VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:8c1353920b9b1a218005fc63db5691a6
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:upx30_af10856bdumpFile / 4fdcbba267cd3b329f45dd00b27ccf61 / EXE
OpenDNSCrypt.msi / 7ddadd495ca67270cc089e420ce3d6a4 / Compound
_4DF31E145057BEB58D1826D824220385dumpFile / e4a00adb88f17c101b4225285004f2a1 / Cab
_A2849D545BF94833BCCF48D262570C6BdumpFile / 51dd141ea59dcb6621f827e5ab30d3b0 / EXE
setup.exe / 4bbf9efa874f793361c16d7cee63bee9 / EXE
_FED34AA14AFBB151CB1EBFF2C29F2C0CdumpFile / 996047633a94d54149c0968185673ab9 / DLL
Binary.MSVBDPCADLLdumpFile / 0a2626fc9e4e0ca18386c029e9efffd9 / DLL
Binary.DefBannerBitmapdumpFile / 38617ddf5e07791c6db90f7f5b5a4218 / Unknown
_989BD4E2100BEEB36F90C47DEFDFC491dumpFile / 276556c35d43d8ccd70af42f4df24d96 / EXE
Binary.InstallUtildumpFile / 238c8c723b1e5952935982cd7e7dcd2c / DLL
!_StringDatadumpFile / f1f006e1bb353aaa3ccb787a589ee06f / Unknown
_FA7B2C403E22C39737EBB4C43E09878BdumpFile / 34a8e2f7295f56dac56b0f8edef1ef45 / DLL
_3E0BB26D28D9D0B7A7C4911C8A6DD149dumpFile / 6f865de0687b6ec045f78ce9656d3626 / EXE
Binary.VSDNETCFGdumpFile / 54fffd46f4fd07d1369fad64ce89812f / Unknown
!_ValidationdumpFile / 0f02d51661bff5fedca7c69d1609fb02 / Unknown
!ControldumpFile / e3ceac0e765637e4f1745624534bcfb9 / Unknown
!_StringPooldumpFile / 4be07cdac847ae82d9ed3d4e6981248f / Unknown
_35C7D372345F4625852D71991B7FE19CdumpFile / 7c98352bab259fb455833b71128d069b / Unknown
Icon._7245386387960A1D7D5229.exedumpFile / 609fa4be9f124ce1246cd859a0d21f4e / Unknown
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Meter]
[Window,Class] = [,Static]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [DNSCrypt Setup,#32770]
[Window,Class] = [Windows Installer,#32770]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = "C:\WINDOWS\system32\msiexec.exe" -I "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE0.TMP\DNSCrypt\OpenDNSCrypt.msi"
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE0.TMP\DNSCrypt\setup.exe, CmdLine = ".\DNSCrypt\setup.exe"
File behavior
Behavior description:写权限映射文件
details:DfSharedHeapBE775
Local\UrlZonesSM_Administrator
DfSharedHeapBF457
DfRoot0000BF457
DfSharedHeapBF676
DfRoot0000BF676
DfSharedHeapBF76D
DfRoot0000BF76D
DfSharedHeapBF7A7
DfRoot0000BF7A7
DfSharedHeapBF7BA
DfRoot0000BF7BA
DfSharedHeapBF830
DfRoot0000BF830
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE0.TMP\DNSCrypt\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI6.tmp
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE0.TMP\DNSCrypt\OpenDNSCrypt.msi---> Offset = 86016
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE0.TMP\DNSCrypt\README.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\14926b.msi---> Offset = 69440
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CFG5.tmp---> Offset = 90
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\msiexec.exe
Other behavior
Behavior description:窗口信息
details:Pid = 2224, Hwnd=0xd01f6, Text = &Next >, ClassName = Button.
Pid = 2224, Hwnd=0xb0200, Text = Cancel, ClassName = Button.
Pid = 2224, Hwnd=0xc01a6, Text = < &Back, ClassName = Button.
Pid = 2224, Hwnd=0xd01c4, Text = DefBannerBitmap, ClassName = Static.
Pid = 2224, Hwnd=0xc017a, Text = MsiHorizontalLine, ClassName = Static.
Pid = 2224, Hwnd=0xb015e, Text = MsiHorizontalLine, ClassName = Static.
Pid = 2224, Hwnd=0xd038e, Text = WARNING: This computer program is protected by copyright law and international treaties. Unauthorized duplication or distribution, ClassName = Static.
Pid = 2224, Hwnd=0xb0332, Text = Welcome to the DNSCrypt Setup Wizard, ClassName = Static.
Pid = 2224, Hwnd=0x9035c, Text = The installer will guide you through the steps required to install DNSCrypt on your computer., ClassName = Static.
Pid = 2224, Hwnd=0xc01f0, Text = DNSCrypt, ClassName = MsiDialogCloseClass.
Pid = 876, Hwnd=0xb01de, Text = &Setup, ClassName = Button.
Pid = 876, Hwnd=0xc01d6, Text = Cancel, ClassName = Button.
Pid = 876, Hwnd=0xd01c8, Text = &About, ClassName = Button.
Pid = 876, Hwnd=0xc01c2, Text = Installing DNSCrypt version 0.0.6 in another window. Please return to the main DNSCrypt install window. , ClassName = Static.
Pid = 876, Hwnd=0xd0180, Text = WinZip Self-Extractor - sample.exe, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Meter]
[Window,Class] = [,Static]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [DNSCrypt Setup,#32770]
[Window,Class] = [Windows Installer,#32770]
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号