VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:c9e34b132da1fc4e02d5421aee005d0b
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 4.0 - 5.0
Subfile information:upx_c_4cba95b0dumpFile / adc68a231e167a1fa40c322c504bf832 / EXE
upx_c_78f1578cdumpFile / 831f745296dfeda40c2578c1b28d3e2a / DLL
PEditor.exedumpFile / 0b1b653deaa879ea67e8de993434d261 / EXE
upx_c_5f470e1fdumpFile / 5377f58215ed258bc2eca8ef71d1dad4 / EXE
PEditor.chm / 754144d13f3c503911e67a5fedf569ba / Chm
PEditor.chmdumpFile / 754144d13f3c503911e67a5fedf569ba / Chm
PEditor_3.bmpdumpFile / 5a76a44cfe16a907c6a1bd89ce0e00a5 / Unknown
upx_c_6b8673c1dumpFile / 89f0ab76ad082a8535565e819662cf83 / DLL
Setup.exedumpFile / 17bda44cce40f1877b438e475d343ed1 / EXE
rebIT.dlldumpFile / 89615582233fd8d95a5234156c7cb22a / DLL
tasks.gifdumpFile / 4861c93cf5710a8ce8c2db81a25f2498 / Unknown
PSAPI.DLLdumpFile / 26482e07be448ee1bf8c71ab94ad7d90 / DLL
_help_.htmdumpFile / 21161a66a372865bb7c9c4153f1f6695 / Unknown
main.gifdumpFile / c33d910ab8c84c4fd2a0863a335e7114 / Unknown
realign.dlldumpFile / 86534d41c0736cdb17c8734a77816c02 / DLL
directoryview.gifdumpFile / 921e9b4f717840e8fe9669e1b1012ed9 / Unknown
editsectionwin.gifdumpFile / f1f3f61798f2a1be420cd3d99d18accc / Unknown
f2f.nfodumpFile / 78eeb9278e30072594861d574138e9c6 / Unknown
f2f.nfo / 78eeb9278e30072594861d574138e9c6 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MKM..DLNHF
MSCTF.MarshalInterface.FileMap.MKM.B.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.C.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.D.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.E.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.F.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.G.DLNHF
MSCTF.Shared.SFM.MKM
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MKM..DLNHF
MSCTF.MarshalInterface.FileMap.MKM.B.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.C.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.D.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.E.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.F.DLNHF
MSCTF.MarshalInterface.FileMap.MKM.G.DLNHF
MSCTF.Shared.SFM.MKM
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
玩得开心
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MKM
Behavior description:枚举窗口
details:N/A
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:窗口信息
details:Pid = 3240, Hwnd=0x1039e, Text = 点击浏览打开一个文件或把文件拖动到此窗口..., ClassName = TPanel.
Pid = 3240, Hwnd=0x1039a, Text = 数据基址:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10398, Text = 代码基址:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10394, Text = 镜像大小:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10380, Text = 可选头部, ClassName = TGroupBox.
Pid = 3240, Hwnd=0x1038e, Text = 文件队列:, ClassName = TPanel.
Pid = 3240, Hwnd=0x1038a, Text = 节队列:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10388, Text = 子系统:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10382, Text = 头部大小:, ClassName = TPanel.
Pid = 3240, Hwnd=0x1037e, Text = 特征值:, ClassName = TPanel.
Pid = 3240, Hwnd=0x1037a, Text = 可选头部大小:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10376, Text = 符号数:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10372, Text = 符号表指针:, ClassName = TPanel.
Pid = 3240, Hwnd=0x10370, Text = 节数:, ClassName = TPanel.
Pid = 3240, Hwnd=0x1036c, Text = 时间日期标志:, ClassName = TPanel.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号