VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:46827f09a8f6f1c98cba7b1e25a94312
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0x96134ddc, EDX = 0x000000b4
EAX = 0x96134e28, EDX = 0x000000b4
EAX = 0x96134e74, EDX = 0x000000b4
EAX = 0x96134ec0, EDX = 0x000000b4
EAX = 0x96134f0c, EDX = 0x000000b4
EAX = 0x96134f58, EDX = 0x000000b4
EAX = 0x96134fa4, EDX = 0x000000b4
EAX = 0x96134ff0, EDX = 0x000000b4
EAX = 0x9613503c, EDX = 0x000000b4
EAX = 0x96135088, EDX = 0x000000b4
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010366, DC = 0x0c010658.
Foreground window Info: HWND = 0x0001034a, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010344, DC = 0x01010055.
Foreground window Info: HWND = 0x00010366, DC = 0x01010055.
Foreground window Info: HWND = 0x0001034a, DC = 0x0c010658.
Foreground window Info: HWND = 0x0001034a, DC = 0x01010055.
Foreground window Info: HWND = 0x00010344, DC = 0x0c010658.

Process behavior

Behavior description: 枚举进程
details: N/A

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EFK
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EFK.IC
EventName = MSCTF.SendReceiveConection.Event.EFK.IC
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 窗口信息
details: Pid = 2640, Hwnd=0x10366, Text = 更多修改器和秘籍 丿回忆灬无法挽留, ClassName = Afx:400000:b:103d1:1900015:0.
Pid = 2640, Hwnd=0x10364, Text = 重要说明, ClassName = Button.
Pid = 2640, Hwnd=0x10358, Text = 炸药无冷却, ClassName = Button(CheckBox).
Pid = 2640, Hwnd=0x10356, Text = 木桩无冷却, ClassName = Button(CheckBox).
Pid = 2640, Hwnd=0x10354, Text = 瘟疫无冷却, ClassName = Button(CheckBox).
Pid = 2640, Hwnd=0x10352, Text = 落石无冷却, ClassName = Button(CheckBox).
Pid = 2640, Hwnd=0x10350, Text = 红心不减, ClassName = Button(CheckBox).
Pid = 2640, Hwnd=0x1034e, Text = 确定, ClassName = Button.
Pid = 2640, Hwnd=0x1034c, Text = 99999999, ClassName = Edit.
Pid = 2640, Hwnd=0x1034a, Text = 灵药:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2640, Hwnd=0x10348, Text = 确定, ClassName = Button.
Pid = 2640, Hwnd=0x10346, Text = 99999999, ClassName = Edit.
Pid = 2640, Hwnd=0x10344, Text = 金钱:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2640, Hwnd=0x10342, Text = 中世纪塔防修改器V1.0, ClassName = WTWindow.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00010366, DC = 0x0c010658.
Foreground window Info: HWND = 0x0001034a, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010344, DC = 0x01010055.
Foreground window Info: HWND = 0x00010366, DC = 0x01010055.
Foreground window Info: HWND = 0x0001034a, DC = 0x0c010658.
Foreground window Info: HWND = 0x0001034a, DC = 0x01010055.
Foreground window Info: HWND = 0x00010344, DC = 0x0c010658.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Afx:400000:8:10011:1900015:0]
Behavior description: 直接获取CPU时钟
details: EAX = 0x96134ddc, EDX = 0x000000b4
EAX = 0x96134e28, EDX = 0x000000b4
EAX = 0x96134e74, EDX = 0x000000b4
EAX = 0x96134ec0, EDX = 0x000000b4
EAX = 0x96134f0c, EDX = 0x000000b4
EAX = 0x96134f58, EDX = 0x000000b4
EAX = 0x96134fa4, EDX = 0x000000b4
EAX = 0x96134ff0, EDX = 0x000000b4
EAX = 0x9613503c, EDX = 0x000000b4
EAX = 0x96135088, EDX = 0x000000b4