VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:86
Behavior list
Basic Information
MD5:8e85d8221c4b0ffbc53dd46e5d042db3
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:Orca.Msi / 710ae2be53e11f3d5c5f8cfccce76a3a / Compound
orca.cabdumpFile / dd556fca1852de17cba06521e28fdf46 / Cab
Binary.bannrbmpdumpFile / 66fa78be0ee19183677cfe5ae0f61392 / Unknown
Binary.dlgbmpdumpFile / 145e2848027145f216b468d9f1acd303 / Unknown
!_StringDatadumpFile / 8eddeb45d4da747c57cc86fbfaefeb35 / Unknown
!_ValidationdumpFile / aab8dbd7c7f04cbea4d60c01da0934c9 / Unknown
!ControldumpFile / 466693d1614a920dcedd295d60fa1760 / Unknown
!_StringPooldumpFile / 3178f40bf37a787b8ec7fe956d8c27cb / Unknown
Icon.orca_icon.exedumpFile / 12112e18aa8abcbb4496d2acb5cce5df / DLL
Binary.custicondumpFile / 3eaebdade778394f06b29659c9c01ed7 / Unknown
Binary.completidumpFile / 45b0e074f96a859adae198187ab9fa11 / Unknown
Binary.insticondumpFile / 66c842af0b4fc1c918f531d2e1087b82 / Unknown
Binary.repairicdumpFile / d234ca0358b21bdcfc5e3f9b2e7c7a22 / Unknown
Binary.removicodumpFile / 20d25e871a244b94574c47726de745d6 / Unknown
!_ColumnsdumpFile / ade27b2e3cb5b209236d216f97370589 / Unknown
!ControlEventdumpFile / 5424ed0b519710cefc11ae6134989d7a / Unknown
Binary.infodumpFile / 554ff4c199562515d758c9abff5c2943 / Unknown
Binary.exclamicdumpFile / 3dba38e7a6085876e79f162f9985618c / Unknown
!ErrordumpFile / 367cee65bfc1b47458c9ae1c73281bd3 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MGD..AECHH
MSCTF.MarshalInterface.FileMap.MGD.B.AECHH
MSCTF.MarshalInterface.FileMap.MGD.C.AECHH
MSCTF.MarshalInterface.FileMap.MGD.D.AECHH
MSCTF.MarshalInterface.FileMap.MGD.E.AECHH
MSCTF.MarshalInterface.FileMap.MGD.F.PFCHH
DfSharedHeap3D4D3F
DfRoot0003D4D3F
MSCTF.MarshalInterface.FileMap.MGD.G.PFCHH
DfSharedHeap3D4FDA
DfRoot0003D4FDA
MSCTF.Shared.SFM.MGD
MSCTF.MarshalInterface.FileMap.MGD.H.KHJLH
MSCTF.MarshalInterface.FileMap.MGD.I.KHJLH
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [Orca Setup,MsiDialogCloseClass]
[Window,Class] = [Orca License Agreement,MsiDialogCloseClass]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MGD..AECHH
MSCTF.MarshalInterface.FileMap.MGD.B.AECHH
MSCTF.MarshalInterface.FileMap.MGD.C.AECHH
MSCTF.MarshalInterface.FileMap.MGD.D.AECHH
MSCTF.MarshalInterface.FileMap.MGD.E.AECHH
MSCTF.MarshalInterface.FileMap.MGD.F.PFCHH
DfSharedHeap3D4D3F
DfRoot0003D4D3F
MSCTF.MarshalInterface.FileMap.MGD.G.PFCHH
DfSharedHeap3D4FDA
DfRoot0003D4FDA
MSCTF.Shared.SFM.MGD
MSCTF.MarshalInterface.FileMap.MGD.H.KHJLH
MSCTF.MarshalInterface.FileMap.MGD.I.KHJLH
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\772fb.msi---> Offset = 119392
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1444968494.058551.exe_7zdump\Orca.msi
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
Other behavior
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MGD
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [Orca Setup,MsiDialogCloseClass]
[Window,Class] = [Orca License Agreement,MsiDialogCloseClass]
Behavior description:窗口信息
details:Pid = 156, Hwnd=0x102e0, Text = &Next >, ClassName = Button.
Pid = 156, Hwnd=0x302b6, Text = Cancel, ClassName = Button.
Pid = 156, Hwnd=0x202d0, Text = dlgbmp, ClassName = Static.
Pid = 156, Hwnd=0x202d2, Text = < &Back, ClassName = Button.
Pid = 156, Hwnd=0x702c0, Text = The Setup Wizard will install Orca on your computer. Click Next to continue or Cancel to exit the Setup Wizard., ClassName = Static.
Pid = 156, Hwnd=0x502ce, Text = Welcome to the Orca Setup Wizard, ClassName = Static.
Pid = 156, Hwnd=0x202ac, Text = Orca Setup, ClassName = MsiDialogCloseClass.
Pid = 156, Hwnd=0x102e6, Text = I &accept the terms in the License Agreement, ClassName = Button(RadioButton).
Pid = 156, Hwnd=0x102e8, Text = I &do not accept the terms in the License Agreement, ClassName = Button(RadioButton).
Pid = 156, Hwnd=0x402da, Text = < &Back, ClassName = Button.
Pid = 156, Hwnd=0x302ca, Text = &Next >, ClassName = Button.
Pid = 156, Hwnd=0x402b8, Text = Cancel, ClassName = Button.
Pid = 156, Hwnd=0x302b0, Text = bannrbmp, ClassName = Static.
Pid = 156, Hwnd=0x302c4, Text = 1. SUMMARY. You may install Orca on a single computer. If you are the primary user of that computer, you may also install a sec, ClassName = RichEdit20W.
Pid = 156, Hwnd=0x602d8, Text = Please read the following license agreement carefully, ClassName = Static.
Behavior description:获取系统权限
details:SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号