VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:9f158a9de7e7153f5f76f1cebe5c2513
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:Conquer.exe / big file / EXE
ItemMinIcon.Ani / 84cfd2e872a9ebb8872d01447a15b191 / Unknown
MapItemIcon.Ani / 5ca9e0077606fc0dca7fe10a56270389 / Unknown
GUI800X600.ini / 1e69c2e13d4f5a100b5a286f5b159f6f / Unknown
GUI.ini / c1ee69fd20318a030fb020d3afecd9f2 / Unknown
Control.Ani / 4391bd3b4d2e0f13a7beb09933d1e25d / Unknown
3DTexture.dbc / b6645f4a82865a090463ddf22b83a4b8 / Unknown
Questinfo.ini / 24cfd76c6d32362ac300aa55eca19577 / Unknown
3DEffect.dbc / 338390bc9faf1f48dd8cf89043e212ed / Unknown
npc.ini / 5b3a8a846e446b9f102a8dd9dc83f6ff / Unknown
ItemtypeSub.dat / 8194b1eb8a17138a910932b2718e6c17 / Unknown
3DEffectobj.dbc / 65ef234571152078b52bb073e8943f9e / Unknown
DialogSetup.dds / 25325a151b1880d611ddf677eb7798b4 / Unknown
DialogTrade.dds / f9ab67152d0c394d6268dded6899b388 / Unknown
ne-rail03.dds / dc114f13f5acacb1fdbd85e0e7c28d7a / Unknown
TransactionBG.dds / a2dc663e934d439eed1211a7ca6a2a46 / Unknown
ne-rail07.dds / 5cd5293e0f114d126a6eba4fe98206bb / Unknown
GameData.dll / f7fbc596a8bb72fd7392d716e596a0f8 / DLL
Cn_Res.ini / 1af048902cd1aae9becb4a573d16da1f / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AIL..CJIKH
MSCTF.MarshalInterface.FileMap.AIL.B.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.C.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.D.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.E.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.F.BKIKH
MSCTF.MarshalInterface.FileMap.AIL.G.BKIKH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.Shared.SFM.AIL
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [浏览(&W)...,Button]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%,ComboBox]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AIL..CJIKH
MSCTF.MarshalInterface.FileMap.AIL.B.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.C.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.D.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.E.CJIKH
MSCTF.MarshalInterface.FileMap.AIL.F.BKIKH
MSCTF.MarshalInterface.FileMap.AIL.G.BKIKH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.Shared.SFM.AIL
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Conquer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Chat.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\GameData.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\RoleView.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\help\help732.htm---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\Cn_Res.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\Cursor.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\GUI.ini---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\GUI800X600.ini---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\info.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\msgbox.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\NeiGongInfo.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\npc.ini---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\Questinfo.ini---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\region.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ini\WindowInvalidInCrossServer.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ani\Control.Ani---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ani\faction.ani---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ani\ItemMinIcon.Ani---> Offset = 196608
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445311502.244361.exe
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AIL
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [浏览(&W)...,Button]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%,ComboBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 510703, SleepMilliseconds = 250.
Behavior description:窗口信息
details:Pid = 2940, Hwnd=0x202a6, Text = 正在解压 data\map\puzzle\1-newplain\city\city448.dds, ClassName = Static.
Pid = 2940, Hwnd=0x202a8, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%, ClassName = ComboBox.
Pid = 2940, Hwnd=0x202b4, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%, ClassName = Edit.
Pid = 2940, Hwnd=0x202b2, Text = 浏览(&W)..., ClassName = Button.
Pid = 2940, Hwnd=0x302ba, Text = 正解压文件到 C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp% 文件夹 正在从 %temp%\1445311500.757665.exe 中提取 , ClassName = RichEdit20W.
Pid = 2940, Hwnd=0x302bc, Text = 安装进度, ClassName = Static.
Pid = 2940, Hwnd=0x202d6, Text = 安装, ClassName = Button.
Pid = 2940, Hwnd=0x202d8, Text = 取消, ClassName = Button.
Pid = 2940, Hwnd=0x202a0, Text = WinRAR 自解压文件, ClassName = #32770.
Pid = 2940, Hwnd=0x202a6, Text = 正在解压 data\interface\Transaction\SaveBtnClick.dds, ClassName = Static.
Pid = 2940, Hwnd=0x602ce, Text = 确定, ClassName = Button.
Pid = 2940, Hwnd=0x502be, Text = Windows 找不到文件 "AutoPatch.exe"。请确定文件名是否正确后,再试一次。要搜索文件,请单击「开始」按钮,然后单击“搜索”。, ClassName = Static.
Pid = 2940, Hwnd=0x902b8, Text = AutoPatch.exe, ClassName = #32770.
Pid = 2940, Hwnd=0x202a6, Text = 正在解压 version.dat, ClassName = Static.
Behavior description:打开图片文件
details:data\minimap\map1002a.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\data\minimap\map1002a.jpg
data\minimap\map1002b.jpg
data\minimap\map1002c.jpg
data\minimap\map1002d.jpg
data\minimap\n-newplain.jpg
data\minimap\pk.jpg
data\minimap\slpk.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号