VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:82
Behavior list
Basic Information
MD5:6baf726061c3a5b19dee0184b297fc7a
file type:Compound
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 DLL
Subfile information:Binary._ISRES1046.DLL / 73d86ed83e5b568791ef81a0ae2eba4b / DLL
Binary._ISRES1046.DLLdumpFile / 73d86ed83e5b568791ef81a0ae2eba4b / DLL
Binary.InstallScript / b63e529303bc89819c8b57578b2a72d7 / Unknown
Binary.InstallScriptdumpFile / b63e529303bc89819c8b57578b2a72d7 / Unknown
!_StringData / cd7a34816760e4882837939efe01f549 / Unknown
!_StringDatadumpFile / cd7a34816760e4882837939efe01f549 / Unknown
Binary.String1046.txt / 4008eb064d0bdabd0a5280d189f741e4 / Unknown
Binary.String1046.txtdumpFile / 4008eb064d0bdabd0a5280d189f741e4 / Unknown
Binary.ISScriptBridge.dll / e460051d690b8f6e40aeb45c70982c61 / DLL
Binary.ISScriptBridge.dlldumpFile / e460051d690b8f6e40aeb45c70982c61 / DLL
Binary.ISSELFREG.DLL / 00ae0c765ed4052ee1602242f85401ba / DLL
Binary.ISSELFREG.DLLdumpFile / 00ae0c765ed4052ee1602242f85401ba / DLL
Icon.NewShortcut1.exedumpFile / d3b9618c5da5d10edacfba9f2977826c / EXE
Icon.NewShortcut1.exe / d3b9618c5da5d10edacfba9f2977826c / EXE
!_StringPool / 75e2546697c242772e71fcfd4608e5ce / Unknown
!_StringPooldumpFile / 75e2546697c242772e71fcfd4608e5ce / Unknown
!_Validation / f73d55d72694d90cdb548ac7e68349d9 / Unknown
!_ValidationdumpFile / f73d55d72694d90cdb548ac7e68349d9 / Unknown
Binary.NewBinary9 / 6e42cf0d47af25dea4cecdbe093d521c / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IPN..AMOIH
MSCTF.MarshalInterface.FileMap.IPN.B.AMOIH
MSCTF.MarshalInterface.FileMap.IPN.C.AMOIH
MSCTF.MarshalInterface.FileMap.IPN.D.AMOIH
MSCTF.MarshalInterface.FileMap.IPN.E.AOOIH
MSCTF.MarshalInterface.FileMap.IPN.F.AOOIH
MSCTF.MarshalInterface.FileMap.IPN.G.AOOIH
DfSharedHeap3D9DED
DfRoot0003D9DED
DfSharedHeap3DA177
DfRoot0003DA177
MSCTF.Shared.SFM.IPN
MSCTF.MarshalInterface.FileMap.IPN.H.ABFNH
MSCTF.MarshalInterface.FileMap.IPN.I.ABFNH
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [Informações do instalador do Novo Dicionário Aurélio,MsiDialogCloseClass]
[Window,Class] = [Você pode manter os elementos existentes instalados em seu sistema para continuar esta instalação posteriormente ou restaurar seu sistema ao estado original, anterior à instalação.,Static]
[Window,Class] = [Clique em Restaurar ou Adiar para sair do InstallShield Wizard.,Static]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IPN..AMOIH
MSCTF.MarshalInterface.FileMap.IPN.B.AMOIH
MSCTF.MarshalInterface.FileMap.IPN.C.AMOIH
MSCTF.MarshalInterface.FileMap.IPN.D.AMOIH
MSCTF.MarshalInterface.FileMap.IPN.E.AOOIH
MSCTF.MarshalInterface.FileMap.IPN.F.AOOIH
MSCTF.MarshalInterface.FileMap.IPN.G.AOOIH
DfSharedHeap3D9DED
DfRoot0003D9DED
DfSharedHeap3DA177
DfRoot0003DA177
MSCTF.Shared.SFM.IPN
MSCTF.MarshalInterface.FileMap.IPN.H.ABFNH
MSCTF.MarshalInterface.FileMap.IPN.I.ABFNH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\78f8c.msi---> Offset = 72000
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996E.msi
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 3572, Hwnd=0x202d8, Text = &OK, ClassName = Button.
Pid = 3572, Hwnd=0x202c2, Text = 1: O dispositivo InstallScript n?o se encontra nesta máquina. Se estiver disponível, execute ISScript.msi, ou entre em contato , ClassName = Static.
Pid = 3572, Hwnd=0x202c4, Text = NewBinary4, ClassName = Static.
Pid = 3572, Hwnd=0x302dc, Text = Informa??es do instalador do Novo Dicionário Aurélio, ClassName = MsiDialogCloseClass.
Pid = 3572, Hwnd=0x102ee, Text = C&oncluir, ClassName = Button.
Pid = 3572, Hwnd=0x102ea, Text = Cancelar, ClassName = Button.
Pid = 3572, Hwnd=0x102ec, Text = < &Voltar, ClassName = Button.
Pid = 3572, Hwnd=0x102f0, Text = Seu sistema n?o foi modificado. Para concluir a instala??o em outro momento, execute a instala??o novamente., ClassName = Static.
Pid = 3572, Hwnd=0x102f2, Text = Clique em Concluir para sair do InstallShield Wizard., ClassName = Static.
Pid = 3572, Hwnd=0x102f4, Text = Você pode manter os elementos existentes instalados em seu sistema para continuar esta instala??o posteriormente ou restaurar seu, ClassName = Static.
Pid = 3572, Hwnd=0x102f6, Text = Clique em Restaurar ou Adiar para sair do InstallShield Wizard., ClassName = Static.
Pid = 3572, Hwnd=0x102f8, Text = O wizard foi interrompido antes que o Novo Dicionário Aurélio pudesse ser completamente instalado., ClassName = Static.
Pid = 3572, Hwnd=0x102fc, Text = NewBinary5, ClassName = Static.
Pid = 3572, Hwnd=0x102fe, Text = Conclus?o do InstallShield Wizard do Novo Dicionário Aurélio, ClassName = Static.
Pid = 3572, Hwnd=0x202de, Text = InstallShield Wizard do Novo Dicionário Aurélio, ClassName = MsiDialogCloseClass.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [Informações do instalador do Novo Dicionário Aurélio,MsiDialogCloseClass]
[Window,Class] = [Você pode manter os elementos existentes instalados em seu sistema para continuar esta instalação posteriormente ou restaurar seu sistema ao estado original, anterior à instalação.,Static]
[Window,Class] = [Clique em Restaurar ou Adiar para sair do InstallShield Wizard.,Static]
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IPN
Behavior description:获取系统权限
details:SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号