VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:8c1cb52496e7dd5a42dd47e7166d2c21
file type:Nsis
Production company:XOSLAB.COM
version:1.4.0.57---1.4.0.57
Shell or compiler information:
Subfile information:FileLocker.exe / 58d26fb3526d52cafad13281ffcf82d2 / EXE
FileLocker.exedumpFile / 58d26fb3526d52cafad13281ffcf82d2 / EXE
SetupHelper.dlldumpFile / 6eec07fb775eb393f9ec77a64f3c5cd2 / DLL
SetupHelper.dll / 6eec07fb775eb393f9ec77a64f3c5cd2 / DLL
modern-wizard.bmpdumpFile / 9e4cd80a60db6947642677bf31a10906 / Unknown
modern-wizard.bmp / 9e4cd80a60db6947642677bf31a10906 / Unknown
xlkfs.dlldumpFile / 495186808d5098c391a892d1ca07a1eb / DLL
xlkfs.dll / 495186808d5098c391a892d1ca07a1eb / DLL
xlkfs.sysdumpFile / 96edb650cdef62982626d62971899d82 / SYS
xlkfs.sys / 96edb650cdef62982626d62971899d82 / SYS
InstallOptions.dlldumpFile / 325b008aec81e5aaa57096f05d4212b5 / DLL
InstallOptions.dll / 325b008aec81e5aaa57096f05d4212b5 / DLL
[NSIS].nsidumpFile / 858c38fbd36022dbe3b3bc7db6b8961b / Unknown
System.dlldumpFile / c17103ae9072a06da581dec998343fc1 / DLL
System.dll / c17103ae9072a06da581dec998343fc1 / DLL
[NSIS].nsi / 121ebb0eace88d92297449006bbf2498 / Unknown
StartMenu.dlldumpFile / a4173b381625f9f12aadb4e1cdaefdb8 / DLL
StartMenu.dll / a4173b381625f9f12aadb4e1cdaefdb8 / DLL
nsExec.dlldumpFile / acc2b699edfea5bf5aae45aba3a41e96 / DLL
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 332
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 387
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 395
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 407
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 356
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 732
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
Other behavior
Behavior description:窗口信息
details:Pid = 1856, Hwnd=0xb01de, Text = &Next >, ClassName = Button.
Pid = 1856, Hwnd=0xc01d6, Text = Cancel, ClassName = Button.
Pid = 1856, Hwnd=0xb01b0, Text = , ClassName = Static.
Pid = 1856, Hwnd=0xa018c, Text = , ClassName = Static.
Pid = 1856, Hwnd=0xb0170, Text = Welcome to the Easy File Locker 1.4 Setup Wizard, ClassName = Static.
Pid = 1856, Hwnd=0xb01ce, Text = This wizard will guide you through the installation of Easy File Locker 1.4. It is recommended that you close all other applic, ClassName = Static.
Pid = 1856, Hwnd=0xd0180, Text = Easy File Locker 1.4 Setup, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-wizard.bmp
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号