VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:6f73f6b5d4d78e29501e128bbd49ebdf
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MBI..BGPGH
MSCTF.MarshalInterface.FileMap.MBI.B.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.C.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.D.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.E.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.F.AKPGH
MSCTF.MarshalInterface.FileMap.MBI.G.AKPGH
MSCTF.Shared.SFM.MBI
MSCTF.MarshalInterface.FileMap.MBI.H.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.I.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.J.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.K.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.L.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.M.PGDLH

Process behavior

Behavior description: 创建新文件进程
details: ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7L3E8.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7L3E8.tmp\996E.tmp" /SL5="$202A2,2847860,53248,C:\Documents and Settings\Administrator\Local Settings\%temp%\1443198429.225125.exe"
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MBI..BGPGH
MSCTF.MarshalInterface.FileMap.MBI.B.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.C.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.D.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.E.AIPGH
MSCTF.MarshalInterface.FileMap.MBI.F.AKPGH
MSCTF.MarshalInterface.FileMap.MBI.G.AKPGH
MSCTF.Shared.SFM.MBI
MSCTF.MarshalInterface.FileMap.MBI.H.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.I.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.J.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.K.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.L.PGDLH
MSCTF.MarshalInterface.FileMap.MBI.M.PGDLH
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7L3E8.tmp\996E.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-AEGN3.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-AEGN3.tmp\_isetup\_shfoldr.dll
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-AEGN3.tmp\2345Explorer.ico---> Offset = 0
Behavior description: 查找文件
details: FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7L3E8.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7L3E8.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\*.*

Other behavior

Behavior description: 枚举窗口
details: N/A
Behavior description: 窗口信息
details: Pid = 2072, Hwnd=0x202b0, Text = 欢迎使用 红蜻蜓抓图精灵 安装向导 , ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x302b8, Text = 此程序将安装 红蜻蜓抓图精灵 v2.30 build 1505 到您的计算机中。 强烈建议您在继续安装之前关闭其他所有正在运行的程序,以避免安装过, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x202c6, Text = 下一步(&N) >, ClassName = TButton.
Pid = 2072, Hwnd=0x202ca, Text = 取消, ClassName = TButton.
Pid = 2072, Hwnd=0x402bc, Text = 安装 - 红蜻蜓抓图精灵, ClassName = TWizardForm.
Pid = 2072, Hwnd=0x402be, Text = 使用许可协议, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x202ac, Text = 在继续安装之前,请阅读下面的重要信息。, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x202ae, Text = 请仔细阅读下面的使用许可协议。您必须在继续安装之前接受本协议。, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x702c0, Text = < 上一步(&B), ClassName = TButton.
Pid = 2072, Hwnd=0x202c6, Text = 我接受(&A) >, ClassName = TButton.
Pid = 2072, Hwnd=0x402be, Text = 选择目标位置, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x202ac, Text = 您想将 红蜻蜓抓图精灵 安装在什么地方?, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x202d0, Text = 安装程序将安装 红蜻蜓抓图精灵 到下列文件夹中。, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0x302b6, Text = 单击“下一步”继续。如果您想选择其它文件夹,单击“浏览”。, ClassName = TNewStaticText.
Pid = 2072, Hwnd=0xc02ce, Text = C:\Program Files\supersoft\Rdfsnap, ClassName = TEdit.
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MBI
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,RdfSnap_PrevInstance_Window]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]