VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:175fdb3c4120b506f2d770c285164121
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:PE+(64)
Subfile information:WinRAR.exe / ec38dafee33168a200ad2a1c74290883 / EXE
Rar.exe / 4f908870ba92f370f3011f505b0fd6c0 / EXE
RarExt.dll / 3ec593ff01fa4846cd0d27a0d6c61f7f / DLL
UnRAR.exe / 27c00c0e3b7f855bcf2124209adf8b1e / EXE
RarExt32.dll / e3438a61d11253aff1698942777c19e2 / DLL
WinRAR.chm / 1e7a61e1ef2e8fa4f05f61b872487175 / Chm
Default64.SFX / c41a76597242e2e8265a012ee6e7dc01 / EXE
WinCon64.SFX / 211f4b437842e3956a3bc4c600d2e607 / EXE
WinCon.SFX / 06a70a222e6b5be74af976f3e8ce375b / EXE
Default.SFX / 6e45ecf99de7c1c9db437f2e9901c590 / EXE
Zip64.SFX / 96a15606d4ed133ae0fe20c078b131e6 / EXE
Uninstall.exe / faaad9d9a7da9fe2db1fc7bb0d3768f5 / EXE
Zip.SFX / 9e18ef259387e4d5b74ec147f3e2ce44 / EXE
7zxa.dll / cb1d8115e62dc1e44d00e4cbffe41aaf / DLL
Rar.txt / 58853e27ccde64f9d7f342936c463658 / Unknown
Ace32Loader.exe / 814685e2de40ef820e1921451242ab6f / EXE
UNACEV2.DLL / de02c4d04088b69e64ecc30a3d9e22e5 / DLL
WhatsNew.txt / bb1a87154db45c9240b9270ff60308a8 / Unknown
License.txt / 672064cf19db0b083b981cf0be7662b0 / Unknown
Process behavior
Behavior description:创建本地线程
details:ProcessId = 2004, ThreadId = 304.
ProcessId = 2004, ThreadId = 3964.
ProcessId = 2004, ThreadId = 3504.
ProcessId = 2004, ThreadId = 3704.
ProcessId = 2004, ThreadId = 3728.
ProcessId = 2004, ThreadId = 3600.
ProcessId = 2004, ThreadId = 1996.
ProcessId = 2004, ThreadId = 2024.
ProcessId = 2004, ThreadId = 488.
ProcessId = 2004, ThreadId = 1620.
ProcessId = 2004, ThreadId = 3104.
ProcessId = 2004, ThreadId = 544.
ProcessId = 2004, ThreadId = 1952.
File behavior
Behavior description:查找文件
details:FileName = C:\WINDOWS\FONTS\EUDC.TTE
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\WinRAR SFX\C%%Program Files%WinRAR
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Local\SessionImmersiveColorMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SmartScreen_AppRepSettings_Mutex
SmartScreen_ClientId_Mutex
CommunicationManager_Mutex
!IECompat!Mutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RichEdit20W]
[Window,Class] = [If you agree to the END USER LICENSE AGREEMENT (EULA), please click [Install]. If you do not agree, please click [Cancel].,Static]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:查找指定窗口
details:FindWindowExW: [Class,Window] = [EDIT,]
FindWindowW: [Class,Window] = [ApplicationManager_DesktopShellWindow,]
FindWindowW: [Class,Window] = [MS_AutodialMonitor,]
FindWindowW: [Class,Window] = [MS_WebCheckMonitor,]
FindWindowExW: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:打开事件
details:\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.2004
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\TabletHardwarePresent
Behavior description:窗口信息
details:Pid = 2004, Hwnd=0x402d4, Text = TITLE_BMP, ClassName = Static.
Pid = 2004, Hwnd=0xe0062, Text = Copyright © 1993-2017, ClassName = Static.
Pid = 2004, Hwnd=0xb004a, Text = by Alexander Roshal, ClassName = Static.
Pid = 2004, Hwnd=0xd024c, Text = &Destination folder, ClassName = Static.
Pid = 2004, Hwnd=0x90220, Text = C:\Program Files\WinRAR, ClassName = ComboBox.
Pid = 2004, Hwnd=0x80226, Text = C:\Program Files\WinRAR, ClassName = Edit.
Pid = 2004, Hwnd=0x80222, Text = Bro&wse..., ClassName = Button.
Pid = 2004, Hwnd=0x4040c, Text = If you agree to the END USER LICENSE AGREEMENT (EULA), please click [Install]. If you do not agree, please click [Cancel]., ClassName = Static.
Pid = 2004, Hwnd=0x50418, Text = Install, ClassName = Button.
Pid = 2004, Hwnd=0x80372, Text = Cancel, ClassName = Button.
Pid = 2004, Hwnd=0x60374, Text = WinRAR 5.50, ClassName = #32770.
Pid = 2004, Hwnd=0x30434, Text = 确定, ClassName = Button.
Pid = 2004, Hwnd=0x203d2, Text = "" folder is not accessible, ClassName = Static.
Pid = 2004, Hwnd=0x203c6, Text = Error, ClassName = #32770.
Pid = 2004, Hwnd=0xf0282, Text = Extracting files to folder , ClassName = RichEdit20W.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
Behavior description:打开互斥体
details:DefaultTabtip-MainUI
Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Global\Windows.Machine.OOBE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号