1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Safety rating:75 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | a97a70e24ce8a656809f85634fe74bf5 |
| file type: | EXE |
| Production company: | 文档 |
| version: | 1.5.0.0---1.5.0.0 |
| Shell or compiler information: | |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.EMF..FCJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.B.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.C.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.D.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.E.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.F.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.G.FDJHH | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,tooltips_class32] |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.EMF..FCJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.B.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.C.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.D.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.E.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.F.FDJHH | |
| MSCTF.MarshalInterface.FileMap.EMF.G.FDJHH | |
| Behavior description: | 查找文件 |
| details: | FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\Users\*.* |
| Other behavior | |
|---|---|
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| Behavior description: | 窗口信息 |
| details: | Pid = 392, Hwnd=0x202d6, Text = 确定, ClassName = Button. |
| Pid = 392, Hwnd=0x202d8, Text = 文件已损坏,无法打开!, ClassName = Static. | |
| Pid = 392, Hwnd=0x302dc, Text = 信息:, ClassName = #32770. | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,tooltips_class32] |
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| Behavior description: | 获取系统权限 |
| details: | SE_DEBUG_PRIVILEGE |
| Run screenshot |
|---|
 |
HOME
