VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:b088f2727079d768eb9b1f9618454abc
file type:7z
Production company:Igor Pavlov
version:15.9.0.0---15.09 beta
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:VBA6.DLL / c3d0ca107b96837748373563088b73e8 / DLL
msvbvm60.dll / ed5121fe2d508a28dcf55afcdbf92a26 / DLL
urlmon.dll / ddb25ee58bbffe1b2ac754666f67f49d / DLL
user32.dll / 8a93f57772fd24959f76a65ff79d282d / DLL
gdi32.dll / 94ea89e72707cf5613d30a1f1c92db2f / DLL
cdosys.dll / 1fa8bbc90105625e9eb4ef90ed255af6 / DLL
winhttp.dll / 1369928779943b5c7aaba263e6e2bbc1 / DLL
kernel32.dll / 038b10c8e735fe667da29b2e92a09b8a / DLL
advapi32.dll / bfef608cd713a4cd3165d72e2aeb23f2 / DLL
comctl32.dll / 03e223cc4ae2d2b55e400ad9c55449f6 / DLL
oleaut32.dll / ea35b404d87b3a61e7a5fbf6cda1cf94 / DLL
dwm32.exe / db677305833231c637739fd302190cdf / EXE
ijl15.dll / a0ce0247d48fecaac607edb1e2d87fd8 / DLL
winmm.dll / 8e902ee869004d40f350c02c4e63b0ca / DLL
MSINET.OCX / 7bec181a21753498b6bd001c42a42722 / DLL
MSWINSCK.OCX / 9484c04258830aa3c2f2a70eb041414c / DLL
olepro32.dll / 75439663a508a6256f3d50e0e760488b / DLL
asycfilt.dll / fa344b74b37873d80e51321a5c717c0f / DLL
WinSystem.exe / 0c9d24695dbc133c0a3adedae87b4b1f / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MEI..DFEHH
MSCTF.MarshalInterface.FileMap.MEI.B.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.C.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.D.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.E.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.F.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.G.DFEHH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a8, Text = C:\WINDOWS\system32\cmd.exe, ClassName = ConsoleWindowClass.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dwm32
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\taskmgr32
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsystem
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c .\Start.bat
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /S /D /c" ver "
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "version 10.0."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "version 6.3."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "version 6.2."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "version 6.1."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "version 6.0."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "version 5.1."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "version 5.2."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i ">4.90."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "5.0."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "4.10."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "4.00."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "4.03."
ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /i "3.2."
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Windows Media Player2\dwm32.exe, CmdLine = "C:\Program Files\Windows Media Player2\dwm32.exe"
ImagePath = C:\Program Files\Windows Media Player2\taskmgr32.exe, CmdLine = "C:\Program Files\Windows Media Player2\taskmgr32.exe"
ImagePath = C:\Program Files\Windows Media Player2\winsystem.exe, CmdLine = "C:\Program Files\Windows Media Player2\winsystem.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MEI..DFEHH
MSCTF.MarshalInterface.FileMap.MEI.B.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.C.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.D.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.E.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.F.DFEHH
MSCTF.MarshalInterface.FileMap.MEI.G.DFEHH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\dwm32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Taskmgr32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\WinSystem.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\advapi32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\asycfilt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\cdosys.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\comcat.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\comctl32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\gdi32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\ijl15.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\kernel32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\msvbvm60.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\oleaut32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\olepro32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\urlmon.dll
Behavior description:修改文件内容
details:C:\Program Files\Windows Media Player2\svchost64det.t---> Offset = 0
C:\Program Files\Windows Media Player2\svchost64det.t---> Offset = 18
C:\Program Files\Windows Media Player2\svchost64det.t---> Offset = 33
C:\Program Files\Windows Media Player2\svchost64det.t---> Offset = 36
C:\Program Files\Windows Media Player2\svchost64det.t---> Offset = 67
C:\Program Files\Windows Media Player2\svchost64.t---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446241191.018751.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Start.bat
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\dwm32.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Taskmgr32.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\WinSystem.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\advapi32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\asycfilt.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\cdosys.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\comcat.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\comctl32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\gdi32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\ijl15.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\kernel32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS8486E257\Resourses\msvbvm60.dll
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\
\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\Version\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\MiscStatus\1\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\ThreadingModel
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dwm32
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\taskmgr32
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsystem
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2608, Hwnd=0x302a8, Text = C:\WINDOWS\system32\cmd.exe, ClassName = ConsoleWindowClass.
Pid = 2992, Hwnd=0x10328, Text = 10 - MM, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x1032e, Text = 5 - Show Online, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10332, Text = 11 - DM, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10336, Text = 12 - FE, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x1033a, Text = Files, ClassName = ThunderRT6TextBox.
Pid = 2992, Hwnd=0x1033c, Text = 2 - Keep Prog And Reg, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10340, Text = 1 - Get GMT, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10344, Text = 4 - Verify Profile, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10348, Text = Start Services, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x1034c, Text = 3 - Get Remote IP, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10352, Text = 7 - Remove, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10356, Text = 8 - Systray, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x1035a, Text = 6 - Get Settings, ClassName = ThunderRT6Frame.
Pid = 2992, Hwnd=0x10362, Text = 9 - KL, ClassName = ThunderRT6Frame.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
SHIMLIB_LOG_MUTEX
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ILL
MSCTF.Shared.MUTEX.MMI
MSCTF.Shared.MUTEX.AMI
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a8, Text = C:\WINDOWS\system32\cmd.exe, ClassName = ConsoleWindowClass.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号