VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:8bf62f850665dd375cdc834f5d0e30fc
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:molebox_a_2103a39bdumpFile / big file / EXE
Photoshop.exe / big file / EXE
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [PSOnDeck,PSCtlStorage]
[Window,Class] = [,PSToolTip]
[Window,Class] = [,ComboLBox]
[Window,Class] = [駈ʯ,ComboBox]
[Window,Class] = [騐ʯ,ComboBox]
[Window,Class] = [驘ʯ,ComboBox]
[Window,Class] = [骠ʯ,ComboBox]
[Window,Class] = [髨ʯ,ComboBox]
[Window,Class] = [0.01 点,Edit]
[Window,Class] = [0%,Edit]
[Window,Class] = [1%,Edit]
[Window,Class] = [1,Edit]
[Window,Class] = [0 点,Edit]
[Window,Class] = [ꑸʯ,ComboBox]
[Window,Class] = [连字符:,Static]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\rundll32.exe, CmdLine = sti.dll,RegSTIforWia "Photoshop" "c:\monitor\sample.exe_7zdump\photoshop.exe /StiDevice:%1 /StiEvent:%2" 0
ImagePath = C:\WINDOWS\regedit.exe, CmdLine = C:\WINDOWS\regedit.exe -S PHOTOSHOP.REG
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3B90.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3BB0.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3BA0.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3B80.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3BC0.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3BE0.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbx4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3BF0.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3CE0.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MBX@7B4@1BC3CF0.###
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbx5.tmp
Behavior description:修改文件内容
details:C:\Program Files\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt.lst---> Offset = 0
C:\Program Files\Program Files\Common Files\Adobe\Color\ACE1Cache.lst---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications\Photoshop
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5F246A9A-A919-11d3-AB60-00C04FA3014E}\LocalServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5F246A9A-A919-11d3-AB60-00C04FA3014E}\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image.6\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image.6\shell\print\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image.6\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image.6\protocol\StdFileEditing\server\
\REGISTRY\MACHINE\SOFTWARE\Classes\.psd\ShellNew\NullFile
\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.PlugIn\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.PlugIn\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4B0AB3E1-80F1-11cf-86B4-444553540000}\6.0\409\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6DECC242-87EF-11cf-86B4-444553540000}\LocalServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}\InProcServer32\ThreadingModel
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
Other behavior
Behavior description:创建互斥体
details:StiTraceMutexSti_Trace.log
PS3.0.5WIN
SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Photoshop,]
NtUserFindWindowEx: [Class,Window] = [RegEdit_RegEdit,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [PSOnDeck,PSCtlStorage]
[Window,Class] = [,PSToolTip]
[Window,Class] = [,ComboLBox]
[Window,Class] = [駈ʯ,ComboBox]
[Window,Class] = [騐ʯ,ComboBox]
[Window,Class] = [驘ʯ,ComboBox]
[Window,Class] = [骠ʯ,ComboBox]
[Window,Class] = [髨ʯ,ComboBox]
[Window,Class] = [0.01 点,Edit]
[Window,Class] = [0%,Edit]
[Window,Class] = [1%,Edit]
[Window,Class] = [1,Edit]
[Window,Class] = [0 点,Edit]
[Window,Class] = [ꑸʯ,ComboBox]
[Window,Class] = [连字符:,Static]
Behavior description:窗口信息
details:Pid = 1972, Hwnd=0xb0174, Text = Photoshop 当前的第一暂存盘与 Windows 的主页面文件在同一驱动器上,这可能影响性能。建议将Photoshop 当前的第一暂存盘设置到不同的驱动, ClassName = Static.
Pid = 1972, Hwnd=0xd0190, Text = 确定, ClassName = Button.
Pid = 1972, Hwnd=0xb0192, Text = Adobe Photoshop, ClassName = #32770.
Pid = 1972, Hwnd=0xc01e8, Text = 许可给:, ClassName = Static.
Pid = 1972, Hwnd=0xa0196, Text = ATA 2007, ClassName = Static.
Pid = 1972, Hwnd=0xb01be, Text = 绿色旗舰站, ClassName = Static.
Pid = 1972, Hwnd=0xc01b4, Text = PWC601R3382269, ClassName = Static.
Pid = 1972, Hwnd=0xb0170, Text = 版本:, ClassName = Static.
Pid = 1972, Hwnd=0xb01ce, Text = 6.0, ClassName = Static.
Pid = 1972, Hwnd=0xd01ac, Text = 正在读取参数预置..., ClassName = Static.
Pid = 1972, Hwnd=0xb0184, Text = PSOnDeck, ClassName = PSCtlStorage.
Pid = 1972, Hwnd=0xb01de, Text = Adobe Photoshop, ClassName = Photoshop.
Pid = 1972, Hwnd=0xc01ce, Text = 程序将使用 Photoshop 6 的颜色默认设置值,你现在要设置你的颜色设置吗?, ClassName = Static.
Pid = 1972, Hwnd=0xc0170, Text = 是(&Y), ClassName = Button.
Pid = 1972, Hwnd=0xd01b4, Text = 否(&N), ClassName = Button.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号