1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:79 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 6241e7095304cf0e3cc940058db02c56 |
| file type: | Microsoft Office Word文档 |
| Production company: | |
| version: | |
| Shell or compiler information: | |
| Subfile information: | document.xml / 6fe8fc6a394488adce3671673ac5b61e / Unknown |
| image2.jpeg / ced840cef0c3a65f74674f4fbb947812 / Unknown | |
| image2.jpegdumpFile / ced840cef0c3a65f74674f4fbb947812 / Unknown | |
| styles.xmldumpFile / cd180df56cc4a77508963160af6b3250 / Unknown | |
| styles.xml / cd180df56cc4a77508963160af6b3250 / Unknown | |
| document.xmldumpFile / 6fe8fc6a394488adce3671673ac5b61e / Unknown | |
| numbering.xml / 90f91a23840d7ceef4b1cde9a3e7f223 / Unknown | |
| numbering.xmldumpFile / 90f91a23840d7ceef4b1cde9a3e7f223 / Unknown | |
| image1.jpeg / 45625e09b0e7056e2647220006f31675 / Unknown | |
| image1.jpegdumpFile / 45625e09b0e7056e2647220006f31675 / Unknown | |
| settings.xml / 296d491a0931c357369648729907a0e3 / Unknown | |
| settings.xmldumpFile / 296d491a0931c357369648729907a0e3 / Unknown | |
| theme1.xmldumpFile / a8d6abc6c1f26db22ed576c3b3ed8722 / Unknown | |
| theme1.xml / a8d6abc6c1f26db22ed576c3b3ed8722 / Unknown | |
| app.xmldumpFile / a22cbb4ffe60e8fae040aaeaf75e0c52 / Unknown | |
| app.xml / a22cbb4ffe60e8fae040aaeaf75e0c52 / Unknown | |
| footer1.xmldumpFile / 8f36c3dc9b0277bc168e16e3d367d78e / Unknown | |
| footer1.xml / 8f36c3dc9b0277bc168e16e3d367d78e / Unknown | |
| fontTable.xmldumpFile / be5571fe90588048e7656bd0b1af0055 / Unknown | |
| Key behavior | |
|---|---|
| Behavior description: | 检测自身是否被调试 |
| details: | N/A |
| Process behavior | |
|---|---|
| Behavior description: | 创建本地线程 |
| details: | TargetProcess: WINWORD.EXE, InheritedFromPID = 2008, ProcessID = 2680, ThreadID = 2760, StartAddress = 326138F8, Parameter = 03EEFB40 |
| TargetProcess: WINWORD.EXE, InheritedFromPID = 2008, ProcessID = 2680, ThreadID = 2764, StartAddress = 3264B7DB, Parameter = 00000000 | |
| TargetProcess: WINWORD.EXE, InheritedFromPID = 2008, ProcessID = 2680, ThreadID = 3096, StartAddress = 3BE7617C, Parameter = 00000000 | |
| TargetProcess: WINWORD.EXE, InheritedFromPID = 2008, ProcessID = 2680, ThreadID = 3164, StartAddress = 314AB3EA, Parameter = 320FDEB0 | |
| TargetProcess: WINWORD.EXE, InheritedFromPID = 2008, ProcessID = 2680, ThreadID = 3192, StartAddress = 314AB3EA, Parameter = 320FDEB0 | |
| TargetProcess: WINWORD.EXE, InheritedFromPID = 2008, ProcessID = 2680, ThreadID = 3308, StartAddress = 326138F8, Parameter = 036347E0 | |
| TargetProcess: WINWORD.EXE, InheritedFromPID = 2008, ProcessID = 2680, ThreadID = 3312, StartAddress = 326138F8, Parameter = 02BD3C00 | |
| File behavior | |
|---|---|
| Behavior description: | 重命名文件 |
| details: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm ---> C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~WRL0001.tmp |
| C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~WRD0000.tmp ---> C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm | |
| Behavior description: | 覆盖已有文件 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temp\mso4.tmp |
| C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip | |
| Behavior description: | 删除文件 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temp\mso4.tmp |
| Behavior description: | 查找文件 |
| details: | FileName = C:\Documents and Settings |
| FileName = C:\Documents and Settings\Administrator | |
| FileName = C:\Documents and Settings\Administrator\Application Data | |
| FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft | |
| FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Office | |
| FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent | |
| Registry behavior | |
|---|---|
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\ReviewCycle\ReviewToken |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\(,+ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\v,+ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\%,+ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\4,+ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\方正舒体 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\方正姚体 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\华文彩云 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\华文仿宋 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\华文细黑 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\华文新魏 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\华文行楷 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\华文中宋 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Shared Tools\Panose\隶书 | |
| Behavior description: | 删除注册表键值 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Max Display |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 2 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 3 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 4 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 5 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 6 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 7 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 8 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 9 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 10 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 11 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 12 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 13 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 14 | |
| Behavior description: | 删除注册表键 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\ |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\DocumentRecovery\10F4E\ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\DocumentRecovery\ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\ | |
| Other behavior | |
|---|---|
| Behavior description: | 检测自身是否被调试 |
| details: | N/A |
| Behavior description: | 创建互斥体 |
| details: | Global\MTX_MSO_Formal1_S-* |
| Global\MTX_MSO_AdHoc1_S-* | |
| MSCTF.Shared.MUTEX.APH | |
| Local\MU_ACBPIDS09_S-1-5-5-0-48441 | |
| Local\MU_ACB09_S-1-5-5-0-48441 | |
| Local\ZonesCounterMutex | |
| Local\ZoneAttributeCacheCounterMutex | |
| Local\ZonesCacheCounterMutex | |
| Local\ZonesLockedCacheCounterMutex | |
| MSCTF.Shared.MUTEX.MHK | |
| Global\MsoShellExtRegAccess_S-* | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,_WwB] |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Ghost,] |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,] | |
| NtUserFindWindowEx: [Class,Window] = [MsoHelp10,] | |
| NtUserFindWindowEx: [Class,Window] = [AgentAnim,] | |
| Behavior description: | 窗口信息 |
| details: | Pid = 2680, Hwnd=0x201aa, Text = MsoDockTop, ClassName = MsoCommandBarDock. |
| Pid = 2680, Hwnd=0x101b4, Text = Ribbon, ClassName = MsoCommandBar. | |
| Pid = 2680, Hwnd=0x101e0, Text = Ribbon, ClassName = MsoWorkPane. | |
| Pid = 2680, Hwnd=0x101b2, Text = MsoDockBottom, ClassName = MsoCommandBarDock. | |
| Pid = 2680, Hwnd=0x101b6, Text = 状态栏, ClassName = MsoCommandBar. | |
| Pid = 2680, Hwnd=0x101c4, Text = 状态栏, ClassName = MsoWorkPane. | |
| Behavior description: | 枚举窗口 |
| details: | N/A |
| Behavior description: | 创建事件对象 |
| details: | EventName = Global\userenv: User Profile setup event |
| EventName = MSCTF.SendReceive.Event.MHK.IC | |
| EventName = MSCTF.SendReceiveConection.Event.MHK.IC | |
| Run screenshot |
|---|
 |
HOME
