VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:42c6cc8cddfb922dc9d9fdb3c83738b7
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:RAR SFX [RAR SFX]
Subfile information:msvbvm60.dlldumpFile / 62c6c1ed346b2478f6833f0358f51026 / DLL
MSVBVM50.dlldumpFile / 6af16d3d7488152c543cecd7bfc7f46e / DLL
mscomctl.ocxdumpFile / 714cf24fc19a20ae0dc701b48ded2cf6 / DLL
pecompact2x_547a2aa0dumpFile / fea58a9c9c625431345afe321bdd8cab / EXE
lmcleanx.dlldumpFile / 55f817fe4dc07416e9d24d659ec56eb8 / Unknown
aspack212r_9cfedf96dumpFile / 7e6475ea18083bbd94eb5d31d967b771 / EXE
pencrypt31_ba9d0999dumpFile / b5bdbaf6dae242b41c9799f37c77fa4c / DLL
pencrypt31_42653658dumpFile / b5bdbaf6dae242b41c9799f37c77fa4c / DLL
pecompact2x_7f3938e4dumpFile / 97ecbf05df155ce895eebf1aa8715c58 / DLL
aspack212r_52cfd1d0dumpFile / 144ddcd961398c9a0a4d94f3b7f0d57c / EXE
aspack212r_d3d584dadumpFile / 144ddcd961398c9a0a4d94f3b7f0d57c / EXE
0118dumpFile / 989341bdad0a2b5b864e0fcef66af05f / DLL
lmcleany.dlldumpFile / a3e30b1e6210fbe231b29ea02a12544b / EXE
aspack212r_dd7c3c14dumpFile / 2e7fe56a9226cc704e84852f73761887 / EXE
aspack212r_637c3585dumpFile / 2e7fe56a9226cc704e84852f73761887 / EXE
appface.dlldumpFile / 85fd621e45ae0f53f599acbc2c98e899 / DLL
appface.dll / 85fd621e45ae0f53f599acbc2c98e899 / DLL
hyie32.dlldumpFile / 9df41e287fc89500280e45d6cfffafe7 / EXE
hyie32.dll / 9df41e287fc89500280e45d6cfffafe7 / EXE
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\IE修复免疫专家.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RICHEDIT]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Edit]
[Window,Class] = [,Internet Explorer_Server]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\mscomctl.ocx"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\tabctl32.ocx"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\mswinsck.ocx"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\comctl32.ocx"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\hytype.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\wbfc.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\hyMenu.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\SkinVB.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\MSADODC.OCX"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\hyie\MSDATGRD.OCX"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32.exe /s "C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll"
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\hyie\ocxreg.exe, CmdLine = "C:\Program Files\hyie\ocxreg.exe"
ImagePath = C:\Program Files\hyie\hyie.exe, CmdLine = "C:\Program Files\hyie\hyie.exe"
File behavior
Behavior description:写权限映射文件
details:\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
AtlDebugAllocator_FileMappingNameStatic3_280
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\IE修复免疫专家.lnk
Behavior description:创建可执行文件
details:C:\Program Files\hyie\freesys.exe
C:\Program Files\hyie\hygd1.exe
C:\Program Files\hyie\mscomctl.ocx
C:\Program Files\hyie\hyuser.exe
C:\Program Files\hyie\hyie32.exe
C:\Program Files\hyie\VB5CHS.DLL
C:\Program Files\hyie\MSVBVM50.dll
C:\Program Files\hyie\hyie32.dll
C:\Program Files\hyie\lmclean.dll
C:\Program Files\hyie\lmcleany.dll
C:\Program Files\hyie\appface.dll
C:\Program Files\hyie\msvbvm60.dll
C:\Program Files\hyie\VB6CHS.DLL
C:\Program Files\hyie\hyie.exe
C:\Program Files\hyie\ocxreg.exe
Behavior description:修改文件内容
details:C:\Program Files\hyie\hyie1.dat---> Offset = 0
C:\Program Files\hyie\free1.snd---> Offset = 0
C:\Program Files\hyie\hyliu.dat---> Offset = 0
C:\Program Files\hyie\lmcleanx.dll---> Offset = 196608
C:\Program Files\hyie\soundhy.wav---> Offset = 3072
C:\Program Files\hyie\apple.dat---> Offset = 0
C:\Documents and Settings\Administrator\桌面\IE修复免疫专家.lnk---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG\Trace Level
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\hyie\ocxreg.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\hyie\hyie.exe
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\TypeLib\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG\Trace Level
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
Other behavior
Behavior description:创建互斥体
details:Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
SHIMLIB_LOG_MUTEX
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RICHEDIT]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Edit]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:窗口信息
details:Pid = 640, Hwnd=0xd0190, Text = 接受, ClassName = Button.
Pid = 640, Hwnd=0xc01b6, Text = 拒绝, ClassName = Button.
Pid = 640, Hwnd=0xb0164, Text = IE修复免疫专家(2008)安装 , ClassName = #32770.
Pid = 640, Hwnd=0xb016a, Text = 目标文件夹(&D), ClassName = Static.
Pid = 640, Hwnd=0xb01de, Text = C:\Program Files\hyie, ClassName = ComboBox.
Pid = 640, Hwnd=0xd01c8, Text = C:\Program Files\hyie, ClassName = Edit.
Pid = 640, Hwnd=0xc01c2, Text = 浏览(&W)..., ClassName = Button.
Pid = 640, Hwnd=0xb0184, Text = 安装进度, ClassName = Static.
Pid = 640, Hwnd=0xa018c, Text = 安装, ClassName = Button.
Pid = 640, Hwnd=0xe016e, Text = 取消, ClassName = Button.
Pid = 640, Hwnd=0xa0198, Text = ., ClassName = Static.
Pid = 640, Hwnd=0xa0186, Text = IE修复免疫专家(2008)安装 , ClassName = #32770.
Pid = 1884, Hwnd=0xd01b2, Text = 修复IE不能打开新窗口, ClassName = ThunderRT6OptionButton.
Pid = 1884, Hwnd=0xf01ac, Text = 修复IE无法上网, ClassName = ThunderRT6OptionButton.
Pid = 1884, Hwnd=0xd01ee, Text = IE垃圾清理, ClassName = ThunderRT6OptionButton.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Abnormal crash
Behavior description:创建互斥体
details:Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
SHIMLIB_LOG_MUTEX
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RICHEDIT]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Edit]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:窗口信息
details:Pid = 640, Hwnd=0xd0190, Text = 接受, ClassName = Button.
Pid = 640, Hwnd=0xc01b6, Text = 拒绝, ClassName = Button.
Pid = 640, Hwnd=0xb0164, Text = IE修复免疫专家(2008)安装 , ClassName = #32770.
Pid = 640, Hwnd=0xb016a, Text = 目标文件夹(&D), ClassName = Static.
Pid = 640, Hwnd=0xb01de, Text = C:\Program Files\hyie, ClassName = ComboBox.
Pid = 640, Hwnd=0xd01c8, Text = C:\Program Files\hyie, ClassName = Edit.
Pid = 640, Hwnd=0xc01c2, Text = 浏览(&W)..., ClassName = Button.
Pid = 640, Hwnd=0xb0184, Text = 安装进度, ClassName = Static.
Pid = 640, Hwnd=0xa018c, Text = 安装, ClassName = Button.
Pid = 640, Hwnd=0xe016e, Text = 取消, ClassName = Button.
Pid = 640, Hwnd=0xa0198, Text = ., ClassName = Static.
Pid = 640, Hwnd=0xa0186, Text = IE修复免疫专家(2008)安装 , ClassName = #32770.
Pid = 1884, Hwnd=0xd01b2, Text = 修复IE不能打开新窗口, ClassName = ThunderRT6OptionButton.
Pid = 1884, Hwnd=0xf01ac, Text = 修复IE无法上网, ClassName = ThunderRT6OptionButton.
Pid = 1884, Hwnd=0xd01ee, Text = IE垃圾清理, ClassName = ThunderRT6OptionButton.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号