VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:f25e78c7a24c0c0e7caf6b7815525391
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Elan
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [物品交换,Button]
[Window,Class] = [物品他用,Button]
[Window,Class] = [,Button]
[Window,Class] = [,Afx:10000000:b:10011:1900015:0]
[Window,Class] = [显血设置,Button]
[Window,Class] = [鼠标设置,Button]
[Window,Class] = [键前事件,Button]
[Window,Class] = [键后事件,Button]
[Window,Class] = [一键方式,Button]
[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [传送回城,Button]
[Window,Class] = [声音,Button]
[Window,Class] = [自动开关,Button]
[Window,Class] = [使用计数,Button]
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
\Documents and Settings\Administrator\IETldCache\index.datndex.dat_245760
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
MSCTF.MarshalInterface.FileMap.MNJ..FHLFF
MSCTF.MarshalInterface.FileMap.MNJ.B.DNLFF
MSCTF.MarshalInterface.FileMap.MNJ.C.DNLFF
MSCTF.MarshalInterface.FileMap.MNJ.D.DNLFF
MSCTF.MarshalInterface.FileMap.MNJ.E.DNLFF
MSCTF.MarshalInterface.FileMap.MNJ.F.DNLFF
MSCTF.MarshalInterface.FileMap.MNJ.G.DNLFF
MSCTF.MarshalInterface.FileMap.MNJ.H.DNLFF
MSCTF.MarshalInterface.FileMap.MNJ.I.DNLFF
\WINDOWS\system32\zh-cn\mshtml.dll.mui
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[3]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\info_48[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\down[2]---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = www.warzh.cn, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1032
Behavior description:打开HTTP请求
details:HttpOpenRequestA: www.warzh.cn:80/tool/, hConnect = 0x000004a4
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\c:!documents and settings!administrator!ietldcache!
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Local\!PrivacIE!SharedMemory!Mutex
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MNJ
Behavior description:窗口信息
details:Pid = 2520, Hwnd=0x103b0, Text = X, ClassName = Button.
Pid = 2520, Hwnd=0x1039a, Text = -, ClassName = Button.
Pid = 2520, Hwnd=0x10394, Text = 雨之神助-V5.4 =WWW.WarZH.CN=, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2520, Hwnd=0x10466, Text = 声音, ClassName = Button(GroupBox).
Pid = 2520, Hwnd=0x10462, Text = 自动开关, ClassName = Button(GroupBox).
Pid = 2520, Hwnd=0x10458, Text = 使用计数, ClassName = Button(GroupBox).
Pid = 2520, Hwnd=0x10460, Text = 0, ClassName = Edit.
Pid = 2520, Hwnd=0x1045e, Text = 0, ClassName = Edit.
Pid = 2520, Hwnd=0x1045c, Text = 0, ClassName = Edit.
Pid = 2520, Hwnd=0x1045a, Text = 普通 特殊 共, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2520, Hwnd=0x103bc, Text = 开始使用, ClassName = Button.
Pid = 2520, Hwnd=0x10390, Text = 制作:IDLE ——————, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2520, Hwnd=0x1048c, Text = 设置, ClassName = Button.
Pid = 2520, Hwnd=0x10484, Text = 查键, ClassName = Button.
Pid = 2520, Hwnd=0x1048e, Text = -X-, ClassName = Button.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [物品交换,Button]
[Window,Class] = [物品他用,Button]
[Window,Class] = [,Button]
[Window,Class] = [,Afx:10000000:b:10011:1900015:0]
[Window,Class] = [显血设置,Button]
[Window,Class] = [鼠标设置,Button]
[Window,Class] = [键前事件,Button]
[Window,Class] = [键后事件,Button]
[Window,Class] = [一键方式,Button]
[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [传送回城,Button]
[Window,Class] = [声音,Button]
[Window,Class] = [自动开关,Button]
[Window,Class] = [使用计数,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号