VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:8a474e236d480bfe866b23a1c7158904
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:krnln.fnr / 199e87ea6b03e907316560a58f7b51af / DLL
ShenH_TS.dll / 3065abf1804adb7385cf7e5d78d1676a / DLL
OPenGL.fne / 19071df6be40150ed112dcff17eb1e95 / DLL
eGrid.fne / f06e1ad916a238694224539ea19bb772 / DLL
eAPI.fne / 64aefef610718b294203ae2956254c01 / DLL
RegEx.fnr / a67daddcb30335163cf7d99f282f5ae0 / DLL
iext.fnr / 25f757f0757c8cff125877f5f66634b8 / DLL
MirBj_Unpacked.exe / 3db93dc19f1dacdaae5b6478aef8190b / EXE
internet.fne / 469635825be3479e2a5b42c9766dd223 / DLL
dp1.fne / 6d4b2e73f6f8ecff02f19f7e8ef9a8c7 / DLL
ExtMenu.fne / 700ebc9987d44de8ab519caaa99f2142 / DLL
spec.fne / 1518651c682109e9b9c304c9c109d777 / DLL
Data.EDT / d6a5a065027c347be240d888bc901f11 / Unknown
Mirbj.exe / 5bc5c19c6da912fff43f9b10e272d5c9 / EXE
shell.fne / d54753e7fc3ea03aec0181447969c0e8 / DLL
EThread.fne / c07d0c81806217f7f16da817e63e26e0 / DLL
shellEx.fne / eb0c8e2234654a3095ec8d87fbf1a0f8 / DLL
Data.edb / 367766d6e4e236be8e8e7bca22ab984f / Unknown
软件介绍.txt / 263d4f8fb1da5b89ffc9b83588f83001 / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010346, Text = 易编传奇脚本编辑工具V1.1 - 最终版, ClassName = Afx:10000000:b:10011:1900015:0.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:获取TickCount值
details:TickCount = 246359, SleepMilliseconds = 250.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: MirBj_Unpacked.exe, InheritedFromPID = 2000, ProcessID = 788, ThreadID = 2572, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr ---> Offset = 143360
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\iext.fnr ---> Offset = 163840
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ExtMenu.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ExtMenu.fne ---> Offset = 36864
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ExtMenu.fne ---> Offset = 86016
Network behavior
Behavior description:打开指定IE网页
details:http://ww****cn
http://ww****cn/
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IBG
Local\c:!documents and settings!administrator!ietldcache!
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Wait For Buffer Return
EventName = MSCTF.SendReceiveConection.Event.IBG.IC
EventName = MSCTF.SendReceive.Event.IBG.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Behavior description:获取TickCount值
details:TickCount = 246359, SleepMilliseconds = 250.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010346, Text = 易编传奇脚本编辑工具V1.1 - 最终版, ClassName = Afx:10000000:b:10011:1900015:0.
Behavior description:窗口信息
details:Pid = 788, Hwnd=0x1035c, Text = 欢迎使用《易编传奇脚本编辑调试工具V1.1》最终免费版!建议使用800*600分辨率调试脚本。 (1).要查看帮助 - 选中脚本命令列表中的命令即可显示相关命令。 (2).快捷输入脚本 - 双击脚本命令列表中的命令即可在编辑区中添加该命令!, ClassName = Edit.
Pid = 788, Hwnd=0x1034a, Text = 软件版本:, ClassName = msctls_statusbar32.
Pid = 788, Hwnd=0x10360, Text = 深寒软件工作室(www.zhelove.cn)出品, ClassName = Afx:ec0000:b:10011:1900015:0.
Pid = 788, Hwnd=0x1035e, Text = V1.1 - 最终版, ClassName = Afx:ec0000:b:10011:1900015:0.
Pid = 788, Hwnd=0x10346, Text = 易编传奇脚本编辑工具V1.1 - 最终版, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 788, Hwnd=0x10358, Text = 123456, ClassName = Edit.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [,Afx:10000000:b:803d5:1900015:0]
[Window,Class] = [,ListBox]
[Window,Class] = [,Afx:1050000:b:10011:110005b:0]
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\c:!documents and settings!administrator!ietldcache!
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号