VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:8b4387cea749075569468ca7ae916d56
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Armadillo 1.82 - 1.83 beta1-> Silicon Realms Toolworks [Overlay]
Subfile information:ALI213.txt / 0407bb3560e17c4579534e5d490ad314 / Unknown
Config.cfg / 470fa5829f1a0b8e7d60cd7278e683b1 / Unknown
Grandia2.exe / a9b7047c9ae937a46bd3876c554c9556 / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
c:.documents and settings.administrator.local settings.temp.eb93a6.996e.exe_7zdump.grandia2nocd.update.grandia2.exe
MSCTF.MarshalInterface.FileMap.ILB..LMKHH
Behavior description:跨进程写入数据
details:TargetProcess = grandia2.TMP0, WriteAddress = 0x00401000, Size = 65014
TargetProcess = grandia2.TMP0, WriteAddress = 0x00410df6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x00420bf6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004309f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004407f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004505f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004603f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004701f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x0047fff6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x0048fdf6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x0049fbf6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004af9f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004bf7f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004cf5f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004df3f6, Size = 65024
Behavior description:跨进程写代码段数据
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.318046.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x00410DF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.325108.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x00420BF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.332161.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004309F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.339266.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004407F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.346457.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004505F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.353674.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004603F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.360778.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004701F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.367930.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x0047FFF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.374944.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x0048FDF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.381978.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x0049FBF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.389002.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004AF9F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.396023.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004BF7F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.403047.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004CF5F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.410072.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004DF3F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.417093.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004EF1F6, EntryPoint = 0x0041D0DD
Behavior description:设置线程上下文
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.713886.exe_7zdump\Grandia2nocd\update\grandia2.TMP0
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\DINPUT.dll
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = grandia2.TMP0, WriteAddress = 0x00401000, Size = 65014
TargetProcess = grandia2.TMP0, WriteAddress = 0x00410df6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x00420bf6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004309f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004407f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004505f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004603f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004701f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x0047fff6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x0048fdf6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x0049fbf6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004af9f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004bf7f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004cf5f6, Size = 65024
TargetProcess = grandia2.TMP0, WriteAddress = 0x004df3f6, Size = 65024
Behavior description:创建新文件进程
details:ImagePath = c:\documents and settings\administrator\local settings\%temp%\1440816393.259277.exe_7zdump\grandia2nocd\update\grandia2.TMP0, CmdLine = "c:\documents and settings\administrator\local settings\%temp%\1440816393.259277.exe_7zdump\grandia2nocd\update\grandia2.exe"
Behavior description:设置线程上下文
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.713886.exe_7zdump\Grandia2nocd\update\grandia2.TMP0
Behavior description:枚举进程
details:N/A
Behavior description:跨进程写代码段数据
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.318046.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x00410DF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.325108.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x00420BF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.332161.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004309F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.339266.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004407F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.346457.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004505F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.353674.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004603F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.360778.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004701F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.367930.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x0047FFF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.374944.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x0048FDF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.381978.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x0049FBF6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.389002.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004AF9F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.396023.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004BF7F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.403047.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004CF5F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.410072.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004DF3F6, EntryPoint = 0x0041D0DD
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.417093.exe_7zdump\Grandia2nocd\update\grandia2.TMP0, WriteAddress = 0x004EF1F6, EntryPoint = 0x0041D0DD
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
c:.documents and settings.administrator.local settings.temp.eb93a6.996e.exe_7zdump.grandia2nocd.update.grandia2.exe
MSCTF.MarshalInterface.FileMap.ILB..LMKHH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Arm4.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.255775.exe_7zdump\Grandia2nocd\update\grandia2.TMP0
Behavior description:查找文件
details:FileName = c:\documents and settings\administrator\local settings\%temp%\1440816393.727633.exe_7zdump\grandia2nocd\update\ARM*.TMP
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ARM*.TMP
FileName = C:\WINDOWS\*
FileName = C:\*
FileName = c:\documents and settings\administrator\local settings\%temp%\1440816393.741365.exe_7zdump\grandia2nocd\update\Simulate.CD
FileName = c:\documents and settings\administrator\local settings\%temp%\1440816393.744846.exe_7zdump\grandia2nocd\update\grandia2.TMP0
FileName = c:\documents and settings\administrator\local settings\temp
FileName = c:\documents and settings\administrator\local settings\%temp%
FileName = c:\documents and settings\administrator\local settings\%temp%\1440816393.755239.exe_7zdump\grandia2nocd\update
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1440816393.765613.exe_7zdump\Grandia2nocd\update
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{665C94CF-F293-11D1-B2E4-0060975B8649}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\The Silicon Realms Toolworks\Armadillo\{3BE69020E11FA404}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 1860, Hwnd=0x202b4, Text = Grandia2, ClassName = Grandia2.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DirectSound DllMain mutex (0x00000744)
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
DirectSound Administrator shared thread array (lock)
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\DINPUT.dll
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号