VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :77
基本信息
MD5:86fd0d633985adb6d3bc6799498e5a10
文件类型:EXE
出品公司:Alexander Roshal
版本:5.60.0.0---5.60.0
壳或编译器信息:COMPILER:PE+(64)
子文件信息:WinRAR.exe / 5d9273d7be495826fa3c9c7f9ba0e44d / EXE
Rar.exe / a3af8f589a1d693fe9de72099aaee783 / EXE
RarExt.dll / 30a04453796fd369bdbce2ae43509c86 / DLL
RarExt32.dll / 529953e3d949ae27f017298fb1ca2687 / DLL
UnRAR.exe / 54c613ff0f8f1bdcd7470eff52d19ce5 / EXE
Uninstall.exe / 74f15974c5acd9cfb80152ee155b9cf4 / EXE
Default64.SFX / d266ecb1f37e485874647ef17e70cd62 / EXE
WinRAR.chm / 3485037824b9f23e9c55a67862c1510e / Chm
WinCon64.SFX / 9a804a57a0faa3cb92dd7677cde43a80 / EXE
Default.SFX / 61092afc0e6cf5570bb2120a1c4710f8 / EXE
Zip64.SFX / 9f7cf0e133ac77de73121f9a6d6b26a1 / EXE
WinCon.SFX / 480596dd4508fbefe60a77e5cd318042 / EXE
Zip.SFX / 5b0bd6e305d1eecdd392dc959f0bcce1 / EXE
7zxa.dll / ecdd19171f5aea16789257014ee5b85a / DLL
Rar.txt / 02252bba4ab0a108e1a5863cce12bb85 / Unknown
Ace32Loader.exe / e3763b3cbc04a02653481aaea8fc2e82 / EXE
UNACEV2.DLL / de02c4d04088b69e64ecc30a3d9e22e5 / DLL
WhatsNew.txt / 5bc0b0015ca2540ab71d875762c3e493 / Unknown
License.txt / 672064cf19db0b083b981cf0be7662b0 / Unknown
进程行为
行为描述:创建本地线程
详情信息:ProcessId = 1352, ThreadId = 3960.
ProcessId = 1352, ThreadId = 348.
ProcessId = 1352, ThreadId = 3304.
ProcessId = 1352, ThreadId = 3540.
ProcessId = 1352, ThreadId = 4008.
ProcessId = 1352, ThreadId = 1620.
ProcessId = 1352, ThreadId = 3792.
ProcessId = 1352, ThreadId = 1956.
ProcessId = 1352, ThreadId = 3220.
ProcessId = 1352, ThreadId = 888.
ProcessId = 1352, ThreadId = 3256.
ProcessId = 1352, ThreadId = 428.
ProcessId = 1352, ThreadId = 3388.
ProcessId = 1352, ThreadId = 544.
文件行为
行为描述:查找文件
详情信息:FileName = C:\WINDOWS\FONTS\EUDC.TTE
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\WinRAR SFX\C%%Program Files%WinRAR
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\AddToFavoritesInitialSelection
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\AddToFeedsInitialSelection
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Local\SessionImmersiveColorMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SmartScreen_AppRepSettings_Mutex
SmartScreen_ClientId_Mutex
CommunicationManager_Mutex
!IECompat!Mutex
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RichEdit20W]
[Window,Class] = [If you agree to the END USER LICENSE AGREEMENT (EULA), please click [Install]. If you do not agree, please click [Cancel].,Static]
[Window,Class] = [,Internet Explorer_Server]
行为描述:查找指定窗口
详情信息:FindWindowExW: [Class,Window] = [EDIT,]
FindWindowW: [Class,Window] = [ApplicationManager_DesktopShellWindow,]
FindWindowW: [Class,Window] = [MS_AutodialMonitor,]
FindWindowW: [Class,Window] = [MS_WebCheckMonitor,]
FindWindowExW: [Class,Window] = [OleMainThreadWndClass,]
行为描述:打开事件
详情信息:\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.1352
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\TabletHardwarePresent
行为描述:窗口信息
详情信息:Pid = 1352, Hwnd=0x1703e6, Text = Copyright © 1993-2018, ClassName = Static.
Pid = 1352, Hwnd=0xb0332, Text = by Alexander Roshal, ClassName = Static.
Pid = 1352, Hwnd=0xc0326, Text = &Destination folder, ClassName = Static.
Pid = 1352, Hwnd=0x902be, Text = C:\Program Files\WinRAR, ClassName = ComboBox.
Pid = 1352, Hwnd=0xb02fa, Text = C:\Program Files\WinRAR, ClassName = Edit.
Pid = 1352, Hwnd=0xd0298, Text = Bro&wse..., ClassName = Button.
Pid = 1352, Hwnd=0xe02e0, Text = If you agree to the END USER LICENSE AGREEMENT (EULA), please click [Install]. If you do not agree, please click [Cancel]., ClassName = Static.
Pid = 1352, Hwnd=0x2e01dc, Text = Install, ClassName = Button.
Pid = 1352, Hwnd=0x1902ce, Text = Cancel, ClassName = Button.
Pid = 1352, Hwnd=0x1a0256, Text = WinRAR 5.60, ClassName = #32770.
Pid = 1352, Hwnd=0xd0338, Text = 确定, ClassName = Button.
Pid = 1352, Hwnd=0x120290, Text = "" folder is not accessible, ClassName = Static.
Pid = 1352, Hwnd=0x180284, Text = Error, ClassName = #32770.
Pid = 1352, Hwnd=0xd02ac, Text = Extracting files to folder , ClassName = RichEdit20W.
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
行为描述:打开互斥体
详情信息:DefaultTabtip-MainUI
Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Global\Windows.Machine.OOBE
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号