VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:32d6a7ee83b72de4252682178594ec4e
file type:EXE
Production company:知软网
version:1.7.3.0---1.73
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:upx_c_ed758f93dumpFile / a316ae085c2c0bb24b343298ba489aeb / EXE
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010340, Text = 店铺会员管理系统v3.8 破解补丁, ClassName = #32770.
Behavior description:获取TickCount值
details:TickCount = 220723, SleepMilliseconds = 255.
TickCount = 220739, SleepMilliseconds = 255.
TickCount = 220755, SleepMilliseconds = 255.
TickCount = 223458, SleepMilliseconds = 255.
TickCount = 223473, SleepMilliseconds = 255.
TickCount = 226723, SleepMilliseconds = 255.
TickCount = 226739, SleepMilliseconds = 255.
TickCount = 226755, SleepMilliseconds = 255.
TickCount = 228380, SleepMilliseconds = 255.
TickCount = 228395, SleepMilliseconds = 255.
TickCount = 229598, SleepMilliseconds = 255.
TickCount = 229614, SleepMilliseconds = 255.
TickCount = 230036, SleepMilliseconds = 255.
TickCount = 230051, SleepMilliseconds = 255.
TickCount = 230067, SleepMilliseconds = 255.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2888, StartAddress = 00402875, Parameter = 00010340
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2992, StartAddress = 00402875, Parameter = 00010340
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 3220, StartAddress = 00402875, Parameter = 00010340
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 3308, StartAddress = 00402875, Parameter = 00010340
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 3388, StartAddress = 00402875, Parameter = 00010340
File behavior
Behavior description:复制文件
details:memberMgr.exe ---> memberMgr.exe.bak
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MIK
MSCTF.Shared.MUTEX.ALL
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.MIK.IC
EventName = MSCTF.SendReceiveConection.Event.MIK.IC
EventName = MSCTF.SendReceive.Event.ALL.IC
EventName = MSCTF.SendReceiveConection.Event.ALL.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000012
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000012
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000013
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000013
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000014
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000014
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000015
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000015
Behavior description:获取TickCount值
details:TickCount = 220723, SleepMilliseconds = 255.
TickCount = 220739, SleepMilliseconds = 255.
TickCount = 220755, SleepMilliseconds = 255.
TickCount = 223458, SleepMilliseconds = 255.
TickCount = 223473, SleepMilliseconds = 255.
TickCount = 226723, SleepMilliseconds = 255.
TickCount = 226739, SleepMilliseconds = 255.
TickCount = 226755, SleepMilliseconds = 255.
TickCount = 228380, SleepMilliseconds = 255.
TickCount = 228395, SleepMilliseconds = 255.
TickCount = 229598, SleepMilliseconds = 255.
TickCount = 229614, SleepMilliseconds = 255.
TickCount = 230036, SleepMilliseconds = 255.
TickCount = 230051, SleepMilliseconds = 255.
TickCount = 230067, SleepMilliseconds = 255.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010340, Text = 店铺会员管理系统v3.8 破解补丁, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2696, Hwnd=0x10344, Text = memberMgr.exe, ClassName = Edit.
Pid = 2696, Hwnd=0x10346, Text = 浏览(&B)..., ClassName = Button.
Pid = 2696, Hwnd=0x10348, Text = 在应用补丁前备份文件 [扩展名.bak], ClassName = Button(CheckBox).
Pid = 2696, Hwnd=0x1034a, Text = 确定(&O), ClassName = Button.
Pid = 2696, Hwnd=0x1034c, Text = 取消(&C), ClassName = Button.
Pid = 2696, Hwnd=0x1034e, Text = 本软件仅供学习研究使用,未经授权,不 得擅自移除【吾爱破解论坛】外用于商业 用途或买卖,请于下载24小时内删除,有 能力请多多支持国产软件的发展!购买正 版软件,你将享受正版软件的售后服务, 谢谢!, ClassName = Edit.
Pid = 2696, Hwnd=0x10350, Text = 我的主页:, ClassName = Static.
Pid = 2696, Hwnd=0x10352, Text = http://www.zf0806.icoc.me/, ClassName = Static.
Pid = 2696, Hwnd=0x10354, Text = 我的邮件:, ClassName = Static.
Pid = 2696, Hwnd=0x10356, Text = 本补丁由 ZF0806 原创破解, ClassName = Static.
Pid = 2696, Hwnd=0x10358, Text = 要应用补丁的文件(&F):, ClassName = Static.
Pid = 2696, Hwnd=0x10340, Text = 店铺会员管理系统v3.8 破解补丁, ClassName = #32770.
Pid = 2696, Hwnd=0x1036a, Text = 确定, ClassName = Button.
Pid = 2696, Hwnd=0x1036e, Text = 要修补的文件不存在或访问被拒绝!, ClassName = Static.
Pid = 2696, Hwnd=0x60366, Text = 错误, ClassName = #32770.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 255.
[2]: MilliSeconds = 255.
[3]: MilliSeconds = 255.
[4]: MilliSeconds = 255.
[5]: MilliSeconds = 255.
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号