VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:e5f91dd699b057dc55e8d8df53775575
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:修正第十五版.exe / 40efbfccef46dd35be15437175c81757 / EXE
属性+500.txt / 8e7c021eb0dc4e84815a7bf2b6615737 / Unknown
属性+1000.txt / 259f7fd9da067ef41c1b637194ab9b26 / Unknown
属性+5000.txt / a51de9a853fda24269f6429646b696b4 / Unknown
属性+2500.txt / 2ac9d77fd0b00aa9a9a0e9c27039aa91 / Unknown
属性+200.txt / 1fac864b036600ac21e15367d79e81cf / Unknown
属性+10000.txt / 9075951626a81b0f1702c80116e85852 / Unknown
移动与跳跃.txt / 8aa559be4f6b8b7e0e864461b292a3e2 / Unknown
隐身与隐分身.txt / 3d74681154e659669fce950fca268b69 / Unknown
属性+20000.txt / 79c5665981a2f7c71b8f72ae1c043483 / Unknown
属性+30000.txt / 436da02c13708723780d021bf05d0d62 / Unknown
cxz.sys / 7fc8f430b830c119640c606de9bb907c / SYS
下载软件_免费下载单机游戏_手机游戏下载大全_psp游戏_下载快播_九号塔下载.url / e72e9981842831eb218833aef1bb5b67 / Unknown
更新说明.txt / 5d78b5255c788dd96edb385e05c757c9 / Unknown
使用说明(必看).txt / 1c274c6d8df8d4799c34ab8b6ae73267 / Unknown
Key behavior
Behavior description:常规加载驱动
details:\??\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz\cxz.sys
Behavior description:创建系统服务
details:[服务创建成功]: ialdnwxf, C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz\cxz.sys
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne
C:\WINDOWS\system32\SkinH_EL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\xmp.she
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz\cxz.sys
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne
C:\WINDOWS\system32\SkinH_EL.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne ---> Offset = 0
C:\WINDOWS\system32\SkinH_EL.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz\cxz.sys ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\xmp.she ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS\system32\SkinH_EL.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xmp.she
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz/小豪数据.ini
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AJL
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Wait For Buffer Return
EventName = MSCTF.SendReceive.Event.AJL.IC
EventName = MSCTF.SendReceiveConection.Event.AJL.IC
Behavior description:删除服务
details:[DeleteService] ServiceStartName: , DisplayName: ialdnwxf, BinaryPathName: \??\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz\cxz.sys
Behavior description:常规加载驱动
details:\??\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz\cxz.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MapleStoryClass,]
Behavior description:窗口信息
details:Pid = 2956, Hwnd=0x10470, Text = 是(&Y), ClassName = Button.
Pid = 2956, Hwnd=0x10472, Text = 否(&N), ClassName = Button.
Pid = 2956, Hwnd=0x10476, Text = 外挂装载驱动失败! 将无法过7.1登录器! 是否继续运行外挂? , ClassName = Static.
Pid = 2956, Hwnd=0x1046e, Text = 失败, ClassName = #32770.
Pid = 2956, Hwnd=0x1046a, Text = 能力值, ClassName = Button(CheckBox).
Pid = 2956, Hwnd=0x10468, Text = 魔法防御, ClassName = Button(CheckBox).
Pid = 2956, Hwnd=0x10466, Text = 物理防御, ClassName = Button(CheckBox).
Pid = 2956, Hwnd=0x10464, Text = 命中率, ClassName = Button(CheckBox).
Pid = 2956, Hwnd=0x10462, Text = 回避率, ClassName = Button(CheckBox).
Pid = 2956, Hwnd=0x10460, Text = 魔法力, ClassName = Button(CheckBox).
Pid = 2956, Hwnd=0x1044c, Text = 点击此处手动更新数据, ClassName = Button.
Pid = 2956, Hwnd=0x1044a, Text = 【各项属性辅助系列】 【轻功】 【隐身】 【隐分身】 均不能使用时! 请自行更新数据即可!, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2956, Hwnd=0x10448, Text = ↑↑先打勾,后召唤!否则掉线!↑↑, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2956, Hwnd=0x10446, Text = 选择进程载入, ClassName = Button.
Pid = 2956, Hwnd=0x103f2, Text = 注意!这里的辅助均不能确保可以过防挂登录器检测!, ClassName = Afx:10000000:b:10011:1900015:0.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:停止系统服务
details:ServiceName = ialdnwxf
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne(签名验证: 未通过)
C:\WINDOWS\system32\SkinH_EL.dll(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [坐标辅助,Button]
[Window,Class] = [定点吸怪,Button]
[Window,Class] = [乱飞 Alt+F3,Button]
[Window,Class] = [飞天 Alt+F2,Button]
[Window,Class] = [过图 Alt+F1,Button]
[Window,Class] = [自动检测,Button]
[Window,Class] = [遇到,Afx:10000000:b:10011:1900015:0]
[Window,Class] = [1,Edit]
[Window,Class] = [人报警,Afx:10000000:b:10011:1900015:0]
[Window,Class] = [人,Afx:10000000:b:10011:1900015:0]
[Window,Class] = [,Edit]
[Window,Class] = [当前地图,Afx:10000000:b:10011:1900015:0]
[Window,Class] = [定时按键,Button]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> 638e737b2293cf7b1f14c0b4fb1f3289
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\shell.fne ---> d54753e7fc3ea03aec0181447969c0e8
C:\WINDOWS\system32\SkinH_EL.dll ---> bd42ef63fc0f79fdaaeca95d62a96bbb
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:创建系统服务
details:[服务创建成功]: ialdnwxf, C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\mxdxhfz\cxz.sys
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\shell.fne.
Image: C:\WINDOWS\system32\SkinH_EL.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号