VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:303bb7008cb00ca1a72be33b97a48ff9
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 检测自身是否被调试
details: N/A

Process behavior

Behavior description: 隐藏窗口创建进程
details: ImagePath = , CmdLine = "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-zh_CN
Behavior description: 创建进程
details: ImagePath = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, CmdLine = "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-zh_CN
Behavior description: 创建本地线程
details: TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 556, ThreadID = 1376, StartAddress = 012BB3A0, Parameter = 01D0B408
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 556, ThreadID = 1416, StartAddress = 01301FA0, Parameter = 024F6CB8
TargetProcess: Adobe_Updater.exe, InheritedFromPID = 556, ProcessID = 2204, ThreadID = 2240, StartAddress = 00548C61, Parameter = 00F4E598
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description: 覆盖已有文件
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1023
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1028
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 2052
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 4096
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 8192
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 12288
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 278
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 381
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 429
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\WINDOWS\System32\spool\DRIVERS\COLOR\*
FileName = C:\WINDOWS\system32\Color\*
FileName = C:\Program Files
FileName = C:\Program Files\Common Files
FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
FileName = C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\*.*
FileName = C:\Program Files\Common Files\Adobe\Fonts\*.*
FileName = C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\*.*
FileName = C:\Program Files\Adobe\Reader 9.0\Resource\CMap\*.*
FileName = C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\*.*
FileName = C:\Program Files\Adobe\Reader 9.0\Resource\Font\*.*

Registry behavior

Behavior description: 删除注册表键
details: \REGISTRY\MACHINE\SYSTEM\Acrobatviewercpp304\
\REGISTRY\MACHINE\SYSTEM\WSZXSGANXFJVAYSXYQGNXKQY\
Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\cRecentFiles\c1\sDI
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\cRecentFiles\c1\tDIText
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\cRecentFiles\c1\aFS
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\xID
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\iTime
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\iAVDocViewBottomSplitterPos
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\iAVDocViewLeftSplitterPos
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\bAVDocViewTabsShowing
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\bAVToolBarHostView_ToolBarsShowing
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\bShowingPageGaps
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\bShowingPageGaps
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\cocgStates\b0
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\xpageViewBead
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\ipageViewLayoutMode
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\ipageViewPageNum
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\MaxDoc
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\MaxApp
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\PrintToFile

Other behavior

Behavior description: 设置对象安全信息
details: C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
Behavior description: 创建互斥体
details: MSCTF.Shared.MUTEX.APH
MSCTF.Shared.MUTEX.EDC
M/1G8CZiEw2V6MhRhoZs3Q==
k4MZXm/abW9MoMnrUNTWcg==
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
2AC1A572DB6944B0A65C38C4140AF2F489c006233B0
9LVOgOsC+tXZJUah+9h3NQ==
2AC1A572DB6944B0A65C38C4140AF2F489c006233B8
Sz+kZNR8d7yIhGj/hbDt+A==
Behavior description: 创建事件对象
details: EventName = MSCTF.SendReceiveConection.Event.EDC.IC
EventName = MSCTF.SendReceive.Event.EDC.IC
EventName = Global\userenv: User Profile setup event
EventName = ShellCopyEngineRunning
EventName = ShellCopyEngineFinished
Behavior description: 检测自身是否被调试
details: N/A
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [AcrobatTimerWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [UpdaterBaseDialogClass6,]
NtUserFindWindowEx: [Class,Window] = [AcrobatSDIWindow,]
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 556, Hwnd=0x3015e, Text = AVToolBarHostView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101d8, Text = AVTabStripView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101bc, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101be, Text = AVSplitationPageView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101c0, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101c2, Text = AVScrolledPageView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101c4, Text = AVScrollView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101cc, Text = AVTableContainerView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101ce, Text = 3.000 x 3.000 厘米, ClassName = Static.
Pid = 556, Hwnd=0x101ca, Text = AVPageView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x101b2, Text = AVNullDocView, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x3018a, Text = AVToolBarEasel, ClassName = AVL_AVView.
Pid = 556, Hwnd=0x301aa, Text = 565%, ClassName = Edit.
Pid = 556, Hwnd=0x301a8, Text = 1, ClassName = Edit.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [AVNullDocView,AVL_AVView]
[Window,Class] = [AVSplitterView,AVL_AVView]
[Window,Class] = [,ScrollBar]
[Window,Class] = [AVRulerView,AVL_AVView]
[Window,Class] = [AVTabStripView,AVL_AVView]
[Window,Class] = [AVTableContainerView,AVL_AVView]
[Window,Class] = [,Edit]
[Window,Class] = [AVToolBarView,AVL_AVView]
[Window,Class] = [AVDockableHostView,AVL_AVView]
[Window,Class] = [,AVL_AVFloating]
[Window,Class] = [Adobe Reader,AcrobatSDIWindow]
[Window,Class] = [0,Edit]
[Window,Class] = [100%,Edit]
[Window,Class] = [123456,Edit]
[Window,Class] = [AVToolBarHostView,AVL_AVView]