VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:6fd3c21ef5e301a91e44d2666d9dc90c
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 4.x [Overlay]
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..HGOGH
MSCTF.MarshalInterface.FileMap.AEF.B.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.C.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.D.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.E.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.F.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.G.HGOGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.I.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.J.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.K.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.L.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.M.NLDLH
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Cain.lnk
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\Cain\Winrtgen.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\Cain\CA_UserManual.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\Cain\Cain.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\Cain\Whatsnew.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\Cain\Uninstall Cain.lnk
Behavior description:创建可执行文件
details:C:\WINDOWS\~GLC0000.TMP
C:\WINDOWS\~GLH0000.TMP
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GL_3.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0002.TMP
C:\Program Files\Cain\~GLH0004.TMP
C:\Program Files\Cain\~GLH0005.TMP
C:\Program Files\Cain\~GLH000c.TMP
C:\Program Files\Cain\~GLH000d.TMP
C:\Program Files\Cain\~GLH000f.TMP
C:\Program Files\Cain\~GLH0011.TMP
C:\Program Files\Cain\~GLH0013.TMP
C:\Program Files\Cain\Winrtgen\~GLH0016.TMP
C:\Program Files\Cain\Driver\~GLH0018.TMP
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLF6.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLF7.tmp
FileName = C:\Program Files
FileName = C:\Program Files\Cain
FileName = C:\Program Files\Cain\UNINSTAL.EXE
FileName = C:\PROGRA~1\Cain
FileName = C:\PROGRA~1\Cain\UNINSTAL.EXE
FileName = C:\PROGRA~1\Cain\Install.log
FileName = C:\Program Files\Cain\Cain.exe
FileName = C:\Program Files\Cain\Cain.exe.sig
FileName = C:\Program Files\Cain\Whatsnew.txt
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Cain.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..HGOGH
MSCTF.MarshalInterface.FileMap.AEF.B.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.C.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.D.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.E.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.F.HGOGH
MSCTF.MarshalInterface.FileMap.AEF.G.HGOGH
MSCTF.Shared.SFM.AEF
MSCTF.MarshalInterface.FileMap.AEF.H.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.I.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.J.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.K.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.L.NLDLH
MSCTF.MarshalInterface.FileMap.AEF.M.NLDLH
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0002.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0003.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF7.tmp
C:\Program Files\Cain\~GLH0004.TMP ---> C:\Program Files\Cain\UNINSTAL.EXE
C:\Program Files\Cain\~GLH0005.TMP ---> C:\Program Files\Cain\Cain.exe
C:\Program Files\Cain\~GLH0006.TMP ---> C:\Program Files\Cain\Cain.exe.sig
C:\Program Files\Cain\~GLH0007.TMP ---> C:\Program Files\Cain\Whatsnew.txt
C:\Program Files\Cain\~GLH0008.TMP ---> C:\Program Files\Cain\charset.txt
C:\Program Files\Cain\~GLH0009.TMP ---> C:\Program Files\Cain\oui.txt
C:\Program Files\Cain\Wordlists\~GLH000a.TMP ---> C:\Program Files\Cain\Wordlists\Wordlist.txt
C:\Program Files\Cain\~GLH000b.TMP ---> C:\Program Files\Cain\CA_UserManual.chm
C:\Program Files\Cain\~GLH000c.TMP ---> C:\Program Files\Cain\lame_enc.dll
C:\Program Files\Cain\~GLH000d.TMP ---> C:\Program Files\Cain\Abel.dll
C:\Program Files\Cain\~GLH000e.TMP ---> C:\Program Files\Cain\Abel.dll.sig
C:\Program Files\Cain\~GLH000f.TMP ---> C:\Program Files\Cain\Abel.exe
C:\Program Files\Cain\~GLH0010.TMP ---> C:\Program Files\Cain\Abel.exe.sig
Behavior description:修改文件内容
details:C:\WINDOWS\~GLC0000.TMP---> Offset = 0
C:\WINDOWS\~GLH0001.TMP---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0003.TMP---> Offset = 0
C:\WINDOWS\system32\GLBSINST.%$D---> Offset = 0
C:\Program Files\Cain\~GLH0006.TMP---> Offset = 0
C:\Program Files\Cain\~GLH0007.TMP---> Offset = 65536
C:\Program Files\Cain\~GLH0008.TMP---> Offset = 0
C:\Program Files\Cain\~GLH0009.TMP---> Offset = 98304
C:\Program Files\Cain\Wordlists\~GLH000a.TMP---> Offset = 98304
C:\Program Files\Cain\~GLH000b.TMP---> Offset = 98304
C:\Program Files\Cain\~GLH000e.TMP---> Offset = 0
C:\Program Files\Cain\~GLH0010.TMP---> Offset = 0
C:\Program Files\Cain\~GLH0012.TMP---> Offset = 0
C:\Program Files\Cain\~GLH0014.TMP---> Offset = 0
C:\Program Files\Cain\Winrtgen\~GLH0015.TMP---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cain & Abel v4.9.43\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cain & Abel v4.9.43\UninstallString
\REGISTRY\USER\S-*\Software\Cain\Settings\WorkDir
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 1476, Hwnd=0x302bc, Text = Cain & Abel v4.9.43, ClassName = Static.
Pid = 1476, Hwnd=0x202d4, Text = &Next >, ClassName = Button.
Pid = 1476, Hwnd=0x302dc, Text = < &Back, ClassName = Button.
Pid = 1476, Hwnd=0x202d6, Text = &Cancel, ClassName = Button.
Pid = 1476, Hwnd=0x202d8, Text = This installation program will install Cain & Abel v4.9.43. Press the Next button to start the installation. You can press the, ClassName = Static.
Pid = 1476, Hwnd=0x202b2, Text = Cain & Abel v4.9.43 Installation, ClassName = GLBSWizard.
Pid = 1476, Hwnd=0x202a2, Text = Cain & Abel v4.9.43 Installation, ClassName = GLBSInstall.
Pid = 1476, Hwnd=0x302c2, Text = &Next >, ClassName = Button.
Pid = 1476, Hwnd=0x302d8, Text = < &Back, ClassName = Button.
Pid = 1476, Hwnd=0x302d6, Text = &Cancel, ClassName = Button.
Pid = 1476, Hwnd=0x302d4, Text = Cain & Abel v4.9.43 Copyright ?2001-2011 Massimiliano Montoro All rights reserved Web: http://www.oxid.it Email: mao@oxid., ClassName = Edit.
Pid = 1476, Hwnd=0x160142, Text = &Next >, ClassName = Button.
Pid = 1476, Hwnd=0x3015a, Text = < &Back, ClassName = Button.
Pid = 1476, Hwnd=0x502ba, Text = &Cancel, ClassName = Button.
Pid = 1476, Hwnd=0x502dc, Text = Select Destination Directory, ClassName = Static.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号