VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:2a1ff4d0c8f1d034f3c8dfcfa7ace41b
file type:7z
Production company:Igor Pavlov
version:9.20.0.0---9.20
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:PDFCombiner.exe / big file / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABH..PHKGH
MSCTF.MarshalInterface.FileMap.ABH.B.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.C.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.D.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.E.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.F.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.G.PHKGH
MSCTF.Shared.SFM.ABH
MSCTF.MarshalInterface.FileMap.ABH.H.IACLH
MSCTF.MarshalInterface.FileMap.ABH.I.IACLH
MSCTF.MarshalInterface.FileMap.ABH.J.IACLH
MSCTF.MarshalInterface.FileMap.ABH.K.IACLH
MSCTF.MarshalInterface.FileMap.ABH.L.IACLH
MSCTF.MarshalInterface.FileMap.ABH.M.HBCLH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = 7-Zip self-extracting archive, ClassName = #32770.
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABH..PHKGH
MSCTF.MarshalInterface.FileMap.ABH.B.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.C.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.D.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.E.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.F.PHKGH
MSCTF.MarshalInterface.FileMap.ABH.G.PHKGH
MSCTF.Shared.SFM.ABH
MSCTF.MarshalInterface.FileMap.ABH.H.IACLH
MSCTF.MarshalInterface.FileMap.ABH.I.IACLH
MSCTF.MarshalInterface.FileMap.ABH.J.IACLH
MSCTF.MarshalInterface.FileMap.ABH.K.IACLH
MSCTF.MarshalInterface.FileMap.ABH.L.IACLH
MSCTF.MarshalInterface.FileMap.ABH.M.HBCLH
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = 7-Zip self-extracting archive, ClassName = #32770.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 1552, Hwnd=0x202a6, Text = E&xtract to:, ClassName = Static.
Pid = 1552, Hwnd=0x202a8, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\, ClassName = Edit.
Pid = 1552, Hwnd=0x202cc, Text = ..., ClassName = Button.
Pid = 1552, Hwnd=0x202b4, Text = Extract, ClassName = Button.
Pid = 1552, Hwnd=0x202b2, Text = Cancel, ClassName = Button.
Pid = 1552, Hwnd=0x202a2, Text = 7-Zip self-extracting archive, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号