VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:47
Behavior list
Basic Information
MD5:5f1a6588aa47cce6571e62c8bb63ed84
file type:EXE
Production company:2016卡qb翻倍代码
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Elan
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IIB
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IIB.IC
EventName = MSCTF.SendReceiveConection.Event.IIB.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceive.Event.ELH.IC
MSCTF.SendReceiveConection.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
Behavior description:窗口信息
details:Pid = 396, Hwnd=0x7037c, Text = 必须是会员才能登陆, ClassName = _EL_Label.
Pid = 396, Hwnd=0x7038a, Text = 注册, ClassName = Button.
Pid = 396, Hwnd=0x1902ce, Text = 2016年7月QQ最新刷QB漏洞, ClassName = _EL_Label.
Pid = 396, Hwnd=0x403a2, Text = 登陆, ClassName = Button.
Pid = 396, Hwnd=0x503b0, Text = 密码:, ClassName = _EL_Label.
Pid = 396, Hwnd=0xb032a, Text = 账号:, ClassName = _EL_Label.
Pid = 396, Hwnd=0x1802fe, Text = 2016.7.20测试成功代码, ClassName = WTWindow.
Pid = 396, Hwnd=0x603ac, Text = 确定, ClassName = Button.
Pid = 396, Hwnd=0xc03a0, Text = 您的会员时间还有999天 0分 0秒, ClassName = Static.
Pid = 396, Hwnd=0x1e02bc, Text = 信息:, ClassName = #32770.
Pid = 396, Hwnd=0x40392, Text = 123456, ClassName = Edit.
Pid = 396, Hwnd=0x703ba, Text = 123456, ClassName = Edit.
Pid = 396, Hwnd=0x10034c, Text = 详细过程(有图片), ClassName = Button.
Pid = 396, Hwnd=0x1502c4, Text = 2016年最新充值卡刷Q币,刷QB教程代码,刷QB方法经过权威技术测试、100%可刷! 2016年刷qB教程现在100%可以刷,提供最新的。用代码刷Q币, ClassName = Edit.
Pid = 396, Hwnd=0x703ac, Text = 关于QQ漏洞的最新相关信息 经测试现在2016.7.20 网上的代码已经全部失效 只有本软件经过三次搜查QQ 找出了相同的数值 784498132 没错, ClassName = _EL_Label.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,_EL_PicBox]
[Window,Class] = [,Button]
[Window,Class] = [注意:蓝色字体皆为用户名字,_EL_Label]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号