VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:129cf56384fcd32d1be44ae747d59dbf
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
DfSharedHeap3D4034
DFMap0-4014160
DfRoot0003D4034
MSCTF.MarshalInterface.FileMap.MJB..FBJFI
MSCTF.MarshalInterface.FileMap.MJB.B.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.C.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.D.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.E.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.F.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.G.FCJFI
MSCTF.Shared.SFM.MJB
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [检测字段重复,ThunderRT6Frame]
[Window,Class] = [挑出照片库中的照片并重命名,ThunderRT6Frame]
[Window,Class] = [名单汇总输出,ThunderRT6Frame]
[Window,Class] = [教室课表课时统计输出,ThunderRT6Frame]
[Window,Class] = [Excel数据匹配助手2015,ThunderRT6FormDC]

Process behavior

Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
DfSharedHeap3D4034
DFMap0-4014160
DfRoot0003D4034
MSCTF.MarshalInterface.FileMap.MJB..FBJFI
MSCTF.MarshalInterface.FileMap.MJB.B.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.C.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.D.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.E.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.F.FBJFI
MSCTF.MarshalInterface.FileMap.MJB.G.FCJFI
MSCTF.Shared.SFM.MJB

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32\
Behavior description: 删除注册表键值
details: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
Behavior description: 删除注册表键
details: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MJB
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [检测字段重复,ThunderRT6Frame]
[Window,Class] = [挑出照片库中的照片并重命名,ThunderRT6Frame]
[Window,Class] = [名单汇总输出,ThunderRT6Frame]
[Window,Class] = [教室课表课时统计输出,ThunderRT6Frame]
[Window,Class] = [Excel数据匹配助手2015,ThunderRT6FormDC]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 获取TickCount值
details: TickCount = 545484, SleepMilliseconds = 60000.
TickCount = 545500, SleepMilliseconds = 60000.
TickCount = 545734, SleepMilliseconds = 60000.
TickCount = 545812, SleepMilliseconds = 60000.
TickCount = 546890, SleepMilliseconds = 60000.
TickCount = 546906, SleepMilliseconds = 60000.
TickCount = 546937, SleepMilliseconds = 60000.
TickCount = 546953, SleepMilliseconds = 60000.
TickCount = 546968, SleepMilliseconds = 60000.
TickCount = 546984, SleepMilliseconds = 60000.
TickCount = 547000, SleepMilliseconds = 60000.
TickCount = 547093, SleepMilliseconds = 60000.
TickCount = 547109, SleepMilliseconds = 60000.
TickCount = 547171, SleepMilliseconds = 60000.
TickCount = 547921, SleepMilliseconds = 60000.
Behavior description: 窗口信息
details: Pid = 1396, Hwnd=0x202b2, Text = 两表间数据匹配, ClassName = ThunderRT6Frame.
Pid = 1396, Hwnd=0x302bc, Text = 准备工作:Excel文件规范和使用帮助, ClassName = ThunderRT6Frame.
Pid = 1396, Hwnd=0x202d4, Text = 删除空行和空列, ClassName = ThunderRT6CommandButton.
Pid = 1396, Hwnd=0x302dc, Text = 一图看效果, ClassName = ThunderRT6CommandButton.
Pid = 1396, Hwnd=0x202d6, Text = 使用说明(Doc文档), ClassName = ThunderRT6CommandButton.
Pid = 1396, Hwnd=0x202d8, Text = 拆分合并单元格, ClassName = ThunderRT6CommandButton.
Pid = 1396, Hwnd=0x202c2, Text = 一行变多行, ClassName = ThunderRT6CommandButton.
Pid = 1396, Hwnd=0x202c4, Text = 请输入重复的字数(整数,不能为0或负数),鼠标双击修改。, ClassName = ThunderRT6TextBox.
Pid = 1396, Hwnd=0x202c8, Text = 连续重复字数, ClassName = ThunderRT6OptionButton.
Pid = 1396, Hwnd=0x202ca, Text = 包含, ClassName = ThunderRT6OptionButton.
Pid = 1396, Hwnd=0x202c6, Text = 完全相同, ClassName = ThunderRT6OptionButton.
Pid = 1396, Hwnd=0x302da, Text = 数据匹配:将表1中的选中字段附加到表2中..., ClassName = ThunderRT6CommandButton.
Pid = 1396, Hwnd=0x302b8, Text = Step2:打开第2个Excel文件并选择匹配字段, ClassName = ThunderRT6Frame.
Pid = 1396, Hwnd=0x202b0, Text = 提示:可将Excel文件拖到此处直接打开!, ClassName = ThunderRT6TextBox.
Pid = 1396, Hwnd=0x202ae, Text = 打开Excel文件, ClassName = ThunderRT6CommandButton.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 60000.