VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:d4697dbe3e18f63b125dfd46875d352b
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Basic 5.0 / 6.0
Subfile information:lhjydm.mdb / big file / Unknown
异动涨停王.exe / big file / EXE
交易龙虎榜操作说明.doc / ae8b136a2dbb141b22d7491bc76a6141 / Compound
xwk.mdb / d7f0d9420b51ba641481d21b397b3ed7 / Unknown
dzjy.mdb / e327a21230c25c6a0b0778857ed11299 / Unknown
dxcj.txt / 4ae64ba3bc228edf8794fbdf154c07ec / Unknown
dxcj3.txt / 748da955fb82c6162126443166f66738 / Unknown
dxcj1.txt / 7234b1806f4aa900a65586e987035521 / Unknown
rxdde.txt / 7d4368523b91ec3217d51b66888d910c / Unknown
fsdde.txt / b4d9a5bf83287295c5d9bf3c407daf6c / Unknown
dxcj5.txt / ef78094453d900af3f2808a87ff6ad5e / Unknown
userdde.ini / 6bfaf9f3d1f7ec205e3928141ef52f39 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3DEB59
DFMap0-4057991
DfRoot0003DEB59
MSCTF.MarshalInterface.FileMap.MPE..MMMIH
MSCTF.MarshalInterface.FileMap.MPE.B.MMMIH
MSCTF.MarshalInterface.FileMap.MPE.C.MMMIH
MSCTF.MarshalInterface.FileMap.MPE.D.MMMIH
MSCTF.MarshalInterface.FileMap.MPE.E.MNMIH
MSCTF.MarshalInterface.FileMap.MPE.F.MNMIH
MSCTF.MarshalInterface.FileMap.MPE.G.MNMIH
MSCTF.Shared.SFM.MPE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = 山寨席位密码, ClassName = ThunderRT6Main.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ThunderRT6UserControlDC]
[Window,Class] = [,ThunderRT6PictureBoxDC]
[Window,Class] = [,ThunderRT6FormDC]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\Abutton.ocx /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\unrar.dll /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\MSCHART.OCX /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\MSCHRT20.OCX /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\MSFLXGRD.OCX /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\MSINET.OCX /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\TABCTL32.OCX /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\system32\COMCTL32.OCX /s
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3DEB59
DFMap0-4057991
DfRoot0003DEB59
MSCTF.MarshalInterface.FileMap.MPE..MMMIH
MSCTF.MarshalInterface.FileMap.MPE.B.MMMIH
MSCTF.MarshalInterface.FileMap.MPE.C.MMMIH
MSCTF.MarshalInterface.FileMap.MPE.D.MMMIH
MSCTF.MarshalInterface.FileMap.MPE.E.MNMIH
MSCTF.MarshalInterface.FileMap.MPE.F.MNMIH
MSCTF.MarshalInterface.FileMap.MPE.G.MNMIH
MSCTF.Shared.SFM.MPE
Behavior description:创建可执行文件
details:C:\WINDOWS\system32\CFControl.ocx
C:\WINDOWS\system32\Abutton.ocx
C:\WINDOWS\system32\unrar.dll
C:\WINDOWS\system32\MSCHART.OCX
C:\WINDOWS\system32\MSCHRT20.OCX
C:\WINDOWS\system32\MSFLXGRD.OCX
C:\WINDOWS\system32\MSINET.OCX
C:\WINDOWS\system32\TABCTL32.OCX
C:\WINDOWS\system32\COMCTL32.OCX
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445591980.734663.exe_7zdump\【机构异动】\tysj\*.*
FileName = C:\WINDOWS\system32\CFControl.ocx
FileName = C:\WINDOWS\system32\Abutton.ocx
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\regsvr32.exe
FileName = C:\WINDOWS\system32\unrar.dll
FileName = C:\WINDOWS\system32\MSCHART.OCX
FileName = C:\WINDOWS\system32\MSCHRT20.OCX
FileName = C:\WINDOWS\system32\Mscomctl.ocx
FileName = C:\WINDOWS\system32\MSFLXGRD.OCX
FileName = C:\WINDOWS\system32\MSINET.OCX
FileName = C:\WINDOWS\system32\TABCTL32.OCX
FileName = C:\WINDOWS\system32\COMCTL32.OCX
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445591980.782991.exe_7zdump\【机构异动】\userdde.ini
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31291E80-728C-11CF-93D5-0020AF99504A}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE0259C0-B32F-11CF-A74E-0020AFA69E21}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{583D7240-B3DD-11CF-A74E-0020AFA69E21}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E9FA9A0-B3DD-11CF-A74E-0020AFA69E21}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2CC3AF80-B3DD-11CF-A74E-0020AFA69E21}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{38632640-B3DD-11CF-A74E-0020AFA69E21}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C3ACCE0-B3DD-11CF-A74E-0020AFA69E21}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52BE9600-B3DD-11CF-A74E-0020AFA69E21}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1C402E0-DFC8-11CF-A635-00A0C903B29D}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DDE-BD4C-11D1-B137-0000F8753F5D}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DE3-BD4C-11D1-B137-0000F8753F5D}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DE4-BD4C-11D1-B137-0000F8753F5D}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DDF-BD4C-11D1-B137-0000F8753F5D}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DE0-BD4C-11D1-B137-0000F8753F5D}
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31291E80-728C-11CF-93D5-0020AF99504A}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE0259C0-B32F-11CF-A74E-0020AFA69E21}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{583D7240-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E9FA9A0-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2CC3AF80-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{38632640-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4C3ACCE0-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52BE9600-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B1C402E0-DFC8-11CF-A635-00A0C903B29D}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A2B370C-BA0A-11D1-B137-0000F8753F5D}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DDE-BD4C-11D1-B137-0000F8753F5D}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DE3-BD4C-11D1-B137-0000F8753F5D}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DE4-BD4C-11D1-B137-0000F8753F5D}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DDF-BD4C-11D1-B137-0000F8753F5D}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC5D0DE0-BD4C-11D1-B137-0000F8753F5D}\InprocServer32\ThreadingModel
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A483937A-33EC-48F0-AFA3-7068C738ACFA}\2.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A483937A-33EC-48F0-AFA3-7068C738ACFA}\2.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A483937A-33EC-48F0-AFA3-7068C738ACFA}\2.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A483937A-33EC-48F0-AFA3-7068C738ACFA}\2.0\HELPDIR\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{93C0ED8F-9ED3-4E5A-8224-CDA56E421221}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{93C0ED8F-9ED3-4E5A-8224-CDA56E421221}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{93C0ED8F-9ED3-4E5A-8224-CDA56E421221}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{93C0ED8F-9ED3-4E5A-8224-CDA56E421221}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{93C0ED8F-9ED3-4E5A-8224-CDA56E421221}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C4481F-B228-495A-BFE3-927902F7FB5C}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C4481F-B228-495A-BFE3-927902F7FB5C}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C4481F-B228-495A-BFE3-927902F7FB5C}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C4481F-B228-495A-BFE3-927902F7FB5C}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C4481F-B228-495A-BFE3-927902F7FB5C}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92016762-671A-4AC2-A86F-36E7C00F3A16}\
Other behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = 山寨席位密码, ClassName = ThunderRT6Main.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MPE
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ThunderRT6UserControlDC]
[Window,Class] = [,ThunderRT6PictureBoxDC]
[Window,Class] = [,ThunderRT6FormDC]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 1772, Hwnd=0x202ca, Text = 526311791, ClassName = ThunderRT6TextBox.
Pid = 1772, Hwnd=0x302b8, Text = *********, ClassName = ThunderRT6TextBox.
Pid = 1772, Hwnd=0x202b0, Text = 888888, ClassName = ThunderRT6TextBox.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号