VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:232ea9ab7ec43b8b2ef36181ee7d693b
file type:Applet JAR文件
Production company:
version:
Shell or compiler information:
Subfile information:Gson.class / 77cf4480e0a65adb9990d0adc08cf4c6 / Unknown
Gson.classdumpFile / 77cf4480e0a65adb9990d0adc08cf4c6 / Unknown
JsonReader.classdumpFile / ceb80a42826329bd67fad030bc15824d / Unknown
JsonReader.class / ceb80a42826329bd67fad030bc15824d / Unknown
LinkedTreeMap.class / eadb3f192c8325c1a2ca777177d79a1e / Unknown
LinkedTreeMap.classdumpFile / eadb3f192c8325c1a2ca777177d79a1e / Unknown
$Gson$Types.classdumpFile / a3d64ab110943b00d882aa242c905a8b / Unknown
$Gson$Types.class / a3d64ab110943b00d882aa242c905a8b / Unknown
TypeAdapters.classdumpFile / 8f0800c869c94a26fbe0654c6276897d / Unknown
TypeAdapters.class / 8f0800c869c94a26fbe0654c6276897d / Unknown
GsonBuilder.class / 2af80eda941aa5f4aeb68a7a3ad45a82 / Unknown
GsonBuilder.classdumpFile / 2af80eda941aa5f4aeb68a7a3ad45a82 / Unknown
JsonWriter.class / f3ad666b4879e3e230f366f99ddf29ef / Unknown
JsonWriter.classdumpFile / f3ad666b4879e3e230f366f99ddf29ef / Unknown
TypeToken.classdumpFile / 4b043eb673a1aecc3d4d29a9c1621f99 / Unknown
TypeToken.class / 4b043eb673a1aecc3d4d29a9c1621f99 / Unknown
MapTypeAdapterFactory$Adapter.class / a51e2569eb34d560b8e809c514d1afb9 / Unknown
MapTypeAdapterFactory$Adapter.classdumpFile / a51e2569eb34d560b8e809c514d1afb9 / Unknown
Excluder.classdumpFile / d17598c511d7117069356b9aa4d87571 / Unknown
Process behavior
Behavior description:创建本地线程
details:TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3076, StartAddress = 78AFC724, Parameter = 02C6FDA8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3080, StartAddress = 78AFC724, Parameter = 02C6FDA8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3084, StartAddress = 78AFC724, Parameter = 02C6FDA8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3088, StartAddress = 78AFC724, Parameter = 02C6FDA8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3092, StartAddress = 78AFC724, Parameter = 02C6FDA8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3096, StartAddress = 78AFC724, Parameter = 02C6FDA8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3136, StartAddress = 78AFC724, Parameter = 02C6FDA8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3140, StartAddress = 78AFC724, Parameter = 0303C030
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3152, StartAddress = 78AFC724, Parameter = 0303C030
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3156, StartAddress = 78AFC724, Parameter = 0304A890
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3160, StartAddress = 78AFC724, Parameter = 0304A890
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3164, StartAddress = 78AFC724, Parameter = 0304A890
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3168, StartAddress = 78AFC724, Parameter = 030401D8
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3172, StartAddress = 78AFC724, Parameter = 03077270
TargetProcess: appletviewer.exe, InheritedFromPID = 1944, ProcessID = 3024, ThreadID = 3176, StartAddress = 78AFC724, Parameter = 03079E00
File behavior
Behavior description:创建文件
details:C:\WINDOWS\system32\d3d9caps.tmp
Behavior description:重命名文件
details:C:\WINDOWS\system32\d3d9caps.tmp ---> C:\WINDOWS\system32\d3d9caps.dat
Behavior description:删除文件
details:C:\WINDOWS\system32\d3d9caps.dat
Behavior description:修改文件内容
details:C:\WINDOWS\system32\d3d9caps.tmp ---> Offset = 0
C:\WINDOWS\system32\d3d9caps.tmp ---> Offset = 4
C:\WINDOWS\system32\d3d9caps.tmp ---> Offset = 28
Behavior description:查找文件
details:FileName = C:\Program Files
FileName = C:\Program Files\Java
FileName = C:\Program Files\Java\jdk1.7.0
FileName = C:\Program Files\Java\jdk1.7.0\jre
FileName = C:\Program Files\Java\jdk1.7.0\jre\lib
FileName = C:\Program Files\Java\jdk1.7.0\jre\lib\security
FileName = C:\Program Files\Java\jdk1.7.0\jre\lib\security\java.policy
FileName = C:\Program Files\Java\jdk1.7.0\jre\lib\ext
FileName = C:\Program Files\Java\jdk1.7.0\jre\lib\ext\-
FileName = C:\WINDOWS
FileName = C:\WINDOWS\Sun
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\.java.policy
FileName = C:\Documents and Settings\Administrator\Local Settings
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DDrawWindowListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MAM
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.MAM.IC
EventName = MSCTF.SendReceiveConection.Event.MAM.IC
Behavior description:窗口信息
details:Pid = 3024, Hwnd=0x110306, Text = 您好..., ClassName = SunAwtLabel.
Pid = 3024, Hwnd=0x703c4, Text = 小应用程序查看器: com\google\gson\FieldNamingPolicy$3.class, ClassName = SunAwtFrame.
Pid = 3024, Hwnd=0x1802f8, Text = 启动: 未初始化小应用程序。, ClassName = SunAwtLabel.
Pid = 3024, Hwnd=0x4038c, Text = 小应用程序查看器: com\google\gson\FieldNamingPolicy$2.class, ClassName = SunAwtFrame.
Pid = 3024, Hwnd=0x130340, Text = 启动: 未初始化小应用程序。, ClassName = SunAwtLabel.
Pid = 3024, Hwnd=0x1203be, Text = 小应用程序查看器: com\google\gson\FieldNamingPolicy$1.class, ClassName = SunAwtFrame.
Pid = 3024, Hwnd=0xc03a0, Text = 启动: 未初始化小应用程序。, ClassName = SunAwtLabel.
Pid = 3024, Hwnd=0x1d02bc, Text = 小应用程序查看器: com\google\gson\FieldAttributes.class, ClassName = SunAwtFrame.
Pid = 3024, Hwnd=0x9039c, Text = 启动: 未初始化小应用程序。, ClassName = SunAwtLabel.
Pid = 3024, Hwnd=0x7037c, Text = 小应用程序查看器: com\google\gson\ExclusionStrategy.class, ClassName = SunAwtFrame.
Pid = 3024, Hwnd=0x7038a, Text = 启动: 未初始化小应用程序。, ClassName = SunAwtLabel.
Pid = 3024, Hwnd=0x403a2, Text = 小应用程序查看器: com\google\gson\DefaultDateTypeAdapter.class, ClassName = SunAwtFrame.
Pid = 3024, Hwnd=0x40392, Text = 启动: 未初始化小应用程序。, ClassName = SunAwtLabel.
Pid = 3024, Hwnd=0x120318, Text = 小应用程序查看器: com\google\gson\annotations\Until.class, ClassName = SunAwtFrame.
Pid = 3024, Hwnd=0x503b0, Text = 启动: 未初始化小应用程序。, ClassName = SunAwtLabel.
Behavior description:打开事件
details:CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号