VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 1bf0d2e8d0dd964dac2f227a7955667a
file type:
Production company:
version:
Shell or compiler information:

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IHN..GELMF
MSCTF.MarshalInterface.FileMap.IHN.B.GELMF
MSCTF.MarshalInterface.FileMap.IHN.C.GELMF
MSCTF.MarshalInterface.FileMap.IHN.D.GELMF
MSCTF.MarshalInterface.FileMap.IHN.E.GELMF
MSCTF.MarshalInterface.FileMap.IHN.F.GELMF
MSCTF.MarshalInterface.FileMap.IHN.G.GELMF
MSCTF.Shared.SFM.IHN
Behavior description: 杀掉进程
details: TotalCMD64.exe

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IHN..GELMF
MSCTF.MarshalInterface.FileMap.IHN.B.GELMF
MSCTF.MarshalInterface.FileMap.IHN.C.GELMF
MSCTF.MarshalInterface.FileMap.IHN.D.GELMF
MSCTF.MarshalInterface.FileMap.IHN.E.GELMF
MSCTF.MarshalInterface.FileMap.IHN.F.GELMF
MSCTF.MarshalInterface.FileMap.IHN.G.GELMF
MSCTF.Shared.SFM.IHN
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nso8.tmp\NsProcess.dll
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj7.tmp---> Offset = 98304

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Other behavior

Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 窗口信息
details: Pid = 3444, Hwnd=0x10350, Text = 是(&Y), ClassName = Button.
Pid = 3444, Hwnd=0x10352, Text = 否(&N), ClassName = Button.
Pid = 3444, Hwnd=0x10356, Text = 安装程序检测到 Total Commander x64 正在运行! 您确定要继续安装吗?, ClassName = Static.
Pid = 3444, Hwnd=0x1034c, Text = Total Commander x64 安装, ClassName = #32770.
Pid = 3444, Hwnd=0x20354, Text = 确定, ClassName = Button.
Pid = 3444, Hwnd=0x20350, Text = 警告! 您正在使用32位操作系统,安装无法继续! 建议下载并安装 Total Commander 中文增强版32位版本。 请点击“确定”按钮退出, ClassName = Static.
Pid = 3444, Hwnd=0x2034c, Text = Total Commander x64 安装, ClassName = #32770.
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Total Commander x64
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IHN
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE

Run screenshot

VirSCAN