VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us VirSCAN  URL detection VirSCAN  API VirSCAN  uploader for windows(test)
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:22
Behavior list
Basic Information
MD5:3cb3251ce24695677046aa22a435c32b
file type:DLL
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:跨进程写入数据
details:TargetProcess = svchost.exe, WriteAddress = 0x00400000, Size = 4096
TargetProcess = svchost.exe, WriteAddress = 0x00401000, Size = 0
TargetProcess = svchost.exe, WriteAddress = 0x0051e000, Size = 52736
Behavior description:DLL样本(x86)
details:N/A
Behavior description:设置线程上下文
details:C:\WINDOWS\system32\svchost.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\系统输入法
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = svchost.exe
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\svchost.exe, CmdLine = svchost.exe
Behavior description:设置线程上下文
details:C:\WINDOWS\system32\svchost.exe
Behavior description:枚举进程
details:N/A
Behavior description:跨进程写入数据
details:TargetProcess = svchost.exe, WriteAddress = 0x00400000, Size = 4096
TargetProcess = svchost.exe, WriteAddress = 0x00401000, Size = 0
TargetProcess = svchost.exe, WriteAddress = 0x0051e000, Size = 52736
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\svchost.exe
FileName = C:\Program Files\BLDBaseService\*.*
FileName = C:\Program Files (x86)\HomeSafe\*.*
FileName = C:\Program Files\HomeSafe\*.*
Registry behavior
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\系统输入法
Behavior description:删除注册表键值_本地安全策略
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Lsa\Notification Packages
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [IEFrame,]
NtUserFindWindowEx: [Class,Window] = [WorkerW,]
NtUserFindWindowEx: [Class,Window] = [ReBarWindow32,]
NtUserFindWindowEx: [Class,Window] = [Address Band Root,]
NtUserFindWindowEx: [Class,Window] = [Edit,]
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:DLL样本(x86)
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号