VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:0cb4758c3104278132f4c0023e094119
file type:EXE
Production company:Zbshareware Lab
version:6.4.0.1---6.4.0.1
Shell or compiler information:COMPILER:NSIS
Subfile information:BCGCBPRO1500u80.dll / big file / DLL
mfc80u.dll / ccc2e312486ae6b80970211da472268b / DLL
BCGPStyle2010Blue150.dll / 5e2bd09facb151796b9f0a7d4151dc3c / DLL
USBGuard.exe / 0ee209370faa94c2267b3b201d31e412 / EXE
msvcr80.dll / e4fece18310e23b1d8fee993e35e7a6f / DLL
msvcp80.dll / 4c8a880eabc0b4d462cc4b2472116ea1 / DLL
USBGuard.chm / 44cf0b4955bede84ae03418b445a5b72 / Chm
linkzb.exe / d810792fa43fc9836e7d2d3c7317b9c8 / EXE
USBSet.exe / b128397e13ec6a9bafe0fc34766e8853 / EXE
log3.dmb / ef4243ff3be46eb8feefe7edea478712 / Unknown
log2.dmb / e297edf898b0e265b7d11148b372bd92 / Unknown
en.bmp / ed25f74135602d4f678f47c8a90b3927 / Unknown
ru.bmp / acba4cb0fee2ea0560dce560d8bb1d00 / Unknown
french.dll / 7169c061085c04397d16b793079870a4 / DLL
spanish.dll / dd8b83d159a542ed87420cffebd6c548 / DLL
ukrainian.dll / aff9f8306a3b83ec85fa1ba6b29e8bda / DLL
portuese.dll / f2e006583870c8c4651e83b4ead8e2ef / DLL
russian.dll / 8068a3d79c1c30fb85406cef07907578 / DLL
turkish.dll / f60e910c86d97b70bb06d2a8abbd906f / DLL
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000802da, Text = Установка USB Disk Security, ClassName = #32770.
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsh4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\Aero.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ru.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\en.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ruS.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\enS.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\nsDialogs.dll
C:\WINDOWS\wininit.ini
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\Aero.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\nsDialogs.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc4E.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc4E.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc4E.tmp\Aero.dll.AmBackup1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc4E.tmp\nsDialogs.dll.AmBackup2
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsh4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\Aero.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\en.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\enS.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ru.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ruS.bmp
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\modern-header.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp ---> Offset = 90345
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn4D.tmp ---> Offset = 123113
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\Aero.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ru.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ru.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ru.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\ru.bmp ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\en.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\en.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\en.bmp ---> Offset = 32768
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EIG
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceive.Event.ELH.IC
MSCTF.SendReceiveConection.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000802da, Text = Установка USB Disk Security, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 1592, Hwnd=0x1002c8, Text = &Далее >, ClassName = Button.
Pid = 1592, Hwnd=0x1802fe, Text = Отмена, ClassName = Button.
Pid = 1592, Hwnd=0x1902ce, Text = RePack by KpoJIuK , ClassName = Static.
Pid = 1592, Hwnd=0x7038a, Text = RePack by KpoJIuK, ClassName = Static.
Pid = 1592, Hwnd=0x1702d8, Text = Особенности RePack-версии, ClassName = Static.
Pid = 1592, Hwnd=0x9039c, Text = ..., ClassName = Static.
Pid = 1592, Hwnd=0x1302c4, Text = Общая информация: ? Тип: установка ? Языки: русский, английский, укр, ClassName = Edit.
Pid = 1592, Hwnd=0x802da, Text = Установка USB Disk Security, ClassName = #32770.
Pid = 1592, Hwnd=0x70410, Text = 是(&Y), ClassName = Button.
Pid = 1592, Hwnd=0x20412, Text = 否(&N), ClassName = Button.
Pid = 1592, Hwnd=0x10416, Text = Вы действительно хотите отменить установку USB Disk Security v6.4.0.1?, ClassName = Static.
Pid = 1592, Hwnd=0x903a6, Text = Установка USB Disk Security, ClassName = #32770.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\Aero.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\nsDialogs.dll(签名验证: 未通过)
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.EIG.IC
EventName = MSCTF.SendReceiveConection.Event.EIG.IC
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\Aero.dll ---> 869c5949a10b32d3a31966cc5291301b
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4E.tmp\nsDialogs.dll ---> 4ccc4a742d4423f2f0ed744fd9c81f63
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc4E.tmp\Aero.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc4E.tmp\nsDialogs.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号