VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:6ac9663ddbc9ffa9298f7953676e3cdb
file type:7z
Production company:not by Acronis
version:19.0.0.5634---1, 0, 0, 0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:ti_managers.dll / big file / DLL
libcrypto10.dll / 060ed28d979061b88a43f1abf539fbb4 / DLL
libcrypto10.dll / e3708190587a12a2a71b724c0da0a7d3 / DLL
libcrypto10.dll / 9e054045d57e993693454356f89560f2 / DLL
libcrypto10.dll / 24f0e8981ec3088f570af6394feb5b18 / DLL
libcrypto10.dll / ebc12b096fa47195f6b477ddda0c7761 / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / 289ea832080ae0a557e4330135ba4d0a / DLL
libcrypto10.dll / bea4e4ceae1ddb7697ed52b2c0e73986 / DLL
libcrypto10.dll / fbef3abed9b52ded52841b462bd06abc / DLL
libcrypto10.dll / d623a36247044648977c8688bc3eb53e / DLL
libcrypto10.dll / db82de21bc28bb8ff773c44654be90fd / DLL
libcrypto10.dll / abd379efc199031ca55c57e0a588e612 / DLL
libcrypto10.dll / 7581f166afd9f025dd7c2e82dc4884ed / DLL
libcrypto10.dll / 8881dcf53c311065052dc81a4a271d72 / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ECM..LLNIH
MSCTF.MarshalInterface.FileMap.ECM.B.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.C.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.D.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.E.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.F.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.G.LMNIH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0004029e, Text = Acronis True Image activator, ClassName = .
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [,Button]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd" "
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language" /v InstallLanguage
ImagePath = C:\WINDOWS\system32\mode.com, CmdLine = mode con:cols=80 lines=36
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /c REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath 2>NUL
ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = REG QUERY "HKLM\SOFTWARE\Acronis\TrueImageHome\Settings" /v LicenseActivatorExePath
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ECM..LLNIH
MSCTF.MarshalInterface.FileMap.ECM.B.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.C.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.D.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.E.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.F.LLNIH
MSCTF.MarshalInterface.FileMap.ECM.G.LMNIH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\filever.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5551\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.6131\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\15.0.0.7133\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.5587\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6514\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\16.0.0.6528\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.5560\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6614\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6673\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\17.0.0.6688\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.5539\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6055\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6525\libcrypto10.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\18.0.0.6613\libcrypto10.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation_de.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation_en.cmd---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Acronis_x64.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Acronis_x86.reg---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\REG.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\Activation.cmd
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 494895, SleepMilliseconds = 20.
TickCount = 494910, SleepMilliseconds = 20.
TickCount = 494926, SleepMilliseconds = 20.
TickCount = 494941, SleepMilliseconds = 20.
TickCount = 494973, SleepMilliseconds = 20.
TickCount = 494988, SleepMilliseconds = 20.
TickCount = 495035, SleepMilliseconds = 20.
TickCount = 495051, SleepMilliseconds = 20.
TickCount = 502848, SleepMilliseconds = 20.
TickCount = 502926, SleepMilliseconds = 20.
TickCount = 502941, SleepMilliseconds = 20.
TickCount = 502973, SleepMilliseconds = 20.
TickCount = 503160, SleepMilliseconds = 20.
TickCount = 503238, SleepMilliseconds = 20.
TickCount = 503395, SleepMilliseconds = 20.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0004029e, Text = Acronis True Image activator, ClassName = .
Behavior description:窗口信息
details:Pid = 3104, Hwnd=0x202b4, Text = Cancel, ClassName = Button.
Pid = 3104, Hwnd=0x3029e, Text = 27% Extracting, ClassName = #32770.
Pid = 3104, Hwnd=0x3029e, Text = 77% Extracting, ClassName = #32770.
Pid = 376, Hwnd=0x4029e, Text = C:\WINDOWS\system32\cmd.exe, ClassName = ConsoleWindowClass.
Pid = 376, Hwnd=0x4029e, Text = Acronis True Image activator, ClassName = ConsoleWindowClass.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号