VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:81
Behavior list
Basic Information
MD5:fd194a861891526583686351db8fa92e
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:setup.exe / 8e23f0a865538bfefb82a9fdf2919b09 / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MNF..HKGGH
MSCTF.MarshalInterface.FileMap.MNF.B.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.C.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.D.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.E.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.F.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.G.GMGGH
DfSharedHeap3D42B9
DfRoot0003D42B9
MSCTF.MarshalInterface.FileMap.EGE..EAMHH
MSCTF.MarshalInterface.FileMap.EGE.B.EAMHH
MSCTF.MarshalInterface.FileMap.EGE.C.EAMHH
MSCTF.MarshalInterface.FileMap.EGE.D.EAMHH
MSCTF.MarshalInterface.FileMap.EGE.E.DBMHH
Behavior description:隐藏指定窗口
details:[Window,Class] = [Battery Limiter - InstallShield Wizard,#32770]
[Window,Class] = [,Button]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\MSIEXEC.EXE, CmdLine = MSIEXEC.EXE /i "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{64B3813B-F710-4DAB-BEBB-227B98662248}\Battery Limiter.msi" SETUPEXEDIR="C:\DOCUME~1\ADMINI
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MNF..HKGGH
MSCTF.MarshalInterface.FileMap.MNF.B.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.C.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.D.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.E.GLGGH
MSCTF.MarshalInterface.FileMap.MNF.F.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.G.GMGGH
DfSharedHeap3D42B9
DfRoot0003D42B9
MSCTF.MarshalInterface.FileMap.EGE..EAMHH
MSCTF.MarshalInterface.FileMap.EGE.B.EAMHH
MSCTF.MarshalInterface.FileMap.EGE.C.EAMHH
MSCTF.MarshalInterface.FileMap.EGE.D.EAMHH
MSCTF.MarshalInterface.FileMap.EGE.E.DBMHH
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_MSI5166._IS---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{98CF3E2E-F439-4AED-A57D-9BEE7A180F81}\Setup.INI---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{98CF3E2E-F439-4AED-A57D-9BEE7A180F81}\_ISMSIDEL.INI---> Offset = 20
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{98CF3E2E-F439-4AED-A57D-9BEE7A180F81}\0x0409.ini---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~4.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~5.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{98CF3E2E-F439-4AED-A57D-9BEE7A180F81}\Battery Limiter.msi---> Offset = 46402
C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{64B3813B-F710-4DAB-BEBB-227B98662248}\Battery Limiter.msi---> Offset = 262144
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~6.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\77cfe.msi---> Offset = 90958
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{98CF3E2E-F439-4AED-A57D-9BEE7A180F81}\_ISMSIDEL.INI---> Offset = 250
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{98CF3E2E-F439-4AED-A57D-9BEE7A180F81}\_ISMSIDEL.INI---> Offset = 2
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\MSIEXEC.EXE
FileName = C:\WINDOWS\system32\msiexec.exe
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\*.mst
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 252, Hwnd=0x202a8, Text = Cancel, ClassName = Button.
Pid = 252, Hwnd=0x202cc, Text = Preparing to Install..., ClassName = Static.
Pid = 252, Hwnd=0x202b4, Text = Battery Limiter Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait, ClassName = Static.
Pid = 252, Hwnd=0x202b2, Text = Extracting: Battery Limiter.msi, ClassName = Static.
Pid = 252, Hwnd=0x302ba, Text = Progress1, ClassName = msctls_progress32.
Pid = 252, Hwnd=0x202d8, Text = IDR_GIF1, ClassName = is_gif_class.
Pid = 252, Hwnd=0x202a4, Text = Battery Limiter - InstallShield Wizard, ClassName = #32770.
Pid = 2008, Hwnd=0x302d6, Text = 取消, ClassName = Button.
Pid = 2008, Hwnd=0x402dc, Text = 正在准备安装..., ClassName = Static.
Pid = 2008, Hwnd=0x302a8, Text = Windows Installer, ClassName = #32770.
Pid = 2008, Hwnd=0x402d8, Text = 确定, ClassName = Button.
Pid = 2008, Hwnd=0x602cc, Text = 此处理器类型不支持该安装程序包。请与您的产品供应商联系。, ClassName = Static.
Pid = 2008, Hwnd=0x402a8, Text = Windows Installer, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Battery Limiter - InstallShield Wizard,#32770]
[Window,Class] = [,Button]
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EGE
MSCTF.Shared.MUTEX.MNF
Behavior description:获取系统权限
details:SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号