VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:33cdb6726b3201807b4f111e9f1deda3
file type:Cab
Production company:HDTunePro
version:5.5.0.0---HDTunePro 5.5.0单文件版
Shell or compiler information:
Subfile information:HDTunePro.exedumpFile / b628106fc1983a69f925b9cb9c4fa7b8 / EXE
pdh.dlldumpFile / cb40a5293c4fdd7dd83b656a84610975 / DLL
shfolder.dlldumpFile / 53f06c7dd06ec9fdef35af6b399c9b1f / DLL
odbcbcp.dlldumpFile / 2be9ef5c97f4ef4ed8d5fe0684b2abd8 / DLL
[NSIS].nsidumpFile / ebd91f7e0c58a23f79133cb5ded4d6e6 / Unknown
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [确定,Button]
[Window,Class] = [取消,Button]
[Window,Class] = [应用(&A),Button]
[Window,Class] = [帮助,Button]
[Window,Class] = [基准,#32770]
[Window,Class] = [附加测试,#32770]
[Window,Class] = [随机存取,#32770]
[Window,Class] = [,#32770]
[Window,Class] = [自动噪音管理,#32770]
[Window,Class] = [磁盘监视器,#32770]
[Window,Class] = [文件基准,#32770]
[Window,Class] = [擦除,#32770]
[Window,Class] = [文件夹占用率,#32770]
[Window,Class] = [错误扫描,#32770]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HDTunePro\HDTunePro.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HDTunePro\HDTunePro.exe
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HDTunePro\HDTunePro.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HDTunePro\odbcbcp.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HDTunePro\pdh.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HDTunePro\shfolder.dll
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EFD Software\HDTunePro\Name
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EFD Software\HDTunePro\Company
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EFD Software\HDTunePro\测试参数 3
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EFD Software\HDTunePro\Test Parameters 3
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EFD Software\HDTunePro\Save Filter
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\EFD Software\HDTunePro\保存过滤
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Control Panel\PowerCfg\CurrentPowerPolicy
Other behavior
Behavior description:创建互斥体
details:__PDH_PLA_MUTEX__
__PDH_PLA_INSTALL_MUTEX__
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [确定,Button]
[Window,Class] = [取消,Button]
[Window,Class] = [应用(&A),Button]
[Window,Class] = [帮助,Button]
[Window,Class] = [基准,#32770]
[Window,Class] = [附加测试,#32770]
[Window,Class] = [随机存取,#32770]
[Window,Class] = [,#32770]
[Window,Class] = [自动噪音管理,#32770]
[Window,Class] = [磁盘监视器,#32770]
[Window,Class] = [文件基准,#32770]
[Window,Class] = [擦除,#32770]
[Window,Class] = [文件夹占用率,#32770]
[Window,Class] = [错误扫描,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1284, Hwnd=0xb01de, Text = VMware, VMware Virtual S (21 gB), ClassName = ComboBox.
Pid = 1284, Hwnd=0xc01c2, Text = -- ℃, ClassName = Static.
Pid = 1284, Hwnd=0xa018c, Text = 退出, ClassName = Button.
Pid = 1284, Hwnd=0xc01e8, Text = Main, ClassName = #32770.
Pid = 1284, Hwnd=0xb0164, Text = 基准, ClassName = #32770.
Pid = 1284, Hwnd=0xb0192, Text = 开始, ClassName = Button.
Pid = 1284, Hwnd=0xb016c, Text = 读取, ClassName = Button(RadioButton).
Pid = 1284, Hwnd=0xb0174, Text = 写入, ClassName = Button(RadioButton).
Pid = 1284, Hwnd=0xd0190, Text = 快捷行程, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xc01b6, Text = 40, ClassName = Edit.
Pid = 1284, Hwnd=0xe01b8, Text = Spin1, ClassName = msctls_updown32.
Pid = 1284, Hwnd=0xb01e0, Text = 传输速率, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xb01a2, Text = 存取时间, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xb019c, Text = 突发传输速率, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xc01ee, Text = 最低, ClassName = Static.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:使用SCSI指令读写硬盘
details:LBA = 0x4000 SCSIOP = 0x12
LBA = 0x0 SCSIOP = 0x25
LBA = 0xE000100 SCSIOP = 0xA1
LBA = 0x20000 SCSIOP = 0xDF
LBA = 0x22100100 SCSIOP = 0xF8
Abnormal crash
Behavior description:创建互斥体
details:__PDH_PLA_MUTEX__
__PDH_PLA_INSTALL_MUTEX__
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [确定,Button]
[Window,Class] = [取消,Button]
[Window,Class] = [应用(&A),Button]
[Window,Class] = [帮助,Button]
[Window,Class] = [基准,#32770]
[Window,Class] = [附加测试,#32770]
[Window,Class] = [随机存取,#32770]
[Window,Class] = [,#32770]
[Window,Class] = [自动噪音管理,#32770]
[Window,Class] = [磁盘监视器,#32770]
[Window,Class] = [文件基准,#32770]
[Window,Class] = [擦除,#32770]
[Window,Class] = [文件夹占用率,#32770]
[Window,Class] = [错误扫描,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1284, Hwnd=0xb01de, Text = VMware, VMware Virtual S (21 gB), ClassName = ComboBox.
Pid = 1284, Hwnd=0xc01c2, Text = -- ℃, ClassName = Static.
Pid = 1284, Hwnd=0xa018c, Text = 退出, ClassName = Button.
Pid = 1284, Hwnd=0xc01e8, Text = Main, ClassName = #32770.
Pid = 1284, Hwnd=0xb0164, Text = 基准, ClassName = #32770.
Pid = 1284, Hwnd=0xb0192, Text = 开始, ClassName = Button.
Pid = 1284, Hwnd=0xb016c, Text = 读取, ClassName = Button(RadioButton).
Pid = 1284, Hwnd=0xb0174, Text = 写入, ClassName = Button(RadioButton).
Pid = 1284, Hwnd=0xd0190, Text = 快捷行程, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xc01b6, Text = 40, ClassName = Edit.
Pid = 1284, Hwnd=0xe01b8, Text = Spin1, ClassName = msctls_updown32.
Pid = 1284, Hwnd=0xb01e0, Text = 传输速率, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xb01a2, Text = 存取时间, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xb019c, Text = 突发传输速率, ClassName = Button(CheckBox).
Pid = 1284, Hwnd=0xc01ee, Text = 最低, ClassName = Static.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:使用SCSI指令读写硬盘
details:LBA = 0x4000 SCSIOP = 0x12
LBA = 0x0 SCSIOP = 0x25
LBA = 0xE000100 SCSIOP = 0xA1
LBA = 0x20000 SCSIOP = 0xDF
LBA = 0x22100100 SCSIOP = 0xF8
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号