VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:86
Behavior list
Basic Information
MD5:841a74e8dd5929a634ef7488f922fd9b
file type:7z
Production company:Oleg N. Scherbakov
version:1.3.0.1501---1, 3, 0, 1501
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:win$man.exe / c8b352a891af4d0262478c86e4ec14ad / Autoit
AutoITdumpFile / 09f00de4da52d4375aed1932d125b8cc / Unknown
imagex.exe / e0ad0c49291d7f63edefcef137e91d4f / EXE
upx30_8a3d582ddumpFile / f71a2038693efaf4c609780f6cd94652 / EXE
upx30_af267307dumpFile / eb92c59d7e93cc2460ae640b48f798dd / EXE
bcdboot.exe / 6ffddb61095a35b7fb9eec5c935e684b / EXE
upx_c_41d9c39cdumpFile / 5478891e28591f0b4db479283fcd24b6 / EXE
UsbBootWatcherx86.exe / 28e608ea16899c89520d3c6552bef174 / EXE
UsbBootWatcherx64.exe / 7b1d27d1ea4da6f2f489c151fac41590 / EXE
BOOTICE.EXE / eee81a86a4b2e0593f4c60fe85db803e / EXE
bootsect.exe / 9594bc046765df20f4ac8ded4d1dd5d8 / EXE
MSSTMake.exe / 6d6885816a9827d71fe0053a30f22a1f / EXE
0905dumpFile / aec39158d55b6a56d80aa289af0562f2 / EXE
UsbBootWatcher.conf / 2196eb39fb7c0aafa25269cde7a99102 / Unknown
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [,ComboLBox]
[Window,Class] = [上一步,Button]
[Window,Class] = [请指定目标分区及启动分区:,Static]
[Window,Class] = [系统安装到,Static]
[Window,Class] = [引导分区为,Static]
[Window,Class] = [,Static]
[Window,Class] = [磁盘信息,Button]
[Window,Class] = [,SysListView32]
[Window,Class] = [将系统安装到这个分区上,Button]
[Window,Class] = [将此分区作为引导分区,Button]
[Window,Class] = [驱动部分处理及安装:,Static]
[Window,Class] = [磁盘控制器驱动部分,Button]
[Window,Class] = [从当前系统提取磁盘控制器驱动*,Button]
[Window,Class] = [磁盘控制器驱动获取来源,Static]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\win$man.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\win$man.exe"
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.EJM..MBCGF
MSCTF.MarshalInterface.FileMap.EJM.B.MBCGF
MSCTF.MarshalInterface.FileMap.EJM.C.MBCGF
MSCTF.MarshalInterface.FileMap.EJM.D.MBCGF
MSCTF.MarshalInterface.FileMap.EJM.E.MBCGF
MSCTF.MarshalInterface.FileMap.EJM.F.MBCGF
MSCTF.MarshalInterface.FileMap.EJM.G.MCCGF
MSCTF.Shared.SFM.EJM
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\bcdboot.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\BOOTICE.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\bootsect.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\imagex.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\MSSTMake.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\USBBoot\UsbBootWatcherx64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\USBBoot\UsbBootWatcherx86.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\win$man.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\tools\USBBoot\UsbBootWatcher.conf---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\win$man.exe
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EJM
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [,ComboLBox]
[Window,Class] = [上一步,Button]
[Window,Class] = [请指定目标分区及启动分区:,Static]
[Window,Class] = [系统安装到,Static]
[Window,Class] = [引导分区为,Static]
[Window,Class] = [,Static]
[Window,Class] = [磁盘信息,Button]
[Window,Class] = [,SysListView32]
[Window,Class] = [将系统安装到这个分区上,Button]
[Window,Class] = [将此分区作为引导分区,Button]
[Window,Class] = [驱动部分处理及安装:,Static]
[Window,Class] = [磁盘控制器驱动部分,Button]
[Window,Class] = [从当前系统提取磁盘控制器驱动*,Button]
[Window,Class] = [磁盘控制器驱动获取来源,Static]
Behavior description:窗口信息
details:Pid = 3216, Hwnd=0x10356, Text = 下一步, ClassName = Button.
Pid = 3216, Hwnd=0x10358, Text = 上一步, ClassName = Button.
Pid = 3216, Hwnd=0x1035a, Text = Win$Man是32/64位Win2000/XP/2003/Vista/2008/2008 R2/7的安装辅助工具,能帮助您轻松安装系统拥有MS安装程序所没有的功能。 让您无须为系统, ClassName = Static.
Pid = 3216, Hwnd=0x1035c, Text = 请选择您要安装的系统类型:, ClassName = Static.
Pid = 3216, Hwnd=0x1035e, Text = Windows 2000/XP/2003, ClassName = Button(RadioButton).
Pid = 3216, Hwnd=0x10360, Text = Windows Vista/2008/2008 R2/7, ClassName = Button(RadioButton).
Pid = 3216, Hwnd=0x10362, Text = 请指定安装源:, ClassName = Static.
Pid = 3216, Hwnd=0x10366, Text = 浏览, ClassName = Button.
Pid = 3216, Hwnd=0x10368, Text = 安装源的系统版本:, ClassName = Static.
Pid = 3216, Hwnd=0x1036c, Text = 请指定安装源:, ClassName = Static.
Pid = 3216, Hwnd=0x10370, Text = 浏览, ClassName = Button.
Pid = 3216, Hwnd=0x10372, Text = 下一步, ClassName = Button.
Pid = 3216, Hwnd=0x10374, Text = 请选择映像名, ClassName = Static.
Pid = 3216, Hwnd=0x1037a, Text = 请指定目标分区及启动分区:, ClassName = Static.
Pid = 3216, Hwnd=0x1037c, Text = 磁盘信息, ClassName = Button(GroupBox).
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号