VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:5bfbf43e51fb23453bbebc184349bb46
file type:EXE
Production company:Tencent Inc.
version:6.15.201.26---6, 15, 201, 26
Shell or compiler information:COMPILER:Borland Delphi 4.0 - 5.0 [Overlay]
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..LJFHH
MSCTF.MarshalInterface.FileMap.EHF.B.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.C.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.D.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.E.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.F.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.G.LKFHH
MSCTF.Shared.SFM.EHF
MSCTF.MarshalInterface.FileMap.EHF.H.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.I.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.J.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.K.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.L.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.M.LABKI
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000203a8, Text = Wizard, ClassName = TDlgAccWizard.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:按名称获取主机地址
details:datacollect.foxmail.com.cn
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..LJFHH
MSCTF.MarshalInterface.FileMap.EHF.B.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.C.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.D.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.E.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.F.LKFHH
MSCTF.MarshalInterface.FileMap.EHF.G.LKFHH
MSCTF.Shared.SFM.EHF
MSCTF.MarshalInterface.FileMap.EHF.H.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.I.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.J.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.K.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.L.MPAKI
MSCTF.MarshalInterface.FileMap.EHF.M.LABKI
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\3rdParty\FoxPlugin.Dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\3rdParty\PlugInRscDll.dll
FileName = C:\WINDOWS\FoxmailUpdate\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\FoxmailUpdate\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Chinese.lgb
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\accounts.cfg
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\accounts.cfg.bak
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Skin\TXScrollbar.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\foxmail.ini
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Address\Picture\Contact.jpg
Network behavior
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:按名称获取主机地址
details:datacollect.foxmail.com.cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Aerofox\Foxmail\version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Foxmail_is1\Inno Setup: App Path
\REGISTRY\USER\S-*\Software\Aerofox\Foxmail\FoxToolbar\Compose\ControlNames
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EHF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 1344, Hwnd=0x103c2, Text = &Help, ClassName = TButton.
Pid = 1344, Hwnd=0x103c0, Text = &Cancel, ClassName = TButton.
Pid = 1344, Hwnd=0x103be, Text = Ne&xt >, ClassName = TButton.
Pid = 1344, Hwnd=0x103bc, Text = < &Back, ClassName = TButton.
Pid = 1344, Hwnd=0x103c4, Text = AccName, ClassName = TPage.
Pid = 1344, Hwnd=0x103ca, Text = &Default, ClassName = TButton.
Pid = 1344, Hwnd=0x103c8, Text = &Browse..., ClassName = TButton.
Pid = 1344, Hwnd=0x103c6, Text = <Default>, ClassName = TEdit.
Pid = 1344, Hwnd=0x203ac, Text = Server, ClassName = TPage.
Pid = 1344, Hwnd=0x103b8, Text = A&dvanced Setting..., ClassName = TButton.
Pid = 1344, Hwnd=0x103b4, Text = POP3, ClassName = TComboBox.
Pid = 1344, Hwnd=0x203a8, Text = Wizard, ClassName = TDlgAccWizard.
Behavior description:获取TickCount值
details:TickCount = 558109, SleepMilliseconds = 60000.
TickCount = 558140, SleepMilliseconds = 60000.
TickCount = 565500, SleepMilliseconds = 60000.
TickCount = 565515, SleepMilliseconds = 60000.
TickCount = 566171, SleepMilliseconds = 60000.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 60000.
CursorPos = (6399,26500), SleepMilliseconds = 60000.
CursorPos = (19234,15724), SleepMilliseconds = 60000.
CursorPos = (11543,29358), SleepMilliseconds = 60000.
CursorPos = (27027,24464), SleepMilliseconds = 60000.
CursorPos = (5770,28145), SleepMilliseconds = 60000.
CursorPos = (23346,16827), SleepMilliseconds = 60000.
CursorPos = (10026,491), SleepMilliseconds = 60000.
CursorPos = (3060,11942), SleepMilliseconds = 60000.
CursorPos = (4892,5436), SleepMilliseconds = 60000.
CursorPos = (32456,14604), SleepMilliseconds = 60000.
CursorPos = (3967,153), SleepMilliseconds = 60000.
CursorPos = (357,12382), SleepMilliseconds = 60000.
CursorPos = (17486,18716), SleepMilliseconds = 60000.
CursorPos = (19783,19895), SleepMilliseconds = 60000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000203a8, Text = Wizard, ClassName = TDlgAccWizard.
Behavior description:枚举窗口
details:N/A
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号