VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:7d9dd5982a66614740aefe6c9e5b14bf
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 跨进程写入数据
details: TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x00010000, Size = 0x000008de
TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x00020000, Size = 0x000008e8
TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x7ffda010, Size = 0x00000004
TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x7ffda1e8, Size = 0x00000004
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x3301038e.
Behavior description: 检测自身是否被调试
details: N/A

Process behavior

Behavior description: 隐藏窗口创建进程
details: ImagePath = , CmdLine = "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-zh_CN
Behavior description: 创建进程
details: ImagePath = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, CmdLine = "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-zh_CN
Behavior description: 创建本地线程
details: TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 560, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 556, StartAddress = 050770CA, Parameter = 00E1FA28
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 564, StartAddress = 781329E1, Parameter = 00E537E8
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 584, StartAddress = 77E56C7D, Parameter = 0019E6D8
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 456, StartAddress = 769AE43B, Parameter = 001AAAA0
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 448, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 444, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 440, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 568, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 1376, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 632, StartAddress = 012BB3A0, Parameter = 01D0B408
TargetProcess: AcroRd32.exe, InheritedFromPID = 2008, ProcessID = 1920, ThreadID = 892, StartAddress = 01301FA0, Parameter = 031C3F98
TargetProcess: Adobe_Updater.exe, InheritedFromPID = 1920, ProcessID = 2208, ThreadID = 2216, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: Adobe_Updater.exe, InheritedFromPID = 1920, ProcessID = 2208, ThreadID = 2220, StartAddress = 00548C61, Parameter = 00E4E598
Behavior description: 枚举进程
details: N/A
Behavior description: 跨进程写入数据
details: TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x00010000, Size = 0x000008de
TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x00020000, Size = 0x000008e8
TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x7ffda010, Size = 0x00000004
TargetProcess = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe, WriteAddress = 0x7ffda1e8, Size = 0x00000004

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description: 覆盖已有文件
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater6\AdobeUpdaterPrefs.dat
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1023
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1028
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 2052
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 1024
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 4096
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 8192
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 12288
C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\UserCache.bin ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 278
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 381
C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Updater\updater.log ---> Offset = 429
Behavior description: 查找文件
details: FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat
FileName = C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\bLastExitNormal
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\cRecentFiles\c1\sDI
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\cRecentFiles\c1\tDIText
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\cRecentFiles\c1\aFS
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\iTime
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\iAVDocViewBottomSplitterPos
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\iAVDocViewLeftSplitterPos
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\bAVDocViewTabsShowing
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\bAVToolBarHostView_ToolBarsShowing
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\bShowingPageGaps
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\bShowingPageGaps
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\xpageViewBead
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\ipageViewLayoutMode
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\ipageViewPageNum
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\RememberedViews\cNoCategoryFiles\c1\cViewDef\cTopLeftView\bpageViewStartThread
Behavior description: 删除注册表键
details: \REGISTRY\MACHINE\SYSTEM\Acrobatviewercpp304\
\REGISTRY\MACHINE\SYSTEM\WSZXSGANXFJVAYSXYQGNXKQY\
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\MaxDoc
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\MaxApp
\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\PrintToFile

Other behavior

Behavior description: 设置对象安全信息
details: C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
C:\Documents and Settings\All Users\Application Data\Adobe\Updater6\AdobeESDGlobalApps.xml
Behavior description: 创建互斥体
details: 2AC1A572DB6944B0A65C38C4140AF2F47800655310C
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Acrobat Instance Mutex
Global\AcrobatViewerIsRunning
MSCTF.Shared.MUTEX.APH
MSCTF.Shared.MUTEX.MHH
M/1G8CZiEw2V6MhRhoZs3Q==
k4MZXm/abW9MoMnrUNTWcg==
2AC1A572DB6944B0A65C38C4140AF2F48a0006233B0
9LVOgOsC+tXZJUah+9h3NQ==
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MHH.IC
EventName = MSCTF.SendReceiveConection.Event.MHH.IC
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = ShellCopyEngineRunning
EventName = ShellCopyEngineFinished
Behavior description: 检测自身是否被调试
details: N/A
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [AdobeAcrobatSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [AdobeReaderSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [Acrobat Instance Window Class,Acrobat Instance Window]
NtUserFindWindowEx: [Class,Window] = [Acrobat Viewer,]
NtUserFindWindowEx: [Class,Window] = [JFWUI2,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [AcrobatTimerWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [UpdaterBaseDialogClass6,]
NtUserFindWindowEx: [Class,Window] = [AcrobatSDIWindow,]
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 1920, Hwnd=0x40184, Text = AVToolBarHostView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101cc, Text = AVTabStripView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101b0, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101b2, Text = AVSplitationPageView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101b4, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101b6, Text = AVScrolledPageView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101b8, Text = AVScrollView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101c0, Text = AVTableContainerView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x101c2, Text = 20.998 x 29.697 厘米, ClassName = Static.
Pid = 1920, Hwnd=0x101be, Text = AVPageView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x201ae, Text = AVNullDocView, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x20196, Text = AVToolBarEasel, ClassName = AVL_AVView.
Pid = 1920, Hwnd=0x4018a, Text = 103%, ClassName = Edit.
Pid = 1920, Hwnd=0x4015e, Text = 1, ClassName = Edit.
Pid = 1920, Hwnd=0x30170, Text = %temp%\1461922138.339553.pdf - Adobe Reader, ClassName = AcrobatSDIWindow.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x3301038e.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Acrobat Viewer]
[Window,Class] = [,Edit]
[Window,Class] = [AVNullDocView,AVL_AVView]
[Window,Class] = [AVSplitterView,AVL_AVView]
[Window,Class] = [,ScrollBar]
[Window,Class] = [AVRulerView,AVL_AVView]
[Window,Class] = [AVTabStripView,AVL_AVView]
[Window,Class] = [AVTableContainerView,AVL_AVView]
[Window,Class] = [AVToolBarView,AVL_AVView]
[Window,Class] = [AVDockableHostView,AVL_AVView]
[Window,Class] = [,AVL_AVFloating]
[Window,Class] = [Adobe Reader,AcrobatSDIWindow]
[Window,Class] = [0,Edit]
[Window,Class] = [100%,Edit]
[Window,Class] = [123456,Edit]