1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Safety rating:61 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 5d1cbb1710ff3ec9a8d59085c89fe252 |
| file type: | EXE |
| Production company: | Microsoft Corporation |
| version: | 1.0.1.580---01.00.01.0580 |
| Shell or compiler information: | PACKER:Armadillo 3.00a - 3.61 -> Silicon Realms Toolworks |
| Key behavior | |
|---|---|
| Behavior description: | 查找反病毒常用工具窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [FileMonClass,] |
| NtUserFindWindowEx: [Class,Window] = [RegMonClass,] | |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500 |
| Shareware Example | |
| MSCTF.MarshalInterface.FileMap.MNJ..CGGGF | |
| MSCTF.MarshalInterface.FileMap.MNJ.B.CGGGF | |
| MSCTF.MarshalInterface.FileMap.MNJ.C.CGGGF | |
| MSCTF.MarshalInterface.FileMap.MNJ.D.CGGGF | |
| MSCTF.MarshalInterface.FileMap.MNJ.E.CGGGF | |
| MSCTF.MarshalInterface.FileMap.MNJ.F.CGGGF | |
| MSCTF.MarshalInterface.FileMap.MNJ.G.CGGGF | |
| Registry behavior | |
|---|---|
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\MACHINE\SOFTWARE\Licenses\{K7C0DB872A3F777C0} |
| \REGISTRY\MACHINE\SOFTWARE\Licenses\{I3BE69020E11FA404} | |
| \REGISTRY\MACHINE\SOFTWARE\Licenses\{03BE69020E11FA404} | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 |
| CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| RAL665C94CF | |
| DirectSound DllMain mutex (0x000009D8) | |
| MSCTF.Shared.MUTEX.AEH | |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| Behavior description: | 尝试打开调试器或监控软件的驱动设备对象 |
| details: | \??\SICE |
| \??\NTICE | |
| \??\SIWVID | |
| Behavior description: | 获取系统权限 |
| details: | SE_INC_BASE_PRIORITY_PRIVILEGE |
| Behavior description: | 窗口信息 |
| details: | Pid = 2520, Hwnd=0x10354, Text = 确定, ClassName = Button. |
| Pid = 2520, Hwnd=0x10358, Text = Cannot find import; DLL may be missing, corrupt, or wrong version File "vorbisfile.dll", error 126, ClassName = Static. | |
| Pid = 2520, Hwnd=0x10350, Text = 错误, ClassName = #32770. | |
| Behavior description: | 直接操作物理设备 |
| details: | \??\PHYSICALDRIVE0 |
| Behavior description: | 枚举窗口 |
| details: | N/A |
| Behavior description: | 查找反病毒常用工具窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [FileMonClass,] |
| NtUserFindWindowEx: [Class,Window] = [RegMonClass,] | |
| Run screenshot |
|---|
 |
HOME
