VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:0fb36faa610627e9eaaadaf0c90e9129
file type:7z
Production company:not by Acronis
version:19.0.0.5634---1, 0, 0, 0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:libcrypto10.dll / e3708190587a12a2a71b724c0da0a7d3 / DLL
libcrypto10.dll / 9e054045d57e993693454356f89560f2 / DLL
libcrypto10.dll / 24f0e8981ec3088f570af6394feb5b18 / DLL
libcrypto10.dll / ebc12b096fa47195f6b477ddda0c7761 / DLL
libcrypto10.dll / 060ed28d979061b88a43f1abf539fbb4 / DLL
libcrypto10.dll / ce88e2feabfec84c535faa1921eb49b0 / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / ce88e2feabfec84c535faa1921eb49b0 / DLL
libcrypto10.dll / bea4e4ceae1ddb7697ed52b2c0e73986 / DLL
libcrypto10.dll / fbef3abed9b52ded52841b462bd06abc / DLL
libcrypto10.dll / d623a36247044648977c8688bc3eb53e / DLL
libcrypto10.dll / db82de21bc28bb8ff773c44654be90fd / DLL
libcrypto10.dll / abd379efc199031ca55c57e0a588e612 / DLL
libcrypto10.dll / 7581f166afd9f025dd7c2e82dc4884ed / DLL
libcrypto10.dll / 8881dcf53c311065052dc81a4a271d72 / DLL
libcrypto10.dll / 56b360ed11f95edc07b73229a63ccaf3 / DLL
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00180142, Text = Acronis True Image activator, ClassName = ConsoleWindowClass.
Behavior description:获取TickCount值
details:TickCount = 492082, SleepMilliseconds = 20.
TickCount = 492098, SleepMilliseconds = 20.
TickCount = 492113, SleepMilliseconds = 20.
TickCount = 492145, SleepMilliseconds = 20.
TickCount = 492160, SleepMilliseconds = 20.
TickCount = 492207, SleepMilliseconds = 20.
TickCount = 496848, SleepMilliseconds = 20.
TickCount = 496910, SleepMilliseconds = 20.
TickCount = 496941, SleepMilliseconds = 20.
TickCount = 497004, SleepMilliseconds = 20.
TickCount = 497160, SleepMilliseconds = 20.
TickCount = 497176, SleepMilliseconds = 20.
TickCount = 516598, SleepMilliseconds = 20.
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd" "
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
ImagePath = C:\WINDOWS\system32\mode.com, CmdLine = mode con:cols=80 lines=36
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath 2>NUL
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath
ImagePath = C:\WINDOWS\system32\xcopy.exe, CmdLine = xcopy /y TrueImageReadme "C:\Documents and Settings\Administrator\Desktop\TrueImageReadme"
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation_de.cmd
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation_en.cmd
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\CHANGELOG.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\DiskDirector12.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2012.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2013.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2014.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2015.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2016.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2012.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2013.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2014.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2015.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2016.txt
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation_de.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation_en.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\CHANGELOG.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\DiskDirector12.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2012.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2013.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2014.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2015.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\liesmich2016.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2012.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2013.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2014.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2015.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\TrueImageReadme\readme2016.txt---> Offset = 0
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\filever.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6525\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6613\libcrypto10.dll
Behavior description:删除文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll-newfile
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\REG.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 492082, SleepMilliseconds = 20.
TickCount = 492098, SleepMilliseconds = 20.
TickCount = 492113, SleepMilliseconds = 20.
TickCount = 492145, SleepMilliseconds = 20.
TickCount = 492160, SleepMilliseconds = 20.
TickCount = 492207, SleepMilliseconds = 20.
TickCount = 496848, SleepMilliseconds = 20.
TickCount = 496910, SleepMilliseconds = 20.
TickCount = 496941, SleepMilliseconds = 20.
TickCount = 497004, SleepMilliseconds = 20.
TickCount = 497160, SleepMilliseconds = 20.
TickCount = 497176, SleepMilliseconds = 20.
TickCount = 516598, SleepMilliseconds = 20.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00180142, Text = Acronis True Image activator, ClassName = ConsoleWindowClass.
Behavior description:窗口信息
details:Pid = 3200, Hwnd=0x202b4, Text = Cancel, ClassName = Button.
Pid = 3200, Hwnd=0x170142, Text = 55% Extracting, ClassName = #32770.
Pid = 3916, Hwnd=0x180142, Text = C:\WINDOWS\system32\cmd.exe, ClassName = ConsoleWindowClass.
Pid = 3916, Hwnd=0x180142, Text = Acronis True Image activator, ClassName = ConsoleWindowClass.
Behavior description:可执行文件签名信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\filever.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6525\libcrypto10.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6613\libcrypto10.dll(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [,Button]
Behavior description:可执行文件MD5
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\filever.exe ---> 0e6c873a80940c9729bc8017ad67b2de
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll ---> d623a36247044648977c8688bc3eb53e
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll ---> bea4e4ceae1ddb7697ed52b2c0e73986
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll ---> fbef3abed9b52ded52841b462bd06abc
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll ---> db82de21bc28bb8ff773c44654be90fd
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll ---> abd379efc199031ca55c57e0a588e612
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll ---> 7581f166afd9f025dd7c2e82dc4884ed
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll ---> 8881dcf53c311065052dc81a4a271d72
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll ---> 56b360ed11f95edc07b73229a63ccaf3
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll ---> d51b906dfc4a9fafa473422e9dae88e6
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll ---> 73fb3ca2bf6c7ef1c541476d2ff9fdc6
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll ---> 060ed28d979061b88a43f1abf539fbb4
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll ---> e3708190587a12a2a71b724c0da0a7d3
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6525\libcrypto10.dll ---> 9e054045d57e993693454356f89560f2
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6613\libcrypto10.dll ---> 24f0e8981ec3088f570af6394feb5b18
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号