VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:78
Behavior list
Basic Information
MD5:107006a1472593d0f7e55b96e058ff59
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:从零开始学电路基础.pdfdumpFile / big file / Unknown
从零开始学电路基础.pdf / big file / Unknown
PDF-STREAM-34dumpFile / 27eb9bb9c3fc9c94e752b75405047c6a / Unknown
PDF-STREAM-0dumpFile / 856f90f820b690f3756f90765e0a94dc / Unknown
PDF-STREAM-20dumpFile / 39125664e7bdf1348b734998dca0f0d8 / Unknown
PDF-STREAM-35dumpFile / 630862e37d4f1a28d08f406f98abe1b9 / Unknown
PDF-STREAM-32dumpFile / 35d9eb864a31fee5bc3d6369c897b391 / Unknown
PDF-STREAM-3dumpFile / 21e060deca59c31179bda0e0269f7238 / Unknown
PDF-STREAM-24dumpFile / cc09620c640955cdc856daaf1774bd19 / Unknown
PDF-STREAM-30dumpFile / 420d0d91b7a21a3846ca02158979cc56 / Unknown
PDF-STREAM-19dumpFile / e273c244b35b02f03b052c271eaba9b9 / Unknown
PDF-STREAM-36dumpFile / e6ef9038ac059d4e6b9430319396e3c0 / Unknown
PDF-STREAM-21dumpFile / 28867f56fc4e52ef91f5881e82546781 / Unknown
PDF-STREAM-25dumpFile / ceb58cef36dab0253480e8257e1480eb / Unknown
PDF-STREAM-39dumpFile / 4db87416d0ab23e85f24e6b9c9586cef / Unknown
PDF-STREAM-5dumpFile / 20f05993c63fb7dfe3366bdc79da6fa1 / Unknown
PDF-STREAM-44dumpFile / ef352e6a5f13ef883e6bf157ad01fb54 / Unknown
PDF-STREAM-22dumpFile / 4b341b746156b6906578d2073877c62b / Unknown
PDF-STREAM-27dumpFile / 3f7e256ddfb0bb89b892989d1e9e1eb9 / Unknown
Key behavior
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x720105f4.
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-zh_CN
Behavior description:创建进程
details:ImagePath = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, CmdLine = "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-zh_CN
Behavior description:创建本地线程
details:TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2700, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2716, StartAddress = 050770CA, Parameter = 00E1FA28
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2720, StartAddress = 781329E1, Parameter = 00E53818
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2724, StartAddress = 77E56C7D, Parameter = 0019E6F0
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2728, StartAddress = 769AE43B, Parameter = 001AAEE8
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2744, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2748, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2752, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2756, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2760, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 1944, ProcessID = 2684, ThreadID = 2952, StartAddress = 01301FA0, Parameter = 0250F0B0
TargetProcess: Adobe_Updater.exe, InheritedFromPID = 2684, ProcessID = 3060, ThreadID = 3084, StartAddress = 00548C61, Parameter = 00F4E598
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1023
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1028
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 2052
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 4096
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 8192
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 278
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 381
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 429
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Compare.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\bLastExitNormal
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SYSTEM\Acrobatviewercpp304\
\REGISTRY\MACHINE\SYSTEM\WSZXSGANXFJVAYSXYQGNXKQY\
Other behavior
Behavior description:设置对象安全信息
details:C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
Behavior description:创建互斥体
details:2AC1A572DB6944B0A65C38C4140AF2F4a7c0655310C
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Acrobat Instance Mutex
Global\AcrobatViewerIsRunning
oleacc-msaa-loaded
2AC1A572DB6944B0A65C38C4140AF2F4a7c01D16428
2AC1A572DB6944B0A65C38C4140AF2F4a7c01D16140
2AC1A572DB6944B0A65C38C4140AF2F4a7c01D161A4
2AC1A572DB6944B0A65C38C4140AF2F4a7c01D16264
2AC1A572DB6944B0A65C38C4140AF2F4a7c01D163E8
Behavior description:窗口信息
details:Pid = 2684, Hwnd=0x303d4, Text = 打开本文档时发生错误。文件已损坏并且无法修复。, ClassName = Static.
Pid = 2684, Hwnd=0xb037c, Text = 确定, ClassName = Button.
Pid = 2684, Hwnd=0x1c037a, Text = 取消, ClassName = Button.
Pid = 2684, Hwnd=0x110398, Text = Adobe Reader, ClassName = #32770.
Pid = 2684, Hwnd=0x303dc, Text = AVToolBarHostView, ClassName = AVL_AVView.
Pid = 2684, Hwnd=0x6037e, Text = AVNullDocView, ClassName = AVL_AVView.
Pid = 2684, Hwnd=0x2102bc, Text = AVToolBarEasel, ClassName = AVL_AVView.
Pid = 2684, Hwnd=0x140306, Text = Adobe Reader, ClassName = AcrobatSDIWindow.
Pid = 2684, Hwnd=0x503ca, Text = 123456, ClassName = Edit.
Pid = 2684, Hwnd=0x16030c, Text = 100%, ClassName = Edit.
Pid = 2684, Hwnd=0xd038a, Text = 0, ClassName = Edit.
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceiveConection.Event.AIK.IC
EventName = MSCTF.SendReceive.Event.AIK.IC
EventName = Global\userenv: User Profile setup event
EventName = ShellCopyEngineRunning
EventName = ShellCopyEngineFinished
Behavior description:检测自身是否被调试
details:N/A
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [AdobeAcrobatSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [AdobeReaderSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [Acrobat Instance Window Class,Acrobat Instance Window]
NtUserFindWindowEx: [Class,Window] = [Acrobat Viewer,]
NtUserFindWindowEx: [Class,Window] = [JFWUI2,]
NtUserFindWindowEx: [Class,Window] = [AdobeAcrobat,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [AcrobatTimerWnd,]
NtUserFindWindowEx: [Class,Window] = [UpdaterBaseDialogClass6,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
MSFT.VSA.COM.DISABLE.2684
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Global\SvcctrlStartEvent_A3752DX
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x720105f4.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Acrobat Viewer]
[Window,Class] = [,Edit]
[Window,Class] = [取消,Button]
[Window,Class] = [,Button]
[Window,Class] = [Adobe Reader,#32770]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号