VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:928427d227a4e6dced6478abd93e2a4b
file type:EXE
Production company:MyDrivers
version:9.20.0.0---9.20
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:DPInst32.exe / 3f442906b29b552f1c9fec1e221d90b7 / EXE
iaiogpiovirtual.cat / 2bc97d40db1db9fd315947b0660138ae / Unknown
iaiogpiovirtual.inf / 9ecb3172506a00c155c928d6f6c93744 / Unknown
iaiogpiovirtual.sys / 148b5ade03272086b6936e219d4536f3 / SYS
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2792, ThreadID = 2804, StartAddress = 77C0A341, Parameter = 003F45B0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2792, ThreadID = 2808, StartAddress = 77C0A341, Parameter = 003F45B0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2792, ThreadID = 2812, StartAddress = 77C0A341, Parameter = 003F4B30
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2792, ThreadID = 2816, StartAddress = 77C0A341, Parameter = 003F45B0
TargetProcess: DPInst32.exe, InheritedFromPID = 2792, ProcessID = 2844, ThreadID = 3028, StartAddress = 010188B4, Parameter = 010646D8
TargetProcess: DPInst32.exe, InheritedFromPID = 2792, ProcessID = 2844, ThreadID = 3032, StartAddress = 765E964D, Parameter = 001018B0
Behavior description:创建新文件进程
details:[0x00000b1c]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DPInst32.exe, CmdLine = .\DPInst32.exe
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.cat
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.inf
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.sys
C:\WINDOWS\DPINST.LOG
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.sys
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.cat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.inf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.sys ---> Offset = 0
C:\WINDOWS\DPINST.LOG ---> Offset = 0
C:\WINDOWS\DPINST.LOG ---> Offset = 2
C:\WINDOWS\DPINST.LOG ---> Offset = 102
C:\WINDOWS\DPINST.LOG ---> Offset = 160
C:\WINDOWS\DPINST.LOG ---> Offset = 228
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\iaiogpiovirtual.cat
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\iaiogpiovirtual.inf
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\DPInst32.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\iaiogpiovirtual.sys
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\*.*
FileName = c:\docume~1\admini~1\locals~1\temp\7zs3.tmp\iaiogpiovirtual.inf
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS3.tmp\*
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Global\DPINST_LOG_SCROLLER_MUTEX
MSCTF.Shared.MUTEX.ACL
Behavior description:隐藏指定窗口
details:[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,Static]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [,#32770]
[Window,Class] = [下一步(&N) >,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
Global\PnP_No_Pending_Install_Events
Behavior description:窗口信息
details:Pid = 2844, Hwnd=0x1035e, Text = 欢迎使用设备驱动程序安装向导!, ClassName = Static.
Pid = 2844, Hwnd=0x10360, Text = 此向导帮助您安装软件驱动程序。没有这些驱动程序,有些计算机设备无法运行。, ClassName = Static.
Pid = 2844, Hwnd=0x10362, Text = 要继续,请单击“下一步”。, ClassName = Static.
Pid = 2844, Hwnd=0x1034c, Text = < 上一步(&B), ClassName = Button.
Pid = 2844, Hwnd=0x1034e, Text = 下一步(&N) >, ClassName = Button.
Pid = 2844, Hwnd=0x10350, Text = 完成, ClassName = Button.
Pid = 2844, Hwnd=0x10352, Text = 取消, ClassName = Button.
Pid = 2844, Hwnd=0x10354, Text = 帮助, ClassName = Button.
Pid = 2844, Hwnd=0x30340, Text = 设备驱动程序安装向导, ClassName = #32770.
Pid = 2844, Hwnd=0x10386, Text = DPInst, ClassName = #32770.
Pid = 2844, Hwnd=0x10388, Text = 无法完成设备驱动程序安装向导, ClassName = Static.
Pid = 2844, Hwnd=0x1038a, Text = 安装设备的软件时发生错误。有关详细信息,请参阅状态栏。 有时候,再次运行此向导会成功。如果无法运行,请与设备的供应商联系。, ClassName = Static.
Pid = 2844, Hwnd=0x10380, Text = Animate1, ClassName = SysAnimate32.
Pid = 2844, Hwnd=0x10382, Text = 驱动程序正在安装,请等待。这可能需要一段时间才能完成。, ClassName = Static.
Pid = 2844, Hwnd=0x30368, Text = 要继续,请接受以下许可协议。 要阅读全部协议,请使用滚动条或按 Page Down 键。, ClassName = Static.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.sys(签名验证: 未通过)
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceiveConection.Event.ACL.IC
EventName = MSCTF.SendReceive.Event.ACL.IC
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\DPInst32.exe ---> 3f442906b29b552f1c9fec1e221d90b7
C:\Documents and Settings\Administrator\Local Settings\Temp\7zS3.tmp\iaiogpiovirtual.sys ---> 148b5ade03272086b6936e219d4536f3
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号