VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:6b908a112f0d4e04202ce328b4245e49
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:PE+(64)
Subfile information:amtlib.dll / b268e6c30e985618ae5cbd0e4e4defe4 / DLL
amtlib / e84703a39ab56b59db6cd8b171618826 / Mub
amtlib.dll / cb1472edbfcfd2f0b17c1c158c778a8e / DLL
.DS_Store / 68cabe976ac44c2dba683696a59fb276 / Unknown
.DS_Store / 49fdb4026106e98d3c81ce585ac347f5 / Unknown
.DS_Store / d675da98c16e619f4d2b7cd609046780 / Unknown
.DS_Store / d675da98c16e619f4d2b7cd609046780 / Unknown
CodeResources / 868bd8e39ccf48166510877d44b16f47 / Unknown
Info.plist / 6c51956b1e68c5bb68c4fb04bc814eff / Unknown
Resources.lnk / 69c3b13048b9220774fc6137083fb3bf / Unknown
amtlib.lnk / 9c418cf8ea612d225b1f03be90e28f72 / Unknown
Current.lnk / 2e9140bddb5a363c5822889bb84bf048 / Unknown
PSCC2015 5.5-2017最新版本破解文件dumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Process behavior
Behavior description:创建本地线程
details:TargetProcess: cmd.exe, InheritedFromPID = 2000, ProcessID = 2928, ThreadID = 2940, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: cmd.exe, InheritedFromPID = 2000, ProcessID = 2928, ThreadID = 2968, StartAddress = 7D6A608A, Parameter = 001C5EB0
TargetProcess: cmd.exe, InheritedFromPID = 2000, ProcessID = 2928, ThreadID = 2988, StartAddress = 77F56ED3, Parameter = 0013E5A8
File behavior
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\PSCC2015 5.5-2017最新版本破解文件\Mac补丁\amtlib.framework\Resources.lnk ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\PSCC2015 5.5-2017最新版本破解文件
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\PSCC2015 5.5-2017最新版本破解文件\Mac补丁
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\PSCC2015 5.5-2017最新版本破解文件\Mac补丁\amtlib.framework
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\PSCC2015 5.5-2017最新版本破解文件\Mac补丁\amtlib.framework\Resources.lnk
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
Other behavior
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Shell.CMruPidlList
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
Behavior description:打开事件
details:_fCanRegisterWithShellService
Global\crypt32LogoffEvent
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号