VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:5bcb4c22cbbefca10a5efa2375881f77
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:bootstrap.min.css / 5d5357cb3704e1f43a1f5bfed2aebf42 / Unknown
j.js / 5b93a0f01f13dcb4c9caef839e914614 / Unknown
glyphicons-halflings-regular.svg / 89889688147bd7575d6327160d64e760 / Unknown
glyphicons-halflings-regular.ttf / e18bbf611f2a2e43afc071aa2f4e1512 / Unknown
bootstrap.min.js / 4becdc9104623e891fbb9d38bba01be4 / Unknown
glyphicons-halflings-regular.woff / fa2772327f55d8198301fdb8bcfc8158 / Unknown
glyphicons-halflings-regular.eot / f4769f9bdb7466be65088239c12046d1 / Unknown
glyphicons-halflings-regular.woff2 / 448c34a56d699c29117adc64c43affeb / Unknown
128.png / 4a89c1c8a6a15dd282a087d22992d1c1 / Unknown
bootstrap-switch.min.js / 76db41e9378af542a464cc0e747428bb / Unknown
favicon.ico / cc81065ea6be1af16265c56f473a879d / Unknown
bootstrap-switch.min.css / 45abe3ae6425458dcfea724c1dcb9087 / Unknown
48.png / 7ded4855044f6940929b1f4b5cc8e1f0 / Unknown
verified_contents.json / 4438de301563ff3cc2497749770b8197 / Unknown
16.png / d204ee9f140c1c6492d72c65961e1a5b / Unknown
popup.html / e59c0f2a5926da1e1cc7214c9d089cfe / Unknown
yec.gif / e7e6f3dcfc0833b9622e9596cf394d5b / Unknown
说明.txt / 3c8c21822d405499a7963b0db973a3bc / Unknown
科技线条.png / 1a2ff71596fb80786b36f787e69e1558 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082420160825
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Process behavior
Behavior description:创建本地线程
details:TargetProcess: iexplore.exe, InheritedFromPID = 1124, ProcessID = 1656, ThreadID = 300, StartAddress = 6359727B, Parameter = 002596D0
TargetProcess: iexplore.exe, InheritedFromPID = 1124, ProcessID = 1656, ThreadID = 1840, StartAddress = 77E56C7D, Parameter = 0026FD80
TargetProcess: iexplore.exe, InheritedFromPID = 1124, ProcessID = 1656, ThreadID = 2052, StartAddress = 77E56C7D, Parameter = 0026FE10
TargetProcess: iexplore.exe, InheritedFromPID = 1124, ProcessID = 1656, ThreadID = 2056, StartAddress = 6359727B, Parameter = 00275D90
TargetProcess: iexplore.exe, InheritedFromPID = 1124, ProcessID = 1656, ThreadID = 2148, StartAddress = 5DE05A52, Parameter = 034FEF40
TargetProcess: iexplore.exe, InheritedFromPID = 1124, ProcessID = 1656, ThreadID = 2216, StartAddress = 6359727B, Parameter = 002760B0
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082420160825\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\popup.html
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\css\bootstrap.min.css
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\css\bootstrap-switch.min.css
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js\j.js
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js\bootstrap.min.js
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js\bootstrap-switch.min.js
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js\core.js
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js\popup.js
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\img\科技线条.png
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\fonts\glyphicons-halflings-regular.eot
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\css
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\img
FileName = C:\Documents and Settings
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favcenter[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082420160825
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082420160825\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2] ---> Offset = 0
Network behavior
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Type
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Flags
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Time
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082420160825\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082420160825\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082420160825\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082420160825\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082420160825\CacheRepair
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016061420160615\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\
Other behavior
Behavior description:创建互斥体
details:Local\!PrivacIE!SharedMemory!Mutex
SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-*
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016082420160825!
MSCTF.Shared.MUTEX.ELH
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
MSIMGSIZECacheMutex
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:Global\crypt32LogoffEvent
Isolation Signal Registry Event (C3CECA6B-69E1-11E6-91BE-7B****28, 0)
MSFT.VSA.COM.DISABLE.1656
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Behavior description:窗口信息
details:Pid = 1124, Hwnd=0x603ac, Text = 导航栏, ClassName = WorkerW.
Pid = 1124, Hwnd=0xe039e, Text = 地址组合控制, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0x110342, Text = 页面控制, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0x1302b8, Text = 搜索..., ClassName = Edit.
Pid = 1124, Hwnd=0x160324, Text = 搜索组合控制, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0x1702b6, Text = 搜索控制, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0xc034e, Text = 命令栏, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0x100334, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0x603a4, Text = LinksBand, ClassName = LinksBandClass.
Pid = 1124, Hwnd=0xb0370, Text = 收藏夹栏, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0xa0368, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
Pid = 1656, Hwnd=0xc0356, Text = ITBarHost, ClassName = InternetToolbarHost.
Pid = 1656, Hwnd=0xb0360, Text = 菜单栏, ClassName = WorkerW.
Pid = 1656, Hwnd=0xd0312, Text = 缩放级别, ClassName = ToolbarWindow32.
Pid = 1124, Hwnd=0xf035e, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\popup.html - Windows Internet Explorer, ClassName = IEFrame.
Behavior description:隐藏指定窗口
details:[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
Behavior description:打开互斥体
details:CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016082420160825!
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号