VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:14
Behavior list
Basic Information
MD5:b780924d866d1c3ef1097af49f5d802b
file type:EXE
Production company:灰灰
version:1.0.0.0---1.0.0.0
Shell or compiler information:
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 405504
C:\Program Files\VMware\VMware Tools\VMwareTray.exe---> Offset = 253952
C:\Program Files\VMware\VMware Tools\VMwareUser.exe---> Offset = 1171456
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe---> Offset = 98816
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE---> Offset = 10420224
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE---> Offset = 6482432
Behavior description:跨进程写入数据
details:TargetProcess = explorer.exe, WriteAddress = 0x02620000, Size = 8192
C:\WINDOWS\explorer.exe
TargetProcess = explorer.exe, WriteAddress = 0x02630000, Size = 4096
TargetProcess = ctfmon.exe, WriteAddress = 0x009a0000, Size = 8192
C:\WINDOWS\system32\ctfmon.exe
TargetProcess = ctfmon.exe, WriteAddress = 0x009b0000, Size = 4096
TargetProcess = QQ.exe, WriteAddress = 0x00c60000, Size = 8192
C:\Program Files\Tencent\QQ\Bin\QQ.exe
TargetProcess = QQ.exe, WriteAddress = 0x00c90000, Size = 4096
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
TargetProcess = conime.exe, WriteAddress = 0x00910000, Size = 8192
C:\WINDOWS\system32\conime.exe
TargetProcess = conime.exe, WriteAddress = 0x00e30000, Size = 4096
C:\WINDOWS\system32\PersonalBankPortal.exe
TargetProcess = EasyWebSvr.exe, WriteAddress = 0x00d20000, Size = 8192
Behavior description:获取文件属性探测虚拟机
details:GetFileA