VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:094c3d9ea0317f66e70e62da1a861fab
file type:7z
Production company:
version:4.7.1.127---4.7.1.127
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
Subfile information:hdrw.dll / big file / DLL
DiskGenius.exe / big file / EXE
LangCRes.dll / e6ad9200ecfa010b4912c04b291a99e1 / DLL
diskgen.exe / ab20c513d9d87ac14eaa9a91e05489dd / Unknown
FileType.dll / 2fb823ba317dd8dab24b2a1858fc5a83 / DLL
upx_c_557553c3dumpFile / 390f7327a7d7d672d84f6fe305a12b0f / EXE
SDL.dll / 0150cd5726a7a6684424ae10bb7d3d8a / DLL
IniCfg.dll / f45be94907dba556955d6d0520e56c40 / DLL
update.dll / 31caa1e5638b746115cd21a792e2ff46 / DLL
dsoframer.ocx / d1c5f5332fa2aa9f58a2f3378563963b / DLL
Hdrwvm.dll / c443a4534b186dfe73f01b683ddb76a9 / DLL
HdrwLDM.dll / 4d858b74ef94248b91a6845e6bab368e / DLL
HdrwVhd.dll / a80bc45c94c4d076d6cb7db23a193578 / DLL
HdrwVhdx.dll / 9c5cd36dfc526c54c07f1455df5b03ec / DLL
HdrwVdi.dll / a85218e2cef7c4c3c4e202cc861ad37a / DLL
HdrwRD.dll / a1841c7d0532b5067606a1958adb5c85 / DLL
Barray.dll / e65f56618497aad178d16390def6a42d / DLL
Charset.dll / f6be44988e446a6608a55814a8821468 / DLL
command.com / f730339b0a5f461b530d93bd57050dff / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MOK..OJGMG
MSCTF.MarshalInterface.FileMap.MOK.B.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.C.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.D.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.E.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.F.OKGMG
MSCTF.MarshalInterface.FileMap.MOK.G.OKGMG
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MOK..OJGMG
MSCTF.MarshalInterface.FileMap.MOK.B.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.C.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.D.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.E.OJGMG
MSCTF.MarshalInterface.FileMap.MOK.F.OKGMG
MSCTF.MarshalInterface.FileMap.MOK.G.OKGMG
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\DiskGenius.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Barray.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Charset.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\FileType.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\hdrw.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwLDM.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwRD.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwVdi.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwVhd.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\HdrwVhdx.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Hdrwvm.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\IniCfg.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\LangCRes.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\SDL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\update.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\fdauto.bat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\license.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\Options.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\command.com---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\fdapm.com---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\shsucdx.com---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\CTMOUSE.EXE---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\diskgen.exe---> Offset = 190886
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\himem.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\fdconfig.sys---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\kernel.sys---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\dos\xcdrom.sys---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGenius\DiskGenius.exe
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.AEH
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
Behavior description:窗口信息
details:Pid = 2792, Hwnd=0x401ce, Text = 执行 ""DiskGenius\DiskGenius.exe" " 时出错。 %1 不是有效的 Win32 应用程序。 , ClassName = Static.
Pid = 2792, Hwnd=0x40248, Text = 确定(&O), ClassName = Button.
Pid = 2792, Hwnd=0x70236, Text = DiskGenius: 错误, ClassName = #32770.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号