VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :
基本信息
MD5:db462fb7aaac9b6b0ae5f651fa0c4dcc
包名:
最低运行环境:
版权:
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00010350, Text = legend of mir2, ClassName = TFrmMain.
hWnd = 0x00010340, Text = legend of mir2, ClassName = TApplication.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2768, ThreadID = 2780, StartAddress = 719CD33A, Parameter = 0018C598
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\mir.ini
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\mir.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\mir.ini ---> Offset = 20
C:\Documents and Settings\Administrator\Local Settings\%temp%\mir.ini ---> Offset = 29
C:\Documents and Settings\Administrator\Local Settings\%temp%\mir.ini ---> Offset = 38
C:\Documents and Settings\Administrator\Local Settings\%temp%\mir.ini ---> Offset = 47
C:\Documents and Settings\Administrator\Local Settings\%temp%\mir.ini ---> Offset = 56
行为描述:查找文件
详情信息:FileName = Patch#n.dat
FileName = .\wav\sound.lst
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = Data\Tiles.wil
FileName = Data\Objects.wil
FileName = Data\Objects2.wil
FileName = Data\Objects3.wil
FileName = Data\Objects4.wil
FileName = Data\Objects5.wil
FileName = Data\Objects6.wil
FileName = Data\Objects7.wil
FileName = Data\SmTiles.wil
FileName = Data\Prguse.wil
FileName = Data\Prguse2.wil
FileName = Data\ChrSel.wil
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:IP: **.174.174.**:7000, SOCKET = 0x000000d8
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DirectSound DllMain mutex (0x00000AD0)
DirectSound Administrator shared thread array (lock)
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ENK
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.ENK.IC
EventName = MSCTF.SendReceiveConection.Event.ENK.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [,legend of mir2]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
行为描述:窗口信息
详情信息:Pid = 2768, Hwnd=0x1036e, Text = OK, ClassName = TButton.
Pid = 2768, Hwnd=0x30364, Text = Warning, ClassName = TMessageForm.
Pid = 2768, Hwnd=0x10350, Text = legend of mir2, ClassName = TFrmMain.
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00010350, Text = legend of mir2, ClassName = TFrmMain.
hWnd = 0x00010340, Text = legend of mir2, ClassName = TApplication.
行为描述:枚举窗口
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [legend of mir2,TFrmMain]
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号