VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:89
Behavior list
Basic Information
MD5:6f800222f554c9db98b6c3fec7b349cb
file type:Nsis
Production company:NeoSmart Technologies
version:2.3.0.207---2.3.0.207
Shell or compiler information:
Subfile information:nst_mac.iso / 16df4e32ff70bb02ae1e8298bb1640b8 / Iso
EasyBCD.exe / 8e1a4a6a7da4c54bd306259e67a9005c / EXE
plop.iso / 829e7ae0fb0b0e4c3adf2ac801e8cc55 / Iso
Newtonsoft.Json.dll / d9e327c56a27fed8e4f196ee59ce50a9 / DLL
bcdedit.exe / a60cbaea0f8ac802d21c0cc7bc2589be / EXE
grldr / 1b2a0804588f6907c1f297951c7160e4 / Unknown
EasyBCDPortable.exe / 0e8d64ec3c76fee99b3a1428cde987db / Nsis
UtfRedirect.exe / 5b40791899fa37507e7c08bc3d9f5294 / EXE
BootGrabber.exe / 2e12b37d32c8bcf8920f5ebb6d24a6b9 / EXE
easyldr2 / efe2c6e8448529e3f25e11ca4c94abea / Unknown
modern-wizard.bmp / 9b55fba74d4e0e7ccc06ea51b92edca6 / Unknown
PortableApps.comInstaller.bmp / 9b55fba74d4e0e7ccc06ea51b92edca6 / Unknown
bcdboot.exe / 9f9e397630a146e875735f2f42339e6b / EXE
PortableApps.comInstaller.ico / c5912c9a2d3bbc4f3c29f247caf5c900 / Unknown
bootsect.exe / da39bba4267ec54de12374bfd88d0df4 / EXE
appicon.ico / 061657a5339bb28ad599af75ed8675a3 / Unknown
[NSIS].nsi / 1f8f4a635774049339023fc63de24334 / Unknown
PortableApps.comInstaller.nsi / 3f5bb6f8c2ace305585e74974f699350 / Unknown
PortableApps.comLauncher.nsi / 8c30425ec3dacef7d785a401eac5c8fd / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AGJ..HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.B.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.C.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.D.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.E.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.F.GGNJH
MSCTF.MarshalInterface.FileMap.AGJ.G.GGNJH
MSCTF.Shared.SFM.AGJ
MSCTF.MarshalInterface.FileMap.AGJ.H.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.I.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.J.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.K.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.L.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.M.ACCOH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000402a0, Text = EasyBCD , ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [Copyright © NeoSmart Technologies 2015,Static]
[Window,Class] = [Copyright © NeoSmart Technologies 2015 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AGJ..HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.B.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.C.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.D.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.E.HFNJH
MSCTF.MarshalInterface.FileMap.AGJ.F.GGNJH
MSCTF.MarshalInterface.FileMap.AGJ.G.GGNJH
MSCTF.Shared.SFM.AGJ
MSCTF.MarshalInterface.FileMap.AGJ.H.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.I.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.J.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.K.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.L.ACCOH
MSCTF.MarshalInterface.FileMap.AGJ.M.ACCOH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\FindProcDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\nsDialogs.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\modern-header.bmp---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp---> Offset = 98304
C:\WINDOWS\wininit.ini---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp
FileName = C:\Documents and Settings\Administrator\PortableApps\*.*
FileName = C:\PortableApps
FileName = D:\PortableApps
FileName = X:\PortableApps
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\services.exe
FileName = C:\WINDOWS\system32\lsass.exe
FileName = C:\WINDOWS\system32\svchost.exe
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AGJ
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [Copyright © NeoSmart Technologies 2015,Static]
[Window,Class] = [Copyright © NeoSmart Technologies 2015 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000402a0, Text = EasyBCD , ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2396, Hwnd=0x202a4, Text = 简体中文, ClassName = ComboBox.
Pid = 2396, Hwnd=0x202a8, Text = OK, ClassName = Button.
Pid = 2396, Hwnd=0x202cc, Text = Cancel, ClassName = Button.
Pid = 2396, Hwnd=0x202b4, Text = Please select language:, ClassName = Static.
Pid = 2396, Hwnd=0x202a0, Text = EasyBCD, ClassName = #32770.
Pid = 2396, Hwnd=0x302a6, Text = 下一步(&N) >, ClassName = Button.
Pid = 2396, Hwnd=0x302a2, Text = 取消(&C), ClassName = Button.
Pid = 2396, Hwnd=0x802bc, Text = Copyright ? NeoSmart Technologies 2015 , ClassName = Static.
Pid = 2396, Hwnd=0x202d4, Text = Copyright ? NeoSmart Technologies 2015, ClassName = Static.
Pid = 2396, Hwnd=0x302da, Text = EasyBCD, ClassName = Static.
Pid = 2396, Hwnd=0x302b8, Text = 此向导将引导你安装 EasyBCD。 如果你是要升级已安装的 EasyBCD,请确认操作前关闭程序。 点击下一步继续。, ClassName = Static.
Pid = 2396, Hwnd=0x402a0, Text = EasyBCD, ClassName = #32770.
Pid = 2396, Hwnd=0x302a6, Text = 我接受(&I), ClassName = Button.
Pid = 2396, Hwnd=0x402b8, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 2396, Hwnd=0x402da, Text = Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetu, ClassName = RichEdit20W.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\modern-header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx6.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号