VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:84
Behavior list
Basic Information
MD5:075d1ade21b432d65704e7860e76d319
file type:EXE
Production company:SitemapX.com
version:1.2.11.25---1.2.11.25
Shell or compiler information:COMPILER:Borland Delphi 2.0 [Overlay]
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\SitemapX.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - SitemapX,TWizardForm]
[Window,Class] = [Static,Static]
[Window,Class] = [,#32770]
[Window,Class] = [,SysListView32]
[Window,Class] = [Button1,Button]
[Window,Class] = [CLS,Button]
[Window,Class] = [Rev,Button]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-U2VCO.tmp\sample.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-U2VCO.tmp\sample.tmp" /SL5="$A0186,1464279,56320,c:\%temp%\1413948167.387090.exe"
ImagePath = C:\Program Files\SitemapX\SitemapX.exe, CmdLine = "C:\Program Files\SitemapX\SitemapX.exe"
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\SitemapX\Run SitemapX.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\SitemapX\卸载 SitemapX .lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\SitemapX\SitemapX on the Web.url
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-U2VCO.tmp\sample.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-6INUU.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-6INUU.tmp\_isetup\_shfoldr.dll
C:\Program Files\SitemapX\is-DEQSB.tmp
C:\Program Files\SitemapX\is-3PHUL.tmp
C:\Program Files\SitemapX\is-2TNMG.tmp
C:\Program Files\SitemapX\is-EFOAT.tmp
C:\Program Files\SitemapX\is-F22O5.tmp
C:\Program Files\SitemapX\ftp\is-K0MB1.tmp
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\SitemapX.lnk
Behavior description:写权限映射文件
details:Local\UrlZonesSM_Administrator
Behavior description:重命名文件
details:C:\Program Files\SitemapX\is-DEQSB.tmp ---> C:\Program Files\SitemapX\unins000.exe
C:\Program Files\SitemapX\is-3PHUL.tmp ---> C:\Program Files\SitemapX\SitemapX.exe
C:\Program Files\SitemapX\is-2TNMG.tmp ---> C:\Program Files\SitemapX\Update.exe
C:\Program Files\SitemapX\is-EFOAT.tmp ---> C:\Program Files\SitemapX\FtpManagerX.exe
C:\Program Files\SitemapX\is-D0N38.tmp ---> C:\Program Files\SitemapX\settings.ini
C:\Program Files\SitemapX\is-F22O5.tmp ---> C:\Program Files\SitemapX\zipdll.dll
C:\Program Files\SitemapX\Language\is-9AU8U.tmp ---> C:\Program Files\SitemapX\Language\Chinese(Simplified).ini
C:\Program Files\SitemapX\Language\is-AHM63.tmp ---> C:\Program Files\SitemapX\Language\Chinese(Traditional).ini
C:\Program Files\SitemapX\Language\is-H8T65.tmp ---> C:\Program Files\SitemapX\Language\English.ini
C:\Program Files\SitemapX\Language\is-NULDN.tmp ---> C:\Program Files\SitemapX\Language\French.ini
C:\Program Files\SitemapX\Language\is-330NO.tmp ---> C:\Program Files\SitemapX\Language\Greek.ini
C:\Program Files\SitemapX\Language\is-5QRV7.tmp ---> C:\Program Files\SitemapX\Language\Japanese.ini
C:\Program Files\SitemapX\Language\is-MPPER.tmp ---> C:\Program Files\SitemapX\Language\Portuguese(pt).ini
C:\Program Files\SitemapX\Language\is-VCVG3.tmp ---> C:\Program Files\SitemapX\Language\Spanish.ini
C:\Program Files\SitemapX\ftp\is-732MN.tmp ---> C:\Program Files\SitemapX\ftp\Log.txt
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Program Files\SitemapX\is-D0N38.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-9AU8U.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-AHM63.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-H8T65.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-NULDN.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-330NO.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-5QRV7.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-MPPER.tmp---> Offset = 0
C:\Program Files\SitemapX\Language\is-VCVG3.tmp---> Offset = 0
C:\Program Files\SitemapX\ftp\is-68JP2.tmp---> Offset = 0
C:\Program Files\SitemapX\ftp\is-9LD43.tmp---> Offset = 0
C:\Program Files\SitemapX\ftp\language\is-7HOTJ.tmp---> Offset = 0
C:\Program Files\SitemapX\ftp\language\is-FBTAC.tmp---> Offset = 0
C:\Program Files\SitemapX\ftp\language\is-T1ACG.tmp---> Offset = 0
C:\Program Files\SitemapX\ftp\language\is-VK72C.tmp---> Offset = 0
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://www.sitemapx.com/update/update.ini hInternet = 0x00000130
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\Inno Setup: Setup Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\Inno Setup: App Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\Inno Setup: Icon Group
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\Inno Setup: User
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\Inno Setup: Selected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\Inno Setup: Deselected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\QuietUninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SitemapX_is1\HelpLink
Other behavior
Behavior description:枚举窗口
details:N/A
Behavior description:窗口信息
details:Pid = 1288, Hwnd=0xb01b0, Text = 选择安装期间要使用的语言:, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xc01c2, Text = 中文 (简体), ClassName = TNewComboBox.
Pid = 1288, Hwnd=0xa01aa, Text = 确定, ClassName = TNewButton.
Pid = 1288, Hwnd=0xb0184, Text = 取消, ClassName = TNewButton.
Pid = 1288, Hwnd=0xd01c8, Text = 选择安装语言, ClassName = TSelectLanguageForm.
Pid = 1288, Hwnd=0xc01b4, Text = 欢迎使用 SitemapX 安装向导 , ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb01be, Text = 安装向导将在你的电脑上安装 SitemapX 1.2。 建议你在继续之前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消”退出安装, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xa018c, Text = SITEMAP X END USER LICENCE AGREEMENT NOTIFICATION: PERMISSION TO USE THIS SOFTWARE ("SOFTWARE") IS CONDITIONAL UPON YOU AS THE, ClassName = TRichEditViewer.
Pid = 1288, Hwnd=0xc01e8, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 1288, Hwnd=0xd01a4, Text = 取消, ClassName = TNewButton.
Pid = 1288, Hwnd=0xd0184, Text = 安装向导 - SitemapX, ClassName = TWizardForm.
Pid = 1288, Hwnd=0xb016c, Text = 许可协议, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb0192, Text = 请在继续之前阅读以下重要信息。, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xd01ac, Text = 请阅读以下许可协议。在继续安装之前,你必须接受此协议的条款。, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb01ce, Text = 我接受协议(&A), ClassName = TNewRadioButton.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - SitemapX,TWizardForm]
[Window,Class] = [Static,Static]
[Window,Class] = [,#32770]
[Window,Class] = [,SysListView32]
[Window,Class] = [Button1,Button]
[Window,Class] = [CLS,Button]
[Window,Class] = [Rev,Button]
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
XXXXXX_SITEMAPX
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号