VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:89
Behavior list
Basic Information
MD5:ab2519740b9b93e036ca559505c8db88
file type:Rar
Production company:
version:
Shell or compiler information:PACKER:UPX-Scrambler RC1.x -> ㎡nT畂L [Overlay]
Subfile information:cr-SizeSLT.exe / 9e9f0b2cee0db3d40d49a7acde4180a0 / EXE
upx_c_7b87136ddumpFile / 93d08c34235036a30848240c0edc2873 / EXE
sizet.exe / 83a4dae0bcd263b5079871569e81698d / EXE
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\尺寸公差.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [尺寸公差,#32770]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ6.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ6.tmp" C:\WINDOWS\system32\mscomctl.ocx
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ6.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ6.tmp" C:\WINDOWS\system32\comdlg32.ocx
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\尺寸公差\尺寸公差.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLK7.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP
C:\WINDOWS\system32\~GLH0001.TMP
C:\WINDOWS\system32\temp.000
C:\WINDOWS\system32\~GLH0002.TMP
C:\WINDOWS\system32\~GLH0003.TMP
C:\Program Files\尺寸公差\~GLH0005.TMP
C:\Program Files\尺寸公差\~GLH000c.TMP
C:\PROGRA~1\尺寸公差\temp.000
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\尺寸公差.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MOJ..HJIFF
MSCTF.MarshalInterface.FileMap.MOJ.B.HKIFF
MSCTF.MarshalInterface.FileMap.MOJ.C.HKIFF
MSCTF.MarshalInterface.FileMap.MOJ.D.HKIFF
MSCTF.MarshalInterface.FileMap.MOJ.E.HKIFF
MSCTF.MarshalInterface.FileMap.MOJ.F.HKIFF
MSCTF.MarshalInterface.FileMap.MOJ.G.GLIFF
MSCTF.Shared.SFM.MOJ
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLFA.tmp
C:\WINDOWS\system32\temp.000 ---> C:\WINDOWS\system32\~GLH0004.TMP
C:\WINDOWS\system32\~GLH0004.TMP ---> C:\WINDOWS\system32\vbar332.dll
C:\Program Files\尺寸公差\~GLH0005.TMP ---> C:\Program Files\尺寸公差\UNWISE.EXE
C:\Program Files\尺寸公差\~GLH0006.TMP ---> C:\Program Files\尺寸公差\sizeslt.html
C:\Program Files\尺寸公差\~GLH0007.TMP ---> C:\Program Files\尺寸公差\blebul3a.gif
C:\Program Files\尺寸公差\~GLH0008.TMP ---> C:\Program Files\尺寸公差\blebul1a.gif
C:\Program Files\尺寸公差\~GLH0009.TMP ---> C:\Program Files\尺寸公差\blegtext.gif
C:\Program Files\尺寸公差\~GLH000a.TMP ---> C:\Program Files\尺寸公差\blebul2a.gif
C:\Program Files\尺寸公差\~GLH000b.TMP ---> C:\Program Files\尺寸公差\sl.jpg
C:\PROGRA~1\尺寸公差\temp.000 ---> C:\PROGRA~1\尺寸公差\~GLH000d.TMP
C:\PROGRA~1\尺寸公差\~GLH000d.TMP ---> C:\PROGRA~1\尺寸公差\SizeSLT.exe
C:\Program Files\尺寸公差\~GLH000e.TMP ---> C:\Program Files\尺寸公差\blesepa.gif
Behavior description:修改文件内容
details:C:\Program Files\尺寸公差\~GLH0006.TMP---> Offset = 0
C:\Program Files\尺寸公差\~GLH0007.TMP---> Offset = 0
C:\Program Files\尺寸公差\~GLH0008.TMP---> Offset = 0
C:\Program Files\尺寸公差\~GLH0009.TMP---> Offset = 0
C:\Program Files\尺寸公差\~GLH000a.TMP---> Offset = 0
C:\Program Files\尺寸公差\~GLH000b.TMP---> Offset = 0
C:\Program Files\尺寸公差\~GLH000e.TMP---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\尺寸公差\尺寸公差.lnk---> Offset = 0
C:\Documents and Settings\Administrator\桌面\尺寸公差.lnk---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\mscomctl.ocx
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\comdlg32.ocx
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\vbar332.dll
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\尺寸公差\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\尺寸公差\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/尺寸公差/INSTALL.LOG\Icons\1\Path
\REGISTRY\MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/尺寸公差/INSTALL.LOG\Icons\1\ShowWindow
\REGISTRY\MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/尺寸公差/INSTALL.LOG\Icons\1\Arguments
\REGISTRY\MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/尺寸公差/INSTALL.LOG\Icons\1\WorkingDir
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CurVer\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MOJ
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [尺寸公差,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2536, Hwnd=0x10352, Text = 尺寸公差 安装, ClassName = GLBSInstall.
Pid = 2536, Hwnd=0x1037a, Text = 下一步(&N) >, ClassName = Button.
Pid = 2536, Hwnd=0x1037c, Text = 取消, ClassName = Button.
Pid = 2536, Hwnd=0x10380, Text = 欢迎使用“尺寸公差”安装程序。本程序将安装“尺寸公差”到您的计算机中。, ClassName = Static.
Pid = 2536, Hwnd=0x10382, Text = 强烈建议您在运行本安装程序前退出其他所有正在运行的程序。 单击“取消”按钮可以退出安装程序以关闭其他正在运行的程序,或者单击“, ClassName = Static.
Pid = 2536, Hwnd=0x10376, Text = 尺寸公差, ClassName = GLBSWizard.
Pid = 2536, Hwnd=0x20384, Text = 下一步(&N) >, ClassName = Button.
Pid = 2536, Hwnd=0x20382, Text = <上一步(&B), ClassName = Button.
Pid = 2536, Hwnd=0x20380, Text = 取消, ClassName = Button.
Pid = 2536, Hwnd=0x2037c, Text = 安装程序将安装“尺寸公差”到下边的目录中。 若想安装到不同的目录,请单击“浏览”按钮,并选择另外的目录。 您可以选择“取消”, ClassName = Static.
Pid = 2536, Hwnd=0x2037a, Text = 目标目录, ClassName = Button(GroupBox).
Pid = 2536, Hwnd=0x60386, Text = 浏览(&R)..., ClassName = Button.
Pid = 2536, Hwnd=0x10388, Text = C:\Program Files\尺寸公差, ClassName = Static.
Pid = 2536, Hwnd=0x1038a, Text = 请选择目标目录, ClassName = Static.
Pid = 2536, Hwnd=0x1038c, Text = 尺寸公差 安装向导, ClassName = Static.
Behavior description:打开图片文件
details:\Program Files\尺寸公差\sl.jpg
\PROGRA~1\尺寸公差\sl.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号