1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:75 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 2a8a01b63b6007652f0790482183012f |
| file type: | zip |
| Production company: | |
| version: | |
| Shell or compiler information: | COMPILER:Microsoft Visual Basic 5.0 / 6.0 |
| Subfile information: | 1231232131.exe / big file / EXE |
| 补丁.exe / 538430349811bce49cd0c0be7b703d04 / EXE | |
| 不看玩你妈逼辅助[双击鼠标].txt / 7d6c8b041ff2d1ac3d890accc32d2234 / Unknown | |
| 点击下载更多资源.url / 35d3f4365c5a7bd26b7c12fe1c216497 / Unknown | |
| firegod.ini / 4b6ab05b8fb8f02778b59fadbe5e0fe1 / Unknown | |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| DfSharedHeap3D3E5E | |
| DFMap0-4013690 | |
| DfRoot0003D3E5E | |
| \WINDOWS\system32\zh-cn\ieframe.dll.mui | |
| Local\!PrivacIE!SharedMem!Counter | |
| Local\UrlZonesSM_Administrator | |
| MSCTF.MarshalInterface.FileMap.AKB..NJCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.B.NLCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.C.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.D.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.E.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.F.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.G.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.H.MMCHH | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [Text1,ThunderRT6TextBox] |
| [Window,Class] = [Text2,ThunderRT6TextBox] | |
| [Window,Class] = [使用驅動注入 DLL,ThunderRT6CheckBox] | |
| [Window,Class] = [SetKey,ThunderRT6CommandButton] | |
| [Window,Class] = [GetKey,ThunderRT6CommandButton] | |
| [Window,Class] = [Command4,ThunderRT6CommandButton] | |
| [Window,Class] = [Command6,ThunderRT6CommandButton] | |
| [Window,Class] = [Download,ThunderRT6CommandButton] | |
| [Window,Class] = [Command9,ThunderRT6CommandButton] | |
| [Window,Class] = [< CF 火神輔助 2015-10-23 > 自動更新版 v1.4,ThunderRT6FormDC] | |
| [Window,Class] = [,Shell Embedding] | |
| [Window,Class] = [,Internet Explorer_Server] | |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| DfSharedHeap3D3E5E | |
| DFMap0-4013690 | |
| DfRoot0003D3E5E | |
| \WINDOWS\system32\zh-cn\ieframe.dll.mui | |
| Local\!PrivacIE!SharedMem!Counter | |
| Local\UrlZonesSM_Administrator | |
| MSCTF.MarshalInterface.FileMap.AKB..NJCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.B.NLCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.C.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.D.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.E.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.F.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.G.MMCHH | |
| MSCTF.MarshalInterface.FileMap.AKB.H.MMCHH | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 修改文件内容 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445765357.625590.exe_7zdump\firegod.ini---> Offset = 0 |
| Behavior description: | 查找文件 |
| details: | FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445765357.954358.exe_7zdump\firegod.ini |
| Other behavior | |
|---|---|
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,] |
| NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,] | |
| NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] | |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 窗口信息 |
| details: | Pid = 412, Hwnd=0x202b2, Text = 連接官網, ClassName = ThunderRT6CommandButton. |
| Pid = 412, Hwnd=0x302ba, Text = Command9, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x302bc, Text = 使用驅動注入 DLL, ClassName = ThunderRT6CheckBox. | |
| Pid = 412, Hwnd=0x202d4, Text = 檢查是否有更新檔, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x202d6, Text = 123456789101234567891012345678, ClassName = ThunderRT6TextBox. | |
| Pid = 412, Hwnd=0x202d8, Text = Text2, ClassName = ThunderRT6TextBox. | |
| Pid = 412, Hwnd=0x202c2, Text = Text1, ClassName = ThunderRT6TextBox. | |
| Pid = 412, Hwnd=0x202c4, Text = Download, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x202c6, Text = Command6, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x302b8, Text = 刪除火神輔助檔案, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x202ae, Text = Command4, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x202aa, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445765357.877966.exe_7zdump, ClassName = ThunderRT6TextBox. | |
| Pid = 412, Hwnd=0x202ac, Text = 釋放輔助檔案, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x402be, Text = GetKey, ClassName = ThunderRT6CommandButton. | |
| Pid = 412, Hwnd=0x702c0, Text = SetKey, ClassName = ThunderRT6CommandButton. | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [Text1,ThunderRT6TextBox] |
| [Window,Class] = [Text2,ThunderRT6TextBox] | |
| [Window,Class] = [使用驅動注入 DLL,ThunderRT6CheckBox] | |
| [Window,Class] = [SetKey,ThunderRT6CommandButton] | |
| [Window,Class] = [GetKey,ThunderRT6CommandButton] | |
| [Window,Class] = [Command4,ThunderRT6CommandButton] | |
| [Window,Class] = [Command6,ThunderRT6CommandButton] | |
| [Window,Class] = [Download,ThunderRT6CommandButton] | |
| [Window,Class] = [Command9,ThunderRT6CommandButton] | |
| [Window,Class] = [< CF 火神輔助 2015-10-23 > 自動更新版 v1.4,ThunderRT6FormDC] | |
| [Window,Class] = [,Shell Embedding] | |
| [Window,Class] = [,Internet Explorer_Server] | |
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| Local\!PrivacIE!SharedMemory!Mutex | |
| Local\ZonesCounterMutex | |
| Local\ZoneAttributeCacheCounterMutex | |
| Local\ZonesCacheCounterMutex | |
| Local\ZonesLockedCacheCounterMutex | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.AKB | |
| Run screenshot |
|---|
 |
HOME
