VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:86
Behavior list
Basic Information
MD5:657cc2412ce86c6a20f38b9141a52d37
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 2.0 [Overlay]
Subfile information:Readme-说明.htm / a27c416a8f0619326f06edabef6f66bb / Unknown
sltdyj_newhua.exe / 48fc3cc2323146acc5f5e456273ad464 / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IOC..PHKGH
MSCTF.MarshalInterface.FileMap.IOC.B.PHKGH
MSCTF.MarshalInterface.FileMap.IOC.C.PHKGH
MSCTF.MarshalInterface.FileMap.IOC.D.PHKGH
MSCTF.MarshalInterface.FileMap.IOC.E.PIKGH
MSCTF.MarshalInterface.FileMap.IOC.F.PIKGH
MSCTF.MarshalInterface.FileMap.IOC.G.PIKGH
MSCTF.Shared.SFM.IOC
MSCTF.MarshalInterface.FileMap.IOC.H.GLPKH
MSCTF.MarshalInterface.FileMap.IOC.I.FNPKH
MSCTF.MarshalInterface.FileMap.IOC.J.FNPKH
MSCTF.MarshalInterface.FileMap.IOC.K.FNPKH
MSCTF.MarshalInterface.FileMap.IOC.L.EPPKH
MSCTF.MarshalInterface.FileMap.IOC.M.EAALH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7B1U1.tmp\sltdyj_newhua.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7B1U1.tmp\sltdyj_newhua.tmp" /SL5="$202A2,2685758,53248,C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445522987.828344.exe_7zdump\sltdyj_newhua.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IOC..PHKGH
MSCTF.MarshalInterface.FileMap.IOC.B.PHKGH
MSCTF.MarshalInterface.FileMap.IOC.C.PHKGH
MSCTF.MarshalInterface.FileMap.IOC.D.PHKGH
MSCTF.MarshalInterface.FileMap.IOC.E.PIKGH
MSCTF.MarshalInterface.FileMap.IOC.F.PIKGH
MSCTF.MarshalInterface.FileMap.IOC.G.PIKGH
MSCTF.Shared.SFM.IOC
MSCTF.MarshalInterface.FileMap.IOC.H.GLPKH
MSCTF.MarshalInterface.FileMap.IOC.I.FNPKH
MSCTF.MarshalInterface.FileMap.IOC.J.FNPKH
MSCTF.MarshalInterface.FileMap.IOC.K.FNPKH
MSCTF.MarshalInterface.FileMap.IOC.L.EPPKH
MSCTF.MarshalInterface.FileMap.IOC.M.EAALH
Behavior description:重命名文件
details:C:\Program Files\dyj\sltdyj\is-8PHTE.tmp ---> C:\Program Files\dyj\sltdyj\unins000.exe
C:\Program Files\dyj\sltdyj\is-K77RL.tmp ---> C:\Program Files\dyj\sltdyj\user.dat
C:\Program Files\dyj\sltdyj\is-E22T1.tmp ---> C:\Program Files\dyj\sltdyj\borlndmm.dll
C:\Program Files\dyj\sltdyj\is-EAKN1.tmp ---> C:\Program Files\dyj\sltdyj\DyjAPI.dll
C:\Program Files\dyj\sltdyj\is-SSAPD.tmp ---> C:\Program Files\dyj\sltdyj\SLTDYJ.exe
C:\Program Files\dyj\sltdyj\is-8VI6G.tmp ---> C:\Program Files\dyj\sltdyj\sltdyj.ini
C:\Program Files\dyj\sltdyj\is-4ESE7.tmp ---> C:\Program Files\dyj\sltdyj\ZCSys.dll
C:\Program Files\dyj\sltdyj\is-O5HK1.tmp ---> C:\Program Files\dyj\sltdyj\大赢家合买代购平台.url
C:\Program Files\dyj\sltdyj\Com\Func\is-3GDD9.tmp ---> C:\Program Files\dyj\sltdyj\Com\Func\IniEditor.dll
C:\Program Files\dyj\sltdyj\Com\Func\is-QAPOQ.tmp ---> C:\Program Files\dyj\sltdyj\Com\Func\IniEditor2.dll
C:\Program Files\dyj\sltdyj\Data\is-5O6KM.tmp ---> C:\Program Files\dyj\sltdyj\Data\SLTDYJ.mdb
C:\Program Files\dyj\sltdyj\Data\is-IKQBA.tmp ---> C:\Program Files\dyj\sltdyj\Data\WinList.mod
C:\Program Files\dyj\sltdyj\Data\is-8N5KP.tmp ---> C:\Program Files\dyj\sltdyj\Data\ZCCompSet.mtm
C:\Program Files\dyj\sltdyj\Data\is-83HT9.tmp ---> C:\Program Files\dyj\sltdyj\Data\ZCMTSet.mtm
C:\Program Files\dyj\sltdyj\SOFT\is-R5Q65.tmp ---> C:\Program Files\dyj\sltdyj\SOFT\BBSInfo.xml
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7B1U1.tmp\sltdyj_newhua.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-TDIRL.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-TDIRL.tmp\_isetup\_shfoldr.dll
C:\Program Files\dyj\sltdyj\is-8PHTE.tmp
C:\Program Files\dyj\sltdyj\is-E22T1.tmp
C:\Program Files\dyj\sltdyj\is-EAKN1.tmp
C:\Program Files\dyj\sltdyj\is-SSAPD.tmp
C:\Program Files\dyj\sltdyj\is-4ESE7.tmp
C:\Program Files\dyj\sltdyj\Com\Func\is-3GDD9.tmp
C:\Program Files\dyj\sltdyj\Com\Func\is-QAPOQ.tmp
Behavior description:修改文件内容
details:C:\Program Files\dyj\sltdyj\is-K77RL.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\is-8VI6G.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\is-O5HK1.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\Data\is-5O6KM.tmp---> Offset = 262144
C:\Program Files\dyj\sltdyj\Data\is-IKQBA.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\Data\is-8N5KP.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\Data\is-83HT9.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-R5Q65.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-MD29M.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-JSCFL.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-BSFIO.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-4BNSD.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-O45FT.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-L661M.tmp---> Offset = 0
C:\Program Files\dyj\sltdyj\SOFT\is-QFVBT.tmp---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7B1U1.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7B1U1.tmp\sltdyj_newhua.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\*.*
FileName = C:\Program Files\dyj\sltdyj\unins???.*
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IOC
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 288, Hwnd=0x302da, Text = 欢迎使用 华军超级乐透大赢家 安装向导 , ClassName = TNewStaticText.
Pid = 288, Hwnd=0x202c6, Text = 安装向导将在你的电脑上安装 华军超级乐透大赢家1.131。 建议你在继续之前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消, ClassName = TNewStaticText.
Pid = 288, Hwnd=0x202c8, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 288, Hwnd=0x202c4, Text = 取消, ClassName = TNewButton.
Pid = 288, Hwnd=0x402bc, Text = 安装向导 - 华军超级乐透大赢家, ClassName = TWizardForm.
Pid = 288, Hwnd=0x302b6, Text = 选择目标位置, ClassName = TNewStaticText.
Pid = 288, Hwnd=0x502ce, Text = 将 华军超级乐透大赢家 安装到哪里?, ClassName = TNewStaticText.
Pid = 288, Hwnd=0x402be, Text = 安装向导将把 华军超级乐透大赢家 安装到以下文件夹中。, ClassName = TNewStaticText.
Pid = 288, Hwnd=0x202ac, Text = 若要继续,单击“下一步”。如果你要选择不同的文件夹,请单击“浏览”。, ClassName = TNewStaticText.
Pid = 288, Hwnd=0x202aa, Text = C:\Program Files\dyj\sltdyj, ClassName = TEdit.
Pid = 288, Hwnd=0x202ae, Text = 浏览(&R)..., ClassName = TNewButton.
Pid = 288, Hwnd=0x202b0, Text = 至少需要 5.4 MB 的空闲磁盘空间。, ClassName = TNewStaticText.
Pid = 288, Hwnd=0x202d0, Text = < 上一步(&B), ClassName = TNewButton.
Pid = 288, Hwnd=0x302b6, Text = 选择开始菜单文件夹, ClassName = TNewStaticText.
Pid = 288, Hwnd=0x502ce, Text = 把程序快捷方式放到哪里?, ClassName = TNewStaticText.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:打开图片文件
details:\Program Files\dyj\sltdyj\SOFT\bill.jpg
\Program Files\dyj\sltdyj\SOFT\Splash.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\1.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\10.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\11.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\12.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\13.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\14.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\15.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\16.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\2.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\3.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\4.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\5.jpg
\Program Files\dyj\sltdyj\SOFT\ball\azury16\6.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号