VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:21
Behavior list
Basic Information
MD5:802e0d0dadcfd43d9c71c32cc47c6f8c
file type:EXE
Production company:
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Elan
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..DIMGH
MSCTF.MarshalInterface.FileMap.AEF.B.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.C.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.D.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.E.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.F.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.G.CJMGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.I.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.J.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.K.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.L.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.M.DNCLH
Behavior description:修改注册表_禁用修改IE首页属性
details:\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\control Panel\HomePage
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [刷图模式:,_EL_Label]
[Window,Class] = [,ComboBox]
[Window,Class] = [捡物模式:,_EL_Label]
[Window,Class] = [装备处理:,_EL_Label]
[Window,Class] = [开始,Button]
[Window,Class] = [暂停,Button]
[Window,Class] = [使用方法: 先进入游戏到仓库 然后在打开本程序即可 无敌和SSS自动开启 小键盘4568顺图7选图9回城 或者,Alt+↑↓←→顺图 PgUp选图,PgDn回城 交流QQ群:204040230,_EL_Label]
[Window,Class] = [手动功能设置,Button]
[Window,Class] = [地图难度:,_EL_Label]
[Window,Class] = [自动传送:,_EL_Label]
[Window,Class] = [执行速度:,_EL_Label]
[Window,Class] = [,Edit]
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = cmd /c regsvr32 /u /s igfxpph.dll & reg delete hkey_classes_root\directory\background\shellex\contextmenuhandlers /f & reg add hkey_classes_root\directory\background\shellex\contextmenuhandlers\new /ve /d {d969a300-e7ff-11d0-a93b-00a0c9
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\CMD.exe, CmdLine = CMD /C regsvr32 /u /s igfxpph.dll & reg delete HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers /f & reg add HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\new /ve /d {D96
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /u /s igfxpph.dll
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg delete HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\new /ve /d {D969A300-E7FF-11d0-A93B-00A0C90F2719}
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\InProcServer32
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\InProcServer32 /ve /t reg_expand_sz /d C:\WINDOWS\system32\shdocvw.dll /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance /v CLSID /t reg_sz /d {3f454f0e-42ae-4d7c-8ea3-328250d6e272} /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v Param1 /t reg_sz /d http://www.234la.com /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v command /t reg_sz /d 360安全浏览器上网 /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v method /t reg_sz /d ShellExecute /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag /v CLSID /t reg_sz /d {13709620-C279-11CE-A49E-444553540000} /f
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg add HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\{00000000-0000-0000-0000-000000000001}
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..DIMGH
MSCTF.MarshalInterface.FileMap.AEF.B.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.C.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.D.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.E.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.F.DIMGH
MSCTF.MarshalInterface.FileMap.AEF.G.CJMGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.I.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.J.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.K.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.L.DNCLH
MSCTF.MarshalInterface.FileMap.AEF.M.DNCLH
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 34
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 53
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 78
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 116
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 136
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 152
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 166
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 182
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 197
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 214
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 230
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 244
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 258
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\配置.ini---> Offset = 272
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\桌面\*.*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\CMD.exe
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\regsvr32.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\regsvr32
FileName = C:\Python27\regsvr32.*
FileName = C:\Python27\regsvr32
FileName = C:\Python27\Scripts\regsvr32.*
Registry behavior
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\new\
Behavior description:修改注册表_组策略
details:\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Search Bar
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Search Page
\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\Main\Default_Page_URL
Behavior description:修改注册表_IE关键属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
Behavior description:修改注册表_禁用修改IE首页属性
details:\REGISTRY\USER\S-*\Software\Policies\Microsoft\Internet Explorer\control Panel\HomePage
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main\Start Page
\REGISTRY\USER\S-*\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage
\REGISTRY\MACHINE\pop
\REGISTRY\MACHINE\pops
\REGISTRY\MACHINE\pop2
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\Param1
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\command
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\method
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\CLSID
Behavior description:删除注册表键_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\New
\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [刷图模式:,_EL_Label]
[Window,Class] = [,ComboBox]
[Window,Class] = [捡物模式:,_EL_Label]
[Window,Class] = [装备处理:,_EL_Label]
[Window,Class] = [开始,Button]
[Window,Class] = [暂停,Button]
[Window,Class] = [使用方法: 先进入游戏到仓库 然后在打开本程序即可 无敌和SSS自动开启 小键盘4568顺图7选图9回城 或者,Alt+↑↓←→顺图 PgUp选图,PgDn回城 交流QQ群:204040230,_EL_Label]
[Window,Class] = [手动功能设置,Button]
[Window,Class] = [地图难度:,_EL_Label]
[Window,Class] = [自动传送:,_EL_Label]
[Window,Class] = [执行速度:,_EL_Label]
[Window,Class] = [,Edit]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1476, Hwnd=0x102ee, Text = 进程ID:, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x102ea, Text = 窗口标题:, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x102e8, Text = 请将鼠标移动到游戏窗口上,然后按F11键继续, ClassName = _EL_Label.
Pid = 1476, Hwnd=0x102e6, Text = 未发现DNF进程!, ClassName = WTWindow.
Pid = 1476, Hwnd=0x202e8, Text = 确定, ClassName = Button.
Pid = 1476, Hwnd=0x202ea, Text = 获取进程信息失败,请联系群管理员,QQ群:204040230, ClassName = Static.
Pid = 1476, Hwnd=0x202e6, Text = 信息:, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号