VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 01172227c01893b5d93549ef3b303d62
file type: zip
Production company:
version:
Shell or compiler information: COMPILER:不是有效的PE文件
{$lang.habo.subfile_info}>: DiskMark64.exe / d8377e6c6848096d277d6604d0a37f45 / EXE
DiskMark64.exe / d8377e6c6848096d277d6604d0a37f45 / EXE

Key behavior

Behavior description: 设置特殊文件夹属性
details: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017021320170214
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x73010951.
Behavior description: 获取TickCount值
details: TickCount = 831500, SleepMilliseconds = 60000.
TickCount = 831515, SleepMilliseconds = 60000.
TickCount = 831531, SleepMilliseconds = 60000.
TickCount = 831546, SleepMilliseconds = 60000.
TickCount = 831562, SleepMilliseconds = 60000.
TickCount = 831578, SleepMilliseconds = 60000.
TickCount = 831593, SleepMilliseconds = 60000.
TickCount = 831609, SleepMilliseconds = 60000.
TickCount = 831625, SleepMilliseconds = 60000.
TickCount = 831640, SleepMilliseconds = 60000.
TickCount = 831656, SleepMilliseconds = 60000.
TickCount = 831671, SleepMilliseconds = 60000.
TickCount = 831687, SleepMilliseconds = 60000.
TickCount = 831703, SleepMilliseconds = 60000.
TickCount = 831718, SleepMilliseconds = 60000.

File behavior

Behavior description: 创建文件
details: C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017021320170214\index.dat
Behavior description: 设置特殊文件夹属性
details: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017021320170214
Behavior description: 修改文件内容
details: C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 26
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017021320170214\index.dat ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 39
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 51
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 79
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 94
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 106
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\DiskMark32.ini ---> Offset = 119
Behavior description: 查找文件
details: FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\language\\*.lang
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\*.*
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\..\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\blue\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\default\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\FlatSquare\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\flower\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\Shizuku\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\theme\\wine\Main.css
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CdmResource\dialog

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017021320170214\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017021320170214\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017021320170214\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017021320170214\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017021320170214\CacheRepair
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
Behavior description: 删除注册表键
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016111520161116\

Other behavior

Behavior description: 检测自身是否被调试
details: N/A
Behavior description: 创建互斥体
details: Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!mshist012017021320170214!
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description: 窗口信息
details: Pid = 932, Hwnd=0x180116, Text = CrystalDiskMark 5.2.1 , ClassName = #32770.
Behavior description: 获取TickCount值
details: TickCount = 831500, SleepMilliseconds = 60000.
TickCount = 831515, SleepMilliseconds = 60000.
TickCount = 831531, SleepMilliseconds = 60000.
TickCount = 831546, SleepMilliseconds = 60000.
TickCount = 831562, SleepMilliseconds = 60000.
TickCount = 831578, SleepMilliseconds = 60000.
TickCount = 831593, SleepMilliseconds = 60000.
TickCount = 831609, SleepMilliseconds = 60000.
TickCount = 831625, SleepMilliseconds = 60000.
TickCount = 831640, SleepMilliseconds = 60000.
TickCount = 831656, SleepMilliseconds = 60000.
TickCount = 831671, SleepMilliseconds = 60000.
TickCount = 831687, SleepMilliseconds = 60000.
TickCount = 831703, SleepMilliseconds = 60000.
TickCount = 831718, SleepMilliseconds = 60000.
Behavior description: 获取光标位置
details: CursorPos = (90,18467), SleepMilliseconds = 60000.
CursorPos = (6383,26500), SleepMilliseconds = 60000.
CursorPos = (19218,15724), SleepMilliseconds = 60000.
CursorPos = (11527,29358), SleepMilliseconds = 60000.
CursorPos = (27011,24464), SleepMilliseconds = 60000.
CursorPos = (5754,28145), SleepMilliseconds = 60000.
CursorPos = (23330,16827), SleepMilliseconds = 60000.
CursorPos = (10010,491), SleepMilliseconds = 60000.
CursorPos = (3044,11942), SleepMilliseconds = 60000.
CursorPos = (4876,5436), SleepMilliseconds = 60000.
CursorPos = (32440,14604), SleepMilliseconds = 60000.
CursorPos = (3951,153), SleepMilliseconds = 60000.
CursorPos = (341,12382), SleepMilliseconds = 60000.
CursorPos = (17470,18716), SleepMilliseconds = 60000.
CursorPos = (19767,19895), SleepMilliseconds = 60000.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
MSFT.VSA.COM.DISABLE.932
MSFT.VSA.IEC.STATUS.6c736db0
Global\TabletHardwarePresent
Global\SvcctrlStartEvent_A3752DX
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x73010951.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 60000.
Behavior description: 打开互斥体
details: Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
Local\MSCTF.Asm.MutexDefault1
_!SHMSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!mshist012017021320170214!

Run screenshot

VirSCAN