VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:5bd9ff03035d118f819b4324ff9c1e4d
file type:EXE
Production company:i-Funbox.com
version:1.2.1520.758---V1.2 BUILD1520.758
Shell or compiler information:PACKER:Not a valid PE file
File behavior
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDN3657Z\179[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L13AV3U6\177[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSKHO9YV\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDN3657Z\ErrorPageTemplate[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QRXI1A3\errorPageStrings[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L13AV3U6\httpErrorPagesScripts[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GSKHO9YV\info_48[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VDN3657Z\bullet[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QRXI1A3\down[1]---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L13AV3U6\background_gradient[1]---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\i-FunBox.com\i-FunBox\Preference\instanceID
\REGISTRY\USER\S-*\Software\i-FunBox.com\i-FunBox\Preference\First_Run
\REGISTRY\USER\S-*\Software\i-FunBox.com\i-FunBox\Preference\version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\FileDirectory
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\i-FunBox.com\i-FunBox\Preference\Installed
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:窗口信息
details:Pid = 1884, Hwnd=0x402a4, Text = &Tool Bar, ClassName = Afx:000007F6FDF80000:8:0000000000010003:0000000000000000:0000000000000000.
Pid = 1884, Hwnd=0x50270, Text = Menu Bar, ClassName = Afx:000007F6FDF80000:8:0000000000010003:0000000000000000:0000000000000000.
Pid = 1884, Hwnd=0x402a6, Text = 完成, ClassName = msctls_statusbar32.
Pid = 1884, Hwnd=0x202a8, Text = Start Search, ClassName = Button.
Pid = 1884, Hwnd=0x4026e, Text = Match Filename:, ClassName = Static.
Pid = 1884, Hwnd=0xa0222, Text = Size larger than:, ClassName = Button.
Pid = 1884, Hwnd=0x30154, Text = e.g.: .png;.jpg, ClassName = Static.
Pid = 1884, Hwnd=0x401b2, Text = e.g.: 100kb, ClassName = Static.
Pid = 1884, Hwnd=0x90244, Text = Abort, ClassName = Button.
Pid = 1884, Hwnd=0x401b6, Text = * Sorting by clicking header will be enabled after searching completes, ClassName = Static.
Pid = 1884, Hwnd=0x40264, Text = USB Tunnel, ClassName = AfxFrameOrView100su.
Pid = 1884, Hwnd=0x30200, Text = App Install Report, ClassName = AfxFrameOrView100su.
Pid = 1884, Hwnd=0x401f2, Text = Folder View, ClassName = AfxWnd100su.
Pid = 1884, Hwnd=0xd016a, Text = Device View | Thumbnails, ClassName = AfxWnd100su.
Pid = 1884, Hwnd=0x2029c, Text = Welcome, ClassName = AfxFrameOrView100su.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号