VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us VirSCAN  URL detection VirSCAN  API VirSCAN  uploader for windows(test)
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:87
Behavior list
Basic Information
MD5:0acd11d35e739c0c3d35f11d03f99760
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:KMSpico_setup.exe / a89c072c83a54cb5aa2c570f3d910a56 / EXE
ReadMe KMSpico Install.txt / 7cd3b648933e345e5945e74c0a15a877 / Unknown
UnInstall_Service.cmd / d228137b7b77d7ef3fcdc06ddabebeef / Unknown
Fullstuff.net.url / f3e61913d83f383458df72ceec4b2adc / Unknown
www.Fullstuff.net.txt / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MDC..KDDHH
MSCTF.MarshalInterface.FileMap.MDC.B.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.C.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.D.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.E.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.F.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.G.KDDHH
MSCTF.Shared.SFM.MDC
MSCTF.MarshalInterface.FileMap.MDC.H.BGILH
MSCTF.MarshalInterface.FileMap.MDC.I.AHILH
MSCTF.MarshalInterface.FileMap.MDC.J.AHILH
MSCTF.MarshalInterface.FileMap.MDC.K.AHILH
MSCTF.MarshalInterface.FileMap.MDC.L.AIILH
MSCTF.MarshalInterface.FileMap.MDC.M.AIILH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-S2MC7.tmp\KMSpico_setup.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-S2MC7.tmp\KMSpico_setup.tmp" /SL5="$302A8,2934705,69120,C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445267310.257508.exe_7zdump\KMSpico Install\KM
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MDC..KDDHH
MSCTF.MarshalInterface.FileMap.MDC.B.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.C.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.D.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.E.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.F.KDDHH
MSCTF.MarshalInterface.FileMap.MDC.G.KDDHH
MSCTF.Shared.SFM.MDC
MSCTF.MarshalInterface.FileMap.MDC.H.BGILH
MSCTF.MarshalInterface.FileMap.MDC.I.AHILH
MSCTF.MarshalInterface.FileMap.MDC.J.AHILH
MSCTF.MarshalInterface.FileMap.MDC.K.AHILH
MSCTF.MarshalInterface.FileMap.MDC.L.AIILH
MSCTF.MarshalInterface.FileMap.MDC.M.AIILH
Behavior description:重命名文件
details:C:\Program Files\KMSpico\is-GMG30.tmp ---> C:\Program Files\KMSpico\unins000.exe
C:\Program Files\KMSpico\is-VGEH8.tmp ---> C:\Program Files\KMSpico\AutoPico.exe
C:\Program Files\KMSpico\is-USB9K.tmp ---> C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll
C:\Program Files\KMSpico\is-G3PPQ.tmp ---> C:\Program Files\KMSpico\Vestris.ResourceLib.dll
C:\WINDOWS\system32\is-533Q1.tmp ---> C:\WINDOWS\system32\Vestris.ResourceLib.dll
C:\Program Files\KMSpico\is-CP57D.tmp ---> C:\Program Files\KMSpico\KMSELDI.exe
C:\Program Files\KMSpico\is-CR17F.tmp ---> C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico\is-JBTQ3.tmp ---> C:\Program Files\KMSpico\UninsHs.exe
C:\Program Files\KMSpico\cert\is-Q07ID.tmp ---> C:\Program Files\KMSpico\cert\installAll.cmd
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-386K7.tmp ---> C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg32.reg
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-KCH6H.tmp ---> C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLReg64.reg
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-51QGC.tmp ---> C:\Program Files\KMSpico\cert\kmscert2010\Access\AccessVLRegWOW.reg
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-60N8R.tmp ---> C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.OOB.xrm-ms
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-OGM7E.tmp ---> C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PL.xrm-ms
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-GO4LI.tmp ---> C:\Program Files\KMSpico\cert\kmscert2010\Access\Access_KMS_Client.PPDLIC.xrm-ms
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-S2MC7.tmp\KMSpico_setup.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-I579Q.tmp\_isetup\_shfoldr.dll
C:\Program Files\KMSpico\is-GMG30.tmp
C:\Program Files\KMSpico\is-VGEH8.tmp
C:\Program Files\KMSpico\is-USB9K.tmp
C:\Program Files\KMSpico\is-G3PPQ.tmp
C:\WINDOWS\system32\is-533Q1.tmp
C:\Program Files\KMSpico\is-CP57D.tmp
C:\Program Files\KMSpico\is-CR17F.tmp
C:\Program Files\KMSpico\is-JBTQ3.tmp
Behavior description:修改文件内容
details:C:\Program Files\KMSpico\cert\is-Q07ID.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-386K7.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-KCH6H.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-51QGC.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-60N8R.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-OGM7E.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-GO4LI.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-HGN6E.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Access\is-JUFE4.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-RSQKO.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-4SKN8.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-FD9A0.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-K6J6V.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-JARK0.tmp---> Offset = 0
C:\Program Files\KMSpico\cert\kmscert2010\Excel\is-A102E.tmp---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-S2MC7.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-S2MC7.tmp\KMSpico_setup.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\*.*
FileName = C:\Program Files\KMSpico\unins???.*
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MDC
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 1124, Hwnd=0x202d2, Text = Welcome to the KMSpico Setup Wizard , ClassName = TNewStaticText.
Pid = 1124, Hwnd=0x202d0, Text = This will install KMSpico on your computer. It is recommended that you close all other applications before continuing. Clic, ClassName = TNewStaticText.
Pid = 1124, Hwnd=0x202aa, Text = Important: If you like MS Windows and MS Office please buy legal and original this program help to test this product, ClassName = TRichEditViewer.
Pid = 1124, Hwnd=0x202c4, Text = C:\Program Files\KMSpico, ClassName = TEdit.
Pid = 1124, Hwnd=0x502ce, Text = &Next >, ClassName = TNewButton.
Pid = 1124, Hwnd=0x702c0, Text = Cancel, ClassName = TNewButton.
Pid = 1124, Hwnd=0x302b4, Text = Setup, ClassName = TWizardForm.
Pid = 1124, Hwnd=0x402bc, Text = Setup - KMSpico, ClassName = TMainForm.
Pid = 1124, Hwnd=0x102e8, Text = License Agreement, ClassName = TNewStaticText.
Pid = 1124, Hwnd=0x102e6, Text = Please read the following important information before continuing., ClassName = TNewStaticText.
Pid = 1124, Hwnd=0x102e2, Text = Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation., ClassName = TNewStaticText.
Pid = 1124, Hwnd=0x102e0, Text = I &accept the agreement, ClassName = TNewRadioButton.
Pid = 1124, Hwnd=0x102de, Text = I &do not accept the agreement, ClassName = TNewRadioButton.
Pid = 1124, Hwnd=0x102ea, Text = < &Back, ClassName = TNewButton.
Pid = 1124, Hwnd=0x102e8, Text = Select Destination Location, ClassName = TNewStaticText.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号