VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:54daad58cce5003bee58b28a4f465f49
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000302ca, Text = Setup - Process Hacker, ClassName = TWizardForm.
hWnd = 0x000302dc, Text = Setup - Process Hacker, ClassName = TApplication.

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CTSFM.tmp\_isetup\_shfoldr.dll
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CTSFM.tmp\_isetup\_shfoldr.dll
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CTSFM.tmp\_isetup\_shfoldr.dll ---> Offset = 0
Behavior description: 查找文件
details: FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QU732.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QU732.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
process_hacker2_setup_mutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EHF
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 枚举窗口
details: N/A
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000302ca, Text = Setup - Process Hacker, ClassName = TWizardForm.
hWnd = 0x000302dc, Text = Setup - Process Hacker, ClassName = TApplication.
Behavior description: 窗口信息
details: Pid = 784, Hwnd=0x102f6, Text = Process Hacker v2.39 (r124), Setup v14 built on Mar, 29 2016 , ClassName = TNewStaticText.
Pid = 784, Hwnd=0x102f4, Text = License Agreement, ClassName = TNewStaticText.
Pid = 784, Hwnd=0x102f2, Text = Please read the following important information before continuing., ClassName = TNewStaticText.
Pid = 784, Hwnd=0x102ee, Text = Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation., ClassName = TNewStaticText.
Pid = 784, Hwnd=0x202d2, Text = Process Hacker is distributed under the GNU GPL version 3, with the following exception: Permission is granted to dynamic, ClassName = TRichEditViewer.
Pid = 784, Hwnd=0x102ec, Text = I &accept the agreement, ClassName = TNewRadioButton.
Pid = 784, Hwnd=0x102ea, Text = I &do not accept the agreement, ClassName = TNewRadioButton.
Pid = 784, Hwnd=0x102e0, Text = Full installation, ClassName = TNewComboBox.
Pid = 784, Hwnd=0x302ae, Text = C:\Program Files\Process Hacker 2, ClassName = TEdit.
Pid = 784, Hwnd=0x102e8, Text = &Next >, ClassName = TNewButton.
Pid = 784, Hwnd=0x102e6, Text = Cancel, ClassName = TNewButton.
Pid = 784, Hwnd=0x302ca, Text = Setup - Process Hacker, ClassName = TWizardForm.
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CTSFM.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
Behavior description: 创建事件对象
details: EventName = MSCTF.SendReceive.Event.EHF.IC
EventName = MSCTF.SendReceiveConection.Event.EHF.IC
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Local Settings\Temp\is-QU732.tmp\996E.tmp ---> 1c96ed29e0136825e06f037bf10b2419
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CTSFM.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63