VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:5043b929f929ed49aaf61a79b304ddd4
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:不是有效的PE文件
Subfile information:CCleaner64.exedumpFile / big file / EXE
CCleaner64.exe / big file / EXE
CCleaner.exedumpFile / big file / EXE
CCleaner.exe / big file / EXE
branding.dlldumpFile / 207a42522f394cd5cd38d650d020ba07 / DLL
0296dumpFile / 207a42522f394cd5cd38d650d020ba07 / DLL
branding.dll / 207a42522f394cd5cd38d650d020ba07 / DLL
0296dumpFile / 207a42522f394cd5cd38d650d020ba07 / DLL
CCleaner.inidumpFile / ceb14536d77787a28f00b605442fae8c / Unknown
CCleaner.ini / ceb14536d77787a28f00b605442fae8c / Unknown
CCleaner.datdumpFile / 57b7eb925f68e207c5683707440e39e1 / Unknown
CCleaner.dat / 57b7eb925f68e207c5683707440e39e1 / Unknown
autotrial.datdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
CCleanerdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
autotrial.dat / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\Software\VMware, Inc.\VMware Player
\REGISTRY\MACHINE\Software\VMware, Inc.\Installer\VMware Workstation
Behavior description:获取TickCount值
details:TickCount = 1082675, SleepMilliseconds = 50.
TickCount = 1082706, SleepMilliseconds = 50.
TickCount = 1082753, SleepMilliseconds = 50.
TickCount = 1082784, SleepMilliseconds = 50.
TickCount = 1082800, SleepMilliseconds = 50.
TickCount = 1082909, SleepMilliseconds = 50.
TickCount = 1083331, SleepMilliseconds = 50.
TickCount = 1083846, SleepMilliseconds = 50.
TickCount = 1083862, SleepMilliseconds = 50.
TickCount = 1084440, SleepMilliseconds = 50.
TickCount = 1084456, SleepMilliseconds = 50.
TickCount = 1084893, SleepMilliseconds = 50.
TickCount = 1084909, SleepMilliseconds = 50.
TickCount = 1084956, SleepMilliseconds = 50.
TickCount = 1084971, SleepMilliseconds = 50.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 2932, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 2936, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 2940, StartAddress = 0050BB05, Parameter = 012C4328
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 2944, StartAddress = 765E964D, Parameter = 001AABA8
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 2948, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 2952, StartAddress = 759D8761, Parameter = 00000000
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 3048, StartAddress = 004B966F, Parameter = 012CC668
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 3052, StartAddress = 004B966F, Parameter = 012CC668
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 3056, StartAddress = 004B966F, Parameter = 012CC668
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 3060, StartAddress = 004B966F, Parameter = 012CC668
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 3064, StartAddress = 004B966F, Parameter = 012CC668
TargetProcess: CCleaner.exe, InheritedFromPID = 1944, ProcessID = 2916, ThreadID = 3084, StartAddress = 004B966F, Parameter = 012CC668
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\Windows.old*
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Opera\*
FileName = C:\Program Files\Opera\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Flock\User Data\*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\CCleaner\DEBUG\Trace Level
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT\EventMessageFile
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ESENT\CategoryMessageFile
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\CCleaner\DEBUG\Trace Level
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\Software\VMware, Inc.\VMware Player
\REGISTRY\MACHINE\Software\VMware, Inc.\Installer\VMware Workstation
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Piriform_CCleaner_PreventSecondInstance
Piriform_CCleaner_SystemTrayIconActive
Piriform_CCleaner_PreventSecondRegistration
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IGL
Piriform_CCleaner_Monitoring
Behavior description:隐藏指定窗口
details:[Window,Class] = [&Upgrade,Button]
[Window,Class] = [,Edit]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [Piriform CCleaner - Professional Edition,PiriformCCleaner]
[Window,Class] = [,#32770]
Behavior description:使用SCSI指令读写硬盘
details:N/A
Behavior description:获取TickCount值
details:TickCount = 1082675, SleepMilliseconds = 50.
TickCount = 1082706, SleepMilliseconds = 50.
TickCount = 1082753, SleepMilliseconds = 50.
TickCount = 1082784, SleepMilliseconds = 50.
TickCount = 1082800, SleepMilliseconds = 50.
TickCount = 1082909, SleepMilliseconds = 50.
TickCount = 1083331, SleepMilliseconds = 50.
TickCount = 1083846, SleepMilliseconds = 50.
TickCount = 1083862, SleepMilliseconds = 50.
TickCount = 1084440, SleepMilliseconds = 50.
TickCount = 1084456, SleepMilliseconds = 50.
TickCount = 1084893, SleepMilliseconds = 50.
TickCount = 1084909, SleepMilliseconds = 50.
TickCount = 1084956, SleepMilliseconds = 50.
TickCount = 1084971, SleepMilliseconds = 50.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2916, Hwnd=0x60360, Text = 分析(&A), ClassName = Button.
Pid = 2916, Hwnd=0x7033c, Text = 开始清理(&R), ClassName = Button.
Pid = 2916, Hwnd=0x80326, Text = 清理(&C), ClassName = Button.
Pid = 2916, Hwnd=0x70338, Text = 注册表(&G), ClassName = Button.
Pid = 2916, Hwnd=0xa0300, Text = 工具(&T), ClassName = Button.
Pid = 2916, Hwnd=0x29031a, Text = 选项(&O), ClassName = Button.
Pid = 2916, Hwnd=0xa030a, Text = &Upgrade, ClassName = Button.
Pid = 2916, Hwnd=0xf031e, Text = Piriform CCleaner - Professional Edition, ClassName = PiriformCCleaner.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.IGL.IC
EventName = MSCTF.SendReceiveConection.Event.IGL.IC
EventName = CCLEANER_UI_LOCKING_EVENT
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号