VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:dc57171b782da054d9a718594abf17d3
file type:Compound
Production company:
version:
Shell or compiler information:
Subfile information:logo.png / aed2ec38b96cb889b2982963506cb217 / Unknown
Thumbs.db / 6761b7af6b656ac015cda345429dbb59 / Compound
256_fc9ba4642e18433c / fde7f1e64a7c0f890f167a3318f3c0fe / Unknown
icon.png / 040bfca8ef520105ec682141ddaffae2 / Unknown
help.png / d99c7990830464fd32b4916923a94c75 / Unknown
timg.jpg / 91f28b67f14333159482ce61ad361e9a / Unknown
defaultset.html / a9436ead9cc2c2efe93bd0e8af34e00a / Unknown
kefutset.html / bbe6bb345b772e9fcc586289de990f0c / Unknown
Thumbs.db / 162be055cef044ac3c370268c7e8ce02 / Compound
256_17c9a48230ac5162 / cb64c72a38b6cfd7c18f98037614c464 / lzma
256_c747a2101034d13 / 647e0b592b104f39adb3d51deb6d176f / lzma
256_262bbaaf489ea45c / b75179a44f6e0fe77d24fd0246efdbcb / lzma
kefu.php / c8fdfdf1ae9a113c84d0ad0e90f362de / Unknown
256_daaa515efb824a3a / cc039a5e2bf8d988c419ccdfb38993d3 / lzma
site.php / 056f975aaa2e7fe6544d78ee47be1df0 / Unknown
kefu_bak.php / b8447a2f4653c4b3a1dd00f9e34741b5 / Unknown
kefuset.html / 60f32dc10c0f7e49a9e37a4afafa727d / Unknown
256_e4a839a09ea7d463 / 3d00500162feb3ca56179b1b2cf2b307 / lzma
manifest.xml / 09f099d29c69deea626e36fac17be13d / Unknown
Process behavior
Behavior description:创建本地线程
details:TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3220, ThreadID = 3244, StartAddress = 01002FD4, Parameter = 008E44C0
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3220, ThreadID = 3260, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3220, ThreadID = 3288, StartAddress = 765E964D, Parameter = 001BD038
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3220, ThreadID = 3304, StartAddress = 77E56C7D, Parameter = 001B7268
TargetProcess: wscript.exe, InheritedFromPID = 2000, ProcessID = 3220, ThreadID = 3308, StartAddress = 769AE43B, Parameter = 001C1198
File behavior
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\qidong_app\siteinfo.js
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:MSFT.VSA.COM.DISABLE.3220
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 3220, Hwnd=0x10348, Text = 确定, ClassName = Button.
Pid = 3220, Hwnd=0x1034c, Text = 脚本: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\qidong_app\siteinfo.js 行: 2 字符: 1 错误: "module" 未定义 代码: 800A1391 源: Microsoft JScript 运行时错误 , ClassName = Static.
Pid = 3220, Hwnd=0x10344, Text = Windows Script Host, ClassName = #32770.
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号