=0x202d0, Text = I &reject this agreement, ClassName = Button(RadioButton).
Pid = 2344, Hwnd=0x202d2, Text = Cancel, ClassName = Button.
Pid = 2344, Hwnd=0x102de, Text = < &Back, ClassName = Button.
Pid = 2344, Hwnd=0x102e0, Text = &Next >, ClassName = Button.
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
_FS_Setup_Running_Lock_Mutex_
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IOJ
MSCTF.Shared.MUTEX.MGN
MSCTF.Shared.MUTEX.MLJ
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00150134, Text = F-Secure Setup, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号