VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:691a0cd56325222a7311a11581e5531f
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MBI..PGFIG
MSCTF.MarshalInterface.FileMap.MBI.B.PGFIG
MSCTF.MarshalInterface.FileMap.MBI.C.PGFIG
MSCTF.MarshalInterface.FileMap.MBI.D.PGFIG
MSCTF.MarshalInterface.FileMap.MBI.E.OHFIG
MSCTF.MarshalInterface.FileMap.MBI.F.OHFIG
MSCTF.MarshalInterface.FileMap.MBI.G.OHFIG
DfSharedHeap7E254
DfRoot00007E254
MSCTF.MarshalInterface.FileMap.MKM..OFKJG
MSCTF.MarshalInterface.FileMap.MKM.B.OFKJG
MSCTF.MarshalInterface.FileMap.MKM.C.OFKJG
MSCTF.MarshalInterface.FileMap.MKM.D.OFKJG
MSCTF.MarshalInterface.FileMap.MKM.E.NHKJG
Behavior description: 隐藏指定窗口
details: [Window,Class] = [Debloater - InstallShield Wizard,#32770]
[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [Debloater - InstallShield Wizard,MsiDialogCloseClass]
[Window,Class] = [&Serial Number:,Static]
[Window,Class] = [Install this application for:,Static]
[Window,Class] = [,Button]
[Window,Class] = [&Anyone who uses this computer (all users),Button]
[Window,Class] = [Only for &me (analyst004),Button]
[Window,Class] = [Ready to Modify the Program,Static]
[Window,Class] = [Ready to Repair the Program,Static]
[Window,Class] = [Ready to Install the Program,Static]
[Window,Class] = [Serial: ,Static]
[Window,Class] = [The program features you selected are being installed.,Static]
[Window,Class] = [Installing Debloater,Static]

Process behavior

Behavior description: 创建进程
details: ImagePath = C:\WINDOWS\system32\MSIEXEC.EXE, CmdLine = MSIEXEC.EXE /i "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{9F782918-0B7B-44C8-97CE-516EE8FF15BF}\Debloater.msi" SETUPEXEDIR="c:\monitor" SETUPEXENAME

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MBI..PGFIG
MSCTF.MarshalInterface.FileMap.MBI.B.PGFIG
MSCTF.MarshalInterface.FileMap.MBI.C.PGFIG
MSCTF.MarshalInterface.FileMap.MBI.D.PGFIG
MSCTF.MarshalInterface.FileMap.MBI.E.OHFIG
MSCTF.MarshalInterface.FileMap.MBI.F.OHFIG
MSCTF.MarshalInterface.FileMap.MBI.G.OHFIG
DfSharedHeap7E254
DfRoot00007E254
MSCTF.MarshalInterface.FileMap.MKM..OFKJG
MSCTF.MarshalInterface.FileMap.MKM.B.OFKJG
MSCTF.MarshalInterface.FileMap.MKM.C.OFKJG
MSCTF.MarshalInterface.FileMap.MKM.D.OFKJG
MSCTF.MarshalInterface.FileMap.MKM.E.NHKJG
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8B59806-21DE-470C-8854-94C40CF0B908}\Setup.INI---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8B59806-21DE-470C-8854-94C40CF0B908}\_ISMSIDEL.INI---> Offset = 20
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8B59806-21DE-470C-8854-94C40CF0B908}\0x0409.ini---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~3.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~4.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8B59806-21DE-470C-8854-94C40CF0B908}\Debloater.msi---> Offset = 47254
C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{9F782918-0B7B-44C8-97CE-516EE8FF15BF}\Debloater.msi---> Offset = 262144
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~5.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\69a9c.msi---> Offset = 74976
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8B59806-21DE-470C-8854-94C40CF0B908}\_ISMSIDEL.INI---> Offset = 226
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C8B59806-21DE-470C-8854-94C40CF0B908}\_ISMSIDEL.INI---> Offset = 2

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.MKM
Global\_MSIExecute
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 隐藏指定窗口
details: [Window,Class] = [Debloater - InstallShield Wizard,#32770]
[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [Debloater - InstallShield Wizard,MsiDialogCloseClass]
[Window,Class] = [&Serial Number:,Static]
[Window,Class] = [Install this application for:,Static]
[Window,Class] = [,Button]
[Window,Class] = [&Anyone who uses this computer (all users),Button]
[Window,Class] = [Only for &me (analyst004),Button]
[Window,Class] = [Ready to Modify the Program,Static]
[Window,Class] = [Ready to Repair the Program,Static]
[Window,Class] = [Ready to Install the Program,Static]
[Window,Class] = [Serial: ,Static]
[Window,Class] = [The program features you selected are being installed.,Static]
[Window,Class] = [Installing Debloater,Static]
Behavior description: 窗口信息
details: Pid = 2072, Hwnd=0x4020e, Text = Cancel, ClassName = Button.
Pid = 2072, Hwnd=0x401ce, Text = Preparing to Install..., ClassName = Static.
Pid = 2072, Hwnd=0x70196, Text = Debloater Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait., ClassName = Static.
Pid = 2072, Hwnd=0x60240, Text = Extracting: Debloater.msi, ClassName = Static.
Pid = 2072, Hwnd=0x40248, Text = Progress1, ClassName = msctls_progress32.
Pid = 2072, Hwnd=0x301d0, Text = IDR_GIF1, ClassName = is_gif_class.
Pid = 2072, Hwnd=0x30236, Text = Debloater - InstallShield Wizard, ClassName = #32770.
Pid = 3240, Hwnd=0x401c0, Text = Cancel, ClassName = Button.
Pid = 3240, Hwnd=0x401be, Text = Preparing to install..., ClassName = Static.
Pid = 3240, Hwnd=0x40236, Text = Windows Installer, ClassName = #32770.
Pid = 3240, Hwnd=0x60214, Text = &Next >, ClassName = Button.
Pid = 3240, Hwnd=0x50216, Text = Cancel, ClassName = Button.
Pid = 3240, Hwnd=0x4021e, Text = < &Back, ClassName = Button.
Pid = 3240, Hwnd=0x4023c, Text = WARNING: This program is protected by copyright law and international treaties., ClassName = Static.
Pid = 3240, Hwnd=0x50210, Text = The InstallShield(R) Wizard will install Debloater on your computer. To continue, click Next., ClassName = Static.
Behavior description: 获取系统权限
details: SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE