VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:86
Behavior list
Basic Information
MD5:5f21bf6f376edca69842a6e5142f62c0
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ v6.0 DLL *
Subfile information:PrimaIR.exe / dcdf78800f430e0489948e029dc0be55 / EXE
ielib32.dlldumpFile / cfa3ee83d6b5d780cd8f6fca77f55d28 / DLL
ielib32.dll / cfa3ee83d6b5d780cd8f6fca77f55d28 / DLL
PrimaIR_QuickStart_DE.pdf / ee467059f71aec01e6ebeba84f219b45 / Unknown
PrimaIR_QuickStart_EN.pdf / a2f7493bb5f9406c527231d2a999b417 / Unknown
PrimaIR_DE_Short.pdf / 3b3d1b109572bdc195ed1495125d1bd0 / Unknown
PrimaIR_EN_Short.pdf / 82dbdb7050ed16df1e6456f0667d9807 / Unknown
PrimaIR_DE.lng / a040b4cc49e9720c294837c82b9bdbd8 / Unknown
PrimaIR_EN.lng / 2d478ac53371361564b76e8d0f78aee8 / Unknown
PrimaIR.ico / ba0eb714a1fc196f811f5d7b94b135ec / Unknown
PrimaIR.png / 13fb8ae50a3a9631d93d32b5d0203f75 / Unknown
PrimaIR.ini / 22057d2e1511ee827dc28d8c5edc8605 / Unknown
Upload_PIR.ini / 81051bcc2cf1bedf378224b0a93e2877 / Unknown
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x3bc62825, EDX = 0x0000003c
EAX = 0x3e7927a1, EDX = 0x0000003c
EAX = 0x4e54c327, EDX = 0x0000003c
EAX = 0x85aa32cb, EDX = 0x0000003c
EAX = 0x8ae50184, EDX = 0x0000003c
EAX = 0xc7753f95, EDX = 0x0000003c
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\Temp\ILIST-6B14A549.tmp
C:\Users\Administrator\AppData\Local\Temp\ICACHE-3AF5A474.tmp
C:\Users\Administrator\AppData\Local\Temp\ILIST-1B408A49.tmp
C:\Users\Administrator\AppData\Local\Temp\ICACHE-6DDC996F.tmp
C:\Users\Administrator\AppData\Local\Temp\ILIST-2FECBF30.tmp
C:\Users\Administrator\AppData\Local\Temp\ICACHE-7FB8BDF2.tmp
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Local\Temp\ILIST-6B14A549.tmp
C:\Users\Administrator\AppData\Local\Temp\ICACHE-3AF5A474.tmp
C:\Users\Administrator\AppData\Local\Temp\ILIST-1B408A49.tmp
C:\Users\Administrator\AppData\Local\Temp\ICACHE-6DDC996F.tmp
C:\Users\Administrator\AppData\Local\Temp\ILIST-2FECBF30.tmp
C:\Users\Administrator\AppData\Local\Temp\ICACHE-7FB8BDF2.tmp
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PrimaIR.zh-CN
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PrimaIR.zh-Hans
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PrimaIR.zh
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PrimaIR.en-US
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PrimaIR.en
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PrimaIR.CHS
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\PrimaIR.CH
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\*.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:直接获取CPU时钟
details:EAX = 0x3bc62825, EDX = 0x0000003c
EAX = 0x3e7927a1, EDX = 0x0000003c
EAX = 0x4e54c327, EDX = 0x0000003c
EAX = 0x85aa32cb, EDX = 0x0000003c
EAX = 0x8ae50184, EDX = 0x0000003c
EAX = 0xc7753f95, EDX = 0x0000003c
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\TermSrvReadyEvent
\KernelObjects\MaximumCommitCondition
Global\SvcctrlStartEvent_A3752DX
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:窗口信息
details:Pid = 2776, Hwnd=0x201f6, Text = sckbCopyStandard, ClassName = TsCheckBox.
Pid = 2776, Hwnd=0x20210, Text = Create Subfolders, ClassName = TsRadioGroup.
Pid = 2776, Hwnd=0x20264, Text = Off, ClassName = TsGroupButton.
Pid = 2776, Hwnd=0x30224, Text = Picture Year\Picture Month\Picture Date, ClassName = TsGroupButton.
Pid = 2776, Hwnd=0x30214, Text = Picture Year\Picture Date, ClassName = TsGroupButton.
Pid = 2776, Hwnd=0x3021c, Text = Picture Year\Picture Month, ClassName = TsGroupButton.
Pid = 2776, Hwnd=0x3021a, Text = Picture Date, ClassName = TsGroupButton.
Pid = 2776, Hwnd=0x2020e, Text = Jpeg, ClassName = TsComboBox.
Pid = 2776, Hwnd=0x40164, Text = .jpg, ClassName = TsComboBox.
Pid = 2776, Hwnd=0x301ee, Text = Jpeg, ClassName = TsComboBox.
Pid = 2776, Hwnd=0x30160, Text = Display only thumbnails, ClassName = TsCheckBox.
Pid = 2776, Hwnd=0x201f4, Text = File format, ClassName = TsRadioGroup.
Pid = 2776, Hwnd=0x4015c, Text = Tiff, ClassName = TsGroupButton.
Pid = 2776, Hwnd=0x201f0, Text = Jpeg, ClassName = TsGroupButton.
Pid = 2776, Hwnd=0x30174, Text = Auto Doc. feeder, ClassName = TsCheckBox.
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号