VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:17d4728ef65e31a84ca8b7b913bfbbec
file type:Nsis
Production company:
version:
Shell or compiler information:
Subfile information:zisyncd.exe / big file / EXE
mfc100u.dll / f32077df74efd435a1dcdf415e189df1 / DLL
back_page0.bmp / b602c578156be9a1a90ffd29a59d2abc / Unknown
back_page1.bmp / 32d175124a842798e06ad7a3fcedfe59 / Unknown
msvcr100.dll / bf38660a9125935658cfa3e53fdc7d65 / DLL
msvcp100.dll / e3c817f7fe44cc870ecdbcbc3ea36132 / DLL
loadshow.bmp / a92f96a6c459840e8ab9971479660718 / Unknown
libzmq.dll / c477c9beaed586a3020536343082646f / DLL
quit.bmp / c5530d2dbdb3ddbf3738b04769f7647a / Unknown
ZisyncUpdate.exe / b0895011f7c16eca3fb35a18aee6b016 / EXE
btn_installex.bmp / 0832fd9e3d3159f77e35cb9cdf0e6136 / Unknown
btn_complete.bmp / 045bf7bbe69f6d32699130d6e176c373 / Unknown
ZiSyncLicense.rtf / 269f4662833f92d0161acd3417430b96 / Unknown
libglog.dll / b7f4c393d4e6b4a0eab685bafedef515 / DLL
btn_startuprun.bmp / d96f0ad2944ce8fd58d51481d92bdec5 / Unknown
logo.bmp / a5c01b78930f7f70dfb571b58486807a / Unknown
[NSIS].nsi / de59d32f844d78264b9c6ebbb689c30d / Unknown
btn_back.bmp / fdbf1a66f95b1f0f171c894e10b06820 / Unknown
btn_install.bmp / 79c6dbe2eb78966a6a3f8a3e6122a151 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABM..MOPHH
MSCTF.MarshalInterface.FileMap.ABM.B.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.C.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.D.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.E.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.F.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.G.MOPHH
MSCTF.Shared.SFM.ABM
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a6, Text = 自同步 2.1.0 安装, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [自同步 ,Static]
[Window,Class] = [自同步,Static]
[Window,Class] = [,Button]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [取消(&C),Button]
[Window,Class] = [我已阅读并同意自同步,Static]
[Window,Class] = [,RichEdit20A]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABM..MOPHH
MSCTF.MarshalInterface.FileMap.ABM.B.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.C.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.D.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.E.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.F.MOPHH
MSCTF.MarshalInterface.FileMap.ABM.G.MOPHH
MSCTF.Shared.SFM.ABM
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\FindProcDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\SkinBtn.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\nsDialogs.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\WndProc.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\back_page0.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\back_page1.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\quit.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\ZiSyncLicense.rtf---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_close.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_cancel.bmp---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\checkbox1.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\checkbox2.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_quit.bmp---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_agreement.bmp---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_installex.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_custom.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_back.bmp---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\tx_aggrement.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\logo.bmp---> Offset = 32768
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\checkaggrement1.bmp.AmBackup10000
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\FindProcDLL.dll.AmBackup1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\nsDialogs.dll.AmBackup4
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\SkinBtn.dll.AmBackup2
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\System.dll.AmBackup3
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABM
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [自同步 ,Static]
[Window,Class] = [自同步,Static]
[Window,Class] = [,Button]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [取消(&C),Button]
[Window,Class] = [我已阅读并同意自同步,Static]
[Window,Class] = [,RichEdit20A]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a6, Text = 自同步 2.1.0 安装, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 3084, Hwnd=0x302b8, Text = Welcome, ClassName = #32770.
Pid = 3084, Hwnd=0x402be, Text = 我已阅读并同意自同步, ClassName = Static.
Pid = 3084, Hwnd=0x202b4, Text = 下一步(&N) >, ClassName = Button.
Pid = 3084, Hwnd=0x202b2, Text = 取消(&C), ClassName = Button.
Pid = 3084, Hwnd=0x202d8, Text = 自同步 , ClassName = Static.
Pid = 3084, Hwnd=0x202c2, Text = 自同步, ClassName = Static.
Pid = 3084, Hwnd=0x202a6, Text = 自同步 2.1.0 安装, ClassName = #32770.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\back_page0.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\back_page1.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\quit.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_close.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_cancel.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\checkbox1.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\checkbox2.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_quit.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_agreement.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_installex.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_custom.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\btn_back.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\tx_aggrement.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\logo.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\checkaggrement1.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号