VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 3ccb3e4dce4155aa3805ee5504e2f433
file type: Rar
Production company:
version:
Shell or compiler information: PACKER:UPolyX v0.5
{$lang.habo.subfile_info}>: 酷我音乐VIP批量兑换CDK.exedumpFile / d3bb5a7c2270203d4005f3fc50180bd0 / EXE
酷我音乐VIP批量兑换CDK.exedumpFile / d3bb5a7c2270203d4005f3fc50180bd0 / EXE

Key behavior

Behavior description: 直接调用系统关键API
details: Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x006030BD
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x005A9B2D
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005D2AD2
Behavior description: 直接获取CPU时钟
details: EAX = 0xb435750f, EDX = 0x000000b4
EAX = 0xb435755b, EDX = 0x000000b4
EAX = 0xb43575a7, EDX = 0x000000b4
EAX = 0xb43575f3, EDX = 0x000000b4
EAX = 0xb435763f, EDX = 0x000000b4
EAX = 0xb435768b, EDX = 0x000000b4
EAX = 0xb43576d7, EDX = 0x000000b4
EAX = 0xb4357723, EDX = 0x000000b4
EAX = 0xb435776f, EDX = 0x000000b4
EAX = 0xb43577bb, EDX = 0x000000b4
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010344, DC = 0x0f010663.
Foreground window Info: HWND = 0x00010344, DC = 0x07010646.
Behavior description: 获取TickCount值
details: TickCount = 248046, SleepMilliseconds = 250.

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)

Other behavior

Behavior description: 直接调用系统关键API
details: Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x006030BD
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x005A9B2D
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005D2AD2
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IJK
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IJK.IC
EventName = MSCTF.SendReceiveConection.Event.IJK.IC
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 获取TickCount值
details: TickCount = 248046, SleepMilliseconds = 250.
Behavior description: 窗口信息
details: Pid = 2708, Hwnd=0x1035c, Text = 操作说明:, ClassName = Button(GroupBox).
Pid = 2708, Hwnd=0x10362, Text = 操作区, ClassName = Button(GroupBox).
Pid = 2708, Hwnd=0x10378, Text = 加入免费活动线报群, ClassName = Button.
Pid = 2708, Hwnd=0x10376, Text = 进入小刀娱乐网, ClassName = Button.
Pid = 2708, Hwnd=0x10374, Text = 联系炫勇, ClassName = _EL_HyperLinker.
Pid = 2708, Hwnd=0x10372, Text = 结束操作, ClassName = Button.
Pid = 2708, Hwnd=0x10370, Text = 开始操作, ClassName = Button.
Pid = 2708, Hwnd=0x1036c, Text = 1, ClassName = Edit.
Pid = 2708, Hwnd=0x1036a, Text = 延迟秒数:, ClassName = _EL_Label.
Pid = 2708, Hwnd=0x10366, Text = 5, ClassName = Edit.
Pid = 2708, Hwnd=0x10364, Text = 线程数:, ClassName = _EL_Label.
Pid = 2708, Hwnd=0x1035e, Text = 软件使用方法:桌面新建一个文本,里面放入账号,密码,CDK,一行一个,格式:手机号码----密码----CDK 保存文本,右键导入或者把文本拖入软件即可! 千山万水总是情,加上炫勇QQ行不行,炫勇QQ5619922 线报软件活动群435245614 ======================================================================== , ClassName = Edit.
Pid = 2708, Hwnd=0x20342, Text = 酷我音乐VIP批量兑换CDK 炫勇QQ5619922, ClassName = WTWindow.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010344, DC = 0x0f010663.
Foreground window Info: HWND = 0x00010344, DC = 0x07010646.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 250.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Shell Embedding]
Behavior description: 直接获取CPU时钟
details: EAX = 0xb435750f, EDX = 0x000000b4
EAX = 0xb435755b, EDX = 0x000000b4
EAX = 0xb43575a7, EDX = 0x000000b4
EAX = 0xb43575f3, EDX = 0x000000b4
EAX = 0xb435763f, EDX = 0x000000b4
EAX = 0xb435768b, EDX = 0x000000b4
EAX = 0xb43576d7, EDX = 0x000000b4
EAX = 0xb4357723, EDX = 0x000000b4
EAX = 0xb435776f, EDX = 0x000000b4
EAX = 0xb43577bb, EDX = 0x000000b4

Run screenshot

VirSCAN