VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:1684fa18ff45982adff2c365db64d238
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x0002029e, Text = Install PhotoFiltre Studio X 10.10.1 , ClassName = #32770.

Process behavior

Behavior description: 创建本地线程
details: N/A
Behavior description: 进程退出
details: N/A
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 创建文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\modern-wizard.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll
C:\WINDOWS\wininit.ini
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\modern-wizard.bmp---> Offset = 39705
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 332
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 387
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 395
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 407
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 356
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini---> Offset = 732
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll
Behavior description: 删除文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ioSpecial.ini-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\modern-wizard.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\modern-wizard.bmp-newfile
Behavior description: 查找文件
details: FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll.AmBackup1

Registry behavior

Behavior description: 修改注册表_延迟重命名项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AKL
Behavior description: 创建事件对象
details: EventName = MSCTF.SendReceive.Event.AKL.IC
EventName = MSCTF.SendReceiveConection.Event.AKL.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x0002029e, Text = Install PhotoFiltre Studio X 10.10.1 , ClassName = #32770.
Behavior description: 窗口信息
details: Pid = 2972, Hwnd=0x202a4, Text = &Next >, ClassName = Button.
Pid = 2972, Hwnd=0x202a6, Text = Cancel, ClassName = Button.
Pid = 2972, Hwnd=0x302bc, Text = NSIS (c) - Antonio Da Cruz , ClassName = Static.
Pid = 2972, Hwnd=0x202d4, Text = NSIS (c) - Antonio Da Cruz, ClassName = Static.
Pid = 2972, Hwnd=0x302da, Text = Welcome to the PhotoFiltre Studio X Setup Wizard, ClassName = Static.
Pid = 2972, Hwnd=0x302b8, Text = This wizard will guide you through the installation of PhotoFiltre Studio X. It is recommended that you close all other applic, ClassName = Static.
Pid = 2972, Hwnd=0x2029e, Text = Install PhotoFiltre Studio X 10.10.1, ClassName = #32770.
Pid = 2972, Hwnd=0x202a4, Text = I &Agree, ClassName = Button.
Pid = 2972, Hwnd=0x402b8, Text = Press Page Down to see the rest of the agreement., ClassName = Static.
Pid = 2972, Hwnd=0x402da, Text = User license agreement PhotoFiltre Studio is shareware and is limited to a 30-day trial period. At the end of the 30-day tria, ClassName = RichEdit20A.
Pid = 2972, Hwnd=0x302c6, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install PhotoFiltre Studio , ClassName = Static.
Pid = 2972, Hwnd=0x10342, Text = 是(&Y), ClassName = Button.
Pid = 2972, Hwnd=0x10344, Text = 否(&N), ClassName = Button.
Pid = 2972, Hwnd=0x10348, Text = Are you sure you want to quit PhotoFiltre Studio X Setup?, ClassName = Static.
Pid = 2972, Hwnd=0x40340, Text = Install PhotoFiltre Studio X 10.10.1, ClassName = #32770.
Behavior description: 可执行文件签名信息
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll(签名验证: 未通过)
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Button]
[Window,Class] = [NSIS (c) - Antonio Da Cruz,Static]
[Window,Class] = [NSIS (c) - Antonio Da Cruz ,Static]
[Window,Class] = [,Static]
Behavior description: 可执行文件MD5
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll ---> 0dc0cc7a6d9db685bf05a7e5f3ea4781
Behavior description: 加载新释放的文件
details: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\InstallOptions.dll.