VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :76
基本信息
MD5:fd6fba00e00dc215bb6ddbd6cf66db4e
文件类型:EXE
出品公司:
版本:
壳或编译器信息:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
子文件信息:iupimglib.dll / 72e6b0da88c0d9711498daa8fd164f92 / DLL
iupimglib.dll / ac7c3e41afadc27749aa864e962dbf8e / DLL
iup_scintilla.dll / 50d26a3f80b00ab3cd49bd75ef10ea96 / DLL
im.dll / 8c9d9f7a77e6534d22a853642d1b27e9 / DLL
win32lib.ew / 935224a511f0fc12002a25474eddf8f9 / Unknown
iup_scintilla.dll / 904304902eeb40b5d93305d336923361 / DLL
im.dll / 1144fd48486820ce74d453a2c7d8dc1f / DLL
iup.dll / 5d6af04a8aa085c8dbd76fa059ce869b / DLL
im_process.dll / 77c7dfb9f1bd979a1ad946a48ffa6fbf / DLL
iup.dll / 8106a945683e80eba3e35fb57c30c056 / DLL
cd.dll / 68542a58e8d6cf50b96be7a28754d5f5 / DLL
freetype6.dll / 04df8fe7da81063ffabe8aa88f37c705 / DLL
im_process.dll / ef1fdb0f1217e338df04e387c6026f79 / DLL
cd.dll / 8d23c0760bb488e8dd63d564158f04dc / DLL
freetype6.dll / b73f1431d353a7cefcb8500e3c84e6cc / DLL
filedump.exw / b94683fc4d91e1e608ebc1a68511f2f8 / Unknown
filedumpN.exw / ec00f5221098b98be9ce12a4dbea5dec / Unknown
pGUI.e / 26cfec247a02d4df227b7d3dba0e1f68 / Unknown
pfileioN.e / e898dd9b1f61f0cc66822c9d2d392bb2 / Unknown
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 1660, ThreadID = 1800, StartAddress = 00405282, Parameter = 00000000
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FE7.tmp
C:\Program Files\Phix\bench\bench.exw
C:\Program Files\Phix\bench\Big_e\BIG_E.EX
C:\Program Files\Phix\bench\Big_e\NUM_E.TXT
C:\Program Files\Phix\bench\cf\cfibic.bat
C:\Program Files\Phix\bench\cf\cfibif.bat
C:\Program Files\Phix\bench\cf\cfibrc.bat
C:\Program Files\Phix\bench\cf\cfibrf.bat
C:\Program Files\Phix\bench\cf\chwf.bat
C:\Program Files\Phix\bench\cf\fibi.exw
C:\Program Files\Phix\bench\cf\fibic.c
C:\Program Files\Phix\bench\cf\fibic.exe
C:\Program Files\Phix\bench\cf\fibif.asm
C:\Program Files\Phix\bench\cf\fibr.exw
C:\Program Files\Phix\bench\cf\fibrc.c
行为描述:创建可执行文件
详情信息:C:\Program Files\Phix\bench\cf\fibic.exe
C:\Program Files\Phix\bench\cf\fibrc.exe
C:\Program Files\Phix\bench\cf\tcc.exe
C:\Program Files\Phix\builtins\LiteUnzip.dll
C:\Program Files\Phix\builtins\LiteZip.dll
行为描述:修改脚本文件
详情信息:C:\Program Files\Phix\bench\cf\cfibic.bat ---> Offset = 0
C:\Program Files\Phix\bench\cf\cfibif.bat ---> Offset = 0
C:\Program Files\Phix\bench\cf\cfibrc.bat ---> Offset = 0
C:\Program Files\Phix\bench\cf\cfibrf.bat ---> Offset = 0
C:\Program Files\Phix\bench\cf\chwf.bat ---> Offset = 0
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FE7.tmp
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FE7.tmp
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\FE7.tmp ---> Offset = 0
C:\Program Files\Phix\bench\bench.exw ---> Offset = 0
C:\Program Files\Phix\bench\bench.exw ---> Offset = 65535
C:\Program Files\Phix\bench\Big_e\BIG_E.EX ---> Offset = 0
C:\Program Files\Phix\bench\Big_e\NUM_E.TXT ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibi.exw ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibic.c ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibic.exe ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibif.asm ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibr.exw ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibrc.c ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibrc.exe ---> Offset = 0
C:\Program Files\Phix\bench\cf\fibrf.asm ---> Offset = 0
C:\Program Files\Phix\bench\cf\hwf.asm ---> Offset = 0
C:\Program Files\Phix\bench\cf\libtcc1.a ---> Offset = 0
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [ FreeExtractor ,Static]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
行为描述:窗口信息
详情信息:Pid = 1660, Hwnd=0x10358, Text = Install Phix, ClassName = Static.
Pid = 1660, Hwnd=0x1035a, Text = This program installs the Phix Programming Language, version 0.7.8, ClassName = Static.
Pid = 1660, Hwnd=0x1035c, Text = http://phix.x10.mx, ClassName = Static.
Pid = 1660, Hwnd=0x10346, Text = < Back, ClassName = Button.
Pid = 1660, Hwnd=0x10348, Text = Next >, ClassName = Button.
Pid = 1660, Hwnd=0x1034a, Text = Cancel, ClassName = Button.
Pid = 1660, Hwnd=0x10350, Text = FreeExtractor , ClassName = Static.
Pid = 1660, Hwnd=0x1033e, Text = Install Phix, ClassName = #32770.
Pid = 1660, Hwnd=0x1034e, Text = Select a directory to extract files to., ClassName = Static.
Pid = 1660, Hwnd=0x1034c, Text = Extraction Path, ClassName = Static.
Pid = 1660, Hwnd=0x2035c, Text = Choose the folder you would like to extract these files to. If it does not exist, it can be created for you., ClassName = Static.
Pid = 1660, Hwnd=0x2035a, Text = C:\Program Files\Phix, ClassName = Edit.
Pid = 1660, Hwnd=0x20358, Text = &Browse, ClassName = Button.
Pid = 1660, Hwnd=0xc0334, Text = &Create this directory if it does not exist, ClassName = Button(CheckBox).
Pid = 1660, Hwnd=0x1034e, Text = FreeExtractor is extracting the compressed files in this archive., ClassName = Static.
行为描述:可执行文件签名信息
详情信息:C:\Program Files\Phix\bench\cf\fibic.exe(签名验证: 未通过)
C:\Program Files\Phix\bench\cf\fibrc.exe(签名验证: 未通过)
C:\Program Files\Phix\bench\cf\tcc.exe(签名验证: 未通过)
C:\Program Files\Phix\builtins\LiteUnzip.dll(签名验证: 未通过)
C:\Program Files\Phix\builtins\LiteZip.dll(签名验证: 未通过)
行为描述:可执行文件MD5
详情信息:C:\Program Files\Phix\bench\cf\fibic.exe ---> 037e8925122271b5d00b85bd382e9f9e
C:\Program Files\Phix\bench\cf\fibrc.exe ---> 8a3156f24dcdcf415861b98b7279eaf8
C:\Program Files\Phix\bench\cf\tcc.exe ---> 84a1a088a2c2f5c4c832d62ce3d8a7ae
C:\Program Files\Phix\builtins\LiteUnzip.dll ---> f81479d59039b89cbf4fba345ef3f82b
C:\Program Files\Phix\builtins\LiteZip.dll ---> 286b6ad418744df0545ad9951858b562
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号