VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us VirSCAN  URL detection VirSCAN  API VirSCAN  uploader for windows(test)
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:75
Behavior list
Basic Information
MD5:374885b9749950044bb8a22c96bb2839
file type:EXE
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..HBOHH
MSCTF.MarshalInterface.FileMap.EMF.B.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.C.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.D.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.E.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.F.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.G.HBOHH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
MSCTF.Shared.SFM.EMF
Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
MSCTF.MarshalInterface.FileMap.EMF.H.MBPJH
MSCTF.MarshalInterface.FileMap.EMF.I.MBPJH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = CCleaner 5.10.5373 Plus 安装 , ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [少轻狂与蓝星天宇合作出品,Static]
[Window,Class] = [,Static]
[Window,Class] = [显示细节(&D),Button]
Behavior description:按名称获取主机地址
details:up.flighty.cn
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..HBOHH
MSCTF.MarshalInterface.FileMap.EMF.B.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.C.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.D.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.E.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.F.HBOHH
MSCTF.MarshalInterface.FileMap.EMF.G.HBOHH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
MSCTF.Shared.SFM.EMF
Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
MSCTF.MarshalInterface.FileMap.EMF.H.MBPJH
MSCTF.MarshalInterface.FileMap.EMF.I.MBPJH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\nsProcess.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\nsDialogs.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\nsWater.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\WebCtrl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\nsisSlideshow.dll
C:\Program Files\CCleaner Plus\branding.dll
C:\Program Files\CCleaner Plus\CCleaner.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\NSISdl.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\001.jpg---> Offset = 25974
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\modern-wizard.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\index.bmp---> Offset = 40983
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\hi.html---> Offset = 16
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]---> Offset = 0
C:\Program Files\CCleaner Plus\CCleaner.dat---> Offset = 0
C:\Program Files\CCleaner Plus\portable.dat---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\001.jpg
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\index.bmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\nsq4.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\nsq4.tmp\hi.html
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = hi.flighty.cn, PORT = 80
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x00000398, TotalSize = 99, Offset = 0, ReadSize = 99.
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1031
219.133.40.1:80
Behavior description:打开HTTP请求
details:HttpOpenRequestA: hi.flighty.cn:80/hi.php?ccleaner-5.10.5373-20150927, hConnect = 0x00000424
HttpOpenRequestA: hi.flighty.cn:80/hi.php?ccleaner-5.10.5373-20150927, hConnect = 0x000005e8
Behavior description:按名称获取主机地址
details:up.flighty.cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner Plus\Version
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
MSCTF.Shared.MUTEX.EMF
Local\c:!documents and settings!administrator!ietldcache!
RasPbFile
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [少轻狂与蓝星天宇合作出品,Static]
[Window,Class] = [,Static]
[Window,Class] = [显示细节(&D),Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 499535, SleepMilliseconds = 20.
TickCount = 499551, SleepMilliseconds = 20.
TickCount = 499566, SleepMilliseconds = 20.
TickCount = 499582, SleepMilliseconds = 20.
TickCount = 499598, SleepMilliseconds = 20.
TickCount = 499613, SleepMilliseconds = 20.
TickCount = 499660, SleepMilliseconds = 20.
TickCount = 499676, SleepMilliseconds = 20.
TickCount = 499691, SleepMilliseconds = 20.
TickCount = 499707, SleepMilliseconds = 20.
TickCount = 499723, SleepMilliseconds = 20.
TickCount = 499738, SleepMilliseconds = 20.
TickCount = 499754, SleepMilliseconds = 20.
TickCount = 499770, SleepMilliseconds = 20.
TickCount = 499785, SleepMilliseconds = 20.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 20.
CursorPos = (6399,26500), SleepMilliseconds = 20.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = CCleaner 5.10.5373 Plus 安装 , ClassName = #32770.
Behavior description:窗口信息
details:Pid = 392, Hwnd=0x202cc, Text = 下一步(&N) >, ClassName = Button.
Pid = 392, Hwnd=0x202b4, Text = 取消(&C), ClassName = Button.
Pid = 392, Hwnd=0x202d6, Text = 少轻狂与蓝星天宇合作出品 , ClassName = Static.
Pid = 392, Hwnd=0x202d8, Text = 少轻狂与蓝星天宇合作出品, ClassName = Static.
Pid = 392, Hwnd=0x202a4, Text = CCleaner 5.10.5373 Plus 安装, ClassName = #32770.
Pid = 392, Hwnd=0x202cc, Text = 安装(&I), ClassName = Button.
Pid = 392, Hwnd=0x160142, Text = 现在即将安装 CCleaner 5.10.5373 到下列文件夹。要安装到其他文件夹,请单击[浏览]按钮进行选择。, ClassName = Static.
Pid = 392, Hwnd=0x3015a, Text = 安装目录, ClassName = Button(GroupBox).
Pid = 392, Hwnd=0x402da, Text = C:\Program Files\CCleaner Plus, ClassName = Edit.
Pid = 392, Hwnd=0x402b8, Text = 浏览..., ClassName = Button.
Pid = 392, Hwnd=0x702b0, Text = 所需空间: 15.9 MB, ClassName = Static.
Pid = 392, Hwnd=0x202aa, Text = 可用空间: 5.81 GB, ClassName = Static.
Pid = 392, Hwnd=0x202ac, Text = 选择版本, ClassName = Button(GroupBox).
Pid = 392, Hwnd=0x402be, Text = 专业版-PE, ClassName = Button(RadioButton).
Pid = 392, Hwnd=0x702c0, Text = 商业版-BE, ClassName = Button(RadioButton).
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\001.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq4.tmp\index.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号