VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:75
Behavior list
Basic Information
MD5:3536b942e73773502183dcc9a882e6d5
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:Perel_Razmnozhenie-v-nevole-Kak-primirit-erotiku-i-byt.420674.fb2 / adf1d1b441ccdd335379662c573dbcbf / Unknown
Perel_Razmnozhenie-v-nevole-Kak-primirit-erotiku-i-byt.420674.fb2.epub / 8d4588aa66e4a23aef7c96274aa98338 / zip
Симонова И.О. - Суперигры для весьма нетрезвой компании (Веселимся от души) - 2005.pdf / big file / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.ECF..CLMGH
MSCTF.MarshalInterface.FileMap.ECF.B.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.C.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.D.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.E.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.F.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.G.LNNGH
MSCTF.Shared.SFM.ECF
MSCTF.MarshalInterface.FileMap.ECF.H.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.I.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.J.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.K.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.L.NJOKH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Acrobat Viewer]
[Window,Class] = [,Edit]
[Window,Class] = [AVNullDocView,AVL_AVView]
[Window,Class] = [AVSplitterView,AVL_AVView]
[Window,Class] = [,ScrollBar]
[Window,Class] = [AVRulerView,AVL_AVView]
[Window,Class] = [AVTabStripView,AVL_AVView]
[Window,Class] = [AVTableContainerView,AVL_AVView]
[Window,Class] = [AVStaticIcon,AVL_AVView]
[Window,Class] = [AVToolBarView,AVL_AVView]
[Window,Class] = [AVDockableHostView,AVL_AVView]
Behavior description:设置线程上下文
details:C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "c:\program files\common files\adobe\updater6\adobe_updater.exe" -doactionappid=reader9rdr-zh_cn
Behavior description:创建进程
details:ImagePath = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, CmdLine = "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-zh_CN
Behavior description:设置线程上下文
details:C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.ECF..CLMGH
MSCTF.MarshalInterface.FileMap.ECF.B.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.C.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.D.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.E.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.F.BMMGH
MSCTF.MarshalInterface.FileMap.ECF.G.LNNGH
MSCTF.Shared.SFM.ECF
MSCTF.MarshalInterface.FileMap.ECF.H.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.I.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.J.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.K.NJOKH
MSCTF.MarshalInterface.FileMap.ECF.L.NJOKH
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal---> Offset = 1028
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat---> Offset = 169
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\aum.log---> Offset = 1519
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\bLastExitNormal
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SYSTEM\Acrobatviewercpp304
\REGISTRY\MACHINE\SYSTEM\WSZXSGANXFJVAYSXYQGNXKQY
Other behavior
Behavior description:设置对象安全信息
details:C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [AdobeAcrobatSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [AdobeReaderSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [Acrobat Instance Window Class,Acrobat Instance Window]
NtUserFindWindowEx: [Class,Window] = [Acrobat Viewer,]
NtUserFindWindowEx: [Class,Window] = [JFWUI2,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [AcrobatTimerWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [UpdaterBaseDialogClass6,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Acrobat Viewer]
[Window,Class] = [,Edit]
[Window,Class] = [AVNullDocView,AVL_AVView]
[Window,Class] = [AVSplitterView,AVL_AVView]
[Window,Class] = [,ScrollBar]
[Window,Class] = [AVRulerView,AVL_AVView]
[Window,Class] = [AVTabStripView,AVL_AVView]
[Window,Class] = [AVTableContainerView,AVL_AVView]
[Window,Class] = [AVStaticIcon,AVL_AVView]
[Window,Class] = [AVToolBarView,AVL_AVView]
[Window,Class] = [AVDockableHostView,AVL_AVView]
Behavior description:创建互斥体
details:2AC1A572DB6944B0A65C38C4140AF2F474c0655310C
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Acrobat Instance Mutex
Global\AcrobatViewerIsRunning
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ECF
M/1G8CZiEw2V6MhRhoZs3Q==
k4MZXm/abW9MoMnrUNTWcg==
2AC1A572DB6944B0A65C38C4140AF2F454c006233B0
9LVOgOsC+tXZJUah+9h3NQ==
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号