VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:dde68c06ccf197849e9750cb2ab21bcc
file type:Nsis
Production company:DiskGenius
version:4.3.0.1---4.3.0.1
Shell or compiler information:
Subfile information:DiskGenius.exedumpFile / d45e53c67ad9a738b3af2e698c83c61e / EXE
LangCRes.dlldumpFile / b924b739f14219dba3df712d6e0f2db6 / DLL
SDL.dlldumpFile / 3ea7829589775f17f3b2bd13c646d2f7 / DLL
FileType.dlldumpFile / c5f70d8f856f97bea79a233371d30af3 / DLL
VPreview.dlldumpFile / b44786a569d6708c2c2ba92d2ea172a0 / DLL
Hdrwvm.dlldumpFile / 8ac5346f617d2171392ff371f2c6d5e1 / DLL
IniCfg.dlldumpFile / 7bffd9f0b14624bd796c3b7c812c2bf4 / DLL
DGBCDX64.exedumpFile / 26feda1f01df88a22ce117f3f7f95552 / EXE
HdrwLDM.dlldumpFile / 7a79c0dbe7bd266ec01a3f231baeafac / DLL
HdrwVhd.dlldumpFile / 20673744736294515a88d0a3b6a85518 / DLL
HdrwVhdx.dlldumpFile / 68b6fb71537f9f003268f123c5284c96 / DLL
HdrwVdi.dlldumpFile / f774ae1bdca5f767d3cd7a2e68cf76df / DLL
HdrwRD.dlldumpFile / 7d555cc1be314d519173074ce7448a28 / DLL
Barray.dlldumpFile / e076d191cd53c21e810e10627b6e2105 / DLL
Charset.dlldumpFile / 69b9ba66006b03009b12fb9536b58fb2 / DLL
[NSIS].nsidumpFile / 059e847b9d354cacddeaf3a1b80f485c / Unknown
Options.inidumpFile / 215c896ebb072078fa7bee7da6fb8940 / Unknown
nsExec.dlldumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
System.dlldumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\ns6.tmp
MSCTF.MarshalInterface.FileMap.EDP..AGAJF
MSCTF.MarshalInterface.FileMap.EDP.B.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.C.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.D.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.E.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.F.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.G.PHAJF
MSCTF.MarshalInterface.FileMap.MDH..OLAJF
MSCTF.MarshalInterface.FileMap.MDH.B.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.C.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.D.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.E.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.F.OLAJF
Behavior description:隐藏指定窗口
details:[Window,Class] = [分析,Button]
[Window,Class] = [,AfxWnd90su]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,#32770]
[Window,Class] = [,SysListView32]
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\nsr5.tmp\ns6.tmp" icacls "c:\docume~1\admini~1\locals~1\temp\diskgenius\diskgenius" /grant everyone:f /t
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\ns6.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\ns6.tmp" icacls "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\DiskGenius" /grant EVERYONE:F /t
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\DiskGenius.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\DiskGenius.exe
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr5.tmp\ns6.tmp
MSCTF.MarshalInterface.FileMap.EDP..AGAJF
MSCTF.MarshalInterface.FileMap.EDP.B.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.C.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.D.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.E.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.F.PHAJF
MSCTF.MarshalInterface.FileMap.EDP.G.PHAJF
MSCTF.MarshalInterface.FileMap.MDH..OLAJF
MSCTF.MarshalInterface.FileMap.MDH.B.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.C.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.D.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.E.OLAJF
MSCTF.MarshalInterface.FileMap.MDH.F.OLAJF
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Barray.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Charset.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\DGBCDX64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\DiskGenius.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\FileType.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwLDM.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwRD.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwVdi.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwVhd.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwVhdx.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Hdrwvm.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\IniCfg.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\LangCRes.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\SDL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\VPreview.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Options.ini---> Offset = 0
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
DiskGenius
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EDP
MSCTF.Shared.MUTEX.MDH
Behavior description:隐藏指定窗口
details:[Window,Class] = [分析,Button]
[Window,Class] = [,AfxWnd90su]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,#32770]
[Window,Class] = [,SysListView32]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3888, Hwnd=0x10356, Text = DiskGenius磁盘分区及数据恢复软件, ClassName = Static.
Pid = 3888, Hwnd=0x10358, Text = 版本 4.3.0 专业版, ClassName = Static.
Pid = 3888, Hwnd=0x1035c, Text = http://www.diskgenius.cn, ClassName = Static.
Pid = 3888, Hwnd=0x10370, Text = Tab1, ClassName = SysTabControl32.
Pid = 3888, Hwnd=0x103ac, Text = 分析, ClassName = Button.
Pid = 3888, Hwnd=0x103ba, Text = 文件名:, ClassName = Static.
Pid = 3888, Hwnd=0x103bc, Text = *.*, ClassName = ComboBox.
Pid = 3888, Hwnd=0x103c0, Text = *.*, ClassName = Edit.
Pid = 3888, Hwnd=0x103c2, Text = (*.jpg;*.bmp), ClassName = Static.
Pid = 3888, Hwnd=0x103c4, Text = 已删除, ClassName = Button.
Pid = 3888, Hwnd=0x103c6, Text = 正常文件, ClassName = Button.
Pid = 3888, Hwnd=0x103c8, Text = 系统文件, ClassName = Button.
Pid = 3888, Hwnd=0x103ca, Text = 过滤, ClassName = Button.
Pid = 3888, Hwnd=0x103cc, Text = 更多>>, ClassName = Button.
Pid = 3888, Hwnd=0x103ce, Text = 大小:, ClassName = Button.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号