VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:449d60353dc32b2fded794dfc8379166
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..KELGH
MSCTF.MarshalInterface.FileMap.AEF.B.KELGH
MSCTF.MarshalInterface.FileMap.AEF.C.KELGH
MSCTF.MarshalInterface.FileMap.AEF.D.KELGH
MSCTF.MarshalInterface.FileMap.AEF.E.KELGH
MSCTF.MarshalInterface.FileMap.AEF.F.KELGH
MSCTF.MarshalInterface.FileMap.AEF.G.KELGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.I.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.J.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.K.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.L.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.M.FFDLH
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\MASMPlus.lnk
Behavior description: 隐藏指定窗口
details: [Window,Class] = [MASMPlus 1.2 - 安装协议,#32770]
[Window,Class] = [MASMPlus 1.2 - 设置目录,#32770]
[Window,Class] = [MASMPlus 1.2 - 创建快捷方式,#32770]
[Window,Class] = [正在检测 CRC32 ...,Static]
[Window,Class] = [MASMPlus 1.2 - 正在安装 ...,#32770]

Process behavior

Behavior description: 创建新文件进程
details: ImagePath = D:\MASMPlus\MASMPlus.exe, CmdLine = "D:\MASMPlus\MASMPlus.exe"
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
details: C:\Documents and Settings\Administrator\「开始」菜单\MASMPlus.lnk
Behavior description: 创建可执行文件
details: C:\DiskD\MASMPlus\Include\winspool.drv
C:\DiskD\MASMPlus\Bin\CVTRES.EXE
C:\DiskD\MASMPlus\Bin\LINK.EXE
C:\DiskD\MASMPlus\Bin\ML.EXE
C:\DiskD\MASMPlus\Bin\MSPDB50.DLL
C:\DiskD\MASMPlus\Bin\MSPDB60.DLL
C:\DiskD\MASMPlus\Bin\RC.EXE
C:\DiskD\MASMPlus\Bin\RCDLL.DLL
C:\DiskD\MASMPlus\MASMPlus.exe
C:\DiskD\MASMPlus\Exlib\WinIo.dll
C:\DiskD\MASMPlus\Exlib\WinIo.sys
Behavior description: 查找文件
details: FileName = D:\MASMPlus
FileName = D:\MASMPlus\IDE.ini
FileName = D:\MASMPlus\MASMPlus.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\WINDOWS
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\MASMPlus.lnk
Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..KELGH
MSCTF.MarshalInterface.FileMap.AEF.B.KELGH
MSCTF.MarshalInterface.FileMap.AEF.C.KELGH
MSCTF.MarshalInterface.FileMap.AEF.D.KELGH
MSCTF.MarshalInterface.FileMap.AEF.E.KELGH
MSCTF.MarshalInterface.FileMap.AEF.F.KELGH
MSCTF.MarshalInterface.FileMap.AEF.G.KELGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.I.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.J.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.K.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.L.FFDLH
MSCTF.MarshalInterface.FileMap.AEF.M.FFDLH
Behavior description: 修改文件内容
details: C:\DiskD\MASMPlus\License.txt---> Offset = 0
C:\DiskD\MASMPlus\Include\aclui.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\ACPIVXD.INC---> Offset = 0
C:\DiskD\MASMPlus\Include\activeds.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\adme.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\adptif.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\adsiid.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\advapi32.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\AEP.INC---> Offset = 0
C:\DiskD\MASMPlus\Include\aftpapi.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\authz.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\BASEDEF.INC---> Offset = 0
C:\DiskD\MASMPlus\Include\bdnapi.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\bhmon.inc---> Offset = 0
C:\DiskD\MASMPlus\Include\bignumsdk.inc---> Offset = 0

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\MASMPlus\MASMPlus.exe

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description: 隐藏指定窗口
details: [Window,Class] = [MASMPlus 1.2 - 安装协议,#32770]
[Window,Class] = [MASMPlus 1.2 - 设置目录,#32770]
[Window,Class] = [MASMPlus 1.2 - 创建快捷方式,#32770]
[Window,Class] = [正在检测 CRC32 ...,Static]
[Window,Class] = [MASMPlus 1.2 - 正在安装 ...,#32770]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [MASMPlus,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 获取TickCount值
details: TickCount = 504661, SleepMilliseconds = 5.
TickCount = 511911, SleepMilliseconds = 5.
TickCount = 511926, SleepMilliseconds = 5.
TickCount = 511942, SleepMilliseconds = 5.
TickCount = 511973, SleepMilliseconds = 5.
TickCount = 512098, SleepMilliseconds = 5.
TickCount = 512114, SleepMilliseconds = 5.
TickCount = 512130, SleepMilliseconds = 5.
TickCount = 512239, SleepMilliseconds = 5.
TickCount = 512255, SleepMilliseconds = 5.
TickCount = 512270, SleepMilliseconds = 5.
TickCount = 512286, SleepMilliseconds = 5.
TickCount = 512301, SleepMilliseconds = 5.
TickCount = 512317, SleepMilliseconds = 5.
TickCount = 512333, SleepMilliseconds = 5.
Behavior description: 窗口信息
details: Pid = 1476, Hwnd=0x202a6, Text = 退出(&X), ClassName = Button.
Pid = 1476, Hwnd=0x202a8, Text = 接受(&I), ClassName = Button.
Pid = 1476, Hwnd=0x202cc, Text = MASMPlus 个人免费版 - 最终用户许可协议 ============================================== 请认真阅读使用许可协议的条款和约束.您一旦, ClassName = Edit.
Pid = 1476, Hwnd=0x202b2, Text = 请仔细阅读以下许可协议,按 PAGE DOWN 阅读余下的部分, ClassName = Static.
Pid = 1476, Hwnd=0x202a2, Text = MASMPlus 1.2 - 安装协议, ClassName = #32770.
Pid = 1476, Hwnd=0x302dc, Text = D:\MASMPlus, ClassName = Edit.
Pid = 1476, Hwnd=0x202d6, Text = 按钮1, ClassName = Button.
Pid = 1476, Hwnd=0x202d8, Text = 下一步(&>), ClassName = Button.
Pid = 1476, Hwnd=0x202c2, Text = 退出(&X), ClassName = Button.
Pid = 1476, Hwnd=0x202c8, Text = MASMPlus 已包含 MASM32v8 中所有必须的文件,其中使用的 MASM 及相关文件均为 Windows 98 DDK 中包含的版本.在微软官方可以免费下载. MAS, ClassName = Static.
Pid = 1476, Hwnd=0x202ca, Text = 请指定 MASMPlus 的安装的目标目录, ClassName = Static.
Pid = 1476, Hwnd=0x302da, Text = 选择安装目录,推荐使用默认目录, ClassName = Static.
Pid = 1476, Hwnd=0x202d4, Text = MASMPlus 1.2 - 设置目录, ClassName = #32770.
Pid = 1476, Hwnd=0x160142, Text = 创建快捷方式到桌面, ClassName = Button(CheckBox).
Pid = 1476, Hwnd=0x3015a, Text = 创建快捷方式到发送到, ClassName = Button(CheckBox).
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 2000.
[2]: MilliSeconds = 2000.

Abnormal crash

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description: 隐藏指定窗口
details: [Window,Class] = [MASMPlus 1.2 - 安装协议,#32770]
[Window,Class] = [MASMPlus 1.2 - 设置目录,#32770]
[Window,Class] = [MASMPlus 1.2 - 创建快捷方式,#32770]
[Window,Class] = [正在检测 CRC32 ...,Static]
[Window,Class] = [MASMPlus 1.2 - 正在安装 ...,#32770]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [MASMPlus,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 获取TickCount值
details: TickCount = 504661, SleepMilliseconds = 5.
TickCount = 511911, SleepMilliseconds = 5.
TickCount = 511926, SleepMilliseconds = 5.
TickCount = 511942, SleepMilliseconds = 5.
TickCount = 511973, SleepMilliseconds = 5.
TickCount = 512098, SleepMilliseconds = 5.
TickCount = 512114, SleepMilliseconds = 5.
TickCount = 512130, SleepMilliseconds = 5.
TickCount = 512239, SleepMilliseconds = 5.
TickCount = 512255, SleepMilliseconds = 5.
TickCount = 512270, SleepMilliseconds = 5.
TickCount = 512286, SleepMilliseconds = 5.
TickCount = 512301, SleepMilliseconds = 5.
TickCount = 512317, SleepMilliseconds = 5.
TickCount = 512333, SleepMilliseconds = 5.
Behavior description: 窗口信息
details: Pid = 1476, Hwnd=0x202a6, Text = 退出(&X), ClassName = Button.
Pid = 1476, Hwnd=0x202a8, Text = 接受(&I), ClassName = Button.
Pid = 1476, Hwnd=0x202cc, Text = MASMPlus 个人免费版 - 最终用户许可协议 ============================================== 请认真阅读使用许可协议的条款和约束.您一旦, ClassName = Edit.
Pid = 1476, Hwnd=0x202b2, Text = 请仔细阅读以下许可协议,按 PAGE DOWN 阅读余下的部分, ClassName = Static.
Pid = 1476, Hwnd=0x202a2, Text = MASMPlus 1.2 - 安装协议, ClassName = #32770.
Pid = 1476, Hwnd=0x302dc, Text = D:\MASMPlus, ClassName = Edit.
Pid = 1476, Hwnd=0x202d6, Text = 按钮1, ClassName = Button.
Pid = 1476, Hwnd=0x202d8, Text = 下一步(&>), ClassName = Button.
Pid = 1476, Hwnd=0x202c2, Text = 退出(&X), ClassName = Button.
Pid = 1476, Hwnd=0x202c8, Text = MASMPlus 已包含 MASM32v8 中所有必须的文件,其中使用的 MASM 及相关文件均为 Windows 98 DDK 中包含的版本.在微软官方可以免费下载. MAS, ClassName = Static.
Pid = 1476, Hwnd=0x202ca, Text = 请指定 MASMPlus 的安装的目标目录, ClassName = Static.
Pid = 1476, Hwnd=0x302da, Text = 选择安装目录,推荐使用默认目录, ClassName = Static.
Pid = 1476, Hwnd=0x202d4, Text = MASMPlus 1.2 - 设置目录, ClassName = #32770.
Pid = 1476, Hwnd=0x160142, Text = 创建快捷方式到桌面, ClassName = Button(CheckBox).
Pid = 1476, Hwnd=0x3015a, Text = 创建快捷方式到发送到, ClassName = Button(CheckBox).
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 2000.
[2]: MilliSeconds = 2000.