VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:77
Behavior list
Basic Information
MD5:3591d071bc1707d9a35c9ba7f63c53e5
file type:EXE
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [RAR SFX]
Subfile information:VKbdDxi.dll / a7a5730b834e9337141863b8c3cca894 / DLL
upx_c_7c21fb01dumpFile / a27ccd0b45ea0afac4e3c584623f874a / EXE
DXiReg.exe / fa62be1bb9aa0e0ac34700d156677bbf / EXE
Setup Editor.txt / d63b870df4e6c98f71d0082190c4eed2 / Unknown
Setup Editor (chs).txt / dae81d9867c3f80d64f5afab8730b529 / Unknown
Read Me.txt / 7fbf395730d428d1cf834a04a32c4683 / Unknown
Read Me (Chs).txt / f009e7603597da3063e1e5861ca56c82 / Unknown
DXiPWFix.CAL / 4005b69e6c17b2cd1d05ead6b00fd4c7 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:直接获取CPU时钟
details:N/A
Behavior description:获取TickCount值
details:TickCount = 5353237, SleepMilliseconds = 50.
TickCount = 5353300, SleepMilliseconds = 50.
TickCount = 5353581, SleepMilliseconds = 50.
TickCount = 5353596, SleepMilliseconds = 50.
TickCount = 5353612, SleepMilliseconds = 50.
TickCount = 5353643, SleepMilliseconds = 50.
TickCount = 5353690, SleepMilliseconds = 50.
TickCount = 5353706, SleepMilliseconds = 50.
TickCount = 5353737, SleepMilliseconds = 50.
TickCount = 5353784, SleepMilliseconds = 50.
TickCount = 5353800, SleepMilliseconds = 50.
TickCount = 5353815, SleepMilliseconds = 50.
TickCount = 5353831, SleepMilliseconds = 50.
TickCount = 5353878, SleepMilliseconds = 50.
TickCount = 5353940, SleepMilliseconds = 50.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2208, ThreadID = 2228, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2208, ThreadID = 2248, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2208, ThreadID = 2252, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2208, ThreadID = 2256, StartAddress = 6359727B, Parameter = 0028EF40
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EKI
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EKI.IC
EventName = MSCTF.SendReceiveConection.Event.EKI.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
RasPbFile
CtfmonInstMutexDefaultS-*
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.0000003F
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.0000003F
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:获取TickCount值
details:TickCount = 5353237, SleepMilliseconds = 50.
TickCount = 5353300, SleepMilliseconds = 50.
TickCount = 5353581, SleepMilliseconds = 50.
TickCount = 5353596, SleepMilliseconds = 50.
TickCount = 5353612, SleepMilliseconds = 50.
TickCount = 5353643, SleepMilliseconds = 50.
TickCount = 5353690, SleepMilliseconds = 50.
TickCount = 5353706, SleepMilliseconds = 50.
TickCount = 5353737, SleepMilliseconds = 50.
TickCount = 5353784, SleepMilliseconds = 50.
TickCount = 5353800, SleepMilliseconds = 50.
TickCount = 5353815, SleepMilliseconds = 50.
TickCount = 5353831, SleepMilliseconds = 50.
TickCount = 5353878, SleepMilliseconds = 50.
TickCount = 5353940, SleepMilliseconds = 50.
Behavior description:获取光标位置
details:CursorPos = (71,18468), SleepMilliseconds = 50.
CursorPos = (6364,26501), SleepMilliseconds = 50.
CursorPos = (19199,15725), SleepMilliseconds = 50.
CursorPos = (11508,29359), SleepMilliseconds = 50.
CursorPos = (26992,24465), SleepMilliseconds = 50.
CursorPos = (5735,28146), SleepMilliseconds = 50.
CursorPos = (23311,16828), SleepMilliseconds = 50.
CursorPos = (9991,492), SleepMilliseconds = 50.
CursorPos = (3025,11943), SleepMilliseconds = 50.
CursorPos = (4857,5437), SleepMilliseconds = 50.
CursorPos = (32421,14605), SleepMilliseconds = 50.
CursorPos = (3932,154), SleepMilliseconds = 50.
CursorPos = (322,12383), SleepMilliseconds = 50.
CursorPos = (17451,18717), SleepMilliseconds = 50.
CursorPos = (19748,19896), SleepMilliseconds = 50.
Behavior description:窗口信息
details:Pid = 2208, Hwnd=0xd035e, Text = &Destination folder, ClassName = Static.
Pid = 2208, Hwnd=0x1002c8, Text = C:\Program Files\Virtual Keyboard DXi, ClassName = ComboBox.
Pid = 2208, Hwnd=0xb032a, Text = C:\Program Files\Virtual Keyboard DXi, ClassName = Edit.
Pid = 2208, Hwnd=0x503b0, Text = Bro&wse..., ClassName = Button.
Pid = 2208, Hwnd=0x40392, Text = Installation progress, ClassName = Static.
Pid = 2208, Hwnd=0x7038a, Text = Install, ClassName = Button.
Pid = 2208, Hwnd=0x7037c, Text = Cancel, ClassName = Button.
Pid = 2208, Hwnd=0xe02b2, Text = WinRAR self-extracting archive, ClassName = #32770.
Pid = 2208, Hwnd=0xf02aa, Text = 确定, ClassName = Button.
Pid = 2208, Hwnd=0x8038e, Text = "" folder is not accessible, ClassName = Static.
Pid = 2208, Hwnd=0x1403be, Text = Error, ClassName = #32770.
Pid = 2208, Hwnd=0x1902fe, Text = 确定, ClassName = Button.
Pid = 2208, Hwnd=0xe035e, Text = Windows 找不到文件 "DXIREG.EXE"。请确定文件名是否正确后,再试一次。要搜索文件,请单击「开始」按钮,然后单击“搜索”。, ClassName = Static.
Pid = 2208, Hwnd=0x603b0, Text = DXIREG.EXE, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RICHEDIT]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:直接获取CPU时钟
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号