VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:86
Behavior list
Basic Information
MD5:9b3983fde9d79cc4a935502841d4f9ed
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:HEU_KMS_Activator_CH_v7.5.exe / baeacf40f2521599ecde1efe03ebab76 / Autoit
KMSmini.7z / d2471a59ad3b3bd8d080bd83aee42999 / 7z
HEU_KMS_Activator_CH_v7.5.exedumpFile / baeacf40f2521599ecde1efe03ebab76 / Autoit
autoact.exedumpFile / e844515dee76f3be9bb88fcab1cb9d3c / Autoit
kms.exedumpFile / d967207ed480e97d40d21b10c500545d / Autoit
7Z.EXE / 29849e01bded09e70dd9ae1998437262 / EXE
Licenses.sl.PKEYCONFIG.SIGNED.xrm-msdumpFile / 22bb6d79ac6f5a39f95252e934fd6af9 / Unknown
KMSServer.exedumpFile / 36fa8a138eadeee1ccdd26e15a65ed27 / EXE
HEU_KMS_Service.exedumpFile / 63972068cfffa045dd8bec7776fb8fc4 / EXE
HEU_KMS_Activator_v7.5说明文档.docdumpFile / 4cb136a1fd797e4fa9eaa3725898883f / Compound
HEU_KMS_Activator_v7.5说明文档.doc / 4cb136a1fd797e4fa9eaa3725898883f / Compound
Data / efbb5cf466920fedefda2472a2bbfae5 / Unknown
PortQry.exedumpFile / c6ac67f4076ca431acc575912c194245 / EXE
devcon.exedumpFile / 7f0c8f7b6f6d22ecd83013f2f26a71ae / EXE
devcon.exedumpFile / f7fd24970339e328b3f2fc7a5c2a19b9 / EXE
ICO_211.icodumpFile / e85a27ce57182bb5758dc2cacd15362e / Unknown
ospp.vbsdumpFile / 572e9a87757ac96c7677fd1b1b113c55 / Unknown
ICO_221.icodumpFile / b4740f516853324b3c6c447fdba8c69a / Unknown
WordDocument / 7eaa3af3ae68b68b1eb3834b9501f38a / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [Win 8.1/8/7/Vista/Ser VL,Button]
[Window,Class] = [Microsoft Office 2010 VL,Button]
[Window,Class] = [Microsoft Office 2013 VL,Button]
[Window,Class] = [Office Retail 转化为 VL,Button]
[Window,Class] = [查看 Windows 激活状态,Button]
[Window,Class] = [查看 Office 激活状态,Button]
[Window,Class] = [安装/卸载 自动续期服务,Button]
[Window,Class] = [暂停/重启 自动续期服务,Button]
[Window,Class] = [安装 Windows GVLK 密钥,Button]
[Window,Class] = [安装 Office GVLK 密钥,Button]
[Window,Class] = [重置 Windows 激活状态,Button]
[Window,Class] = [重置 Office 激活状态,Button]
[Window,Class] = [KMS激活流程,Button]
[Window,Class] = [请先输入服务器IP地址:,Static]
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = c:\docume~1\admini~1\locals~1\temp\7z.exe x c:\docume~1\admini~1\locals~1\temp\kmsmini.7z -y -oc:\docume~1\admini~1\locals~1\temp\heu_kms_mini75\
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE x C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KMSmini.7z -y -oC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\kms.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\kms.exe
File behavior
Behavior description:写权限映射文件
details:DfSharedHeapC373E
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3744.tmp
DfRoot0000C373E
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\autoact.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\TAP32\devcon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\TAP64\devcon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\HEU_KMS_Service.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\kms.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\KMSServer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\PortQry.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\TunMirror.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\TAP32\tap0901.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\TAP64\tap0901.sys
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut6.tmp---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KMSmini.7z---> Offset = 262144
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut7.tmp---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\left.jpg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\theme.jpg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\ICO_211.ico---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\ICO_221.ico---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\actonline.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\InstOffice14key.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\InstOffice15key.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\InstService.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\InstWkey.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\officesilent.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\re2vl.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\RunKMSServer.cmd---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:窗口信息
details:Pid = 1196, Hwnd=0xd01a4, Text = 关于, ClassName = Static.
Pid = 1196, Hwnd=0xc01e8, Text = v7.5, ClassName = Static.
Pid = 1196, Hwnd=0xc01b4, Text = Win 8.1/8/7/Vista/Ser VL, ClassName = Button.
Pid = 1196, Hwnd=0xb01ce, Text = Microsoft Office 2010 VL, ClassName = Button.
Pid = 1196, Hwnd=0xb0164, Text = Microsoft Office 2013 VL, ClassName = Button.
Pid = 1196, Hwnd=0xb016c, Text = Office Retail 转化为 VL, ClassName = Button.
Pid = 1196, Hwnd=0xd0190, Text = 查看 Windows 激活状态, ClassName = Button.
Pid = 1196, Hwnd=0xe01b8, Text = 查看 Office 激活状态, ClassName = Button.
Pid = 1196, Hwnd=0xb01a2, Text = 安装/卸载 自动续期服务, ClassName = Button.
Pid = 1196, Hwnd=0xc01b2, Text = 暂停/重启 自动续期服务, ClassName = Button.
Pid = 1196, Hwnd=0xb018a, Text = 安装 Windows GVLK 密钥, ClassName = Button.
Pid = 1196, Hwnd=0xc01da, Text = 安装 Office GVLK 密钥, ClassName = Button.
Pid = 1196, Hwnd=0xb0200, Text = 重置 Windows 激活状态, ClassName = Button.
Pid = 1196, Hwnd=0xc017a, Text = 重置 Office 激活状态, ClassName = Button.
Pid = 1196, Hwnd=0xd01c4, Text = KMS激活流程, ClassName = Button(GroupBox).
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [Win 8.1/8/7/Vista/Ser VL,Button]
[Window,Class] = [Microsoft Office 2010 VL,Button]
[Window,Class] = [Microsoft Office 2013 VL,Button]
[Window,Class] = [Office Retail 转化为 VL,Button]
[Window,Class] = [查看 Windows 激活状态,Button]
[Window,Class] = [查看 Office 激活状态,Button]
[Window,Class] = [安装/卸载 自动续期服务,Button]
[Window,Class] = [暂停/重启 自动续期服务,Button]
[Window,Class] = [安装 Windows GVLK 密钥,Button]
[Window,Class] = [安装 Office GVLK 密钥,Button]
[Window,Class] = [重置 Windows 激活状态,Button]
[Window,Class] = [重置 Office 激活状态,Button]
[Window,Class] = [KMS激活流程,Button]
[Window,Class] = [请先输入服务器IP地址:,Static]
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\left.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini75\theme.jpg
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号