VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:558e4f5fc69cfbcc29cf6404f413b318
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ v7.1 DLL
Subfile information:MyLib.dll / 60ad16cd07f347b71758450bb76f550a / DLL
tjwg.exe / 08e92a02e8bce03ad264a187ec40f2d8 / EXE
ShellHook.dll / b4c8bc1fbb828eec0dfefdb0a3e1495e / DLL
setting.ini / ff19a9437f08056bdd75eb37898df6d0 / Unknown
仙山之巅挖矿.txt / 600ad5471ab6d4a09e1acdd84b08c2ca / Unknown
安阳挂机(唐版新).txt / 67c9253ea480daa8c82526f873399d37 / Unknown
衡山村挂机.txt / 85208f642224102c6044a25188209dbf / Unknown
安阳挂机.txt / 2a411e058c94227e3e9c36bf141b485c / Unknown
乾坤挂机2.txt / d348565d8751ed7c1ad45b196164ad5e / Unknown
邯郸郊外挂-1.txt / a522eb980eba435026504271c834d007 / Unknown
邯郸郊外挂机.txt / 6326741f00e1e1497488aba2a9b34b05 / Unknown
强盗.txt / d7c081826736699f14df0e7157357f3a / Unknown
乾坤挂机.txt / 079b2130d801fdfa282b0721ce945827 / Unknown
步行去三层.txt / e191d7a8c22a191e197121ab2dac7330 / Unknown
青阳古村挂机.txt / 2feb4bd7112d8ea1dbda9ae00b35d009 / Unknown
地一买药.txt / 73b2ea3f114c772f62a6cef1a83c1b0d / Unknown
三层打灵.txt / 365aff747c75b04049e98ef34b8605cb / Unknown
大牢死亡.txt / b93a14f28b0f21dcfb81ff5f0a53e635 / Unknown
大牢.txt / cc3e10d92588c5cb4020d87a606d8108 / Unknown
Key behavior
Behavior description:设置消息钩子
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\ShellHook.dll
File behavior
Behavior description:修改文件内容
details:C:\WINDOWS\win.ini ---> Offset = 477
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MAL
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.MAL.IC
EventName = MSCTF.SendReceiveConection.Event.MAL.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2824, Hwnd=0x10344, Text = 功能:不打跑的拐!山顶摸狂 交流地址:http://www.czvv.net.cn, ClassName = Static.
Pid = 2824, Hwnd=0x10340, Text = 菜哥制作, ClassName = #32770.
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号