VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:b9e329069bf5770ce069cd1188f56b97
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 7.0
Subfile information:Wywz.exe / d60cda173a484ed3861f8b95efe43b6b / EXE
Eraser.dll / 0f98c73634abac303e6dc32eabcde855 / DLL
Erasext.dll / 0fe38a0fe46fb49bad510fbbf12dc3ec / DLL
Select.def / c54b824321b9697f9d5c19d70f98fcf9 / Unknown
Config.def / d2786ecb2570208fcf10b7c4c71e4f30 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IMD..OKKGH
MSCTF.MarshalInterface.FileMap.IMD.B.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.C.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.D.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.E.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.F.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.G.OKKGH
MSCTF.Shared.SFM.IMD
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = 〖WYWZ〗控制台(1.0.1.2--20050730), ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,SysListView32]
[Window,Class] = [彼得·加特曼方法,Button]
[Window,Class] = [美国国防部标准方法,Button]
[Window,Class] = [伪随机方法,Button]
[Window,Class] = [0,Edit]
[Window,Class] = [,msctls_updown32]
[Window,Class] = [取消全部项目,Button]
[Window,Class] = [取消选择项目,Button]
[Window,Class] = [添加项目,Button]
[Window,Class] = [修改选择项目,Button]
[Window,Class] = [保存设置,Button]
[Window,Class] = [(覆盖 35 次),Static]
[Window,Class] = [(覆盖 7 次),Static]
[Window,Class] = [(覆盖 3 次),Static]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IMD..OKKGH
MSCTF.MarshalInterface.FileMap.IMD.B.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.C.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.D.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.E.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.F.OKKGH
MSCTF.MarshalInterface.FileMap.IMD.G.OKKGH
MSCTF.Shared.SFM.IMD
Behavior description:创建可执行文件
details:C:\WINDOWS\system32\NATIVE.EXE
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_dcff734b-bc3f-43cb-8911-9b5d467629cf---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_*
FileName = C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini
FileName = C:\Program Files\Windows Media Player\wmplayer.exe
FileName = C:\Program Files\WinRAR\WinRAR.exe
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\上网助手\*.*
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\网络实名\*.*
FileName = C:\Program Files\3721\*.*
FileName = D:\Program Files\3721\*.*
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31DFC29E-B1E0-4e04-9578-8259D5601188}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31DFC29E-B1E0-4e04-9578-8259D5601188}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31DFC29E-B1E0-4e04-9578-8259D5601188}\InProcServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\WYWZextMenu
\REGISTRY\MACHINE\SOFTWARE\Classes\WYWZextMenu\CLSID
Behavior description:删除注册表键值_删除启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WywzRun
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\360Main.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\assistse
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CnsMin
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dl_accel
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper.dll
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31DFC29E-B1E0-4e04-9578-8259D5601188}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31DFC29E-B1E0-4e04-9578-8259D5601188}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31DFC29E-B1E0-4e04-9578-8259D5601188}\InProcServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31DFC29E-B1E0-4e04-9578-8259D5601188}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\WYWZextMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\WYWZextMenu\CLSID\
Behavior description:修改注册表_系统环境变量
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\CNSAutoUpdate
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\CNSEnable
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\CNSHint
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\CNSList
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\CNSMenu
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\CNSReset
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\LangID
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Microsoft Office\OFFICE11\WinWord.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\NOTEPAD.EXE
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-9216
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@themeui.dll,-2037
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@themeui.dll,-2038
Other behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = 〖WYWZ〗控制台(1.0.1.2--20050730), ClassName = #32770.
Behavior description:创建互斥体
details:{88D4CC69-D72F-4164-B774-F0395A41CD88}
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IMD
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,SysListView32]
[Window,Class] = [彼得·加特曼方法,Button]
[Window,Class] = [美国国防部标准方法,Button]
[Window,Class] = [伪随机方法,Button]
[Window,Class] = [0,Edit]
[Window,Class] = [,msctls_updown32]
[Window,Class] = [取消全部项目,Button]
[Window,Class] = [取消选择项目,Button]
[Window,Class] = [添加项目,Button]
[Window,Class] = [修改选择项目,Button]
[Window,Class] = [保存设置,Button]
[Window,Class] = [(覆盖 35 次),Static]
[Window,Class] = [(覆盖 7 次),Static]
[Window,Class] = [(覆盖 3 次),Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 788, Hwnd=0x202b2, Text = 擦除, ClassName = Button.
Pid = 788, Hwnd=0x302ba, Text = 静态, ClassName = Static.
Pid = 788, Hwnd=0x202d6, Text = 擦除标准, ClassName = Button(GroupBox).
Pid = 788, Hwnd=0x202d8, Text = 彼得·加特曼方法, ClassName = Button(RadioButton).
Pid = 788, Hwnd=0x202c2, Text = 美国国防部标准方法, ClassName = Button(RadioButton).
Pid = 788, Hwnd=0x202c4, Text = 美国国防部标准方法, ClassName = Button(RadioButton).
Pid = 788, Hwnd=0x202c8, Text = 伪随机方法, ClassName = Button(RadioButton).
Pid = 788, Hwnd=0x202ca, Text = (覆盖 35 次), ClassName = Static.
Pid = 788, Hwnd=0x202c6, Text = (覆盖 7 次), ClassName = Static.
Pid = 788, Hwnd=0x302da, Text = (覆盖 3 次), ClassName = Static.
Pid = 788, Hwnd=0x302b8, Text = (覆盖, ClassName = Static.
Pid = 788, Hwnd=0x202b0, Text = 次), ClassName = Static.
Pid = 788, Hwnd=0x202ae, Text = 1, ClassName = Edit.
Pid = 788, Hwnd=0x402be, Text = 取消全部项目, ClassName = Button.
Pid = 788, Hwnd=0x702c0, Text = 取消选择项目, ClassName = Button.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号