VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:e660b7b70675fc4e7f0cd45243a3e0f3
file type:Nsis
Production company:$t@t!c_V()!D
version:1.0.4.30---1.5 RC2
Shell or compiler information:
Subfile information:Main.dll / big file / DLL
steamclient.dll / big file / DLL
ClientRegistry.blob / 208c1a8c2ea31c771f936e10857bc3ba / Unknown
Steam.dll / a9c9d7a25ba984b3a01758baf53fdbd5 / DLL
pecompact2x_0b83bc2cdumpFile / big file / DLL
rain.dll / fd099518479b7b7ba3a37563d18631da / DLL
steamclient.dll / 4c7da407b410e1a3b5091eb5e151d8bf / DLL
ClientRegistry.blob / 8118ceb95a12ed47030b0a62e59a58c3 / Unknown
upx_c_df13df36dumpFile / f57503e5348846a57cb3817f87d19968 / EXE
7_zip32.dll / aa8fe395e1c77e8d6fbba8c61fd2e8d7 / DLL
vstdlib_s.dll / 668ecb996b0a3cd92850b29fdf8bac40 / DLL
Steam.dll / 270580201888767c8322451989bf2be8 / DLL
achievement_4000.bin / bab4416549164036147db0f43ade72ea / Unknown
upx_c_22dfdf19dumpFile / 4c68308d85e6b28e005ecbabd924cd52 / EXE
Steam.dll / 522ad05d1d99c788aa17074e4746cc38 / DLL
steamclient.dll / 35fbb46fd2a04967ac03763f43b2756f / DLL
lua.dll / 9ef8fe20bbfa664a5d6f5730ebc09192 / DLL
Steam.dll / 67e0b52c5f687bd4903a52128e9a05af / DLL
tier0_s.dll / bcaee3fdf4116b795bf424d01ae2f8ba / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
madExceptSettingsBuf2$b3c
madExceptThreadNameBuf$b3c
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.EBP..NAILH
MSCTF.MarshalInterface.FileMap.EBP.B.NAILH
MSCTF.MarshalInterface.FileMap.EBP.C.NAILH
MSCTF.MarshalInterface.FileMap.EBP.D.NAILH
MSCTF.MarshalInterface.FileMap.EBP.E.NAILH
MSCTF.MarshalInterface.FileMap.EBP.F.NAILH
MSCTF.MarshalInterface.FileMap.EBP.G.NAILH
MSCTF.MarshalInterface.FileMap.EEL..LIKMH
MSCTF.Shared.SFM.EBP
MSCTF.MarshalInterface.FileMap.EEL.B.HLCOH
MSCTF.MarshalInterface.FileMap.EEL.C.HLCOH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202b4, Text = Phoenix 1.5 RC2, ClassName = #32770.
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Phoenix.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [,Button]
[Window,Class] = [Mod &settings,Button]
[Window,Class] = [Footage,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Save_Thumb.BMP,Static]
[Window,Class] = [NO SAVES for the selected mod! (maybe, it hasn"t yet been launched).,Static]
[Window,Class] = [Singleplayer,Button]
[Window,Class] = [Map,Button]
[Window,Class] = [Filter by,Button]
[Window,Class] = [All,ComboBox]
[Window,Class] = [,ComboBox]
[Window,Class] = [Save,Button]
[Window,Class] = [Game,Button]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
madExceptSettingsBuf2$b3c
madExceptThreadNameBuf$b3c
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.EBP..NAILH
MSCTF.MarshalInterface.FileMap.EBP.B.NAILH
MSCTF.MarshalInterface.FileMap.EBP.C.NAILH
MSCTF.MarshalInterface.FileMap.EBP.D.NAILH
MSCTF.MarshalInterface.FileMap.EBP.E.NAILH
MSCTF.MarshalInterface.FileMap.EBP.F.NAILH
MSCTF.MarshalInterface.FileMap.EBP.G.NAILH
MSCTF.MarshalInterface.FileMap.EEL..LIKMH
MSCTF.Shared.SFM.EBP
MSCTF.MarshalInterface.FileMap.EEL.B.HLCOH
MSCTF.MarshalInterface.FileMap.EEL.C.HLCOH
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Phoenix.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\RainCWrapper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\rain.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\SimDecrypt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\VDFParse.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\lua.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\Main.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\JPfljzyA.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\unicode.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\NSISArray.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\GCFeX.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\bkg_work.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\Phx_ShellExt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Plugins\Phx_Default.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Plugins\Phx_SourceSDK.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\rain.log---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_settings.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_settings.ini---> Offset = 25
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_debug_log.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_settings.ini---> Offset = 48
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\module_settings.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\module_settings.ini---> Offset = 63
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_settings.ini---> Offset = 61
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\module_settings.ini---> Offset = 122
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\Prelaunch_anim.gif---> Offset = 17252
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\logo.png---> Offset = 32447
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_debug_log.txt---> Offset = 90
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_debug_log.txt---> Offset = 248
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_debug_log.txt---> Offset = 325
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_debug_log.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\RainCWrapper.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\rain.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\SimDecrypt.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\SharedDLLs\VDFParse.dll
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\FileSystem\NtfsDisable8dot3NameCreation
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Phoenix_Mutex
madExceptSettingsMtx$b3c
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EBP
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [,Button]
[Window,Class] = [Mod &settings,Button]
[Window,Class] = [Footage,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Save_Thumb.BMP,Static]
[Window,Class] = [NO SAVES for the selected mod! (maybe, it hasn"t yet been launched).,Static]
[Window,Class] = [Singleplayer,Button]
[Window,Class] = [Map,Button]
[Window,Class] = [Filter by,Button]
[Window,Class] = [All,ComboBox]
[Window,Class] = [,ComboBox]
[Window,Class] = [Save,Button]
[Window,Class] = [Game,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 503728, SleepMilliseconds = 10.
TickCount = 503744, SleepMilliseconds = 10.
TickCount = 503775, SleepMilliseconds = 10.
TickCount = 503791, SleepMilliseconds = 10.
TickCount = 504260, SleepMilliseconds = 10.
TickCount = 504275, SleepMilliseconds = 10.
TickCount = 504306, SleepMilliseconds = 10.
TickCount = 504338, SleepMilliseconds = 10.
TickCount = 504353, SleepMilliseconds = 10.
TickCount = 504385, SleepMilliseconds = 10.
TickCount = 504400, SleepMilliseconds = 10.
TickCount = 504416, SleepMilliseconds = 10.
TickCount = 504431, SleepMilliseconds = 10.
TickCount = 504447, SleepMilliseconds = 10.
TickCount = 504463, SleepMilliseconds = 10.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202b4, Text = Phoenix 1.5 RC2, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2876, Hwnd=0x202ae, Text = Unpacking data..., ClassName = Static.
Pid = 2876, Hwnd=0x202aa, Text = Teh text :D, ClassName = Static.
Pid = 2876, Hwnd=0x202ac, Text = Skip >>, ClassName = Button.
Pid = 2876, Hwnd=0x402be, Text = Cancel, ClassName = Button.
Pid = 2876, Hwnd=0x302da, Text = Loading, ClassName = #32770.
Pid = 2876, Hwnd=0x302ba, Text = Additional options, ClassName = Button.
Pid = 2876, Hwnd=0x302bc, Text = Mod options, ClassName = Button.
Pid = 2876, Hwnd=0x202d4, Text = Mod options, ClassName = Button.
Pid = 2876, Hwnd=0x302dc, Text = Manual, ClassName = Button.
Pid = 2876, Hwnd=0x202c4, Text = Phoenix v1.5 RC2 from 12.02.2012, 17:46:34, ClassName = Static.
Pid = 2876, Hwnd=0x202ae, Text = Self-tuning..., ClassName = Static.
Pid = 2876, Hwnd=0x5026a, Text = 是(&Y), ClassName = Button.
Pid = 2876, Hwnd=0x6029a, Text = 否(&N), ClassName = Button.
Pid = 2876, Hwnd=0x502d0, Text = Create shortcut on desktop?, ClassName = Static.
Pid = 2876, Hwnd=0x6028c, Text = Phoenix 1.5 RC2, ClassName = #32770.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\About_logo.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\Banner_Phoenix_mainPage.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\GCFProcMode_Screen_0.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\GCFProcMode_Screen_1.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\GSgame.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\No_ModZ_Back.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\No_ModZ_Back_.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\No_SaveThumb.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\No_saves.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\Phoenix_logo.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\ShellCFG_modlaunch.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_Data\Res\gs_Save.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\Emus\Rev\platform\avatar32x32.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\Emus\Rev\platform\avatar64x64.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Phx_data\Res\ModZ_Thumbs\Awakening.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号