VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:dc37da6dd547a325742d532d02582f0f
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:log_2015_10_23_1445582646.log / 16c439e1ca1e48b12a10c20b1aa8d4d1 / Unknown
libeay32.dll / 9c6bb72aeedd87fbfc6866edcfd592fa / DLL
krnln.fnr / 44e2ca67c060fbe3dc0d030149f5a478 / DLL
log_2015_10_23_1445545216.log / cfc395a5a14412b3cec532c8d98b410a / Unknown
log_2015_10_23_1445584228.log / e9d5fa23a929704a4bc7d274e861a583 / Unknown
log_2015_10_23_1445583328.log / f2077e55a74b59a24ec084964556d5ac / Unknown
大杀器(专业过滤消息30年).exe / 94a3fb8ad16424030f6aba3cf234bfd1 / EXE
log_2015_10_23_1445542578.log / 6c89ada7761ebda8f072c849618b71b6 / Unknown
log_2015_10_23_1445544512.log / 6319405bb39f724e25498ecbbf744c98 / Unknown
HtmlView.fne / 2c0b196cb4b98677c77aa810e7f1f072 / DLL
iext.fnr / 3f1b2b497172b65f7bb15453d0d93de0 / DLL
log_2015_10_23_1445544658.log / 4291cc66d1838e44cdfdb5ef63c5ded6 / Unknown
edroptarget.fne / ca77aec89bd2f81bbef77ff26b88148a / DLL
zlib1.dll / b8a9e91134e7c89440a0f95470d5e47b / DLL
spec.fne / 51d7be0ca4431fec32d0ba0978cb2cae / DLL
EThread.fne / 206396257b97bd275a90ce6c2c0c37fd / DLL
gzip.dll / 5eb4e7c1a48e211c2645080d4fb9d7b4 / DLL
黑名单.ini / 7fa6be621dc32ef4c10d97984997b742 / Unknown
config.ini / d9489b115bcfb45a36a15a286daff99a / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EDC..LNNGH
MSCTF.MarshalInterface.FileMap.EDC.B.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.C.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.D.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.E.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.F.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.G.LNNGH
MSCTF.Shared.SFM.EDC
Behavior description:隐藏指定窗口
details:[Window,Class] = [StatSvc.register,Button]
[Window,Class] = [friendlist.GetTroopListReqV2,Button]
[Window,Class] = [,SysListView32]
[Window,Class] = [,Edit]
[Window,Class] = [写,Button]
[Window,Class] = [TCP重连,Button]
[Window,Class] = [StatSvc.get,Button]
[Window,Class] = [SendMSG,Button]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EDC..LNNGH
MSCTF.MarshalInterface.FileMap.EDC.B.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.C.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.D.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.E.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.F.LNNGH
MSCTF.MarshalInterface.FileMap.EDC.G.LNNGH
MSCTF.Shared.SFM.EDC
Network behavior
Behavior description:建立到一个指定的套接字连接
details:120.198.199.172:8080
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EDC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [StatSvc.register,Button]
[Window,Class] = [friendlist.GetTroopListReqV2,Button]
[Window,Class] = [,SysListView32]
[Window,Class] = [,Edit]
[Window,Class] = [写,Button]
[Window,Class] = [TCP重连,Button]
[Window,Class] = [StatSvc.get,Button]
[Window,Class] = [SendMSG,Button]
Behavior description:窗口信息
details:Pid = 1772, Hwnd=0x202ac, Text = 提示:为了避免误会盗号,软件没有检测密码是否正确的代码,如果登录后不显示昵 称则是密码错误登录失败的!点击登录无反应则需要进安全, ClassName = Afx:10f0000:b:10011:19
Pid = 1772, Hwnd=0x202aa, Text = QQ密码, ClassName = Afx:10f0000:b:10011:1900015:0.
Pid = 1772, Hwnd=0x202ae, Text = QQ帐号, ClassName = Afx:10f0000:b:10011:1900015:0.
Pid = 1772, Hwnd=0x202b0, Text = SendMSG, ClassName = Button.
Pid = 1772, Hwnd=0x302da, Text = wtlogin_exchange_emp, ClassName = Button.
Pid = 1772, Hwnd=0x202c6, Text = VisitorSvc.ReqFavorite, ClassName = Button.
Pid = 1772, Hwnd=0x202c8, Text = StatSvc.get, ClassName = Button.
Pid = 1772, Hwnd=0x202c4, Text = TCP重连, ClassName = Button.
Pid = 1772, Hwnd=0x202c2, Text = 写, ClassName = Button.
Pid = 1772, Hwnd=0x302bc, Text = friendlist.GetTroopListReqV2, ClassName = Button.
Pid = 1772, Hwnd=0x202b4, Text = StatSvc.register, ClassName = Button.
Pid = 1772, Hwnd=0x202cc, Text = 登录, ClassName = Button.
Pid = 1772, Hwnd=0x202a8, Text = 大杀器, ClassName = WTWindow.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号