1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.
4, Pokud vá? prohlí?e? nem??e nahrát soubory, prosím, stáhněte upload VirSCAN.
| Přehled o skenování s více motory Virscan.org |
| Zpráva o analýze chování: Analýza dokumentů Habo |
| MD5:85bb8046a007520e5b0654ef536c4576 |
| 文件大小:5.58MB |
| 上传时间: 2014-09-22 10:36:30 (CST) |
| Název balíčku: |
| Minimální provozní prostředí: |
| Copyright: |
| Popis chování: | 屏蔽窗口关闭消息 |
| Podrobnosti: | hWnd = 0x000c02da, Text = HashTab 6.0.0.28 Setup , ClassName = #32770. |
| Popis chování: | 创建文件 |
| Podrobnosti: | C:\Documents and Settings\Administrator\Local Settings\Temp\nst4C.tmp |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\System.dll | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-wizard.bmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-header.bmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\InstallOptions.dll | |
| C:\WINDOWS\wininit.ini | |
| Popis chování: | 删除文件 |
| Podrobnosti: | C:\Documents and Settings\Administrator\Local Settings\Temp\nst4C.tmp |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\InstallOptions.dll | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-header.bmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-wizard.bmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\System.dll | |
| Popis chování: | 创建可执行文件 |
| Podrobnosti: | C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\System.dll |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\InstallOptions.dll | |
| Popis chování: | 修改文件内容 |
| Podrobnosti: | C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\System.dll ---> Offset = 0 |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 36 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-wizard.bmp ---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-wizard.bmp ---> Offset = 32768 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-wizard.bmp ---> Offset = 65536 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-wizard.bmp ---> Offset = 98304 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-wizard.bmp ---> Offset = 131072 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 124 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\modern-header.bmp ---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 33 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 43 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 60 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 278 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\ioSpecial.ini ---> Offset = 329 | |
| Popis chování: | 查找文件 |
| Podrobnosti: | FileName = C:\Documents and Settings |
| FileName = C:\Documents and Settings\Administrator | |
| FileName = C:\Documents and Settings\Administrator\Local Settings | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\Temp | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp% | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4D.tmp | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1 | |
| FileName = C:\DOCUME~1\ADMINI~1 | |
| FileName = C:\DOCUME~1 | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4D.tmp\*.* | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4D.tmp\InstallOptions.dll.AmBackup2 | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4D.tmp\System.dll.AmBackup1 |
| Popis chování: | 修改注册表_延迟重命名项 |
| Podrobnosti: | \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations |
| Popis chování: | 创建互斥体 |
| Podrobnosti: | oleacc-msaa-loaded |
| CTF.LBES.MutexDefaultS-* | |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.IDI | |
| Popis chování: | 创建事件对象 |
| Podrobnosti: | EventName = Global\userenv: User Profile setup event |
| EventName = MSCTF.SendReceive.Event.IDI.IC | |
| EventName = MSCTF.SendReceiveConection.Event.IDI.IC | |
| Popis chování: | 查找指定窗口 |
| Podrobnosti: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [#32770,] | |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Popis chování: | 窗口信息 |
| Podrobnosti: | Pid = 2100, Hwnd=0x1002c8, Text = &Next >, ClassName = Button. |
| Pid = 2100, Hwnd=0x1802fe, Text = Cancel, ClassName = Button. | |
| Pid = 2100, Hwnd=0x1902ce, Text = Implbits Software , ClassName = Static. | |
| Pid = 2100, Hwnd=0x7038a, Text = Implbits Software, ClassName = Static. | |
| Pid = 2100, Hwnd=0x10034c, Text = Welcome to the HashTab 6.0.0.28 Setup Wizard, ClassName = Static. | |
| Pid = 2100, Hwnd=0x13033a, Text = This wizard will guide you through the installation of HashTab 6.0.0.28. It is recommended that you close all other applicatio, ClassName = Static. | |
| Pid = 2100, Hwnd=0xc02da, Text = HashTab 6.0.0.28 Setup, ClassName = #32770. | |
| Pid = 2100, Hwnd=0xd035e, Text = < &Back, ClassName = Button. | |
| Pid = 2100, Hwnd=0x1002c8, Text = I &Agree, ClassName = Button. | |
| Pid = 2100, Hwnd=0x1702d8, Text = License Agreement, ClassName = Static. | |
| Pid = 2100, Hwnd=0x9039c, Text = Please review the license terms before installing HashTab 6.0.0.28., ClassName = Static. | |
| Pid = 2100, Hwnd=0x14033a, Text = Press Page Down to see the rest of the agreement., ClassName = Static. | |
| Pid = 2100, Hwnd=0x11034c, Text = EVALUATION AND NON-COMMERCIAL END USER LICENSE AGREEMENT IMPORTANT! BE SURE TO CAREFULLY READ AND UNDERSTAND ALL OF THE RIGHTS, ClassName = RichEdit20A. | |
| Pid = 2100, Hwnd=0x1402c4, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install HashTab 6.0.0.28., ClassName = Static. | |
| Pid = 2100, Hwnd=0x50412, Text = 是(&Y), ClassName = Button. | |
| Popis chování: | 调整进程token权限 |
| Podrobnosti: | SE_LOAD_DRIVER_PRIVILEGE |
| Popis chování: | 屏蔽窗口关闭消息 |
| Podrobnosti: | hWnd = 0x000c02da, Text = HashTab 6.0.0.28 Setup , ClassName = #32770. |
| Popis chování: | 打开事件 |
| Podrobnosti: | HookSwitchHookEnabledEvent |
| _fCanRegisterWithShellService | |
| CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040 | |
| CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040 | |
| MSCTF.SendReceiveConection.Event.ELH.IC | |
| MSCTF.SendReceive.Event.ELH.IC | |
| Popis chování: | 可执行文件签名信息 |
| Podrobnosti: | C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\System.dll(签名验证: 未通过) |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\InstallOptions.dll(签名验证: 未通过) | |
| Popis chování: | 隐藏指定窗口 |
| Podrobnosti: | [Window,Class] = [,Button] |
| [Window,Class] = [Implbits Software,Static] | |
| [Window,Class] = [Implbits Software ,Static] | |
| [Window,Class] = [,Static] | |
| Popis chování: | 可执行文件MD5 |
| Podrobnosti: | C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\System.dll ---> 56a321bd011112ec5d8a32b2f6fd3231 |
| C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4D.tmp\InstallOptions.dll ---> d753362649aecd60ff434adf171a4e7f | |
| Popis chování: | 打开互斥体 |
| Podrobnosti: | ShimCacheMutex |
| Popis chování: | 加载新释放的文件 |
| Podrobnosti: | Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4D.tmp\System.dll. |
| Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4D.tmp\InstallOptions.dll. |
Hlavní stránka
