VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 3a96b73c8b05a9361c1dedf7d3315fdd
file type: Rar
Production company:
version:
Shell or compiler information: COMPILER:Elan
{$lang.habo.subfile_info}>: 旋风链接解析.exedumpFile / 32fb8dfe4e5ab22adaa7dc5bf6cced12 / EXE
旋风链接解析.exedumpFile / 32fb8dfe4e5ab22adaa7dc5bf6cced12 / EXE

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0xd2b1a48a, EDX = 0x000000b4
EAX = 0xd2b1a4d6, EDX = 0x000000b4
EAX = 0xd2b1a522, EDX = 0x000000b4
EAX = 0xd2b1a56e, EDX = 0x000000b4
EAX = 0xd2b1a5ba, EDX = 0x000000b4
EAX = 0xd2b1a606, EDX = 0x000000b4
EAX = 0xd2b1a652, EDX = 0x000000b4
EAX = 0xd2b1a69e, EDX = 0x000000b4
EAX = 0xd2b1a6ea, EDX = 0x000000b4
EAX = 0xd2b1a736, EDX = 0x000000b4
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010350, DC = 0x01010055.
Foreground window Info: HWND = 0x00010346, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010350, DC = 0x1701065c.
Foreground window Info: HWND = 0x00010346, DC = 0x0d010657.
Foreground window Info: HWND = 0x00010350, DC = 0x0d010657.
Foreground window Info: HWND = 0x00010346, DC = 0x01010055.
Foreground window Info: HWND = 0x00010346, DC = 0x1701065c.
Behavior description: 获取TickCount值
details: TickCount = 241531, SleepMilliseconds = 250.

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_dcff734b-bc3f-43cb-8911-9b5d467629cf
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_dcff734b-bc3f-43cb-8911-9b5d467629cf ---> Offset = 0
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_*

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MFK
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.MFK.IC
EventName = MSCTF.SendReceiveConection.Event.MFK.IC
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
Behavior description: 获取TickCount值
details: TickCount = 241531, SleepMilliseconds = 250.
Behavior description: 窗口信息
details: Pid = 2648, Hwnd=0x10354, Text = 作者:阿珏 接单QQ 178146582, ClassName = _EL_Label.
Pid = 2648, Hwnd=0x10350, Text = 下载页地址:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2648, Hwnd=0x1034e, Text = 转跳, ClassName = Button.
Pid = 2648, Hwnd=0x1034c, Text = http://fenxiang.qq.com/x/2S6Nu1dzcPhObQ7dQoLZ3-90R4bitH03wmFxon3MZFxJpg::, ClassName = Edit.
Pid = 2648, Hwnd=0x1034a, Text = 一键解析, ClassName = Button.
Pid = 2648, Hwnd=0x10344, Text = QQ旋风大文件解析直接下载, ClassName = WTWindow.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010350, DC = 0x01010055.
Foreground window Info: HWND = 0x00010346, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010350, DC = 0x1701065c.
Foreground window Info: HWND = 0x00010346, DC = 0x0d010657.
Foreground window Info: HWND = 0x00010350, DC = 0x0d010657.
Foreground window Info: HWND = 0x00010346, DC = 0x01010055.
Foreground window Info: HWND = 0x00010346, DC = 0x1701065c.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,_EL_Timer]
[Window,Class] = [,Shell Embedding]
Behavior description: 直接获取CPU时钟
details: EAX = 0xd2b1a48a, EDX = 0x000000b4
EAX = 0xd2b1a4d6, EDX = 0x000000b4
EAX = 0xd2b1a522, EDX = 0x000000b4
EAX = 0xd2b1a56e, EDX = 0x000000b4
EAX = 0xd2b1a5ba, EDX = 0x000000b4
EAX = 0xd2b1a606, EDX = 0x000000b4
EAX = 0xd2b1a652, EDX = 0x000000b4
EAX = 0xd2b1a69e, EDX = 0x000000b4
EAX = 0xd2b1a6ea, EDX = 0x000000b4
EAX = 0xd2b1a736, EDX = 0x000000b4

Run screenshot

VirSCAN