VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:504ddb5b41eda63d09a29524f7b99f64
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:ZCB_API.dll / 67415da0dfb59fbdf92f4d289304afee / DLL
手机改后台点止文件安装下即可使用.TTF / 65a5b2842eb620e552053c11a85ac68c / Unknown
TobaoHelper_ZCB.exe / 32908c90b0d49f182a3986bc9236dad0 / EXE
Newtonsoft.Json.dll / abd9c387aaba000866f8ccb82313635f / DLL
Newtonsoft.Json.xml / f3bf8e3ff525cf7338cc4bd27a042e47 / Unknown
BCMakeCert.dll / a11e4e63bee1254c2b6bbe07410d57a8 / DLL
FiddlerCore4.dll / 880a85d43e183378010999d0a5c1b222 / DLL
log4net.dll / 31e73af0734f4328879c1d96cdc4658c / DLL
HtmlAgilityPack.pdb / 789eec6eba247bd0f9858f972eb6de3f / Unknown
HtmlAgilityPack.dll / 095ccdd16bd7b231ace2da7552c6dfbd / DLL
makecert.exe / 3da54bd90c1a4ef9a12270102c047fc5 / EXE
CertMaker.dll / fdd8662030290a683bea5b5846ac2db9 / DLL
Interop.ZCB_APILib.dll / 3d54efa47b681dad8548fcfbb02f5b98 / DLL
作者联系QQ5401015.jnt / 5b944604be1cc246c826a7f4bd59f4e1 / Unknown
音乐新手老手必看教程.txt / 42c35bbaa3f69e3c7a0d3afa6ab1cae3 / Unknown
j-trash-empty.dat / 9f3fa345cf9c56c0307d0f0a3c5fe7b8 / Unknown
config.ini / 3d03bc5b99b447c8da55904d949cc639 / Unknown
警告第一次使用必须双击点我注册成功即可.bat / 601aa14534ab6bf8f4c038a3fed8ef37 / Unknown
Key behavior
Behavior description:写权限映射文件
details:Global\Cor_Private_IPCBlock_v4_1552
Global\Cor_SxSPublic_IPCBlock_1552
CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Global\NLS_CodePage_936_3_2_0_0
MSCTF.MarshalInterface.FileMap.IHE..KMFHH
MSCTF.MarshalInterface.FileMap.IHE.B.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.C.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.D.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.E.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.F.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.G.KMFHH
MSCTF.Shared.SFM.IHE
MSCTF.MarshalInterface.FileMap.IHE..EEFLH
MSCTF.MarshalInterface.FileMap.IHE.B.EEFLH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202c6, Text = Microsoft .NET Framework, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r23_ad1.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Microsoft .NET Framework,WindowsForms10.Window.8.app.0.2bf8098_r23_ad1]
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "cmd.exe"
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "cmd.exe"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445500776.166357.exe_7zdump\狂刷助手1.5zb\ZCB_API.dll /s
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:Global\Cor_Private_IPCBlock_v4_1552
Global\Cor_SxSPublic_IPCBlock_1552
CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Global\NLS_CodePage_936_3_2_0_0
MSCTF.MarshalInterface.FileMap.IHE..KMFHH
MSCTF.MarshalInterface.FileMap.IHE.B.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.C.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.D.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.E.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.F.KMFHH
MSCTF.MarshalInterface.FileMap.IHE.G.KMFHH
MSCTF.Shared.SFM.IHE
MSCTF.MarshalInterface.FileMap.IHE..EEFLH
MSCTF.MarshalInterface.FileMap.IHE.B.EEFLH
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445500776.539851.exe_7zdump\狂刷助手1.5zb
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445500776.543385.exe_7zdump
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445500776.546891.exe_7zdump\狂刷助手1.5zb\TobaoHelper_ZCB.exe
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445500776.557441.exe_7zdump\狂刷助手1.5zb\TobaoHelper_ZCB.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\REGCOM.Register.Api.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\REGCOM.Register.Api.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\REGCOM.Register.Api\
\REGISTRY\MACHINE\SOFTWARE\Classes\REGCOM.Register.Api\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CF66319-AA2F-424A-BEEA-9E42E36BEA1A}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CF66319-AA2F-424A-BEEA-9E42E36BEA1A}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CF66319-AA2F-424A-BEEA-9E42E36BEA1A}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CF66319-AA2F-424A-BEEA-9E42E36BEA1A}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CF66319-AA2F-424A-BEEA-9E42E36BEA1A}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CF66319-AA2F-424A-BEEA-9E42E36BEA1A}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CF66319-AA2F-424A-BEEA-9E42E36BEA1A}\Version\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7111ECF-2415-46C6-AAD4-EE6802448456}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7111ECF-2415-46C6-AAD4-EE6802448456}\1.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7111ECF-2415-46C6-AAD4-EE6802448456}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7111ECF-2415-46C6-AAD4-EE6802448456}\1.0\HELPDIR\
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.ELH
oleacc-msaa-loaded
MSCTF.Shared.MUTEX.IHE
Behavior description:隐藏指定窗口
details:[Window,Class] = [Microsoft .NET Framework,WindowsForms10.Window.8.app.0.2bf8098_r23_ad1]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202c6, Text = Microsoft .NET Framework, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r23_ad1.
Behavior description:窗口信息
details:Pid = 1552, Hwnd=0x202ca, Text = Unhandled exception has occurred in a component in your application. If you click Continue, the application will ignore this erro, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202b0, Text = &Details, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202ae, Text = &Continue, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202aa, Text = See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** , ClassName = WindowsForms10.EDIT.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202c6, Text = Microsoft .NET Framework, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x302bc, Text = 账号登录, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202d4, Text = 记住密码, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x302dc, Text = QQ登录, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202d6, Text = 登录, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202c4, Text = 用户名 密码, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r23_ad1.
Pid = 1552, Hwnd=0x202b2, Text = 狂刷助手, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r23_ad1.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号