VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:5206f107f31fcfeaa4e2ab94ca7faa97
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 直接调用系统关键API
details: Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x004C62B5
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x00424E50
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00490170
Behavior description: 直接获取CPU时钟
details: EAX = 0xea9b0716, EDX = 0x000000b3
EAX = 0xea9b0762, EDX = 0x000000b3
EAX = 0xea9b07ae, EDX = 0x000000b3
EAX = 0xea9b07fa, EDX = 0x000000b3
EAX = 0xea9b0846, EDX = 0x000000b3
EAX = 0xea9b0892, EDX = 0x000000b3
EAX = 0xea9b08de, EDX = 0x000000b3
EAX = 0xea9b092a, EDX = 0x000000b3
EAX = 0xea9b0976, EDX = 0x000000b3
EAX = 0xea9b09c2, EDX = 0x000000b3

Process behavior

Behavior description: 创建本地线程
details: TargetProcess: 1t.exe, InheritedFromPID = 2000, ProcessID = 2632, ThreadID = 2796, StartAddress = 0042590D, Parameter = 00195668

Other behavior

Behavior description: 直接调用系统关键API
details: Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x004C62B5
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x00424E50
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00490170
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MEK
Behavior description: 创建事件对象
details: EventName = MSCTF.SendReceive.Event.MEK.IC
EventName = MSCTF.SendReceiveConection.Event.MEK.IC
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 窗口信息
details: Pid = 2632, Hwnd=0x10348, Text = A模式, ClassName = Button(RadioButton).
Pid = 2632, Hwnd=0x1034a, Text = B模式, ClassName = Button(RadioButton).
Pid = 2632, Hwnd=0x1034c, Text = 加密, ClassName = Button.
Pid = 2632, Hwnd=0x1034e, Text = 解密, ClassName = Button.
Pid = 2632, Hwnd=0x10350, Text = 清空明文, ClassName = Button.
Pid = 2632, Hwnd=0x10352, Text = 清空密文, ClassName = Button.
Pid = 2632, Hwnd=0x10356, Text = 在此输入需要加密的明文:, ClassName = Static.
Pid = 2632, Hwnd=0x10358, Text = 在此输入需要解密的密文:, ClassName = Static.
Pid = 2632, Hwnd=0x1035c, Text = 密钥:, ClassName = Static.
Pid = 2632, Hwnd=0x1035e, Text = 工作模式:, ClassName = Static.
Pid = 2632, Hwnd=0x10360, Text = C模式, ClassName = Button(RadioButton).
Pid = 2632, Hwnd=0x10344, Text = 123456, ClassName = Edit.
Pid = 2632, Hwnd=0x10354, Text = 123456, ClassName = Edit.
Behavior description: 直接获取CPU时钟
details: EAX = 0xea9b0716, EDX = 0x000000b3
EAX = 0xea9b0762, EDX = 0x000000b3
EAX = 0xea9b07ae, EDX = 0x000000b3
EAX = 0xea9b07fa, EDX = 0x000000b3
EAX = 0xea9b0846, EDX = 0x000000b3
EAX = 0xea9b0892, EDX = 0x000000b3
EAX = 0xea9b08de, EDX = 0x000000b3
EAX = 0xea9b092a, EDX = 0x000000b3
EAX = 0xea9b0976, EDX = 0x000000b3
EAX = 0xea9b09c2, EDX = 0x000000b3