VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:9daf70644f0705f77e73580ce119ea30
file type:7z
Production company:
version:2.4.1.7228---2.4.1.7228
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:KeyMouseHelper.dll / 13aad50c87d2ea033adcfac30fd050b4 / DLL
KeyMouse_x64.sys / 8ab285ed97bf8f3af51cdfdee4bdb48a / SYS
RC2ZXY.exe / 622e845d8f3e44d60d19ffffe0d210d6 / EXE
KeyMouse_x86.sys / 31331fb1fdac63093657e5d36f787a34 / SYS
KeyMouse_XP.sys / 8f5d23e5dcd82ee7fa42bd1b650b8426 / SYS
交易界面-16.bmp / db0a5fdfe63139066e5b51074dd4707e / Unknown
交易界面-32.bmp / db0a5fdfe63139066e5b51074dd4707e / Unknown
密码错误-16.bmp / acb554d7ca8c716bca363585e4a6ec2f / Unknown
密码错误-32.bmp / 579df38a958b1c06c3bef87f7ffa63ca / Unknown
账号界面-16.bmp / c09e592ed7ec89c2ed403093048377e4 / Unknown
账号界面-32.bmp / c09e592ed7ec89c2ed403093048377e4 / Unknown
开始界面-32.bmp / 157e5a631e6136a5fa2491349806dab4 / Unknown
开始界面-16.bmp / 7393c46eff2504127c4363fbcaca9ecd / Unknown
游戏界面-32.bmp / fae320a2525f50541eeb311cba8692bb / Unknown
角色界面-32.bmp / 21017c4c2fc5b12b59359d7abfbc77f6 / Unknown
游戏界面-16.bmp / 1750db9664d131e9d313dd4f54f6f09c / Unknown
服务器确定-16.bmp / f2c90625bfd91b8e9330c2589ac8b54a / Unknown
服务器确定-32.bmp / 87994569bb6201b85305a6a484954615 / Unknown
角色界面-16.bmp / 922717823d5c6f672c963cbf5744cdb6 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EGI..CAKGH
MSCTF.MarshalInterface.FileMap.EGI.B.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.C.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.D.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.E.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.F.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.G.CAKGH
MSCTF.Shared.SFM.EGI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [好压自解压安装程序,#32770]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EGI..CAKGH
MSCTF.MarshalInterface.FileMap.EGI.B.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.C.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.D.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.E.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.F.CAKGH
MSCTF.MarshalInterface.FileMap.EGI.G.CAKGH
MSCTF.Shared.SFM.EGI
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\KeyMouseHelper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\KeyMouse_x64.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\KeyMouse_x86.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\KeyMouse_XP.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\RC2ZXY.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\filelist.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\readme.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\醉逍遥之惊天变-半自动.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\交易界面-16.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\交易界面-32.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\密码错误-16.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\密码错误-32.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\开始界面-16.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\开始界面-32.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\弹窗01-16.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\弹窗01-32.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\服务器确定-16.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\服务器确定-32.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\游戏界面-16.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\游戏界面-32.bmp---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445305096.869365.exe
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EGI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [好压自解压安装程序,#32770]
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\交易界面-16.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\交易界面-32.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\密码错误-16.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\密码错误-32.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\开始界面-16.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\开始界面-32.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\弹窗01-16.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\弹窗01-32.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\服务器确定-16.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\服务器确定-32.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\游戏界面-16.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\游戏界面-32.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\角色判断.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\角色判断11.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RC2ZXY\醉逍遥之惊天变\角色界面-16.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号