VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:c24fb90bf94193f2d71ee2450ccfa3a7
file type:7z
Production company:Igor Pavlov
version:15.9.0.0---15.09 beta
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:7z.dll / e0713e49460cf9570c1b4873d98e0d5b / DLL
7zFM.exe / f368265d7723abeea4e498df3d689cf4 / EXE
7zG.exe / 4ddcd82b75bea9ca53872f9e89ed48c7 / EXE
7z.exe / 1c3b5af02f308c2d61314fe6344a7434 / EXE
7z.sfx / 397531d899f06b6d128431ce5ab7bbde / EXE
7zCon.sfx / 08420c78132ff7dcb174e3908526fbd7 / EXE
7-zip.chm / f90d147e85e1b0050031160ef4ae788e / Chm
7-zip.dll / 870df5812db5d05c85aa2b4ef2d09523 / DLL
History.txt / 4f4fb29a68f044c8d966c5b2ee8eb29a / Unknown
mng2.txt / a0d06dc2b7f53acd8cdebf7864080cd1 / Unknown
mng.txt / ba28c5c312d1a7827b40ed84f1f6f85b / Unknown
sa.txt / 9fe4da297163a84fe9d0b0289b1af077 / Unknown
hi.txt / a0fc3c3d880a54918d86b40ffda12f23 / Unknown
gu.txt / 410c8a33c66b4b2bc707e113d9c76914 / Unknown
ka.txt / eb2af4dc4c28275ae1876523944d708e / Unknown
el.txt / 812df218dae08f9f883a7455015707b2 / Unknown
si.txt / 2b78e18bcb07cb8d59d8682502576f8e / Unknown
th.txt / 8ee06a03dc18e5f8bc750cb6a78f6d9c / Unknown
uk.txt / d125ef7f9a009cfe4093152e48055ac1 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.INM..IHAIH
MSCTF.MarshalInterface.FileMap.INM.B.IHAIH
MSCTF.MarshalInterface.FileMap.INM.C.IHAIH
MSCTF.MarshalInterface.FileMap.INM.D.IHAIH
MSCTF.MarshalInterface.FileMap.INM.E.IHAIH
MSCTF.MarshalInterface.FileMap.INM.F.IIAIH
MSCTF.MarshalInterface.FileMap.INM.G.HLAIH
MSCTF.MarshalInterface.FileMap.INM.H.HLAIH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,msctls_progress32]
[Window,Class] = [,Static]
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.INM..IHAIH
MSCTF.MarshalInterface.FileMap.INM.B.IHAIH
MSCTF.MarshalInterface.FileMap.INM.C.IHAIH
MSCTF.MarshalInterface.FileMap.INM.D.IHAIH
MSCTF.MarshalInterface.FileMap.INM.E.IHAIH
MSCTF.MarshalInterface.FileMap.INM.F.IIAIH
MSCTF.MarshalInterface.FileMap.INM.G.HLAIH
MSCTF.MarshalInterface.FileMap.INM.H.HLAIH
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\7-Zip\7-Zip File Manager.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\7-Zip\7-Zip Help.lnk
Behavior description:创建可执行文件
details:C:\Program Files\7-Zip\7-zip.dll
C:\Program Files\7-Zip\7z.dll
C:\Program Files\7-Zip\7z.exe
C:\Program Files\7-Zip\7z.sfx
C:\Program Files\7-Zip\7zCon.sfx
C:\Program Files\7-Zip\7zFM.exe
C:\Program Files\7-Zip\7zG.exe
C:\Program Files\7-Zip\Uninstall.exe
Behavior description:修改文件内容
details:C:\Program Files\7-Zip\7-zip.chm---> Offset = 0
C:\Program Files\7-Zip\descript.ion---> Offset = 0
C:\Program Files\7-Zip\History.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\af.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\an.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\ar.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\ast.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\az.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\ba.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\be.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\bg.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\bn.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\br.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\ca.txt---> Offset = 0
C:\Program Files\7-Zip\Lang\co.txt---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Program Files
FileName = C:\Program Files\7-Zip
FileName = C:\Program Files\7-Zip\7zFM.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\WINDOWS
Registry behavior
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\
\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\7-Zip\Path32
\REGISTRY\USER\S-*\Software\7-Zip\Path
\REGISTRY\MACHINE\SOFTWARE\7-Zip\Path32
\REGISTRY\MACHINE\SOFTWARE\7-Zip\Path
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\
\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23170F69-40C1-278A-1000-000100020000}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\7zFM.exe\Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayIcon
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 3284, Hwnd=0x202a8, Text = Destination folder:, ClassName = Static.
Pid = 3284, Hwnd=0x202cc, Text = C:\Program Files\7-Zip\, ClassName = Edit.
Pid = 3284, Hwnd=0x202b4, Text = ..., ClassName = Button.
Pid = 3284, Hwnd=0x302bc, Text = &Install, ClassName = Button.
Pid = 3284, Hwnd=0x202d4, Text = Cancel, ClassName = Button.
Pid = 3284, Hwnd=0x202a4, Text = 7-Zip 15.09 beta Setup, ClassName = #32770.
Pid = 3284, Hwnd=0x302bc, Text = Close, ClassName = Button.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,msctls_progress32]
[Window,Class] = [,Static]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号