VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:e8483de2f65cb557d63b909008fc169c
file type:Rar5
Production company:
version:
Shell or compiler information:
Subfile information:Foxonic Pro.exe / 857aec9ea651a4e16c7fc7c1694e2b8a / EXE
FoxonicExt.dll / f384ce20c42d4239cb7426453f4bdf13 / DLL
she.dll / c78d004832b91624526443e76016e101 / DLL
jb51.net.txt / 1a84430e677616c4c4af9d8c52a70e8a / Unknown
uninst.bat / 37fc27e4138a3002473e7f7ad70df44d / Unknown
install.bat / 81b761098a420259e6dbc10dcd25f52a / Unknown
去脚本之家看看.url / 9d9c794d654383c012286b258556fe46 / Unknown
领取天猫淘宝内部优惠券.url.url / 16a1b19688b1b58a5ba299eafea37801 / Unknown
服务器软件.url / db4aa2c6c4e0555b3968690756e24836 / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010340, Text = Foxonic (Professional Edition), ClassName = Afx:400000:0.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010348, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010348, DC = 0x01010055.
Behavior description:获取User基本信息
details:Level = 10.
Behavior description:获取TickCount值
details:TickCount = 247375, SleepMilliseconds = 250.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: Foxonic Pro.exe, InheritedFromPID = 2000, ProcessID = 2952, ThreadID = 3036, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\桌面\*.*
FileName = C:\Documents and Settings\All Users\桌面\*.*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\root
FileName = C:\Documents and Settings\root\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\My Documents\*.*
FileName = C:\Documents and Settings\root\My Documents\*.*
FileName = C:\Documents and Settings\All Users\Documents\*.*
FileName = C:\*.*
FileName = C:\222c25ed\*.*
FileName = C:\AnalyzeControl\*.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21765
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12693
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21786
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\Address Bar\MRU List0
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\Address Bar\MRU List
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\Folders Tool Bar\Show Folders Tree
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\PDFBuildToolBarState\ToolbarStateInfo
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\FolderToolBarState\ToolbarStateInfo
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\GoToolBarState\ToolbarStateInfo
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\File Filter\Criteria_FileFiltType
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\File Filter\Criteria_ShowJPGFile
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\File Filter\Criteria_ShowJPG2KFile
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\File Filter\Criteria_ShowTIFFile
\REGISTRY\USER\S-*\Software\Caisdata Software\Foxonic (Professional Edition)\File Filter\Criteria_ShowBMPFile
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Global\winlogon: Logon UserProfileMapping Mutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MIL
Behavior description:枚举网络共享资源
details:N/A
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.MIL.IC
EventName = MSCTF.SendReceiveConection.Event.MIL.IC
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,GINA Logon]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:窗口信息
details:Pid = 2952, Hwnd=0x1037a, Text = &Close, ClassName = Button.
Pid = 2952, Hwnd=0x1037c, Text = &Register..., ClassName = Button.
Pid = 2952, Hwnd=0x1037e, Text = &Buy Online..., ClassName = Button.
Pid = 2952, Hwnd=0x10382, Text = Thanks for using Foxonic - a powerful PDF tool., ClassName = Static.
Pid = 2952, Hwnd=0x10384, Text = After a 30 day trial period, if you are satisfied with it,, ClassName = Static.
Pid = 2952, Hwnd=0x10386, Text = you are encouraged to purchase a license from us, ClassName = Static.
Pid = 2952, Hwnd=0x10388, Text = and get rid of all the limitations of unregistered , ClassName = Static.
Pid = 2952, Hwnd=0x1038a, Text = version., ClassName = Static.
Pid = 2952, Hwnd=0x10378, Text = Please purchase license, ClassName = #32770.
Pid = 2952, Hwnd=0x10348, Text = Error, ClassName = SysTreeView32.
Pid = 2952, Hwnd=0x10368, Text = Address, ClassName = Static.
Pid = 2952, Hwnd=0x10372, Text = C:\Documents and Settings\Administrator\桌面, ClassName = ComboBox.
Pid = 2952, Hwnd=0x10376, Text = C:\Documents and Settings\Administrator\桌面, ClassName = Edit.
Pid = 2952, Hwnd=0x10370, Text = Total 22.5 KB in 1 file, ClassName = msctls_statusbar32.
Pid = 2952, Hwnd=0x10340, Text = Foxonic (Professional Edition), ClassName = Afx:400000:0.
Behavior description:获取User基本信息
details:Level = 10.
Behavior description:获取TickCount值
details:TickCount = 247375, SleepMilliseconds = 250.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010340, Text = Foxonic (Professional Edition), ClassName = Afx:400000:0.
Behavior description:枚举窗口
details:N/A
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010348, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010348, DC = 0x01010055.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [Foxonic (Professional Edition),Afx:400000:0]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号