VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:972630eccc0ecdd296b5480089bd110b
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:PE+(64)
Subfile information:keymap.txt / 5298a6ffff4d8789245b6781b7843038 / Unknown
UniKeyNT.exe / 735439cf5e6fd89bf9c6209d0786884c / EXE
Key behavior
Behavior description:设置消息钩子
details:C:\Users\Administrator\AppData\Local\%temp%\****.exe_7zdump\UniKeyNT.exe, idHook = 0x0000000d
C:\Users\Administrator\AppData\Local\%temp%\****.exe_7zdump\UniKeyNT.exe, idHook = 0x0000000e
Process behavior
Behavior description:创建本地线程
details:ProcessId = 236, ThreadId = 3272.
ProcessId = 236, ThreadId = 1620.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnikeyNT.lnk
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnikeyNT.lnk ---> Offset = 0
Behavior description:查找文件
details:FileName = \\?\C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1170589654-2814428265-349930785-500\a18ca4003deb042bbee7a40f15e1970b_*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.exe_7zdump\UniKeyNT.exe
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Local\SessionImmersiveColorMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [UniKey 4.1,UniKey MainWnd]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
[Window,Class] = [Cho phép gõ tự do,Button]
[Window,Class] = [Đặt dấu oà, uý (thay vì òa, úy),Button]
[Window,Class] = [Luôn sử dụng clipboard cho unicode,Button]
[Window,Class] = [Bật kiểm tra chính tả,Button]
[Window,Class] = [Tự động khôi phục phím với từ sai,Button]
[Window,Class] = [Cho phép gõ tắt,Button]
[Window,Class] = [Cho phép gõ tắt cả khi tắt tiếng Việt,Button]
[Window,Class] = [Bảng gõ tắt...,Button]
[Window,Class] = [Bật hội thoại này khi khởi động,Button]
[Window,Class] = [Khởi động cùng Windows,Button]
[Window,Class] = [Vietnamese interface,Button]
[Window,Class] = [Tùy chọn khác,Button]
Behavior description:查找指定窗口
details:FindWindowW: [Class,Window] = [UniKey MainWnd,]
FindWindowW: [Class,Window] = [Shell_TrayWnd,]
FindWindowExW: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 236, Hwnd=0xc004a, Text = Unicode, ClassName = ComboBox.
Pid = 236, Hwnd=0x602c0, Text = Telex, ClassName = ComboBox.
Pid = 236, Hwnd=0x502d4, Text = ..., ClassName = Button.
Pid = 236, Hwnd=0x802e0, Text = CTRL + SHIFT, ClassName = Button(RadioButton).
Pid = 236, Hwnd=0x120060, Text = ALT + Z, ClassName = Button(RadioButton).
Pid = 236, Hwnd=0x110248, Text = Đóng, ClassName = Button.
Pid = 236, Hwnd=0x702de, Text = Kết thúc, ClassName = Button.
Pid = 236, Hwnd=0x602b6, Text = Mở rộng, ClassName = Button.
Pid = 236, Hwnd=0xe016c, Text = Cho phép gõ tự do, ClassName = Button(CheckBox).
Pid = 236, Hwnd=0x602b8, Text = Đặt dấu oà, uý (thay vì òa, úy), ClassName = Button(CheckBox).
Pid = 236, Hwnd=0x70326, Text = Luôn sử dụng clipboard cho unicode, ClassName = Button(CheckBox).
Pid = 236, Hwnd=0x502be, Text = Bật kiểm tra chính tả, ClassName = Button(CheckBox).
Pid = 236, Hwnd=0x702fa, Text = Tự động khôi phục phím với từ sai, ClassName = Button(CheckBox).
Pid = 236, Hwnd=0xb0250, Text = Cho phép gõ tắt, ClassName = Button(CheckBox).
Pid = 236, Hwnd=0xd024c, Text = Cho phép gõ tắt cả khi tắt tiếng Việt, ClassName = Button(CheckBox).
Behavior description:打开事件
details:\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\KernelObjects\MaximumCommitCondition
Behavior description:打开互斥体
details:Local\ShimViewer
Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号