1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Safety rating:87 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 2f623eac6155f79862f0ac186df51df7 |
| file type: | Rar |
| Production company: | |
| version: | |
| Shell or compiler information: | COMPILER:Elan |
| Subfile information: | 图像预览样本.png / c7b8f0ba49a89166c62c630bc3170ce8 / Unknown |
| 水淼·文件批量处理器.exe / 1bc3e750da53e9388c44ff5a63adbbf2 / EXE | |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.EL..KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.B.KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.C.KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.D.KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.E.KFLGH | |
| MSCTF.MarshalInterface.FileMap.EL.F.BNMGH | |
| MSCTF.MarshalInterface.FileMap.EL.G.BNMGH | |
| MSCTF.Shared.SFM.EL | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Application Data\扬皓文件批量处理器\FTP 图标缓存 |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [,Afx:400000:8:10011:1900015:0] | |
| [Window,Class] = [,msctls_progress32] | |
| [Window,Class] = [,SysTreeView32] | |
| [Window,Class] = [,Afx:400000:8] | |
| [Window,Class] = [,Afx:400000:b:1032b:1900015:0] | |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.EL..KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.B.KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.C.KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.D.KELGH | |
| MSCTF.MarshalInterface.FileMap.EL.E.KFLGH | |
| MSCTF.MarshalInterface.FileMap.EL.F.BNMGH | |
| MSCTF.MarshalInterface.FileMap.EL.G.BNMGH | |
| MSCTF.Shared.SFM.EL | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Application Data\扬皓文件批量处理器\FTP 图标缓存 |
| Behavior description: | 修改文件内容 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.210802.exe_7zdump\水淼·文件批量处理器\辅助配置.ini---> Offset = 0 |
| C:\Documents and Settings\Administrator\SendTo\水淼文件批量处理器.lnk---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.217814.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.221346.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 19 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.224863.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 34 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.228391.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 45 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.231905.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 56 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.235436.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 67 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.238950.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 78 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.242482.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 89 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.245994.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 100 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.249638.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 111 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.253147.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 142 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.256686.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 173 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446134054.260201.exe_7zdump\水淼·文件批量处理器\扬皓文件批量处理器.ini---> Offset = 204 | |
| Behavior description: | 查找文件 |
| details: | FileName = C:\Documents and Settings\Administrator\桌面\* |
| FileName = C:\Documents and Settings\Administrator\My Documents\* | |
| FileName = C:\* | |
| FileName = D:\* | |
| FileName = H:\* | |
| FileName = X:\* | |
| FileName = C:\DOCUME~1 | |
| FileName = C:\Documents and Settings\ADMINI~1 | |
| FileName = C:\Documents and Settings\Administrator\LOCALS~1 | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\Temp | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp% | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1446134054.828646.exe_7zdump | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1446134054.832177.exe_7zdump\水淼·文件批量处理器 | |
| FileName = C:\Documents and Settings\Administrator\Application Data\扬皓文件批量处理器\FTP 图标缓存 | |
| FileName = C:\Documents and Settings | |
| Registry behavior | |
|---|---|
| Behavior description: | 删除注册表键值 |
| details: | \REGISTRY\USER\S-*_CLASSES\扬皓文件批量处理器 |
| \REGISTRY\MACHINE\SOFTWARE\Classes\扬皓文件批量处理器 | |
| Other behavior | |
|---|---|
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Super-EC:communication:42012,] |
| NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] | |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 窗口信息 |
| details: | Pid = 168, Hwnd=0x1033e, Text = 编号参数, ClassName = Button(GroupBox). |
| Pid = 168, Hwnd=0x1037a, Text = 替换, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x10372, Text = 不运算, ClassName = ComboBox. | |
| Pid = 168, Hwnd=0x1036e, Text = 1, ClassName = Edit. | |
| Pid = 168, Hwnd=0x1036c, Text = 指定位置:, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x10368, Text = 附加内容:, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x10362, Text = 1, ClassName = Edit. | |
| Pid = 168, Hwnd=0x1035e, Text = 左边|右边, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x1035c, Text = 、, ClassName = Edit. | |
| Pid = 168, Hwnd=0x1035a, Text = 金额, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x10358, Text = 繁体, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x10356, Text = 保持目录独立, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x10354, Text = 自动校准队形, ClassName = Button(CheckBox). | |
| Pid = 168, Hwnd=0x10350, Text = 3, ClassName = Edit. | |
| Pid = 168, Hwnd=0x1034e, Text = 零数, ClassName = Afx:400000:b:10011:1900015:0. | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [,Afx:400000:8:10011:1900015:0] | |
| [Window,Class] = [,msctls_progress32] | |
| [Window,Class] = [,SysTreeView32] | |
| [Window,Class] = [,Afx:400000:8] | |
| [Window,Class] = [,Afx:400000:b:1032b:1900015:0] | |
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.EL | |
| Behavior description: | 获取系统权限 |
| details: | SE_INC_BASE_PRIORITY_PRIVILEGE |
| SE_LOAD_DRIVER_PRIVILEGE | |
| Run screenshot |
|---|
 |
HOME
