VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:9b4fe6f61f890b8ad9813b4d0d17abdb
file type:7z
Production company:易数科技
version:4.7.2.155---4.7.2.155
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:Hdrw.dll / big file / DLL
DiskGenius.exe / big file / EXE
LangCRes.dll / 2adc35f0b854ee7ced9b3eb75332df3d / DLL
Letarm.dll / bd8a77bb63a6af1392410a5a885cb08d / DLL
FileType.dll / 034fb5685855f2cfc2c054f87a60a3f6 / DLL
swscale-2.dll / 5b55992f2aa712535473e4de93196cd3 / DLL
SDL.dll / d31da530714c74efeb262ccddbdae7aa / DLL
IniCfg.dll / 62a96897a8c28a163852da4b5e49e697 / DLL
update.dll / 031974068ad9d7d962273b69610d29fe / DLL
dsoframer.ocx / 22023d97b5e580df5a6fec103d3ff8d7 / DLL
DGBCDX64.exe / 6aaf368f786cf9ddf2ddc93f31b6638a / EXE
VPreview.dll / 008cf10712ba63cf60d3aac2ce3dbe3f / DLL
Hdrwvm.dll / 1ce26097cd780f4f25855a97a7a4ae19 / DLL
HdrwLDM.dll / adaa2f262138257f17bea33e5f5cf604 / DLL
HdrwVhd.dll / 6072f9dafc8bd159a390f4572286d7ac / DLL
HdrwVhdx.dll / 376b2fdd53004b3bcc384d05366b29cd / DLL
HdrwRD.dll / dfdff47795663dc80b08957bc67f9d4c / DLL
HdrwVdi.dll / f7c8fedfb994359d99e77113e5641b70 / DLL
swresample-0.dll / 46eb923d7a7ab4687ad32d9f4383c69f / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DGBCDX64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Barray.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Charset.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\FileType.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Hdrw.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwLDM.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwRD.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwVdi.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwVhd.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwVhdx.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Hdrwvm.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\IniCfg.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\LangCRes.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Letarm.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Options.ini---> Offset = 0
Behavior description:查找文件
details:FileName = DiskGenius.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.*
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\DiskGenius.exe
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
oleacc-msaa-loaded
Global\FT_ET-ARM_GLOBE_MUTEX
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号