VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:4adf879364e7b2619dcba6352894c7f9
file type:Rar
Production company:深圳市迅雷网络技术有限公司
version:7.2.12.3824---7,2,12,3824
Shell or compiler information:
Subfile information:default.zip / a1b5f2e45a4c90dbfcf4a07ede2d947e / zip
XLUE.dll / 7f3e1e1e0833851e0db848d9ccadb945 / DLL
VipService.dll / 2e4262a788e169cab1e389220b4de853 / DLL
Thunder.exe / e5970a7110d2c47268cd7f05fbcd703d / EXE
layout.xar / 389ba0ac339a3e35402e437b0b40ca6b / Unknown
DownloadKernel.dll / e8055bfcad5d7aa20d94aab7b1d6b1c2 / DLL
emule_kernel.dll / ed3bf00550bc08e828989f96c25f0298 / DLL
bt_kernel.dll / 23009eaaa4c600090b229d36e56e157f / DLL
p2sp.dll / 9bb70c1351a90a7c259321d356610f34 / DLL
asyn_download_interface.dll / 6728cc6fd2c07503509105c3004b6df7 / DLL
p2p.dll / 6590774a76c0f9e5af9e1a554328d69b / DLL
p2p_session_com.dll / 1d5df6fa5ae40ca2d268d91c3efff90f / DLL
XLGraphic.dll / 82634927747c570c2b1e03118989f924 / DLL
XlBrowserAddinKernel.dll / c9f4a7ecf1a38ab56053a93a0b1412e6 / DLL
ptl.dll / 2c15d1f38166e14e142dbce33cab6933 / DLL
XBrowser.exe / d8db043d10edcd62bfaa5b963ee0c22d / EXE
al.dll / 2c7e8eb7bd1269c5262e8471c5519296 / DLL
ts.dll / ab73d72bd0f4c5fbf2601227eafb1bb4 / DLL
msvcp71.dll / a94dc60a90efd7a35c36d971e3ee7470 / DLL
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取TickCount值
details:TickCount = 494237, SleepMilliseconds = 50.
TickCount = 494300, SleepMilliseconds = 50.
TickCount = 494315, SleepMilliseconds = 50.
TickCount = 494331, SleepMilliseconds = 50.
TickCount = 494346, SleepMilliseconds = 50.
TickCount = 494362, SleepMilliseconds = 50.
TickCount = 494378, SleepMilliseconds = 50.
TickCount = 494393, SleepMilliseconds = 50.
TickCount = 494409, SleepMilliseconds = 50.
TickCount = 494425, SleepMilliseconds = 50.
TickCount = 494440, SleepMilliseconds = 50.
TickCount = 494456, SleepMilliseconds = 50.
TickCount = 494471, SleepMilliseconds = 50.
TickCount = 494487, SleepMilliseconds = 50.
TickCount = 494503, SleepMilliseconds = 50.
Process behavior
Behavior description:进程退出
details:N/A
Behavior description:创建本地线程
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.323409.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.323729.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.324044.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.324356.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.324666.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.324977.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.325288.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.325598.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.325914.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.326226.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.326538.exe
Behavior description:创建新文件进程
details:ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.355612.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.355612.exe" -el -s2 "-d" "-p" "-sp"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1458004632.359958.exe
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EML
_SHuassist.mtx
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EML.IC
EventName = MSCTF.SendReceiveConection.Event.EML.IC
EventName = Global\Microsoft Smart Card Resource Manager Started
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 494237, SleepMilliseconds = 50.
TickCount = 494300, SleepMilliseconds = 50.
TickCount = 494315, SleepMilliseconds = 50.
TickCount = 494331, SleepMilliseconds = 50.
TickCount = 494346, SleepMilliseconds = 50.
TickCount = 494362, SleepMilliseconds = 50.
TickCount = 494378, SleepMilliseconds = 50.
TickCount = 494393, SleepMilliseconds = 50.
TickCount = 494409, SleepMilliseconds = 50.
TickCount = 494425, SleepMilliseconds = 50.
TickCount = 494440, SleepMilliseconds = 50.
TickCount = 494456, SleepMilliseconds = 50.
TickCount = 494471, SleepMilliseconds = 50.
TickCount = 494487, SleepMilliseconds = 50.
TickCount = 494503, SleepMilliseconds = 50.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 50.
CursorPos = (6399,26500), SleepMilliseconds = 50.
CursorPos = (19234,15724), SleepMilliseconds = 50.
CursorPos = (11543,29358), SleepMilliseconds = 50.
CursorPos = (27027,24464), SleepMilliseconds = 50.
CursorPos = (5770,28145), SleepMilliseconds = 50.
CursorPos = (23346,16827), SleepMilliseconds = 50.
CursorPos = (10026,491), SleepMilliseconds = 50.
CursorPos = (3060,11942), SleepMilliseconds = 50.
CursorPos = (4892,5436), SleepMilliseconds = 50.
CursorPos = (32456,14604), SleepMilliseconds = 50.
CursorPos = (3967,153), SleepMilliseconds = 50.
CursorPos = (357,12382), SleepMilliseconds = 50.
CursorPos = (17486,18716), SleepMilliseconds = 50.
CursorPos = (19783,19895), SleepMilliseconds = 50.
Behavior description:窗口信息
details:Pid = 2984, Hwnd=0x202a6, Text = 目标文件夹(&D), ClassName = Static.
Pid = 2984, Hwnd=0x202a8, Text = C:\Program Files\Thunder Network\Thunder, ClassName = ComboBox.
Pid = 2984, Hwnd=0x202b4, Text = C:\Program Files\Thunder Network\Thunder, ClassName = Edit.
Pid = 2984, Hwnd=0x202b2, Text = 浏览(&W)..., ClassName = Button.
Pid = 2984, Hwnd=0x302bc, Text = 安装进度, ClassName = Static.
Pid = 2984, Hwnd=0x202d6, Text = 安装, ClassName = Button.
Pid = 2984, Hwnd=0x202d8, Text = 取消, ClassName = Button.
Pid = 2984, Hwnd=0x401f2, Text = 迅雷7去广告绿色精简版by刘金, ClassName = #32770.
Pid = 2984, Hwnd=0x402b6, Text = 您想使用哪个用户帐户运行这个程序?, ClassName = Static.
Pid = 2984, Hwnd=0x602ce, Text = 当前用户(&C) (COMPUTER\Administrator), ClassName = Button(RadioButton).
Pid = 2984, Hwnd=0x102e0, Text = 保护我的计算机和数据不受未授权程序的活动影响(&P) 这个选项可以保护您的计算机或个人数据不受病毒损害,但是选择这项可能会引起程序工作, ClassName = Button(CheckBox).
Pid = 2984, Hwnd=0x102e2, Text = 下列用户(&F):, ClassName = Button(RadioButton).
Pid = 2984, Hwnd=0x102ea, Text = 用户名(&U):, ClassName = Static.
Pid = 2984, Hwnd=0x102ec, Text = Administrator, ClassName = ComboBoxEx32.
Pid = 2984, Hwnd=0x102ee, Text = ??mi, ClassName = ComboBox.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 500.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RICHEDIT]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号