VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:821abc9235006ca3d717056f26f045c0
file type:EXE
Production company:
version:2.1.0.0
Shell or compiler information:COMPILER:PEncrypt 4.0 Gamma / 4.0 Phi -> junkcode [Overlay]
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EML..LEMKH
MSCTF.MarshalInterface.FileMap.EML.B.LFMKH
MSCTF.MarshalInterface.FileMap.EML.C.LFMKH
MSCTF.MarshalInterface.FileMap.EML.D.LFMKH
MSCTF.MarshalInterface.FileMap.EML.E.KGMKH
MSCTF.MarshalInterface.FileMap.EML.F.KGMKH
MSCTF.MarshalInterface.FileMap.EML.G.KGMKH
MSCTF.MarshalInterface.FileMap.EML.H.GCNKH
MSCTF.MarshalInterface.FileMap.EML.I.GCNKH
MSCTF.MarshalInterface.FileMap.EML.J.GCNKH
MSCTF.MarshalInterface.FileMap.EML.K.GCNKH
MSCTF.MarshalInterface.FileMap.EML.L.GCNKH
MSCTF.MarshalInterface.FileMap.EML.M.GCNKH
MSCTF.MarshalInterface.FileMap.EML.N.MHGLH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x001a0142, Text = , ClassName = TMainForm.
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\DataNumen PDF Repair.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,TMainForm]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB3.tmp, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB3.tmp 6656 C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445975340.664150.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ5.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ5.tmp" C:\Program Files\DPDFR\DPDFRSHL.dll
ImagePath = C:\PROGRA~1\DPDFR\DPDFR.exe, CmdLine = "C:\PROGRA~1\DPDFR\DPDFR.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\DataNumen PDF Repair\DataNumen PDF Repair.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\DataNumen PDF Repair\Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\DataNumen PDF Repair\Uninstall DataNumen PDF Repair.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLK6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP
C:\Program Files\DPDFR\~GLH0001.TMP
C:\Program Files\DPDFR\~GLH0002.TMP
C:\Program Files\DPDFR\~GLH0005.TMP
C:\Program Files\DPDFR\~GLH0006.TMP
C:\Program Files\DPDFR\~GLH0008.TMP
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB3.tmp
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\DataNumen PDF Repair.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EML..LEMKH
MSCTF.MarshalInterface.FileMap.EML.B.LFMKH
MSCTF.MarshalInterface.FileMap.EML.C.LFMKH
MSCTF.MarshalInterface.FileMap.EML.D.LFMKH
MSCTF.MarshalInterface.FileMap.EML.E.KGMKH
MSCTF.MarshalInterface.FileMap.EML.F.KGMKH
MSCTF.MarshalInterface.FileMap.EML.G.KGMKH
MSCTF.MarshalInterface.FileMap.EML.H.GCNKH
MSCTF.MarshalInterface.FileMap.EML.I.GCNKH
MSCTF.MarshalInterface.FileMap.EML.J.GCNKH
MSCTF.MarshalInterface.FileMap.EML.K.GCNKH
MSCTF.MarshalInterface.FileMap.EML.L.GCNKH
MSCTF.MarshalInterface.FileMap.EML.M.GCNKH
MSCTF.MarshalInterface.FileMap.EML.N.MHGLH
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLFA.tmp
C:\Program Files\DPDFR\~GLH0001.TMP ---> C:\Program Files\DPDFR\UNWISE.EXE
C:\Program Files\DPDFR\~GLH0002.TMP ---> C:\Program Files\DPDFR\TurboActivate.dll
C:\Program Files\DPDFR\~GLH0003.TMP ---> C:\Program Files\DPDFR\TurboActivate.dat
C:\Program Files\DPDFR\~GLH0004.TMP ---> C:\Program Files\DPDFR\DPDFR.ini
C:\Program Files\DPDFR\~GLH0005.TMP ---> C:\Program Files\DPDFR\DPDFR.dll
C:\Program Files\DPDFR\~GLH0006.TMP ---> C:\Program Files\DPDFR\DPDFR.exe
C:\Program Files\DPDFR\~GLH0007.TMP ---> C:\Program Files\DPDFR\DPDFR.chm
C:\Program Files\DPDFR\~GLH0008.TMP ---> C:\Program Files\DPDFR\DPDFRSHL.dll
C:\Program Files\DPDFR\~GLH0009.TMP ---> C:\Program Files\DPDFR\Faq.txt
C:\Program Files\DPDFR\~GLH000a.TMP ---> C:\Program Files\DPDFR\file_id.diz
C:\Program Files\DPDFR\~GLH000b.TMP ---> C:\Program Files\DPDFR\History.txt
C:\Program Files\DPDFR\~GLH000c.TMP ---> C:\Program Files\DPDFR\readme.txt
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC4.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLW7.tmp---> Offset = 32768
C:\WINDOWS\system32\GLBSINST.%$D---> Offset = 0
C:\Program Files\DPDFR\~GLH0003.TMP---> Offset = 0
C:\Program Files\DPDFR\~GLH0004.TMP---> Offset = 0
C:\Program Files\DPDFR\~GLH0007.TMP---> Offset = 32768
C:\Program Files\DPDFR\~GLH0009.TMP---> Offset = 0
C:\Program Files\DPDFR\~GLH000a.TMP---> Offset = 0
C:\Program Files\DPDFR\~GLH000b.TMP---> Offset = 0
C:\Program Files\DPDFR\~GLH000c.TMP---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\DataNumen PDF Repair\DataNumen PDF Repair.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\DataNumen PDF Repair\Help.lnk---> Offset = 0
C:\Documents and Settings\Administrator\桌面\DataNumen PDF Repair.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\DataNumen PDF Repair\Uninstall DataNumen PDF Repair.lnk---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLG9.tmp---> Offset = 223
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataNumen PDF Repair v2.1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataNumen PDF Repair v2.1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.Document\shellex\ContextMenuHandlers\APDFR\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{731E006D-0C55-4C6F-ABF0-C98F268FD077}
\REGISTRY\MACHINE\SOFTWARE\Classes\ShellExt.APDFRCtxMenu.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\ShellExt.APDFRCtxMenu.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ShellExt.APDFRCtxMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\ShellExt.APDFRCtxMenu\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ShellExt.APDFRCtxMenu\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{731E006D-0C55-4C6F-ABF0-C98F268FD077}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{731E006D-0C55-4C6F-ABF0-C98F268FD077}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{731E006D-0C55-4C6F-ABF0-C98F268FD077}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{731E006D-0C55-4C6F-ABF0-C98F268FD077}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{731E006D-0C55-4C6F-ABF0-C98F268FD077}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{731E006D-0C55-4C6F-ABF0-C98F268FD077}\TypeLib\
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EJ
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,TMainForm]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:枚举窗口
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x001a0142, Text = , ClassName = TMainForm.
Behavior description:窗口信息
details:Pid = 1004, Hwnd=0x202a6, Text = DataNumen PDF Repair v2.1 Installation, ClassName = GLBSInstall.
Pid = 1004, Hwnd=0x202ae, Text = &Next >, ClassName = Button.
Pid = 1004, Hwnd=0x202aa, Text = < &Back, ClassName = Button.
Pid = 1004, Hwnd=0x202ac, Text = Cancel, ClassName = Button.
Pid = 1004, Hwnd=0x702c0, Text = Setup will install DataNumen PDF Repair v2.1 in the following folder. To install into a different folder, click Browse, and se, ClassName = Static.
Pid = 1004, Hwnd=0x502ce, Text = Destination Folder, ClassName = Button(GroupBox).
Pid = 1004, Hwnd=0x302b6, Text = B&rowse..., ClassName = Button.
Pid = 1004, Hwnd=0x202d0, Text = C:\Program Files\DPDFR, ClassName = Static.
Pid = 1004, Hwnd=0x302b8, Text = Choose Destination Location, ClassName = GLBSWizard.
Pid = 1004, Hwnd=0x202a2, Text = DataNumen PDF Repair v2.1 Installation, ClassName = GLBSInstall.
Pid = 1004, Hwnd=0x160142, Text = &Next >, ClassName = Button.
Pid = 1004, Hwnd=0x3015a, Text = < &Back, ClassName = Button.
Pid = 1004, Hwnd=0x302b0, Text = Cancel, ClassName = Button.
Pid = 1004, Hwnd=0x402b6, Text = Enter the name of the Program Manager group to add DataNumen PDF Repair v2.1 icons to:, ClassName = Static.
Pid = 1004, Hwnd=0x602ce, Text = DataNumen PDF Repair, ClassName = ComboBox.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号