VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:4370c4a4f1e8e3d96a51e5aededc6e5d
file type:EXE
Production company:KCP Technologies
version:5.0.0.0---5, 0, 0, 0
Shell or compiler information:
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..PPBGI
MSCTF.MarshalInterface.FileMap.AEF.B.OACGI
MSCTF.MarshalInterface.FileMap.AEF.C.OACGI
MSCTF.MarshalInterface.FileMap.AEF.D.OACGI
MSCTF.MarshalInterface.FileMap.AEF.E.OACGI
MSCTF.MarshalInterface.FileMap.AEF.F.OACGI
MSCTF.MarshalInterface.FileMap.AEF.G.OACGI
MSCTF.Shared.SFM.AEF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
[Window,Class] = [Apply:,Static]
[Window,Class] = [,Edit]
[Window,Class] = [All Steps,Button]
[Window,Class] = [,ListBox]
[Window,Class] = [Next Step,Button]
[Window,Class] = [+,Button]
[Window,Class] = [-,Button]
[Window,Class] = [Text Palette,ToolbarWindow32]
[Window,Class] = [Motion Controller,ToolbarWindow32]
[Window,Class] = [Motion Controller,Afx:00400000:8:00010011:00000000:00000000]
[Window,Class] = [Script View,#32770]
[Window,Class] = [Script View,Afx:00400000:8:00010011:00000000:00000000]
[Window,Class] = [The Geometer"s Sketchpad - [Untitled 1],GSP5MainWin]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..PPBGI
MSCTF.MarshalInterface.FileMap.AEF.B.OACGI
MSCTF.MarshalInterface.FileMap.AEF.C.OACGI
MSCTF.MarshalInterface.FileMap.AEF.D.OACGI
MSCTF.MarshalInterface.FileMap.AEF.E.OACGI
MSCTF.MarshalInterface.FileMap.AEF.F.OACGI
MSCTF.MarshalInterface.FileMap.AEF.G.OACGI
MSCTF.Shared.SFM.AEF
Behavior description:修改文件内容
details:C:\WINDOWS\system32\d3d9caps.dat---> Offset = 28
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD\Enable
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD\SwapSync
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD\Palettized Formats
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD\IO Priority
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD\Use Generic Stencil
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD\Enumerate as ICD
\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Classes\Sketchpad.Document\
\REGISTRY\MACHINE\SOFTWARE\Classes\Sketchpad.Document\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Sketchpad.Document\shell\open\ddeexec\
\REGISTRY\MACHINE\SOFTWARE\Classes\Sketchpad.Document\shell\print\ddeexec\
\REGISTRY\MACHINE\SOFTWARE\Classes\Sketchpad.Document\shell\printto\ddeexec\
\REGISTRY\MACHINE\SOFTWARE\Classes\Sketchpad.Document\shell\open\command\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\.gsp\ShellNew
\REGISTRY\USER\S-*\Software\KCP Technologies, Inc.\The Geometer"s Sketchpad\Recent File List
Other behavior
Behavior description:创建互斥体
details:DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
[Window,Class] = [Apply:,Static]
[Window,Class] = [,Edit]
[Window,Class] = [All Steps,Button]
[Window,Class] = [,ListBox]
[Window,Class] = [Next Step,Button]
[Window,Class] = [+,Button]
[Window,Class] = [-,Button]
[Window,Class] = [Text Palette,ToolbarWindow32]
[Window,Class] = [Motion Controller,ToolbarWindow32]
[Window,Class] = [Motion Controller,Afx:00400000:8:00010011:00000000:00000000]
[Window,Class] = [Script View,#32770]
[Window,Class] = [Script View,Afx:00400000:8:00010011:00000000:00000000]
[Window,Class] = [The Geometer"s Sketchpad - [Untitled 1],GSP5MainWin]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [GSP5MainWin,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:获取TickCount值
details:TickCount = 546656, SleepMilliseconds = 60000.
TickCount = 546671, SleepMilliseconds = 60000.
TickCount = 546687, SleepMilliseconds = 60000.
TickCount = 546734, SleepMilliseconds = 60000.
TickCount = 546750, SleepMilliseconds = 60000.
TickCount = 546812, SleepMilliseconds = 60000.
TickCount = 546828, SleepMilliseconds = 60000.
TickCount = 546843, SleepMilliseconds = 60000.
TickCount = 546859, SleepMilliseconds = 60000.
TickCount = 546875, SleepMilliseconds = 60000.
TickCount = 546890, SleepMilliseconds = 60000.
TickCount = 546906, SleepMilliseconds = 60000.
TickCount = 546921, SleepMilliseconds = 60000.
TickCount = 546937, SleepMilliseconds = 60000.
TickCount = 546953, SleepMilliseconds = 60000.
Behavior description:获取光标位置
details:CursorPos = (680,18946), SleepMilliseconds = 60000.
CursorPos = (6973,26979), SleepMilliseconds = 60000.
CursorPos = (19808,16203), SleepMilliseconds = 60000.
CursorPos = (12117,29837), SleepMilliseconds = 60000.
CursorPos = (27601,24943), SleepMilliseconds = 60000.
CursorPos = (6344,28624), SleepMilliseconds = 60000.
CursorPos = (23920,17306), SleepMilliseconds = 60000.
CursorPos = (10600,970), SleepMilliseconds = 60000.
CursorPos = (3634,12421), SleepMilliseconds = 60000.
CursorPos = (5466,5915), SleepMilliseconds = 60000.
CursorPos = (33030,15083), SleepMilliseconds = 60000.
CursorPos = (4541,632), SleepMilliseconds = 60000.
CursorPos = (931,12861), SleepMilliseconds = 60000.
CursorPos = (18060,19195), SleepMilliseconds = 60000.
CursorPos = (20357,20374), SleepMilliseconds = 60000.
Behavior description:窗口信息
details:Pid = 1476, Hwnd=0x10316, Text = Untitled 1, ClassName = Afx:00400000:b:00010011:00000006:0016030A.
Pid = 1476, Hwnd=0x202ac, Text = Symbolic Notation, ClassName = ToolbarWindow32.
Pid = 1476, Hwnd=0x202a8, Text = The Geometer"s Sketchpad - [Untitled 1], ClassName = GSP5MainWin.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号