VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:f7c20168e275a66a3ebd96e898962e0c
file type:Nsis
Production company:Torch Media, Inc
version:42.0.0.10338---42.0.0.10338
Shell or compiler information:
Subfile information:icons_db / ca1b92306390ed1f388eb09a5f2a6ea0 / Unknown
Uninstall.exe / ee1cbf5ac4d9fe579c2fe96e5cbabe85 / Nsis
[NSIS].nsi / ba84d272bc5fd4012bbdf2c4b70a2c30 / Unknown
CHAppConfirm.exe / 9bf0fac9525174f6a44689c3a2f081b8 / EXE
Free Music.ico / 1fdcf4c5ebd1e65d2108ac931aad094b / Unknown
Free Games.ico / 7d84145ccf191d4f301c76a4892a6788 / Unknown
ask_eula.rtf / 7bd45e3280288dda6fd602031e2066e8 / Unknown
Association.ico / 066e1e8e063d82855800717a2dc3c1ca / Unknown
Banner3.jpg / f1b8093862b5927de7dd8e47093e483f / Unknown
Banner1.jpg / 92df3f857290c59e3c549493d3209e5f / Unknown
Banner2.jpg / fd9b890f6da88d96e16074e9e0d6f457 / Unknown
banner_chrome.bmp / 3e99264330fc034dd89b4d83ae34c9e8 / Unknown
banner.bmp / ef5fa0954f4bf2f1be4aa18f92603610 / Unknown
banner_ff.bmp / 937d41898bfd2235cea8df655e4ccb0f / Unknown
modern-header.bmp / 95755e65c1a29cc6e4a612e7cf24841e / Unknown
banner_chrome_36.bmp / 708ce1cc7d980dd3672728ecbe4e55b1 / Unknown
Helper.dll / 4706c36c2fa10610fbe77540ea485a20 / DLL
banner_ie.bmp / 8813ccf246fd02a6799aab19f693ef1f / Unknown
Banner5.jpg / 6642285661e2688457cac63a3cc0c796 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MHL..BNJHH
MSCTF.MarshalInterface.FileMap.MHL.B.BNJHH
MSCTF.MarshalInterface.FileMap.MHL.C.BOJHH
MSCTF.MarshalInterface.FileMap.MHL.D.BOJHH
MSCTF.MarshalInterface.FileMap.MHL.E.BOJHH
MSCTF.MarshalInterface.FileMap.MHL.F.APJHH
MSCTF.MarshalInterface.FileMap.MHL.G.APJHH
MSCTF.Shared.SFM.MHL
MSCTF.MarshalInterface.FileMap.MHL.H.AHILH
MSCTF.MarshalInterface.FileMap.MHL.I.AHILH
MSCTF.MarshalInterface.FileMap.MHL.J.AHILH
MSCTF.MarshalInterface.FileMap.MHL.K.AHILH
MSCTF.MarshalInterface.FileMap.MHL.L.AHILH
MSCTF.MarshalInterface.FileMap.MHL.M.AHILH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = Torch Installation, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [,Static]
[Window,Class] = [ ,Static]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MHL..BNJHH
MSCTF.MarshalInterface.FileMap.MHL.B.BNJHH
MSCTF.MarshalInterface.FileMap.MHL.C.BOJHH
MSCTF.MarshalInterface.FileMap.MHL.D.BOJHH
MSCTF.MarshalInterface.FileMap.MHL.E.BOJHH
MSCTF.MarshalInterface.FileMap.MHL.F.APJHH
MSCTF.MarshalInterface.FileMap.MHL.G.APJHH
MSCTF.Shared.SFM.MHL
MSCTF.MarshalInterface.FileMap.MHL.H.AHILH
MSCTF.MarshalInterface.FileMap.MHL.I.AHILH
MSCTF.MarshalInterface.FileMap.MHL.J.AHILH
MSCTF.MarshalInterface.FileMap.MHL.K.AHILH
MSCTF.MarshalInterface.FileMap.MHL.L.AHILH
MSCTF.MarshalInterface.FileMap.MHL.M.AHILH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\registry.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\UserInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\UAC.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Helper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\CHAppConfirm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Uninstall.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\nsDialogs.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\nsArray.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\modern-header.bmp---> Offset = 65536
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner0.jpg---> Offset = 50531
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner1.jpg---> Offset = 50777
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner2.jpg---> Offset = 50805
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner3.jpg---> Offset = 51057
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner4.jpg---> Offset = 17054
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner5.jpg---> Offset = 50549
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\log.log---> Offset = 21
C:\WINDOWS\wininit.ini---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp
FileName = \Application\torch.exe
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = service.torchbrowser.com, PORT = 80
Behavior description:读取网络文件
details:hFile = 0x0000061c, BytesToRead =4096, BytesRead = 4096.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: service.torchbrowser.com:80/install_statistics.php, hConnect = 0x00000618
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\%temp%\1445182781.688826.exe\IsHostApp
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
oleacc-msaa-loaded
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MHL
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [,Static]
[Window,Class] = [ ,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = Torch Installation, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2936, Hwnd=0x202d6, Text = , ClassName = Static.
Pid = 2936, Hwnd=0x202d8, Text = , ClassName = Static.
Pid = 2936, Hwnd=0x202aa, Text = Welcome to Torch!, ClassName = Static.
Pid = 2936, Hwnd=0x202ac, Text = Torch is a powerful Chromium based web browser with many unique built in features, including media downloading, free music and ga, ClassName = Static.
Pid = 2936, Hwnd=0x402be, Text = By clicking "Next" you agree to install Torch and agree to the, ClassName = Static.
Pid = 2936, Hwnd=0x702c0, Text = End User License, ClassName = Button.
Pid = 2936, Hwnd=0x502ce, Text = Agreement, ClassName = Button.
Pid = 2936, Hwnd=0x302b6, Text = and, ClassName = Static.
Pid = 2936, Hwnd=0x202d0, Text = Privacy Policy., ClassName = Button.
Pid = 2936, Hwnd=0x202d2, Text = Requires installation of Movies App by Ask., ClassName = Static.
Pid = 2936, Hwnd=0x102de, Text = ButtonsLine, ClassName = Static.
Pid = 2936, Hwnd=0x102e0, Text = Cancel, ClassName = Button.
Pid = 2936, Hwnd=0x102e2, Text = Next, ClassName = Button.
Pid = 2936, Hwnd=0x102e4, Text = Distributed by Torch Media, Inc., ClassName = Static.
Pid = 2936, Hwnd=0x102e8, Text = Set Torch as your default browser, ClassName = Static.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5.tmp\modern-header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner0.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner1.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner2.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner3.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner4.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb5\Banner5.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号