VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 82a0a11d70f86bfb822f7e811609db6b
file type: EXE
Production company: www.fx5y.cn
version: 1.0.0.0---1.0.0.0
Shell or compiler information: COMPILER:Elan

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0xc6d4dcb2, EDX = 0x00001193
EAX = 0xc6d4dcfe, EDX = 0x00001193
EAX = 0xc6d4dd4a, EDX = 0x00001193
EAX = 0xc6d4dd96, EDX = 0x00001193
EAX = 0xc6d4dde2, EDX = 0x00001193
EAX = 0xc6d4de2e, EDX = 0x00001193
EAX = 0xc6d4de7a, EDX = 0x00001193
EAX = 0xc6d4dec6, EDX = 0x00001193
EAX = 0xc6d4df12, EDX = 0x00001193
EAX = 0xc6d4df5e, EDX = 0x00001193
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00100320, DC = 0x24010301.
Foreground window Info: HWND = 0x000f034a, DC = 0x52010531.
Foreground window Info: HWND = 0x00100320, DC = 0x1a010529.
Foreground window Info: HWND = 0x00100320, DC = 0xa701060c.
Foreground window Info: HWND = 0x000f034a, DC = 0x5701064d.
Foreground window Info: HWND = 0x00100320, DC = 0xc6010524.
Foreground window Info: HWND = 0x000f034a, DC = 0x69010581.

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)

Other behavior

Behavior description: 创建互斥体
details: RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MPB
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MPB.IC
EventName = MSCTF.SendReceiveConection.Event.MPB.IC
Behavior description: 打开互斥体
details: RasPbFile
ShimCacheMutex
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description: 窗口信息
details: Pid = 196, Hwnd=0x170340, Text = 无分享密码,不填即可, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 196, Hwnd=0xa03ac, Text = 有验证码点击此处解析, ClassName = Button.
Pid = 196, Hwnd=0x503b2, Text = 验证码:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 196, Hwnd=0xb03ba, Text = 分享密码:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 196, Hwnd=0xf034a, Text = 状态:, ClassName = msctls_statusbar32.
Pid = 196, Hwnd=0x100320, Text = 网盘地址:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 196, Hwnd=0x303dc, Text = 模式一, ClassName = ComboBox.
Pid = 196, Hwnd=0x16032e, Text = 模式一, ClassName = Edit.
Pid = 196, Hwnd=0xa03b0, Text = 解析, ClassName = Button.
Pid = 196, Hwnd=0x70380, Text = 无忧百度盘直链解析, ClassName = WTWindow.
Pid = 196, Hwnd=0x100398, Text = 123456, ClassName = Edit.
Pid = 196, Hwnd=0x1f02fe, Text = 123456, ClassName = Edit.
Pid = 196, Hwnd=0x40394, Text = 123456, ClassName = Edit.
Pid = 196, Hwnd=0x303dc, Text = 模式二, ClassName = ComboBox.
Pid = 196, Hwnd=0x16032e, Text = 模式二, ClassName = Edit.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00100320, DC = 0x24010301.
Foreground window Info: HWND = 0x000f034a, DC = 0x52010531.
Foreground window Info: HWND = 0x00100320, DC = 0x1a010529.
Foreground window Info: HWND = 0x00100320, DC = 0xa701060c.
Foreground window Info: HWND = 0x000f034a, DC = 0x5701064d.
Foreground window Info: HWND = 0x00100320, DC = 0xc6010524.
Foreground window Info: HWND = 0x000f034a, DC = 0x69010581.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
Behavior description: 直接获取CPU时钟
details: EAX = 0xc6d4dcb2, EDX = 0x00001193
EAX = 0xc6d4dcfe, EDX = 0x00001193
EAX = 0xc6d4dd4a, EDX = 0x00001193
EAX = 0xc6d4dd96, EDX = 0x00001193
EAX = 0xc6d4dde2, EDX = 0x00001193
EAX = 0xc6d4de2e, EDX = 0x00001193
EAX = 0xc6d4de7a, EDX = 0x00001193
EAX = 0xc6d4dec6, EDX = 0x00001193
EAX = 0xc6d4df12, EDX = 0x00001193
EAX = 0xc6d4df5e, EDX = 0x00001193

Run screenshot

VirSCAN