VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 88764edacd5b3ba679cf663058fc0769
file type: EXE
Production company: Adobe Systems, Inc.
version: 25.0.0.171---25,0,0,171
Shell or compiler information: COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *

Key behavior

Behavior description: 直接调用系统关键API
details: Index = 0x0000007F, Name: NtOpenSymbolicLinkObject, Instruction Address = 0x004532A2
Behavior description: 设置消息钩子
details: C:\WINDOWS\system32\dinput8.dll
Behavior description: 获取TickCount值
details: TickCount = 222048, SleepMilliseconds = 2.
TickCount = 222064, SleepMilliseconds = 2.
TickCount = 231189, SleepMilliseconds = 2.
TickCount = 231205, SleepMilliseconds = 2.
TickCount = 245127, SleepMilliseconds = 2.
TickCount = 245142, SleepMilliseconds = 2.
TickCount = 245207, SleepMilliseconds = 20.
TickCount = 245285, SleepMilliseconds = 20.

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
Behavior description: 覆盖已有文件
details: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
Behavior description: 查找文件
details: FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\*.dll
FileName = \\?\C:\WINDOWS\system32\Macromed\Flash\ss.sgn
FileName = \\?\C:\WINDOWS\system32\Macromed\Flash\ss.cfg
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\*
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\*
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\EEY47AFV\macromedia.com\support\flashplayer\sys\settings.sol
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT
FileName = C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
Behavior description: 重命名文件
details: C:\WINDOWS\system32\update.exe ---> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx ---> Offset = 0

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\Open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\.f4v\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\.f4a\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\.f4p\

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MGK
Behavior description: 创建事件对象
details: EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MGK.IC
EventName = MSCTF.SendReceiveConection.Event.MGK.IC
Behavior description: 直接调用系统关键API
details: Index = 0x0000007F, Name: NtOpenSymbolicLinkObject, Instruction Address = 0x004532A2
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 获取TickCount值
details: TickCount = 222048, SleepMilliseconds = 2.
TickCount = 222064, SleepMilliseconds = 2.
TickCount = 231189, SleepMilliseconds = 2.
TickCount = 231205, SleepMilliseconds = 2.
TickCount = 245127, SleepMilliseconds = 2.
TickCount = 245142, SleepMilliseconds = 2.
TickCount = 245207, SleepMilliseconds = 20.
TickCount = 245285, SleepMilliseconds = 20.
Behavior description: 窗口信息
details: Pid = 2664, Hwnd=0x10344, Text = Adobe Flash Player 25, ClassName = ShockwaveFlash.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 2.
[2]: MilliSeconds = 2.
[3]: MilliSeconds = 2.
[4]: MilliSeconds = 2.
[5]: MilliSeconds = 2.
[6]: MilliSeconds = 2.
[7]: MilliSeconds = 2.
[8]: MilliSeconds = 2.
[9]: MilliSeconds = 2.
[10]: MilliSeconds = 2.
Behavior description: 打开互斥体
details: ShimCacheMutex

Run screenshot

VirSCAN