VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:12fd1c36bf4ee8bccc24f7fb57c04728
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [浏览(&W)...,Button]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0,ComboBox]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1,ComboBox]
[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,Static]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [XFast LAN 安装程序向导,#32770]

Process behavior

Behavior description: 创建新文件进程
details: ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\autorun.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\autorun.exe"
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\X86\setup.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\X86\setup.exe"
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\install.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\install.exe"

File behavior

Behavior description: 写权限映射文件
details: Local\UrlZonesSM_Administrator
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\X86\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Autorun.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\X64\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\cfosspeed.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\install.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\spd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\speedsrv.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\cfosspeed.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\cfosspeed6.sys
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\cfspdiml.txt---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\fileauth.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\jquery-mit-license.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\license.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\speedml.txt---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\speedml_1337.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\whatsnew.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\dialog.css---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\adapterinfo.js---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\bgraph.js---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\console.js---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\dialoglib.js---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\jquery-1.3.2.min.js---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\dialog\jquery_all.js---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\led.js---> Offset = 0

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\autorun.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\X86\setup.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\install.exe

Other behavior

Behavior description: 创建互斥体
details: Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
SHIMLIB_LOG_MUTEX
XFast LAN_install_mutex
WBEMPROVIDERSTATICMUTEX
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [浏览(&W)...,Button]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0,ComboBox]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1,ComboBox]
[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,Static]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [XFast LAN 安装程序向导,#32770]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CFOSSPEED CLASS,]
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 2332, Hwnd=0xc01a6, Text = XFast LAN 安装程序向导, ClassName = #32770.
Pid = 2332, Hwnd=0xb0200, Text = 欢迎使用 XFast LAN v6.61!, ClassName = Static.
Pid = 2332, Hwnd=0xd01f6, Text = 本向导将指导您安装 XFast LAN v6.61。 点击“下一步”来继续。, ClassName = Static.
Pid = 2332, Hwnd=0xb015e, Text = 您没有系统管理员的权限。本安装向导只能由拥有系统管理员权限的用户登录运行。, ClassName = Static.
Pid = 2332, Hwnd=0xd01c4, Text = 本向导的语言是, ClassName = Static.
Pid = 2332, Hwnd=0xd038e, Text = 简体中文, ClassName = ComboBox.
Pid = 2332, Hwnd=0x9035c, Text = 翻译员 Neil, ClassName = Static.
Pid = 2332, Hwnd=0xb01e0, Text = < 上一步(&B), ClassName = Button.
Pid = 2332, Hwnd=0xb01a2, Text = 下一步(&N) >, ClassName = Button.
Pid = 2332, Hwnd=0xb019c, Text = 完成, ClassName = Button.
Pid = 2332, Hwnd=0xc01b2, Text = 取消, ClassName = Button.
Pid = 2332, Hwnd=0xc01ee, Text = 帮助, ClassName = Button.
Pid = 2332, Hwnd=0xb0174, Text = XFast LAN 安装程序向导, ClassName = #32770.
Pid = 2332, Hwnd=0xa03aa, Text = XFast LAN 安装程序向导, ClassName = #32770.
Pid = 2332, Hwnd=0x903d6, Text = If you accept the license agreement, check the "I agree" field and click Next, otherwise, click Cancel., ClassName = Static.
Behavior description: 打开图片文件
details: dialog\images\bgraph.bmp
header.bmp
dialog\images\usage.bmp
vista_de.bmp
vista_en.bmp
watermark.bmp
dialog\images\menu_back.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\watermark.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\header.bmp