VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Behavior list
Behavior analysis report:         Threatbook file behavior analysis report

Basic Information

MD5: 8892a1419ea8bf2e90eb4bf55f8de4d5
file type: EXE
Production company:
version: 1.0.0.0---1.0.0.0
Shell or compiler information: COMPILER:Microsoft Visual C++ v6.0 DLL

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0xc1f4b565, EDX = 0x00001191
EAX = 0xc1f4b5b1, EDX = 0x00001191
EAX = 0xc1f4b5fd, EDX = 0x00001191
EAX = 0xc1f4b649, EDX = 0x00001191
EAX = 0xc1f4b695, EDX = 0x00001191
EAX = 0xc1f4b6e1, EDX = 0x00001191
EAX = 0xc1f4b72d, EDX = 0x00001191
EAX = 0xc1f4b779, EDX = 0x00001191
EAX = 0xc4a7b6f5, EDX = 0x00001191
EAX = 0xc21fe804, EDX = 0x00001192
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0xb201057a.

File behavior

Behavior description: 查找文件
details: FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-CN
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-Hans
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CHS
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CH

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ArmStrong
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MPE
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 枚举窗口
details: N/A
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000051
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000051
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description: 窗口信息
details: Pid = 888, Hwnd=0x140306, Text = 系统信息, ClassName = TGroupBox.
Pid = 888, Hwnd=0xa03b0, Text = KMS模式, ClassName = TComboBox.
Pid = 888, Hwnd=0x2102bc, Text = 一键激活Windows和Office, ClassName = TButton.
Pid = 888, Hwnd=0x60380, Text = 小马KMS10激活, ClassName = TArmStrongForm.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0xb201057a.
Behavior description: 直接获取CPU时钟
details: EAX = 0xc1f4b565, EDX = 0x00001191
EAX = 0xc1f4b5b1, EDX = 0x00001191
EAX = 0xc1f4b5fd, EDX = 0x00001191
EAX = 0xc1f4b649, EDX = 0x00001191
EAX = 0xc1f4b695, EDX = 0x00001191
EAX = 0xc1f4b6e1, EDX = 0x00001191
EAX = 0xc1f4b72d, EDX = 0x00001191
EAX = 0xc1f4b779, EDX = 0x00001191
EAX = 0xc4a7b6f5, EDX = 0x00001191
EAX = 0xc21fe804, EDX = 0x00001192

Run screenshot

VirSCAN