VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:8cb8e00eb91e2a0438cd6b661c05f45f
file type:EXE
Production company:ELTIMA Software
version:4.1.2.293---4.1.2.293
Shell or compiler information:
Key behavior
Behavior description:常规加载驱动
details:\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SPSniff.sys
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IHF..PKMFI
MSCTF.MarshalInterface.FileMap.IHF.B.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.C.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.D.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.E.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.F.PLMFI
MSCTF.MarshalInterface.FileMap.IHF.G.PLMFI
MSCTF.Shared.SFM.IHF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,BCGPTabWnd:400000:8:10011:10]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Serial Port Monitor 4.0 by Eltima Software,Afx:00400000:8:00010011:00000000:0001034B]
Behavior description:创建系统服务
details:[服务创建成功]: SPSniff, C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SPSniff.sys
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IHF..PKMFI
MSCTF.MarshalInterface.FileMap.IHF.B.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.C.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.D.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.E.PKMFI
MSCTF.MarshalInterface.FileMap.IHF.F.PLMFI
MSCTF.MarshalInterface.FileMap.IHF.G.PLMFI
MSCTF.Shared.SFM.IHF
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG3.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG5.tmp---> Offset = 4094
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG7.tmp---> Offset = 4094
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG9.tmp---> Offset = 4094
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCGC.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCGD.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCGB.tmp---> Offset = 4094
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG4.tmp---> Offset = 4094
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG6.tmp---> Offset = 4094
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCG8.tmp---> Offset = 4094
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BCGA.tmp---> Offset = 4094
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGControlBarVersion\Major
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGControlBarVersion\Minor
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\Tooltips
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\ShortcutKeys
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\LargeIcons
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\MenuAnimation
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\RecentlyUsedMenus
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\MenuShadows
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\ShowAllMenusAfterDelay
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\Look2000
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGToolbarParameters\CommandsUsage
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGCommandManager\CommandsWithoutImages
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\BCGCommandManager\MenuUserImages
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\ControlBars-Summary\Bars
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Settings\ControlBars-Summary\ScreenCX
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\ELTIMA Software\SerialMonitor\History
\REGISTRY\USER\S-*\Software\Eltima\SerialMonitor\Serial Port Monitor\Recent File List
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IHF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,BCGPTabWnd:400000:8:10011:10]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Serial Port Monitor 4.0 by Eltima Software,Afx:00400000:8:00010011:00000000:0001034B]
Behavior description:常规加载驱动
details:\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SPSniff.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:启动系统服务
details:[服务启动成功]: , SPSniff, \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SPSniff.sys
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 547140, SleepMilliseconds = 60000.
TickCount = 547156, SleepMilliseconds = 60000.
TickCount = 547281, SleepMilliseconds = 60000.
TickCount = 547296, SleepMilliseconds = 60000.
TickCount = 547437, SleepMilliseconds = 60000.
TickCount = 547781, SleepMilliseconds = 60000.
TickCount = 547796, SleepMilliseconds = 60000.
TickCount = 547812, SleepMilliseconds = 60000.
TickCount = 547828, SleepMilliseconds = 60000.
TickCount = 547843, SleepMilliseconds = 60000.
TickCount = 548015, SleepMilliseconds = 60000.
TickCount = 548031, SleepMilliseconds = 60000.
TickCount = 548093, SleepMilliseconds = 60000.
TickCount = 549406, SleepMilliseconds = 60000.
TickCount = 558265, SleepMilliseconds = 60000.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 60000.
CursorPos = (6399,26500), SleepMilliseconds = 60000.
CursorPos = (19234,15724), SleepMilliseconds = 60000.
CursorPos = (11543,29358), SleepMilliseconds = 60000.
CursorPos = (27027,24464), SleepMilliseconds = 60000.
CursorPos = (5770,28145), SleepMilliseconds = 60000.
CursorPos = (23346,16827), SleepMilliseconds = 60000.
CursorPos = (10026,491), SleepMilliseconds = 60000.
CursorPos = (3060,11942), SleepMilliseconds = 60000.
Behavior description:窗口信息
details:Pid = 1268, Hwnd=0x302b8, Text = Send dialog (available in Professional version only), ClassName = BCGPControlBar:400000:8:10011:10.
Pid = 1268, Hwnd=0x1030a, Text = Loop this command sending every, ClassName = Static.
Pid = 1268, Hwnd=0x10312, Text = ms, ClassName = Static.
Pid = 1268, Hwnd=0x1030c, Text = 1000, ClassName = Edit.
Pid = 1268, Hwnd=0x102f0, Text = 1 stop bit, ClassName = ComboBox.
Pid = 1268, Hwnd=0x102e4, Text = Stopbits:, ClassName = Static.
Pid = 1268, Hwnd=0x102e8, Text = 8, ClassName = ComboBox.
Pid = 1268, Hwnd=0x102e0, Text = Databits:, ClassName = Static.
Pid = 1268, Hwnd=0x102f4, Text = None, ClassName = ComboBox.
Pid = 1268, Hwnd=0x102e6, Text = Flow control:, ClassName = Static.
Pid = 1268, Hwnd=0x302b6, Text = 9600, ClassName = ComboBox.
Pid = 1268, Hwnd=0x202d2, Text = 9600, ClassName = Edit.
Pid = 1268, Hwnd=0x102de, Text = Baudrate:, ClassName = Static.
Pid = 1268, Hwnd=0x102ec, Text = No parity, ClassName = ComboBox.
Pid = 1268, Hwnd=0x102e2, Text = Parity:, ClassName = Static.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Behavior description:创建系统服务
details:[服务创建成功]: SPSniff, C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\SPSniff.sys
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号