VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:b0d82441a8745842af7cdc325bfc7cfe
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0
Subfile information:C32Asm.exe / 0a158d17af138a9f4671759acd6982dc / EXE
C32Asm.exedumpFile / 0a158d17af138a9f4671759acd6982dc / EXE
AboutBK.bmpdumpFile / 127ab76f73fe4f384d530f8678d68fcd / Unknown
AboutBK.bmp / 127ab76f73fe4f384d530f8678d68fcd / Unknown
mfc42.inidumpFile / 50075d608cc7809e7103d14fb7dfc587 / Unknown
mfc42.ini / 50075d608cc7809e7103d14fb7dfc587 / Unknown
mfc70.ini / 34593da00dc71391092fda3803ed9e3e / Unknown
mfc70.inidumpFile / 34593da00dc71391092fda3803ed9e3e / Unknown
English.inidumpFile / 734fdbce56a733dfda69d4ffcf55c770 / Unknown
English.ini / 734fdbce56a733dfda69d4ffcf55c770 / Unknown
ChineseGb.inidumpFile / 88f757ba96cf32e156132c372bd7cfd3 / Unknown
ChineseGb.ini / 88f757ba96cf32e156132c372bd7cfd3 / Unknown
特别高亮jmp.xmldumpFile / 12e1424a568da3c6aa0395d415455a44 / Unknown
特别高亮jmp.xml / 12e1424a568da3c6aa0395d415455a44 / Unknown
特别高亮call.xmldumpFile / a90a97a863f09aa6f494a258f7bca58e / Unknown
特别高亮call.xml / a90a97a863f09aa6f494a258f7bca58e / Unknown
变态高亮.xmldumpFile / e3afd531869101741f3a8ec8cfedad34 / Unknown
变态高亮.xml / e3afd531869101741f3a8ec8cfedad34 / Unknown
缺省高亮.xmldumpFile / 11a2dc76d3ec27317694bf452fb0b19e / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ANK..FCLGF
MSCTF.MarshalInterface.FileMap.ANK.B.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.C.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.D.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.E.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.F.EELGF
MSCTF.MarshalInterface.FileMap.ANK.G.EELGF
MSCTF.Shared.SFM.ANK
Behavior description:隐藏指定窗口
details:[Window,Class] = [,AfxWnd42]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Export view,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Import view,BCGControlBar:400000:8:10011:10]
[Window,Class] = [String view,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Jmp and Call Info,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Search Result,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Pe Analysis Result,BCGControlBar:400000:8:10011:10]
[Window,Class] = [JMPCALL,BCGControlBar:400000:8:10011:10]
[Window,Class] = [,BCGSlider:400000:8:10011:10]
[Window,Class] = [Content,BCGControlBar:400000:8:10011:10]
[Window,Class] = [,SysHeader32]
[Window,Class] = [Properties,BCGControlBar:400000:8:10011:10]
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ANK..FCLGF
MSCTF.MarshalInterface.FileMap.ANK.B.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.C.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.D.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.E.FDLGF
MSCTF.MarshalInterface.FileMap.ANK.F.EELGF
MSCTF.MarshalInterface.FileMap.ANK.G.EELGF
MSCTF.Shared.SFM.ANK
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG5.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG7.tmp---> Offset = 4093
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG9.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCGC.tmp---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{C21F230D-5A5B-4BE4-820C-CA57A36BD480}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\C32Asm.EXE\AppID
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.ANK
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,AfxWnd42]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Export view,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Import view,BCGControlBar:400000:8:10011:10]
[Window,Class] = [String view,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Jmp and Call Info,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Search Result,BCGControlBar:400000:8:10011:10]
[Window,Class] = [Pe Analysis Result,BCGControlBar:400000:8:10011:10]
[Window,Class] = [JMPCALL,BCGControlBar:400000:8:10011:10]
[Window,Class] = [,BCGSlider:400000:8:10011:10]
[Window,Class] = [Content,BCGControlBar:400000:8:10011:10]
[Window,Class] = [,SysHeader32]
[Window,Class] = [Properties,BCGControlBar:400000:8:10011:10]
Behavior description:窗口信息
details:Pid = 2764, Hwnd=0x40386, Text = Enjoy C32asm, ClassName = Afx:400000:b:10011:6:50388.
Pid = 2764, Hwnd=0x1036c, Text = Ready, ClassName = Afx:400000:8:10011:10:0.
Pid = 2764, Hwnd=0x10368, Text = Standard, ClassName = BCGToolBar:400000:8:10011:10.
Pid = 2764, Hwnd=0x1034e, Text = C32Asm - [Enjoy C32asm], ClassName = Afx:400000:8:10011:0:103c7.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号