VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:f49e6cac0cd9a768ed10c226c592145e
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:F-Prot.exe / big file / Rar
update.exe / 04aadb7c1972015a186dd105ca746b61 / Rar
Un_F-Prot.exe / 47b49b3cbb94f9c7fc1061062356a6a4 / Rar
使用说明.txt / ef8b3d275b0b5e6354282b2fe0eaa3c5 / Unknown
)!访问我们的网站!.url / 3a38bbf4f6e489c411fd94cd6aa556cc / Unknown
!)设JZ5U为首页!.reg / f4411b509340eb6fd1a3715aa35241e7 / Unknown
说明.url / 18451933c77293cd34ee0620069ede37 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IHG..LNNGH
MSCTF.MarshalInterface.FileMap.IHG.B.KONGH
MSCTF.MarshalInterface.FileMap.IHG.C.KONGH
MSCTF.MarshalInterface.FileMap.IHG.D.KONGH
MSCTF.MarshalInterface.FileMap.IHG.E.KONGH
MSCTF.MarshalInterface.FileMap.IHG.F.JBOGH
MSCTF.MarshalInterface.FileMap.IHG.G.JBOGH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MMN..FCGIH
MSCTF.MarshalInterface.FileMap.MMN.B.FDGIH
MSCTF.MarshalInterface.FileMap.MMN.C.FDGIH
MSCTF.MarshalInterface.FileMap.MMN.D.FDGIH
MSCTF.MarshalInterface.FileMap.MMN.E.FDGIH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0001031c, Text = F-PROT for Windows, ClassName = TfrmFPWin.
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\F-Prot.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [F-PROT for Windows,TfrmFPWin]
Behavior description:创建系统服务
details:[服务创建成功]: FPAVServer, C:\F-Prot\FPAVServer.exe
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c F-Prot.bat
ImagePath = C:\WINDOWS\regedit.exe, CmdLine = regedit /s F-prot.reg
ImagePath = C:\WINDOWS\system32\sc.exe, CmdLine = sc create FPAVServer type= own binpath= "C:\F-Prot\FPAVServer.exe" displayname= "F-PROT Antivirus for Windows system"
ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net start FPAVServer
ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 start FPAVServer
Behavior description:创建新文件进程
details:ImagePath = C:\F-Prot\hidecmd.exe, CmdLine = "C:\F-Prot\hidecmd.exe" F-Prot.bat
ImagePath = C:\F-Prot\patch.exe, CmdLine = patch
ImagePath = C:\F-Prot\UnRAR.exe, CmdLine = unrar e infprot.dll -p88888888 -o+
ImagePath = C:\F-Prot\SHORTCUT.EXE, CmdLine = SHORTCUT.EXE -f -t C:\F-Prot\FPWin.exe -n "C:\Documents and Settings\Administrator\桌面"\F-Prot -d .\
ImagePath = C:\F-Prot\FPAVServer.exe, CmdLine = C:\F-Prot\FPAVServer.exe
ImagePath = C:\F-Prot\FPWin.exe, CmdLine = FPWin.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IHG..LNNGH
MSCTF.MarshalInterface.FileMap.IHG.B.KONGH
MSCTF.MarshalInterface.FileMap.IHG.C.KONGH
MSCTF.MarshalInterface.FileMap.IHG.D.KONGH
MSCTF.MarshalInterface.FileMap.IHG.E.KONGH
MSCTF.MarshalInterface.FileMap.IHG.F.JBOGH
MSCTF.MarshalInterface.FileMap.IHG.G.JBOGH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MMN..FCGIH
MSCTF.MarshalInterface.FileMap.MMN.B.FDGIH
MSCTF.MarshalInterface.FileMap.MMN.C.FDGIH
MSCTF.MarshalInterface.FileMap.MMN.D.FDGIH
MSCTF.MarshalInterface.FileMap.MMN.E.FDGIH
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\F-Prot.lnk
Behavior description:创建可执行文件
details:C:\F-Prot\HIDECMD.EXE
C:\F-Prot\SHORTCUT.EXE
C:\F-Prot\shfolder.dll
C:\F-Prot\UnRAR.exe
C:\F-Prot\FPWinLang.dll
C:\F-Prot\FPWin.exe
C:\F-Prot\FPWinENG.dll
C:\F-Prot\xmlparser.dll
C:\F-Prot\V4ODS.dll
C:\F-Prot\utils.dll
C:\F-Prot\updater_disp_mod.dll
C:\F-Prot\updater_client_mod.dll
C:\F-Prot\StubProxy.dll
C:\F-Prot\shellext.dll
C:\F-Prot\security_disp_mod.dll
Behavior description:修改文件内容
details:C:\F-Prot\images\F-PROT.ico---> Offset = 20480
C:\F-Prot\ScanReport.txt---> Offset = 0
C:\F-Prot\fstopw.cat---> Offset = 0
C:\F-Prot\FPAV_RTP.inf---> Offset = 0
C:\F-Prot\fpscanhelp.chm---> Offset = 0
C:\F-Prot\fpavhelp.chm---> Offset = 196608
C:\F-Prot\licence.html---> Offset = 0
C:\F-Prot\fprotlog.msc---> Offset = 0
C:\F-Prot\infprot.dll---> Offset = 0
C:\F-Prot\unfprot.dll---> Offset = 0
C:\F-Prot\licence.rtf---> Offset = 0
C:\Documents and Settings\All Users\Application Data\FRISK Software\F-PROT Antivirus for Windows\config.xml.csum---> Offset = 0
C:\Documents and Settings\All Users\Application Data\FRISK Software\F-PROT Antivirus for Windows\exclusions.xml.csum---> Offset = 0
C:\Documents and Settings\All Users\Application Data\FRISK Software\F-PROT Antivirus for Windows\quarantine.xml.csum---> Offset = 0
C:\Documents and Settings\All Users\Application Data\FRISK Software\F-PROT Antivirus for Windows\updates.xml.csum---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446375577.246885.exe_7zdump\F-PROT\bdsdls\F-Prot.exe
FileName = hidecmd.*
FileName = C:\F-Prot
FileName = C:\F-Prot\hidecmd.exe
FileName = C:\F-Prot\HIDECMD.EXE
FileName = C:\F-Prot\F-Prot.bat
FileName = C:\F-Prot\patch.*
FileName = C:\F-Prot\patch.COM
FileName = C:\F-Prot\patch.EXE
FileName = C:\F-Prot\patch.exe
FileName = C:\F-Prot\unrar.*
FileName = C:\F-Prot\UnRAR.COM
FileName = C:\F-Prot\UnRAR.EXE
FileName = C:\F-Prot\UnRAR.exe
FileName = C:\Documents and Settings
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\WinRAR SFX\C%%F-Prot
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\F-Prot\hidecmd.exe
\REGISTRY\USER\S-*\Software\WinRAR SFX\C%%Documents and Settings%All Users%
\REGISTRY\MACHINE\SOFTWARE\FRISK Software\F-PROT Antivirus for Windows\PartnerID
\REGISTRY\MACHINE\SOFTWARE\FRISK Software\F-PROT Antivirus for Windows\LicenseKey
\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\F-PROT Antivirus\
\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\F-PROT Antivirus\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E200A20C-01D2-4694-AAF1-48DFDA8CD958}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E200A20C-01D2-4694-AAF1-48DFDA8CD958}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E200A20C-01D2-4694-AAF1-48DFDA8CD958}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E200A20C-01D2-4694-AAF1-48DFDA8CD958}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E200A20C-01D2-4694-AAF1-48DFDA8CD958}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E200A20C-01D2-4694-AAF1-48DFDA8CD958}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4700D2DB-2BEE-477d-ACE3-CBFFDFBAF81D}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4700D2DB-2BEE-477d-ACE3-CBFFDFBAF81D}\InprocServer32\
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\F-PROT Antivirus\
Behavior description:修改注册表_服务项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\FPAV_RTP\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\FPAV_RTP\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\FPAVServer\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\FPAVServer\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\F-Prot Antivirus Update Monitor\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\F-Prot Antivirus Update Monitor\ImagePath
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
Global\FPAV6ServerIsRunning
madExceptSettingsMtx$b3c
madToolsMsgHandlerMutex$b34$4797cc
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [F-PROT for Windows,TfrmFPWin]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [RegEdit_RegEdit,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, F-PROT Antivirus for Windows system, C:\F-Prot\FPAVServer.exe
Behavior description:枚举窗口
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0001031c, Text = F-PROT for Windows, ClassName = TfrmFPWin.
Behavior description:窗口信息
details:Pid = 2876, Hwnd=0x10358, Text = tabStatus, ClassName = TTabSheet.
Pid = 2876, Hwnd=0x10320, Text = tabScanners, ClassName = TTabSheet.
Pid = 2876, Hwnd=0x10330, Text = tabExclusions, ClassName = TTabSheet.
Pid = 2876, Hwnd=0x10326, Text = tabTaskList, ClassName = TTabSheet.
Pid = 2876, Hwnd=0x10344, Text = tabSupport, ClassName = TTabSheet.
Pid = 2876, Hwnd=0x1033e, Text = tabMaintenance, ClassName = TTabSheet.
Pid = 2876, Hwnd=0x1031c, Text = F-PROT for Windows, ClassName = TfrmFPWin.
Behavior description:内联HOOK
details:C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x563532d
Behavior description:创建系统服务
details:[服务创建成功]: FPAVServer, C:\F-Prot\FPAVServer.exe
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号