VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 7c72c168bd98886cfb3cc8ce9d1aa216
file type: EXE
Production company: 安徽知本信息技术有限公司
version: 1.0.2.301---2016
Shell or compiler information: COMPILER:NSIS
{$lang.habo.subfile_info}>: mfc100u.dll / f3de10aabd5c7a1a186c9966f037d0c0 / DLL
mfc100u.dll / f3de10aabd5c7a1a186c9966f037d0c0 / DLL

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsn3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg2.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg3.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_onekey.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_custom.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_browse.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_strongbtn.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_finish.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_weakbtn.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_express.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_Close.bmp
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsn3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg2.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg3.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_browse.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_Close.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_custom.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_express.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_finish.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_onekey.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_strongbtn.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\btn_weakbtn.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\FindProcDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\license.rtf
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\SkinBtn.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\FindProcDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\WndProc.dll
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\UserInfo.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg.bmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg.bmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg2.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg2.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg2.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg2.bmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg2.bmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg3.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg3.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\bg3.bmp ---> Offset = 65536
Behavior description: 查找文件
details: FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\FindProcDLL.dll.AmBackup4
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\nsDialogs.dll.AmBackup5
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\SkinBtn.dll.AmBackup3
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\System.dll.AmBackup2
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\UserInfo.dll.AmBackup1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\WndProc.dll.AmBackup6

Registry behavior

Behavior description: 修改注册表_延迟重命名项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
chitu@zhiben_info
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.ADN
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Static]
[Window,Class] = [Nullsoft Install System v2.46 ,Static]
[Window,Class] = [Nullsoft Install System v2.46,Static]
[Window,Class] = [,Button]
[Window,Class] = [安装(&I),Button]
[Window,Class] = [取消(&C),Button]
[Window,Class] = [,RichEdit20A]
[Window,Class] = [确定,Button]
[Window,Class] = [立即安装,Button]
[Window,Class] = [返回,Button]
[Window,Class] = [创建桌面图标,Button]
[Window,Class] = [添加到快速启动栏,Button]
[Window,Class] = [C:\Program Files\ChiTu,Edit]
[Window,Class] = [浏览...,Button]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 3372, Hwnd=0x1036a, Text = 确定, ClassName = Button.
Pid = 3372, Hwnd=0x10370, Text = 立即安装, ClassName = Button.
Pid = 3372, Hwnd=0x10372, Text = 返回, ClassName = Button.
Pid = 3372, Hwnd=0x10374, Text = 同意赤兔加速器的, ClassName = Button(CheckBox).
Pid = 3372, Hwnd=0x10376, Text = 用户许可协议, ClassName = Button.
Pid = 3372, Hwnd=0x10378, Text = 创建桌面图标, ClassName = Button(CheckBox).
Pid = 3372, Hwnd=0x1037a, Text = 添加到快速启动栏, ClassName = Button(CheckBox).
Pid = 3372, Hwnd=0x1037c, Text = C:\Program Files\ChiTu, ClassName = Edit.
Pid = 3372, Hwnd=0x1037e, Text = 浏览..., ClassName = Button.
Pid = 3372, Hwnd=0x10348, Text = 安装(&I), ClassName = Button.
Pid = 3372, Hwnd=0x1034a, Text = 取消(&C), ClassName = Button.
Pid = 3372, Hwnd=0x10356, Text = Nullsoft Install System v2.46 , ClassName = Static.
Pid = 3372, Hwnd=0x10358, Text = Nullsoft Install System v2.46, ClassName = Static.
Pid = 3372, Hwnd=0x20342, Text = 赤兔加速器 2016 安装, ClassName = #32770.
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\UserInfo.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\SkinBtn.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\FindProcDLL.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\WndProc.dll(签名验证: 未通过)
Behavior description: 创建事件对象
details: EventName = MSCTF.SendReceive.Event.ADN.IC
EventName = MSCTF.SendReceiveConection.Event.ADN.IC
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\UserInfo.dll ---> 1e8e11f465afdabe97f529705786b368
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\System.dll ---> 00a0194c20ee912257df53bfe258ee4a
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\SkinBtn.dll ---> e4ec95271ff1bcebab49bdfed6817a22
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\FindProcDLL.dll ---> 8614c450637267afacad1645e23ba24a
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\nsDialogs.dll ---> ab73c0c2a23f913eabdc4cb24b75cbad
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4.tmp\WndProc.dll ---> f0cb331dd4bd92a6ebce45e7cd1cf5ef
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 加载新释放的文件
details: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\UserInfo.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\SkinBtn.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\FindProcDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\nsDialogs.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss4.tmp\WndProc.dll.

Run screenshot

VirSCAN