VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:5512b4ff90f21d2a4fca2202fa30ec04
file type:7z
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:精易模块.ec / 8852a614d7760144a122d4a70a07cf49 / Unknown
Easylanguage module Check and Decompile.exe / ac477efe8be9f475e25c3c90fb9bfa01 / EXE
模块科技-模块查看及反编译.e / e1fa1c1c29cbc293b8a4007d82e0b00e / Unknown
Win10.ec / 689677ec2cea8abef8e0a96c6c7af38c / Unknown
Win10.e / 82987b46afec900e0215e6c8815b6d63 / Unknown
模块反编译.e / aec55e436835fea4026fce58631d5496 / Unknown
模块反编译.ec / 4bcc5319d1a774116f6595d67475e10f / Unknown
bootstrap.min.css / ec3bb52a00e176a7181d454dffaea219 / Unknown
模块分析.ec / fbf84aec77e34305bd4803be6d9a0095 / Unknown
易文件分析.e / 1ef58017f4c300a07aa321e75fc9207b / Unknown
易文件分析.ec / 703015b30fa32f20ec72976dcfe8eb30 / Unknown
Thumbs.db / ae4f73d7804cdfd8fd95f8236c3ae51b / Compound
jquery-1.3.2.min.js / bb381e2d19d8eace86b34d20759491a5 / Unknown
模块分析.e / 01678f7c6c3396290a58998f2279fe08 / Unknown
易语言代码解析模块.e / aaabcbfb45b2fbcb5feee8747f837b47 / Unknown
易语言代码解析模块.ec / d9e2dfd56cf052baa1d249a6a618835d / Unknown
TreeCtrl.ec / 2f5cfcd277f8122e542ccd743c112f49 / Unknown
icon.css / a34595184324b4de4ec2837eee4a2476 / Unknown
msgbox_true.png / e1339978df2cb3f81c2f71cd6d14d330 / Unknown
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x03f2948d, EDX = 0x000000b6
EAX = 0x03f294d9, EDX = 0x000000b6
EAX = 0x03f29525, EDX = 0x000000b6
EAX = 0x03f29571, EDX = 0x000000b6
EAX = 0x03f295bd, EDX = 0x000000b6
EAX = 0x03f29609, EDX = 0x000000b6
EAX = 0x03f29655, EDX = 0x000000b6
EAX = 0x03f296a1, EDX = 0x000000b6
EAX = 0x03f296ed, EDX = 0x000000b6
EAX = 0x03f29739, EDX = 0x000000b6
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010354, DC = 0x01010055.
Foreground window Info: HWND = 0x00010354, DC = 0x0601066a.
Behavior description:获取TickCount值
details:TickCount = 242093, SleepMilliseconds = 250.
TickCount = 242109, SleepMilliseconds = 250.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: Easylanguage module Check and Decompile.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2908, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\commobj.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\WebBrowser2.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\RegEx.fnr
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\新建文件夹\msgbox_true.png
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\commobj.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\WebBrowser2.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\RegEx.fnr
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\iext.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\commobj.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\WebBrowser2.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\RegEx.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\新建文件夹\msgbox_true.png ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\新建文件夹\DATA\*.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MJK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MJK.IC
EventName = MSCTF.SendReceiveConection.Event.MJK.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:获取TickCount值
details:TickCount = 242093, SleepMilliseconds = 250.
TickCount = 242109, SleepMilliseconds = 250.
Behavior description:窗口信息
details:Pid = 2712, Hwnd=0x1034c, Text = IDE模式, ClassName = Button(RadioButton).
Pid = 2712, Hwnd=0x1034a, Text = 代码模式, ClassName = Button(RadioButton).
Pid = 2712, Hwnd=0x10348, Text = 请将您要读取的模块放入本分析器中, ClassName = Edit.
Pid = 2712, Hwnd=0x5033c, Text = 易语言模块分析器(Easylanguage module Check and Decompile), ClassName = WTWindow.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010354, DC = 0x01010055.
Foreground window Info: HWND = 0x00010354, DC = 0x0601066a.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\iext.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\commobj.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\WebBrowser2.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\RegEx.fnr(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [请将您要读取的模块放入本分析器中,Edit]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr ---> b3b09f4a3a6704000c3a0c6acc825e9d
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\iext.fnr ---> 856495a1605bfc7f62086d482b502c6f
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\commobj.fne ---> 2b86ad8cd1903916ae5a3cd7ec2f1b9e
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\WebBrowser2.fne ---> 3a3d1dceb97ed5d5910bafa045792079
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\RegEx.fnr ---> a67daddcb30335163cf7d99f282f5ae0
Behavior description:直接获取CPU时钟
details:EAX = 0x03f2948d, EDX = 0x000000b6
EAX = 0x03f294d9, EDX = 0x000000b6
EAX = 0x03f29525, EDX = 0x000000b6
EAX = 0x03f29571, EDX = 0x000000b6
EAX = 0x03f295bd, EDX = 0x000000b6
EAX = 0x03f29609, EDX = 0x000000b6
EAX = 0x03f29655, EDX = 0x000000b6
EAX = 0x03f296a1, EDX = 0x000000b6
EAX = 0x03f296ed, EDX = 0x000000b6
EAX = 0x03f29739, EDX = 0x000000b6
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N50005\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N50005\RegEx.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N50005\commobj.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N50005\iext.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N50005\WebBrowser2.fne.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号