1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:77 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 2a1ff4d0c8f1d034f3c8dfcfa7ace41b |
| file type: | 7z |
| Production company: | Igor Pavlov |
| version: | 9.20.0.0---9.20 |
| Shell or compiler information: | COMPILER:Microsoft Visual C++ 6.0 [Overlay] |
| Subfile information: | PDFCombiner.exe / big file / EXE |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.ABH..PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.B.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.C.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.D.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.E.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.F.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.G.PHKGH | |
| MSCTF.Shared.SFM.ABH | |
| MSCTF.MarshalInterface.FileMap.ABH.H.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.I.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.J.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.K.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.L.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.M.HBCLH | |
| Behavior description: | 屏蔽窗口关闭消息 |
| details: | hWnd = 0x000202a2, Text = 7-Zip self-extracting archive, ClassName = #32770. |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.ABH..PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.B.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.C.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.D.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.E.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.F.PHKGH | |
| MSCTF.MarshalInterface.FileMap.ABH.G.PHKGH | |
| MSCTF.Shared.SFM.ABH | |
| MSCTF.MarshalInterface.FileMap.ABH.H.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.I.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.J.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.K.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.L.IACLH | |
| MSCTF.MarshalInterface.FileMap.ABH.M.HBCLH | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.ABH | |
| Behavior description: | 屏蔽窗口关闭消息 |
| details: | hWnd = 0x000202a2, Text = 7-Zip self-extracting archive, ClassName = #32770. |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 窗口信息 |
| details: | Pid = 1552, Hwnd=0x202a6, Text = E&xtract to:, ClassName = Static. |
| Pid = 1552, Hwnd=0x202a8, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\, ClassName = Edit. | |
| Pid = 1552, Hwnd=0x202cc, Text = ..., ClassName = Button. | |
| Pid = 1552, Hwnd=0x202b4, Text = Extract, ClassName = Button. | |
| Pid = 1552, Hwnd=0x202b2, Text = Cancel, ClassName = Button. | |
| Pid = 1552, Hwnd=0x202a2, Text = 7-Zip self-extracting archive, ClassName = #32770. | |
| Run screenshot |
|---|
 |
HOME
