VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:73
Behavior list
Basic Information
MD5:85179bcec6d28be933fbaeb0a71ea3b9
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0
Subfile information:aspack212r_333535e5dumpFile / 0105f3e5e95f0755231bbd9dc6a8d518 / EXE
aspack212r_718d9888dumpFile / 0105f3e5e95f0755231bbd9dc6a8d518 / EXE
易捷录音整理助手7.0.exedumpFile / 0abc88339ec5e8b9f8b5d952aa388590 / EXE
易捷录音整理助手7.0.exe / 0abc88339ec5e8b9f8b5d952aa388590 / EXE
帮助说明.txtdumpFile / 8f7985ea7ca3c98f66bf55503a98c9bb / Unknown
帮助说明.txt / 8f7985ea7ca3c98f66bf55503a98c9bb / Unknown
注册咨询.urldumpFile / d080ccbd2de3c68ed60f1f7ba202d697 / Unknown
注册咨询.url / d080ccbd2de3c68ed60f1f7ba202d697 / Unknown
Time.inidumpFile / 4441725555ed29f4677e9a148ac7b4cb / Unknown
Time.ini / 4441725555ed29f4677e9a148ac7b4cb / Unknown
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,TWScrollbar]
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IDK..AOOFF
MSCTF.MarshalInterface.FileMap.IDK.B.AOOFF
MSCTF.MarshalInterface.FileMap.IDK.C.AOOFF
MSCTF.MarshalInterface.FileMap.IDK.D.AOOFF
MSCTF.MarshalInterface.FileMap.IDK.E.AOOFF
MSCTF.MarshalInterface.FileMap.IDK.F.APOFF
MSCTF.MarshalInterface.FileMap.IDK.G.APOFF
MSCTF.Shared.SFM.IDK
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML.bak---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalBase
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Media\WMSDK\Namespace\DTDFile
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Media\WMSDK\Namespace\LocalDelta
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Media\WMSDK\Namespace\RemoteDelta
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyStyle
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyName
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyPort
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyBypass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS\ProxyExclude
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyStyle
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyName
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyPort
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IDK
Behavior description:隐藏指定窗口
details:[Window,Class] = [,TWScrollbar]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2612, Hwnd=0x10356, Text = 正在整理...... , ClassName = TTabSheet.
Pid = 2612, Hwnd=0x10362, Text = Panel5, ClassName = TPanel.
Pid = 2612, Hwnd=0x1039a, Text = , ClassName = TMemo.
Pid = 2612, Hwnd=0x1035c, Text = 速度调节, ClassName = TGroupBox.
Pid = 2612, Hwnd=0x1035e, Text = 1.0, ClassName = TRzSpinEdit.
Pid = 2612, Hwnd=0x1038c, Text = 保存Ctrl+S, ClassName = TBitBtn.
Pid = 2612, Hwnd=0x1038a, Text = 标时间F8, ClassName = TBitBtn.
Pid = 2612, Hwnd=0x10384, Text = 暂停播放切换键, ClassName = TGroupBox.
Pid = 2612, Hwnd=0x10388, Text = 回车键, ClassName = TRadioButton.
Pid = 2612, Hwnd=0x10386, Text = 空格键, ClassName = TRadioButton.
Pid = 2612, Hwnd=0x10380, Text = 用时间定位语音, ClassName = TGroupBox.
Pid = 2612, Hwnd=0x10382, Text = 00:00:00, ClassName = TEdit.
Pid = 2612, Hwnd=0x1037c, Text = 内容文字搜索查询, ClassName = TGroupBox.
Pid = 2612, Hwnd=0x1037a, Text = 前进F12, ClassName = TBitBtn.
Pid = 2612, Hwnd=0x103a2, Text = 自动暂停F11, ClassName = TBitBtn.
Behavior description:枚举窗口
details:N/A
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:使用SCSI指令读写硬盘
details:LBA = 0x8000C000 SCSIOP = 0x12
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号