VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:73
Behavior list
Basic Information
MD5:d52ab9483386d68f75591d687102047e
file type:EXE
Production company:www.ipauly.com
version:2013.10.1.0---2013.10.01
Shell or compiler information:PACKER:UPX V2.00-V3.00 -> Markus Oberhumer & Laszlo Molnar & John Reiser *
Subfile information:upx30_d3cc4644dumpFile / 3a5bae2a4dfd9caa868732e24acb5823 / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EBE..AFKGH
MSCTF.MarshalInterface.FileMap.EBE.B.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.C.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.D.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.E.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.F.PHKGH
MSCTF.MarshalInterface.FileMap.EBE.G.PHKGH
MSCTF.Shared.SFM.EBE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = BOOTICE v1.2.0 - by Pauly, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [磁盘镜像处理,#32770]
[Window,Class] = [BCD 编辑,#32770]
[Window,Class] = [实用工具,#32770]
[Window,Class] = [命令行参数,#32770]
[Window,Class] = [关于,#32770]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EBE..AFKGH
MSCTF.MarshalInterface.FileMap.EBE.B.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.C.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.D.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.E.AHKGH
MSCTF.MarshalInterface.FileMap.EBE.F.PHKGH
MSCTF.MarshalInterface.FileMap.EBE.G.PHKGH
MSCTF.Shared.SFM.EBE
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\bcdedit.exe
FileName = C:\WINDOWS\system32\bcdedit.exe\*.*
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EBE
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [磁盘镜像处理,#32770]
[Window,Class] = [BCD 编辑,#32770]
[Window,Class] = [实用工具,#32770]
[Window,Class] = [命令行参数,#32770]
[Window,Class] = [关于,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_AUDIT_PRIVILEGE
SE_SECURITY_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_TAKE_OWNERSHIP_PRIVILEGE
SE_MANAGE_VOLUME_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 504079, SleepMilliseconds = 1.
TickCount = 504094, SleepMilliseconds = 1.
TickCount = 504110, SleepMilliseconds = 1.
TickCount = 504126, SleepMilliseconds = 1.
TickCount = 504141, SleepMilliseconds = 1.
TickCount = 504157, SleepMilliseconds = 1.
TickCount = 504172, SleepMilliseconds = 1.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = BOOTICE v1.2.0 - by Pauly, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 1048, Hwnd=0x202a8, Text = http://www.ipauly.com, ClassName = Static.
Pid = 1048, Hwnd=0x202a6, Text = Tab1, ClassName = SysTabControl32.
Pid = 1048, Hwnd=0x202cc, Text = 退出(&X), ClassName = Button.
Pid = 1048, Hwnd=0x202b4, Text = 物理磁盘处理, ClassName = #32770.
Pid = 1048, Hwnd=0x202b2, Text = 使用说明, ClassName = Button(GroupBox).
Pid = 1048, Hwnd=0x302ba, Text = BOOTICE 可用于安装和维护磁盘的主引导记录或分区上的引导记录。支持的引导程序主要有 WEE, GRUB4DOS, Grub2, SysLinux, Plop Boot Manager, ClassName = Static.
Pid = 1048, Hwnd=0x302bc, Text = 目标磁盘, ClassName = Button(GroupBox).
Pid = 1048, Hwnd=0x202d4, Text = HD0: VBOX HARDDISK (10.0 GB, C:), ClassName = ComboBox.
Pid = 1048, Hwnd=0x202d6, Text = 刷新(&R), ClassName = Button.
Pid = 1048, Hwnd=0x202d8, Text = 主引导记录(&M), ClassName = Button.
Pid = 1048, Hwnd=0x202c2, Text = 分区引导记录(&P), ClassName = Button.
Pid = 1048, Hwnd=0x202c4, Text = 分区管理(&G), ClassName = Button.
Pid = 1048, Hwnd=0x202c8, Text = 扇区编辑(&S), ClassName = Button.
Pid = 1048, Hwnd=0x202ca, Text = 磁盘镜像处理, ClassName = #32770.
Pid = 1048, Hwnd=0x202c6, Text = 使用说明, ClassName = Button(GroupBox).
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号