VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:c3cb13d227b087f30f89cac9e78dd175
file type:Nsis
Production company:
version:2.10.91.91---2.10.91.91
Shell or compiler information:
Subfile information:Steam.exe / 8daca62f3e15e45ebaf7ae51a609cbc1 / EXE
SteamService.exe / 0a3544d7e9af7d8c991c904339157edc / EXE
uninstall.exe / 9f25ee640db134e408e5002fdf6ad347 / Nsis
modern-wizard.bmp / 3614a4be6b610f1daf6c801574f161fe / Unknown
[NSIS].nsi / 18f41dbc1adedb76a2b72cf24f7bd3c0 / Unknown
modern-header.bmp / da3486d12bb4c8aec16bd9e0d363d23f / Unknown
StdUtils.dll / 32751f20b1941216dd83361942233758 / DLL
System.dll / bf712f32249029466fa86756f5546950 / DLL
steambootstrapper_thai.txt / 799efb328cd03013e987b2edef0176a9 / Unknown
nsDialogs.dll / 4ccc4a742d4423f2f0ed744fd9c81f63 / DLL
steambootstrapper_ukrainian.txt / f2ae05cc88dc6d7bc8e0e29a7622312e / Unknown
steambootstrapper_greek.txt / f9a55e29ab3af75e195dca6c02ec9c16 / Unknown
steambootstrapper_russian.txt / 71ad4a77bc487de7bad27a795a1d1523 / Unknown
steambootstrapper_japanese.txt / dc653e7e244bfcf48b2d6097efe2e816 / Unknown
steambootstrapper_french.txt / 0182a05cf3aa48b0df12d899ee137ebd / Unknown
steambootstrapper_koreana.txt / 3e43e53891353202fa11535046ced58f / Unknown
steambootstrapper_korean.txt / 3e43e53891353202fa11535046ced58f / Unknown
steambootstrapper_german.txt / f31546aec63ec7a9bed2b95cebc10917 / Unknown
steambootstrapper_spanish.txt / a71a12e2d98a2292acc09713f8fc49b0 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IGI..NLCJG
MSCTF.MarshalInterface.FileMap.IGI.B.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.C.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.D.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.E.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.F.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.G.NLCJG
MSCTF.Shared.SFM.IGI
MSCTF.MarshalInterface.FileMap.IGI.H.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.I.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.J.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.K.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.L.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.M.IDHNG
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IGI..NLCJG
MSCTF.MarshalInterface.FileMap.IGI.B.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.C.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.D.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.E.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.F.NLCJG
MSCTF.MarshalInterface.FileMap.IGI.G.NLCJG
MSCTF.Shared.SFM.IGI
MSCTF.MarshalInterface.FileMap.IGI.H.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.I.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.J.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.K.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.L.ICHNG
MSCTF.MarshalInterface.FileMap.IGI.M.IDHNG
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw6.tmp\nsDialogs.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw6.tmp\modern-header.bmp---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw6.tmp\modern-wizard.bmp---> Offset = 49152
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
SteamSingleInstance
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IGI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2148, Hwnd=0x70196, Text = 下一步(&N) >, ClassName = Button.
Pid = 2148, Hwnd=0x60240, Text = 取消(&C), ClassName = Button.
Pid = 2148, Hwnd=0x301d0, Text = , ClassName = Static.
Pid = 2148, Hwnd=0x501ae, Text = , ClassName = Static.
Pid = 2148, Hwnd=0x301c4, Text = 欢迎使用“Steam”安装向导, ClassName = Static.
Pid = 2148, Hwnd=0x501ba, Text = 使用 Steam,您将可以与互联网上的其他玩家一起玩您所有的 Steam 游戏。 您还将可以: * 快速获得今后的更新发布 * 自动接收游戏更, ClassName = Static.
Pid = 2148, Hwnd=0x3022a, Text = Steam 安装, ClassName = #32770.
Pid = 2148, Hwnd=0x401ce, Text = < 上一步(&P), ClassName = Button.
Pid = 2148, Hwnd=0x301ca, Text = 许可证协议, ClassName = Static.
Pid = 2148, Hwnd=0x301e6, Text = 在安装“Steam”之前,请阅读授权协议。, ClassName = Static.
Pid = 2148, Hwnd=0x601ba, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 2148, Hwnd=0x401c4, Text = YOU SHOULD CAREFULLY READ THE ENTIRE FOLLOWING LICENSE AGREEMENT BEFORE INSTALLING THIS SOFTWARE PROGRAM. THIS AGREEMENT CONTAI, ClassName = RichEdit20W.
Pid = 2148, Hwnd=0x401c2, Text = 如果你接受协议中的条款,单击下方的勾选框。必须要接受协议才能安装 Steam。单击 [下一步(N)] 继续。, ClassName = Static.
Pid = 2148, Hwnd=0x90258, Text = 我接受许可协议并且已经年满 13 周岁(&A), ClassName = Button(CheckBox).
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw6.tmp\modern-header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw6.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号