VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:268c1401a05d3402506a7be0620106fe
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0
Subfile information:FreePic2Pdf.exe / 0e18969e29b359a67ef2f675050fe073 / EXE
ComicEnhancerPro.exe / a63b80d6ec190d9ad5b8f62434dd6dc3 / EXE
Pdg2Pic.exe / d590baed3a1a4a3e251497f9910c9e3e / EXE
BookThief.exe / 005fa525778e3ad1ba84f73ff8058f44 / EXE
ComicEnhancerPro.htm / 3e5a61bd756f19518f9f6715c2b5e538 / Unknown
ComicEnhancerPro.ini / 0ba3c14c481ab4eba9287918d485f04d / Unknown
FreePic2Pdf.ini / 31114accdd2150b059c1c8455a5486d3 / Unknown
Pdg2Pic.ini / 396416b02ccf3092e3f14da402a972c0 / Unknown
C软.url / f77e9005e7ac30a0ab5a3d636edd1b6a / Unknown
A软.url / 3215f1c54b5362ce99a961151f6f4dc8 / Unknown
B软.url / db344b77a24e4d44ad01ae9ab2a9e475 / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:获取TickCount值
details:TickCount = 515098, SleepMilliseconds = 20.
TickCount = 515328, SleepMilliseconds = 250.
TickCount = 515343, SleepMilliseconds = 250.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: BookThief.exe, InheritedFromPID = 1944, ProcessID = 1012, ThreadID = 1352, StartAddress = 792A741C, Parameter = 00000000
TargetProcess: BookThief.exe, InheritedFromPID = 1944, ProcessID = 1012, ThreadID = 1008, StartAddress = 791F59C0, Parameter = 001B03B8
TargetProcess: BookThief.exe, InheritedFromPID = 1944, ProcessID = 1012, ThreadID = 784, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: BookThief.exe, InheritedFromPID = 1944, ProcessID = 1012, ThreadID = 1044, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: BookThief.exe, InheritedFromPID = 1944, ProcessID = 1012, ThreadID = 2244, StartAddress = 792F7F68, Parameter = 00000000
TargetProcess: BookThief.exe, InheritedFromPID = 1944, ProcessID = 1012, ThreadID = 2248, StartAddress = 77E56C7D, Parameter = 001E88C0
TargetProcess: BookThief.exe, InheritedFromPID = 1944, ProcessID = 1012, ThreadID = 2252, StartAddress = 769AE43B, Parameter = 001E88A0
File behavior
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IBD
Behavior description:创建事件对象
details:EventName = Global\CPFATE_1012_v4.0.30319
EventName = MSCTF.SendReceive.Event.IBD.IC
EventName = MSCTF.SendReceiveConection.Event.IBD.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 515098, SleepMilliseconds = 20.
TickCount = 515328, SleepMilliseconds = 250.
TickCount = 515343, SleepMilliseconds = 250.
Behavior description:窗口信息
details:Pid = 1012, Hwnd=0x202c4, Text = 文献传递偷取, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202c8, Text = (C. 选择图书保存地址) , ClassName = WindowsForms10.STATIC.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202ca, Text = (B. 如果偷取图书部分成功,可输入失败页数范围偷取失败部分) , ClassName = WindowsForms10.STATIC.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202c6, Text = (A. 图书地址为读秀发送到您电子邮箱的地址) , ClassName = WindowsForms10.STATIC.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x302da, Text = PDG2PDF, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x302b8, Text = 去水印, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202b0, Text = Apollo QQ:274666324, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202ae, Text = 合并, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202ac, Text = 浏览..., ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x502ce, Text = 关闭, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x302b6, Text = 确定, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202d0, Text = 保存地址:, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x202d2, Text = 图书地址:, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x102de, Text = ————, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r19_ad1.
Pid = 1012, Hwnd=0x102e4, Text = 0, ClassName = WindowsForms10.EDIT.app.0.2bf8098_r19_ad1.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = -1.
[2]: MilliSeconds = 250.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号