VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:bc62e732fe9d0266e99112e9851e3d34
file type:7z
Production company:
version:4.6.5.56---4.6.5
Shell or compiler information:
Subfile information:DiskGenius.exe / d86495015ee88238595cfa0b8e9bb9cd / EXE
Hdrw.dll / 390a653b86d5ba823383b5fe7a55d68b / DLL
LangCRes.dll / b534b7240601d96880a3e96dff661994 / DLL
upx30_adf109badumpFile / 9406ec0c19223d995bd18766f54f1c4d / EXE
SDL.dll / d31da530714c74efeb262ccddbdae7aa / DLL
FileType.dll / 789b36b87c45b550fa8baa453ac74c58 / DLL
IniCfg.dll / f2f4bd78ea1a6af0b96fdf26ad7a6776 / DLL
update.dll / 8ba50253f37f3cddd4ced673602d2526 / DLL
dsoframer.ocx / c072251a5a29b3b0315bf6deff0370bf / DLL
DGBCDX64.exe / e81e3f9ba895efe43d2a6849ad20355a / EXE
Hdrwvm.dll / 6e01730995469da9e6b756ae5fc76705 / DLL
HdrwLDM.dll / fb6099c4b8d59f69c3c55bf49a66f3b1 / DLL
HdrwVhd.dll / a692bb32d3706c221d52520d098346ba / DLL
HdrwVhdx.dll / bf53c38e57e228d908a783731c2862bc / DLL
HdrwRD.dll / 95c21f9d2318f3214582552703f279f8 / DLL
HdrwVdi.dll / 8e423986dcc7211a655cc46f3cf03fe2 / DLL
Barray.dll / d774938420461fb5799174d8e8e8becf / DLL
Charset.dll / 7a6a02d74e9b6891f2160f289f2c4b76 / DLL
Options.ini / bdb8d83bf17fe08452e0dfd04ec32330 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:隐藏指定窗口
details:[Window,Class] = [分析,Button]
[Window,Class] = [,AfxWnd90su]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,#32770]
[Window,Class] = [,SysListView32]
Behavior description:按名称获取主机地址
details:wpad
www.diskgenius.cn
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe"
File behavior
Behavior description:写权限映射文件
details:\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
AtlDebugAllocator_FileMappingNameStatic3_490
\Documents and Settings\Administrator\IETldCache\index.datndex.dat_245760
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DGBCDX64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Barray.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Charset.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\FileType.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Hdrw.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwLDM.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwRD.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwVdi.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwVhd.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\HdrwVhdx.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Hdrwvm.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\IniCfg.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\LangCRes.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\SDL.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Options.ini---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Network behavior
Behavior description:按名称获取主机地址
details:wpad
www.diskgenius.cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DiskGenius.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\DiskGenius\DEBUG\Trace Level
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\DiskGenius\DEBUG\Trace Level
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Local\c:!documents and settings!administrator!ietldcache!
Behavior description:窗口信息
details:Pid = 1168, Hwnd=0xc01d6, Text = DiskGenius磁盘分区及数据恢复软件, ClassName = Static.
Pid = 1168, Hwnd=0xd01c8, Text = 版本 4.6.5.56 , ClassName = Static.
Pid = 1168, Hwnd=0xb01c6, Text = http://www.diskgenius.cn, ClassName = Static.
Pid = 1168, Hwnd=0x5043e, Text = 发现刚刚使用的功能不错呦,我也要分享一下,让更多人使用!, ClassName = Static.
Pid = 1168, Hwnd=0x90472, Text = 不再提示, ClassName = Button(CheckBox).
Pid = 1168, Hwnd=0xa0196, Text = Tab1, ClassName = SysTabControl32.
Pid = 1168, Hwnd=0x9035c, Text = 分析, ClassName = Button.
Pid = 1168, Hwnd=0xa03c2, Text = 当前字节序: 小端, ClassName = Static.
Pid = 1168, Hwnd=0xe0358, Text = 8位(±):, ClassName = Static.
Pid = 1168, Hwnd=0xe0330, Text = 8位(+):, ClassName = Static.
Pid = 1168, Hwnd=0x60354, Text = 16位(±):, ClassName = Static.
Pid = 1168, Hwnd=0x80364, Text = 16位(+):, ClassName = Static.
Pid = 1168, Hwnd=0x7034a, Text = 24位(±):, ClassName = Static.
Pid = 1168, Hwnd=0x803bc, Text = 24位(+):, ClassName = Static.
Pid = 1168, Hwnd=0x7033c, Text = 32位(±):, ClassName = Static.
Behavior description:隐藏指定窗口
details:[Window,Class] = [分析,Button]
[Window,Class] = [,AfxWnd90su]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,#32770]
[Window,Class] = [,SysListView32]
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号