VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :71
基本信息
MD5:f40968b37fe70f56cb2fbd6cfafb3548
文件类型:EXE
出品公司:1073447360 陈
版本:2.2.0.0---2.2.0.0
壳或编译器信息:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..JGCHH
MSCTF.MarshalInterface.FileMap.EHF.B.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.C.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.D.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.E.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.F.IHCHH
MSCTF.MarshalInterface.FileMap.EHF.G.IHCHH
MSCTF.Shared.SFM.EHF
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,CPageControl]
[Window,Class] = [,_EL_ShapeBox]
[Window,Class] = [复制成功,Afx:1870000:b:10011:1900015:0]
[Window,Class] = [热号排序,Button]
[Window,Class] = [基本介绍: 时时彩顺六助手与重庆时时彩官网数据库直接连接用最快的方式获取开奖号码,软件科学的统计学方法来进行筛选号码,提高做号和预测的准确性。   时时彩顺六助
[Window,Class] = [本地预测复式组合(上面输入开奖号开始预测),Edit]
[Window,Class] = [输入开奖号,Edit]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [,_EL_DrawPanel]
[Window,Class] = [,Button]
[Window,Class] = [,_EL_PicBox]
[Window,Class] = [对位统计系统,Button]
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0701059a, DC = 0x0701059a.
Foreground window Info: HWND = 0x01010593, DC = 0x01010593.
进程行为
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..JGCHH
MSCTF.MarshalInterface.FileMap.EHF.B.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.C.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.D.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.E.JGCHH
MSCTF.MarshalInterface.FileMap.EHF.F.IHCHH
MSCTF.MarshalInterface.FileMap.EHF.G.IHCHH
MSCTF.Shared.SFM.EHF
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\krnln.fnr
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\iext3.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\iext.fnr
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\spec.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\EThread.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\xplib.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\downlib.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\eGrid.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\EChartBar.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\DialogEx.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\iext2.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\HtmlView.fne
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N30005\RegEx.fnr
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\*.*
网络行为
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = cp.360.cn, PORT = 80
InternetConnectA: ServerName = chart.cp.360.cn, PORT = 80
行为描述:读取网络文件
详情信息:hFile = 0x00000640, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000730, BytesToRead =1024, BytesRead = 1024.
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: cp.360.cn:80/ssccq?agent=700007, hConnect = 0x0000063c
HttpOpenRequestA: chart.cp.360.cn:80/kaijiang/kaijiang?lotid=255401&spantype=2&span=2015-10-18_2015-10-18, hConnect = 0x00000700
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EHF
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,CPageControl]
[Window,Class] = [,_EL_ShapeBox]
[Window,Class] = [复制成功,Afx:1870000:b:10011:1900015:0]
[Window,Class] = [热号排序,Button]
[Window,Class] = [基本介绍: 时时彩顺六助手与重庆时时彩官网数据库直接连接用最快的方式获取开奖号码,软件科学的统计学方法来进行筛选号码,提高做号和预测的准确性。   时时彩顺六助
[Window,Class] = [本地预测复式组合(上面输入开奖号开始预测),Edit]
[Window,Class] = [输入开奖号,Edit]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [,_EL_DrawPanel]
[Window,Class] = [,Button]
[Window,Class] = [,_EL_PicBox]
[Window,Class] = [对位统计系统,Button]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:获取TickCount值
详情信息:TickCount = 486978, SleepMilliseconds = 10.
TickCount = 486994, SleepMilliseconds = 10.
TickCount = 487010, SleepMilliseconds = 10.
TickCount = 487025, SleepMilliseconds = 10.
TickCount = 487041, SleepMilliseconds = 10.
TickCount = 487056, SleepMilliseconds = 10.
TickCount = 487072, SleepMilliseconds = 10.
TickCount = 487088, SleepMilliseconds = 10.
TickCount = 487103, SleepMilliseconds = 10.
TickCount = 487119, SleepMilliseconds = 10.
TickCount = 487135, SleepMilliseconds = 10.
TickCount = 487150, SleepMilliseconds = 10.
TickCount = 487166, SleepMilliseconds = 10.
TickCount = 487181, SleepMilliseconds = 10.
TickCount = 487197, SleepMilliseconds = 10.
行为描述:获取光标位置
详情信息:CursorPos = (106,18467), SleepMilliseconds = 10.
CursorPos = (6399,26500), SleepMilliseconds = 10.
CursorPos = (19234,15724), SleepMilliseconds = 10.
CursorPos = (11543,29358), SleepMilliseconds = 10.
CursorPos = (27027,24464), SleepMilliseconds = 10.
CursorPos = (5770,28145), SleepMilliseconds = 10.
CursorPos = (23346,16827), SleepMilliseconds = 10.
CursorPos = (10026,491), SleepMilliseconds = 10.
CursorPos = (3060,11942), SleepMilliseconds = 10.
CursorPos = (4892,5436), SleepMilliseconds = 10.
CursorPos = (32456,14604), SleepMilliseconds = 10.
CursorPos = (3967,153), SleepMilliseconds = 10.
CursorPos = (357,12382), SleepMilliseconds = 10.
CursorPos = (17486,18716), SleepMilliseconds = 10.
CursorPos = (19783,19895), SleepMilliseconds = 10.
行为描述:窗口信息
详情信息:Pid = 1344, Hwnd=0x10466, Text = 中奖验证, ClassName = Button.
Pid = 1344, Hwnd=0x103e2, Text = 体验版, ClassName = Edit.
Pid = 1344, Hwnd=0x103de, Text = 手动做号, ClassName = Button.
Pid = 1344, Hwnd=0x103cc, Text = 关于顺六, ClassName = Button.
Pid = 1344, Hwnd=0x103d6, Text = 用户, ClassName = Edit.
Pid = 1344, Hwnd=0x103c4, Text = 顺六客服(扫一扫), ClassName = Afx:1870000:b:10011:1900015:0.
Pid = 1344, Hwnd=0x103b4, Text = 傻瓜预测, ClassName = Button.
Pid = 1344, Hwnd=0x103b2, Text = 登录顺六, ClassName = Button.
Pid = 1344, Hwnd=0x103b0, Text = 设置, ClassName = Button.
Pid = 1344, Hwnd=0x10310, Text = 计划安排, ClassName = Button.
Pid = 1344, Hwnd=0x10302, Text = 设置预警, ClassName = Button.
Pid = 1344, Hwnd=0x104fe, Text = 本期开奖信息, ClassName = Button(GroupBox).
Pid = 1344, Hwnd=0x104fc, Text = 组三++组三, ClassName = Edit.
Pid = 1344, Hwnd=0x104fa, Text = 0, ClassName = Afx:1870000:b:10011:1900015:0.
Pid = 1344, Hwnd=0x104f6, Text = 0, ClassName = Afx:1870000:b:10011:1900015:0.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0701059a, DC = 0x0701059a.
Foreground window Info: HWND = 0x01010593, DC = 0x01010593.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号