VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:7b3c68e112d56b5e9a610c88f0328556
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:Common.pdb / 436c64089c9db19182b0f620d2b9cf8a / Unknown
aspr.ske.2.x.new_6a130e46dumpFile / 9c4941a178cf29c548701976a9e4da9e / DLL
GdiPlus.dll / c81767059ed5fc0282383e055e050c92 / DLL
aspr.ske.2.x.new_a6cb6015dumpFile / db8714943ce85d34740acde5fbcd41c1 / EXE
mmRes.dll / 622bf4889d7aa3407d3a2fe6a30fbd4d / DLL
mfc80u.dll / c297a92852f494ed69a5ec0cc2af9b89 / DLL
公章.bmp / c077626fd9d471879edcfed77d0c1576 / Unknown
SealXP11.exe / 03caed643c61e5a65f2079e9796a5dbe / EXE
msvcr80.dll / 16d7ddf3b659f7cf1cb9f4dcff4219f0 / DLL
msvcp80.dll / 2bc650257fb0867abd54fd460ec2bafc / DLL
msvcm80.dll / cdcc63e967d64ece3729246720af4fcc / DLL
彝文字体.ttf / c371539fc11a242a5e1c762a7d1427b2 / Unknown
印泥效果.bmp / 3db49d372b0069050e2c26ef57014649 / Unknown
维文字体.TTF / 6709233dccf6a13f76849051232db3fa / Unknown
example.yzf / f5d81a0ab9f82072238a32fe16d4d7a9 / Unknown
mfcm80u.dll / ae185805654f362ac58c3a6d31c23f70 / DLL
藏文字体.TTF / 15141a1352eae263f468527a83edc773 / Unknown
Common.dll / 42698be2ae8ae6943b43bf513903fc6f / DLL
English.lng / ebd01029dfbcc731757ea3f2f9c5dcff / Unknown
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = [System Process], WriteAddress = 0x028c1060, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1061, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1062, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1063, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1064, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1065, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1066, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1067, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1068, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1069, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106a, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106b, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106c, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106d, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106e, Size = 1
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = [System Process], WriteAddress = 0x028c1060, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1061, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1062, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1063, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1064, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1065, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1066, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1067, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1068, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c1069, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106a, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106b, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106c, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106d, Size = 1
TargetProcess = [System Process], WriteAddress = 0x028c106e, Size = 1
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.005617.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.009140.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 52
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.013892.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 32
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.019165.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 141
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.024437.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 85
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.029693.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 73
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.035300.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 106
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.040772.exe_7zdump\印章制作大师V11.0 绿色特别版\RunOptions.ini---> Offset = 127
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.079068.exe_7zdump\印章制作大师V11.0 绿色特别版\Language\*.ini
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.084547.exe_7zdump
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453107487.089864.exe_7zdump\印章制作大师V11.0 绿色特别版
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Seal.Document\
\REGISTRY\MACHINE\SOFTWARE\Classes\Seal.Document\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Seal.Document\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\Seal.Document\shell\print\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\Seal.Document\shell\printto\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\.yzf\
\REGISTRY\MACHINE\SOFTWARE\Classes\.yzf\ShellNew\NullFile
\REGISTRY\MACHINE\SOFTWARE\Classes\SealTemplate.Document\DefaultIcon\
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\应用程序向导生成的本地应用程序\印章大师11.0\Recent File List
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:窗口信息
details:Pid = 2776, Hwnd=0x302b8, Text = Arial, ClassName = ComboBox.
Pid = 2776, Hwnd=0x202ae, Text = 仅中文, ClassName = Button(CheckBox).
Pid = 2776, Hwnd=0x402bc, Text = 旋转角:, ClassName = Static.
Pid = 2776, Hwnd=0x302b4, Text = 0, ClassName = Edit.
Pid = 2776, Hwnd=0x302cc, Text = 模糊度:, ClassName = Static.
Pid = 2776, Hwnd=0x402dc, Text = 0, ClassName = Edit.
Pid = 2776, Hwnd=0x202c2, Text = 阳章, ClassName = Button(CheckBox).
Pid = 2776, Hwnd=0x202c4, Text = 五星, ClassName = Button(CheckBox).
Pid = 2776, Hwnd=0x202c8, Text = 图符, ClassName = Button(CheckBox).
Pid = 2776, Hwnd=0x202ca, Text = 镜像, ClassName = Button(CheckBox).
Pid = 2776, Hwnd=0x140134, Text = 印章大师 11.0, ClassName = Afx:00400000:0:00000000:00000000:000700D3.
Pid = 2776, Hwnd=0x10308, Text = 印章属性, ClassName = AfxControlBar80u.
Pid = 2776, Hwnd=0x10312, Text = 0, ClassName = Edit.
Pid = 2776, Hwnd=0x10314, Text = 0, ClassName = Edit.
Pid = 2776, Hwnd=0x10316, Text = 0, ClassName = Edit.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Afx:00400000:8:00010011:00000000:00000000]
[Window,Class] = [,tooltips_class32]
[Window,Class] = [印章大师 11.0,Afx:00400000:0:00000000:00000000:000700D3]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号