VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:cb9bbb9aaefb7fb6de11f73a6d5a10e0
file type:EXE
Production company:
version:
Shell or compiler information:PACKER:PECompact 1.68 - 1.84 -> Jeremy Collake [Overlay]
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = 996e, ClassName = TApplication.
Behavior description:设置特殊文件属性
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\FileManger.uzy
Behavior description:隐藏指定窗口
details:[Window,Class] = [Form1,TForm1]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\FileManger.uzy, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\FileManger.uzy"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:设置特殊文件属性
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\FileManger.uzy
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\xduyefda.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\FileManger.uzy
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\MSVBVM60.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msjet35.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msjter35.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msjint35.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\vbajet32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\vb5db.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msrd2x35.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msrepl35.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\odbcjt32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\odbcji32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\odbctl32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\dao350.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msado25.tlb
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\CList.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JET4.tmp---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996E.uzy
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\xduyefda.zip
FileName = wait.bmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\FileManger.uzy
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\MSVBVM60.DLL
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msjet35.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msjter35.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msjint35.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\vbajet32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\vb5db.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msrd2x35.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\msrepl35.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\odbcjt32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\odbcji32.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\odbctl32.dll
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\PageTimeout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\LockRetry
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\MaxBufferSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\Threads
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\ExclusiveAsyncDelay
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\SharedAsyncDelay
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\FlushTransactionTimeout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\MaxLocksPerFile
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\LockDelay
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\RecycleLVs
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\UserCommitSync
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\Jet 3.5\ImplicitCommitSync
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\SystemDB
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\CompactByPKey
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\3.5\Engines\ODBC\TraceODBCAPI
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21D93913-CB0F-11D0-84AC-00A0C90DC8A9}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32\ThreadingModel
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{59245250-7A2F-11D0-9482-00A0C91110ED}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{642AC766-AAB4-11D0-8494-00A0C90DC8A9}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{78E93847-85FD-11D0-8487-00A0C90DC8A9}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{21D93913-CB0F-11D0-84AC-00A0C90DC8A9}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3D5C6BF2-69A3-11D0-B393-00A0C9055D8E}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EPN
Behavior description:隐藏指定窗口
details:[Window,Class] = [Form1,TForm1]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:枚举窗口
details:N/A
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = 996e, ClassName = TApplication.
Behavior description:窗口信息
details:Pid = 3568, Hwnd=0x1032e, Text = 确定, ClassName = Button.
Pid = 3568, Hwnd=0x10332, Text = 网 络 路 径 错 误 , 现 在 启 用 本 地 数 据 库 。, ClassName = Static.
Pid = 3568, Hwnd=0x1032c, Text = 网络路径错误, ClassName = #32770.
Pid = 3568, Hwnd=0x302cc, Text = UserTxt, ClassName = ThunderRT6ComboBox.
Pid = 3568, Hwnd=0x10322, Text = UserTxt, ClassName = Edit.
Pid = 3568, Hwnd=0x10324, Text = 确定(&O), ClassName = ThunderRT6CommandButton.
Pid = 3568, Hwnd=0x10326, Text = 取消, ClassName = ThunderRT6CommandButton.
Pid = 3568, Hwnd=0x20332, Text = 确定, ClassName = Button.
Pid = 3568, Hwnd=0x2032e, Text = Run-time error "9": Subscript out of range, ClassName = Static.
Pid = 3568, Hwnd=0x4032c, Text = 门牌对照查询 V0.1, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号