VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:0cb07d4189027ac3de55b73bf49defcb
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 写权限映射文件
details: Global\Cor_Private_IPCBlock_872
Global\Cor_Public_IPCBlock_872
CiceroSharedMemDefaultS-*
Global\NLS_00000804_Exception_Table_3_2
MSCTF.MarshalInterface.FileMap.EIF..AIPGH
MSCTF.MarshalInterface.FileMap.EIF.B.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.C.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.D.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.E.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.F.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.G.AJPGH

Process behavior

Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: Global\Cor_Private_IPCBlock_872
Global\Cor_Public_IPCBlock_872
CiceroSharedMemDefaultS-*
Global\NLS_00000804_Exception_Table_3_2
MSCTF.MarshalInterface.FileMap.EIF..AIPGH
MSCTF.MarshalInterface.FileMap.EIF.B.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.C.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.D.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.E.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.F.AIPGH
MSCTF.MarshalInterface.FileMap.EIF.G.AJPGH
Behavior description: 查找文件
details: FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445416735.186437.exe_7zdump
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445416735.189920.exe_7zdump\mazidashen.exe
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445416735.200394.exe_7zdump\mazidashen.INI
FileName = C:/DOCUME~1

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description: 窗口信息
details: Pid = 872, Hwnd=0x202a8, Text = 确定, ClassName = Button.
Pid = 872, Hwnd=0x202cc, Text = 系统禁止在压缩包里运行,请解压!, ClassName = Static.
Behavior description: 获取系统权限
details: SE_DEBUG_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE