VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:8a8a0d8aa60c7529753089dfd1d7d8a5
file type:EXE
Production company:
version:
Shell or compiler information:PACKER:PESpin 0.3x - 1.xx -> cyberbob
Process behavior
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
Other behavior
Behavior description:创建互斥体
details:Bandicam v2.3.3.860
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MJB
Behavior description:程序异常崩溃信息
details:EAX=0x0012FFE0, EBX=0x0041064D, ECX=0xFFFFFFFF, EDX=0x7C80441C,ESI=0x7C800000, EDI=0xFFFFFFFF, EBP=0x0000CB4E, ESP=0x0012FF9C,EIP=0x0041064A, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446485940.098586.exe Disassembly: 0x0041064A: rep scasb 0x0041064C: push 000013B9h 0x00410651: add al, ch 0x00410653: add byte ptr [eax], al 0x00410655: add byte ptr [eax], al 0x00410657: pop edi 0x00410658: sub edi, 0Ah 0x0041065B: mov esi, 004125C0h 0x00410660: rep movsb 0x00410662: sub ebx, ebx 0x00410664: jmp 0041064Dh 0x00410666: or ebp, FFFFFFFFh 0x00410669: call 0041066Eh 0x0041066E: add ebp, 00403B20h 0x00410674: pop ebx 0x00410675: xchg ebp, ebx 0x00410677: sub ebp, ebx 0x00410679: dec ebp 0x0041067A: sub eax, eax
EAX=0x00000000, EBX=0x00000000, ECX=0x00412FBF, EDX=0x0012FF94,ESI=0x00000000, EDI=0x00000000, EBP=0x0012FBEC, ESP=0x0012FBCC,EIP=0x00412FCF, ExceptionCode=0xC0000005(ACCESS_VIOLATION),ExceptionModule=C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446485940.102662.exe Disassembly: 0x00412FCF: xlatb 0x00412FD0: call 00412FE7h 0x00412FD5: jmp dword ptr [esp-04h] 0x00412FD9: dec dword ptr [ebx+2B082464h] 0x00412FDF: sal byte ptr [ebp+1Ch], cl 0x00412FE2: je 00412FE5h 0x00412FE4: jmp 0041304Ah 0x00412FE6: pop dword ptr [edx] 0x00412FE8: pop edx 0x00412FE9: and edx, 31343130h 0x00412FEF: popfd 0x00412FF0: pop ebp 0x00412FF1: call 00412FF7h
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceiveConection.Event.MJB.IC
EventName = MSCTF.SendReceive.Event.MJB.IC
Behavior description:窗口信息
details:Pid = 1400, Hwnd=0x202a6, Text = Registration info:, ClassName = Button(GroupBox).
Pid = 1400, Hwnd=0x202cc, Text = Sorry, Bandicam must be installed first!, ClassName = Button.
Pid = 1400, Hwnd=0x202b2, Text = Email Address:, ClassName = Static.
Pid = 1400, Hwnd=0x202a2, Text = Bandicam v2.3.3.860, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号