VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:b27862163dd938d3f98971296807af69
file type:EXE
Production company:微笑
version:1.0.1.0---1.0.1.0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [,SysListView32]
[Window,Class] = [输入要划分元宝的账号:,Afx:11d0000:b:10011:1900015:0]
[Window,Class] = [,Edit]
[Window,Class] = [输入数量:(1-999999),Afx:11d0000:b:10011:1900015:0]
[Window,Class] = [,TVclPanelContainer]
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\iext.fnr
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\mysql.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\dp1.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\vclbase.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\spec.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\odbcdb.run
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\DrawDib\vga.drv 1676x885x32(BGR 0)
Other behavior
Behavior description:内联HOOK
details:C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
Behavior description:枚举窗口
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [,SysListView32]
[Window,Class] = [输入要划分元宝的账号:,Afx:11d0000:b:10011:1900015:0]
[Window,Class] = [,Edit]
[Window,Class] = [输入数量:(1-999999),Afx:11d0000:b:10011:1900015:0]
[Window,Class] = [,TVclPanelContainer]
Behavior description:窗口信息
details:Pid = 1760, Hwnd=0xd01c4, Text = 确定, ClassName = Button.
Pid = 1760, Hwnd=0xb0332, Text = 没有找到配置文件 请确认‘配置文件.ini’位于程序目录下!, ClassName = Static.
Pid = 1760, Hwnd=0xb015e, Text = 错误:, ClassName = #32770.
Pid = 1760, Hwnd=0xc01a6, Text = 返回主界面, ClassName = TVCLBitBtn.
Pid = 1760, Hwnd=0xa01f0, Text = 划分, ClassName = TVCLBitBtn.
Pid = 1760, Hwnd=0xc01b2, Text = 输入数量:(1-999999), ClassName = Afx:11d0000:b:10011:1900015:0.
Pid = 1760, Hwnd=0xb01a2, Text = 输入要划分元宝的账号:, ClassName = Afx:11d0000:b:10011:1900015:0.
Pid = 1760, Hwnd=0xd0190, Text = *提示* 当前为mssql数据库类型,请注意设置, ClassName = Afx:11d0000:b:10011:1900015:0.
Pid = 1760, Hwnd=0xb0170, Text = 管理项, ClassName = Button(GroupBox).
Pid = 1760, Hwnd=0xb0192, Text = 关于, ClassName = Button.
Pid = 1760, Hwnd=0xb0164, Text = 元宝管理, ClassName = Button.
Pid = 1760, Hwnd=0xd01ac, Text = GM权限设置, ClassName = Button.
Pid = 1760, Hwnd=0xb01ce, Text = 账号管理, ClassName = Button.
Pid = 1760, Hwnd=0xc01c2, Text = 数据库信息, ClassName = Button(GroupBox).
Pid = 1760, Hwnd=0xd01f6, Text = MSSQL数据库, ClassName = ComboBox.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号