VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:9570fbacaa5edcf77286135c20510431
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:background.png / cbaab4f3e0d84c9d8b7c6fc0e6446ccf / Unknown
wxapp.php / 160195a22503291be5b31a96eaf5c91c / Unknown
sweetalert2.min.js / bc66e48e2fcd220a6cefce1754b7e1ec / Unknown
icon.jpg / f1838f796dfd1ac2667ada67aba147ec / Unknown
setting.html / 0784ab54ee605418ccf046d09894e14d / Unknown
sweetalert2.min.css / efe8b367650896225a019bb0ea417b4e / Unknown
site.php / bba103268f76384dae1a144c333615e3 / Unknown
car_edit.html / f89dc10efa778c793dafc333a832412a / Unknown
car.html / de851ec8b20e94e2950badf5fd74d046 / Unknown
swiper.html / 79183f8b0367637a79cebeae53f8e4f7 / Unknown
category.html / 797b3358f039a54e446a4d5b439a9af7 / Unknown
user.html / 655376d456453c140adcecb3b4554419 / Unknown
message.html / 9fc8c6e59b23b727d7d8442d8a64b6be / Unknown
support.html / bcdaf76ae78d9525bcf6d067f08e3e7e / Unknown
install.php / e35aa3cf2aed8a024c057ef4eadafbcf / Unknown
wxapp.html / 3fe4006d38522f4a2391c881130c0751 / Unknown
wxapp_edit.html / 323b68250a931cfff09aebb14ef61401 / Unknown
swiper_edit.html / 616f431bdeff8da0525efa3b105816f8 / Unknown
order.html / a5ad0e632a5d1862b1a97be1bc4a741b / Unknown
Process behavior
Behavior description:创建本地线程
details:TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 2940, ThreadID = 2952, StartAddress = 01002FD4, Parameter = 008E44E0
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 2940, ThreadID = 2956, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 2940, ThreadID = 2984, StartAddress = 765E964D, Parameter = 001C4EF8
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 2940, ThreadID = 2988, StartAddress = 77E56C7D, Parameter = 001BF128
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 2940, ThreadID = 2992, StartAddress = 769AE43B, Parameter = 001A8528
File behavior
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:MSFT.VSA.COM.DISABLE.2940
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2940, Hwnd=0x1034a, Text = 确定, ClassName = Button.
Pid = 2940, Hwnd=0x1034e, Text = 脚本: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\baobiao_hyhw\resources\sweetalert2.min.js 行: 1 字符: 11289 错误: "document" 未定义 代码: 800A1391 源: Microsoft JScript 运行时错误 , ClassName = Static.
Pid = 2940, Hwnd=0x20346, Text = Windows Script Host, ClassName = #32770.
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号