VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:43565e3ef547d66c181062dfa17ed9c1
file type:zip
Production company:
version:1.0.0.0
Shell or compiler information:COMPILER:Wise Installer stub [Overlay]
Subfile information:aspack212r_598f9765dumpFile / 6ad28c533142a737027c4128b07c3e87 / EXE
OPERA.EXE / 7a9f309af1763f8b67bd842a0b1a1f5b / EXE
NPSWF32.DLL / e8ea6e15ccf9cc81d50f87005ef9ee9a / DLL
CHARTABLES.BIN / 9967f58bfe9ff170bfeaae03c85b31c5 / Unknown
aspack212r_0ab8cbd2dumpFile / 0f6e305631267ed3dda26604e14ddcb2 / DLL
aspack212r_7ee37263dumpFile / 45fe0e3bd00f3e6572cc5a4822d57747 / DLL
STANDARD_SKIN.ZIP / 30206a7e52cb48149159c2a69514c290 / zip
M2.DLL / 03f251f8fe771293b9f5c780d838c343 / DLL
ES262-32.DLL / 4984c9d4aac0990934b365921f53a848 / DLL
UNWISE32.EXE / 3a938ed2427df10e571041069e6980cb / EXE
WISE0001.DLL / fbd929bfc7b4a9e4fa4506655bab4c4a / DLL
aspack212r_8c8f6d4bdumpFile / 91e3ad6833f8fc7050c201f211a96ea6 / DLL
ENGLISH.LNG / c044f33076ca4bc5bced63881ea811fc / Unknown
aspack212r_77d4a1a4dumpFile / 5d6201c40a8b54482a8cf8f7741d305b / DLL
aspack212r_1710cd32dumpFile / dab77b3d519fda2f919366fd411fa40f / DLL
aspack212r_2284a5d3dumpFile / 07df6e83fc6be5fe8dde9b44bc259d48 / DLL
aspack212r_a3385bf1dumpFile / 3539f829181d028dd6104526971f2eab / DLL
DIALOG.INI / 984f91cebf565422d08934b8eb9ee405 / Unknown
OUNIANSI.DLL / 54b024d2f1e05af5352f4e2193bb541c / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IFP..ANBIH
MSCTF.MarshalInterface.FileMap.IFP.B.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.C.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.D.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.E.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.F.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.G.AOBIH
MSCTF.Shared.SFM.IFP
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IFP..ANBIH
MSCTF.MarshalInterface.FileMap.IFP.B.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.C.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.D.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.E.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.F.ANBIH
MSCTF.MarshalInterface.FileMap.IFP.G.AOBIH
MSCTF.Shared.SFM.IFP
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF7.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0001.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF8.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0002.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF9.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0003.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLFA.tmp
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0001.TMP
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC4.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0002.TMP---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0003.TMP---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLF7.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLF8.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLF9.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLFA.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName =
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 3924, Hwnd=0xa027a, Text = Opera 7.20, ClassName = GLBSInstall.
Pid = 3924, Hwnd=0x302b4, Text = Welcome, ClassName = Static.
Pid = 3924, Hwnd=0x302cc, Text = &Next >, ClassName = Button.
Pid = 3924, Hwnd=0x402ba, Text = < &Back, ClassName = Button.
Pid = 3924, Hwnd=0x302bc, Text = &Cancel, ClassName = Button.
Pid = 3924, Hwnd=0x302dc, Text = This installation program will install Opera. Opera comes with many powerful and popular features: * Surf the Web with mult, ClassName = Static.
Pid = 3924, Hwnd=0x302a8, Text = Opera 7.20 Installation, ClassName = GLBSWizard.
Pid = 3924, Hwnd=0x402dc, Text = Software License Agreement, ClassName = Static.
Pid = 3924, Hwnd=0x302d4, Text = I &Accept, ClassName = Button.
Pid = 3924, Hwnd=0x402bc, Text = < &Back, ClassName = Button.
Pid = 3924, Hwnd=0x502ba, Text = I &Disagree, ClassName = Button.
Pid = 3924, Hwnd=0x402b4, Text = Opera Browser Information: LICENSE.TXT =========================================== Copyright (C) Opera Software 1995-2003 IM, ClassName = Edit.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IFP
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号