VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:ef85b695788eda2f3a9ab16cd5e08ebc
file type:EXE
Production company:
version:5.1.0.1117
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:molebox_a_3d53a213dumpFile / big file / EXE
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,BCGPTabWnd:400000:8:10011:10]
[Window,Class] = [,ComboLBox]
[Window,Class] = [格式,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [属性,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [,Edit]
[Window,Class] = [基本工具栏,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [视图,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [编辑,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [常用工具,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [Helvetica,ComboBox]
[Window,Class] = [12,ComboBox]
[Window,Class] = [查找,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [表单,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [注释,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [绘图,BCGPToolBar:400000:8:10011:10]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = c:\%temp%\1412907774.623619.exe, CmdLine = "c:\%temp%\1412907774.623619.exe" -undisplayinbrowser
File behavior
Behavior description:写权限映射文件
details:Local\UrlZonesSM_Administrator
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Foxit Software\福昕PDF阅读器 5.1\Recent File List
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Foxit Software\福昕PDF阅读器 5.1\Preferences\Languages\langid
\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.Document\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.Document\EditFlags
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.Document\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.Document\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.Document\shell\print\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.Document\shell\printto\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\.fdf\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.FDFDoc\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.FDFDoc\EditFlags
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.FDFDoc\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.FDFDoc\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.FDFDoc\shell\print\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.FDFDoc\shell\printto\command\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.Document\BrowserFlags
\REGISTRY\MACHINE\SOFTWARE\Classes\.fdf\
\REGISTRY\MACHINE\SOFTWARE\Classes\FoxitReader.FDFDoc\BrowserFlags
Other behavior
Behavior description:窗口信息
details:Pid = 1212, Hwnd=0xa0352, Text = 运行福昕PDF阅读器时总是执行此检查。, ClassName = Button(CheckBox).
Pid = 1212, Hwnd=0x90338, Text = 是(&Y), ClassName = Button.
Pid = 1212, Hwnd=0x7034e, Text = 否(&N), ClassName = Button.
Pid = 1212, Hwnd=0x7034c, Text = 当前福昕PDF阅读器不是您系统中默认的PDF文件浏览器,是否要设置福昕PDF阅读器为默认PDF浏览器?, ClassName = Static.
Pid = 1212, Hwnd=0x60376, Text = 设置福昕PDF阅读器为默认PDF阅读器后,您可以双击PDF文件启动福昕PDF阅读器打开文件,或者直接使用您的浏览器阅读网络上的PDF 文件。, ClassName = Static.
Pid = 1212, Hwnd=0x80366, Text = 想设置其他PDF阅读器为默认的阅读器,您需要运行其他阅读器,并将其设置为默认。, ClassName = Static.
Pid = 1212, Hwnd=0x7033c, Text = 福昕PDF阅读器, ClassName = #32770.
Pid = 1212, Hwnd=0xb01ce, Text = 搜索PDF, ClassName = ControlBar:400000:8:10011:10.
Pid = 1212, Hwnd=0xb01a2, Text = Advertisement, ClassName = Static.
Pid = 1212, Hwnd=0xa037c, Text = 绘图, ClassName = BCGPToolBar:400000:8:10011:10.
Pid = 1212, Hwnd=0xb0336, Text = 注释, ClassName = BCGPToolBar:400000:8:10011:10.
Pid = 1212, Hwnd=0xb03b0, Text = 表单, ClassName = BCGPToolBar:400000:8:10011:10.
Pid = 1212, Hwnd=0xc017a, Text = 属性, ClassName = BCGPToolBar:400000:8:10011:10.
Pid = 1212, Hwnd=0xc01b2, Text = 格式, ClassName = BCGPToolBar:400000:8:10011:10.
Pid = 1212, Hwnd=0xb018a, Text = Helvetica, ClassName = ComboBox.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,BCGPTabWnd:400000:8:10011:10]
[Window,Class] = [,ComboLBox]
[Window,Class] = [格式,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [属性,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [,Edit]
[Window,Class] = [基本工具栏,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [视图,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [编辑,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [常用工具,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [Helvetica,ComboBox]
[Window,Class] = [12,ComboBox]
[Window,Class] = [查找,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [表单,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [注释,BCGPToolBar:400000:8:10011:10]
[Window,Class] = [绘图,BCGPToolBar:400000:8:10011:10]
Behavior description:创建互斥体
details:oleacc-msaa-loaded
WriteRegiter
福昕PDF阅读器
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号