VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:2a8a01b63b6007652f0790482183012f
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Basic 5.0 / 6.0
Subfile information:1231232131.exe / big file / EXE
补丁.exe / 538430349811bce49cd0c0be7b703d04 / EXE
不看玩你妈逼辅助[双击鼠标].txt / 7d6c8b041ff2d1ac3d890accc32d2234 / Unknown
点击下载更多资源.url / 35d3f4365c5a7bd26b7c12fe1c216497 / Unknown
firegod.ini / 4b6ab05b8fb8f02778b59fadbe5e0fe1 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3D3E5E
DFMap0-4013690
DfRoot0003D3E5E
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.AKB..NJCHH
MSCTF.MarshalInterface.FileMap.AKB.B.NLCHH
MSCTF.MarshalInterface.FileMap.AKB.C.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.D.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.E.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.F.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.G.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.H.MMCHH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [Text1,ThunderRT6TextBox]
[Window,Class] = [Text2,ThunderRT6TextBox]
[Window,Class] = [使用驅動注入 DLL,ThunderRT6CheckBox]
[Window,Class] = [SetKey,ThunderRT6CommandButton]
[Window,Class] = [GetKey,ThunderRT6CommandButton]
[Window,Class] = [Command4,ThunderRT6CommandButton]
[Window,Class] = [Command6,ThunderRT6CommandButton]
[Window,Class] = [Download,ThunderRT6CommandButton]
[Window,Class] = [Command9,ThunderRT6CommandButton]
[Window,Class] = [< CF 火神輔助 2015-10-23 > 自動更新版 v1.4,ThunderRT6FormDC]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3D3E5E
DFMap0-4013690
DfRoot0003D3E5E
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.AKB..NJCHH
MSCTF.MarshalInterface.FileMap.AKB.B.NLCHH
MSCTF.MarshalInterface.FileMap.AKB.C.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.D.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.E.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.F.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.G.MMCHH
MSCTF.MarshalInterface.FileMap.AKB.H.MMCHH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445765357.625590.exe_7zdump\firegod.ini---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445765357.954358.exe_7zdump\firegod.ini
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 412, Hwnd=0x202b2, Text = 連接官網, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x302ba, Text = Command9, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x302bc, Text = 使用驅動注入 DLL, ClassName = ThunderRT6CheckBox.
Pid = 412, Hwnd=0x202d4, Text = 檢查是否有更新檔, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x202d6, Text = 123456789101234567891012345678, ClassName = ThunderRT6TextBox.
Pid = 412, Hwnd=0x202d8, Text = Text2, ClassName = ThunderRT6TextBox.
Pid = 412, Hwnd=0x202c2, Text = Text1, ClassName = ThunderRT6TextBox.
Pid = 412, Hwnd=0x202c4, Text = Download, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x202c6, Text = Command6, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x302b8, Text = 刪除火神輔助檔案, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x202ae, Text = Command4, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x202aa, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445765357.877966.exe_7zdump, ClassName = ThunderRT6TextBox.
Pid = 412, Hwnd=0x202ac, Text = 釋放輔助檔案, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x402be, Text = GetKey, ClassName = ThunderRT6CommandButton.
Pid = 412, Hwnd=0x702c0, Text = SetKey, ClassName = ThunderRT6CommandButton.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Text1,ThunderRT6TextBox]
[Window,Class] = [Text2,ThunderRT6TextBox]
[Window,Class] = [使用驅動注入 DLL,ThunderRT6CheckBox]
[Window,Class] = [SetKey,ThunderRT6CommandButton]
[Window,Class] = [GetKey,ThunderRT6CommandButton]
[Window,Class] = [Command4,ThunderRT6CommandButton]
[Window,Class] = [Command6,ThunderRT6CommandButton]
[Window,Class] = [Download,ThunderRT6CommandButton]
[Window,Class] = [Command9,ThunderRT6CommandButton]
[Window,Class] = [< CF 火神輔助 2015-10-23 > 自動更新版 v1.4,ThunderRT6FormDC]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AKB
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号