VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:361dc411f7a91b3b77ed129641dd20d6
file type:EXE
Production company:珠海金山办公软件有限公司
version:2.0.7.361---2,0,7,0361
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:upx_c_b86a1bdedumpFile / 2ae80df570f6e1088df430b29bf0c6f7 / EXE
Key behavior
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x7d0103ed.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2384, ThreadID = 2404, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2384, ThreadID = 2416, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2384, ThreadID = 2468, StartAddress = 0044CCE6, Parameter = 0012FF04
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2384, ThreadID = 2472, StartAddress = 0048A1F8, Parameter = 00E16030
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\pptassist\update\log\notify_2016_11_10.log
Behavior description:添加计划任务
details:C:\WINDOWS\Tasks\PPTAssistantNotifyTask_Administrator.job
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\pptassist\update\log\notify_2016_11_10.log ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\pptassist\update\log\notify_2016_11_10.log ---> Offset = 2
C:\WINDOWS\Tasks\PPTAssistantNotifyTask_Administrator.job ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\pptassist\update\log\notify_2016_11_10.log ---> Offset = 188
C:\Documents and Settings\Administrator\Application Data\pptassist\update\log\notify_2016_11_10.log ---> Offset = 374
C:\Documents and Settings\Administrator\Application Data\pptassist\update\log\notify_2016_11_10.log ---> Offset = 576
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Application Data\pptassist\update\dump\*.*
FileName = C:\Documents and Settings\Administrator\Application Data\pptassist\update\log\*.log
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\PPTAssist\Common\updateinfo\LastNotifyTime
Other behavior
Behavior description:设置对象安全信息
details:C:\WINDOWS\Tasks\PPTAssistantNotifyTask_Administrator.job
Behavior description:创建互斥体
details:_#_UPD_LogFile_Z_MutxName_#_
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
Global\_UPDMHNotify_Session_MutexName_
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x7d0103ed.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
Behavior description:打开互斥体
details:ShimCacheMutex
RasPbFile
DBWinMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号