VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:74d1588c8f7093ea6c80e1a9b7dc0332
file type:EXE
Production company:CPUID
version:1.7.3.0---1, 7, 3, 0
Shell or compiler information:PACKER:Not a valid PE file
File behavior
Behavior description:创建可执行文件
details:C:\Users\ADMINI~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys
Behavior description:修改文件内容
details:C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 0
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 60
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 139
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 225
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 265
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 297
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 331
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 333
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 393
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 505
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 551
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 598
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 652
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 740
C:\Users\ADMINI~1\AppData\Local\Temp\cpuz_driver_2688.log---> Offset = 839
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\996E_RASAPI32\FileDirectory
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:窗口信息
details:Pid = 2688, Hwnd=0x30282, Text = 软件, ClassName = Static.
Pid = 2688, Hwnd=0x40280, Text = 版本 1.73.0.x64, ClassName = Static.
Pid = 2688, Hwnd=0x40282, Text = 确定, ClassName = Button.
Pid = 2688, Hwnd=0x10402, Text = 保存报告 (.TXT), ClassName = Button.
Pid = 2688, Hwnd=0x10404, Text = www.cpuid.com , ClassName = Static.
Pid = 2688, Hwnd=0x10406, Text = 版本 1.73.0, ClassName = Static.
Pid = 2688, Hwnd=0x10408, Text = 相关信息和最新更新请访问, ClassName = Static.
Pid = 2688, Hwnd=0x1040a, Text = - 2015年08月, ClassName = Static.
Pid = 2688, Hwnd=0x1040c, Text = 作者 : 弗兰克·德拉特, ClassName = Static.
Pid = 2688, Hwnd=0x1040e, Text = 关于CPU-Z, ClassName = Button(GroupBox).
Pid = 2688, Hwnd=0x10410, Text = 工具, ClassName = Button(GroupBox).
Pid = 2688, Hwnd=0x10412, Text = Windows版本, ClassName = Button(GroupBox).
Pid = 2688, Hwnd=0x10414, Text = Microsoft Windows 8 (6.2) Home 64-bit , ClassName = Static.
Pid = 2688, Hwnd=0x10416, Text = CPU-Z是一款基于, ClassName = Static.
Pid = 2688, Hwnd=0x10418, Text = CPUID SDK开发的免费软件, ClassName = Static.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号