VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:e8038e4176faa160e9983e8b27295f07
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:5.0正式版64位(使用前请先重命名).exe / big file / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
432015MMRunning
d
DfRoot0003D5969
DfRoot0003D597B
DfRoot0003D598D
DfRoot0003D59DA
DfRoot0003D5A27
DfRoot0003D5A39
DfRoot0003D5A4B
DfRoot0003D5A5D
DfRoot0003D5A6F
MSCTF.MarshalInterface.FileMap.MNF..DNIJH
MSCTF.MarshalInterface.FileMap.MNF.B.COIJH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [确定,Button]
[Window,Class] = [取消,Button]
[Window,Class] = [应用(&A),Button]
[Window,Class] = [帮助,Button]
[Window,Class] = [软件说明页,#32770]
[Window,Class] = [设置,#32770]
[Window,Class] = [脚本的属性页,#32770]
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\DINPUT8.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445842746.654280.exe_7zdump\cfgdll.dll
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445842746.560524.exe_7zdump\plugin\COLOR.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445842746.564041.exe_7zdump\cfgdll.dll
C:\Documents and Settings\Administrator\Application Data\mymacro\qdisp.dll
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = KERNEL32.DLL
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
432015MMRunning
d
DfRoot0003D5969
DfRoot0003D597B
DfRoot0003D598D
DfRoot0003D59DA
DfRoot0003D5A27
DfRoot0003D5A39
DfRoot0003D5A4B
DfRoot0003D5A5D
DfRoot0003D5A6F
MSCTF.MarshalInterface.FileMap.MNF..DNIJH
MSCTF.MarshalInterface.FileMap.MNF.B.COIJH
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\background.bmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fcbackground.bmp
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\4.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\5.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\8.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\B.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\C.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\D.tmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugin.zip---> Offset = 8192
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mymacro.zip---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\background.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445842746.787499.exe_7zdump\ShieldModule.dat---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e93E.tmp---> Offset = 0
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://c.nishuoa.com/banner/Q09972.htm hInternet = 0x00000564
Behavior description:读取网络文件
details:hFile = 0x00000564, BytesToRead =4096, BytesRead = 4096.
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMVBSRoutine\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMVBSRoutine\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMLibrary\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMLibrary\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InProcServer32\
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [确定,Button]
[Window,Class] = [取消,Button]
[Window,Class] = [应用(&A),Button]
[Window,Class] = [帮助,Button]
[Window,Class] = [软件说明页,#32770]
[Window,Class] = [设置,#32770]
[Window,Class] = [脚本的属性页,#32770]
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\DINPUT8.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445842746.654280.exe_7zdump\cfgdll.dll
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 252, Hwnd=0x302ba, Text = TAB定位, ClassName = Static.
Pid = 252, Hwnd=0x202d4, Text = 用来给背景位图定位, ClassName = Static.
Pid = 252, Hwnd=0x202ae, Text = 软件说明页, ClassName = #32770.
Pid = 252, Hwnd=0x202aa, Text = Static, ClassName = Button(GroupBox).
Pid = 252, Hwnd=0x502ce, Text = 电信1注册, ClassName = ComboBox.
Pid = 252, Hwnd=0x202d0, Text = 用户名登录, ClassName = Button(GroupBox).
Pid = 252, Hwnd=0x202d2, Text = 请输入注册码, ClassName = Static.
Pid = 252, Hwnd=0x102de, Text = 注册码登录, ClassName = Button(GroupBox).
Pid = 252, Hwnd=0x102e0, Text = 您好,欢迎使用本产品,请先登录后再使用, ClassName = Static.
Pid = 252, Hwnd=0x102e2, Text = 注销, ClassName = Button.
Pid = 252, Hwnd=0x102e4, Text = 登录, ClassName = Button.
Pid = 252, Hwnd=0x102e6, Text = 注册, ClassName = Button.
Pid = 252, Hwnd=0x102e8, Text = 解除绑定, ClassName = Button.
Pid = 252, Hwnd=0x102ea, Text = 试用, ClassName = Button.
Pid = 252, Hwnd=0x102ec, Text = 充值, ClassName = Button.
Behavior description:枚举窗口
details:N/A
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\background.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fcbackground.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号