VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:91e0b07a24758f10ddd056c0e05c46f1
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Elan
Subfile information:算算量 V3.1.exe / d2134c022501a40164dd44113f07d1ae / EXE
DiDaPG.ocx / 3f5929c15bd80f6ceb9ec911751beb58 / DLL
krnln.fnr / 44e2ca67c060fbe3dc0d030149f5a478 / DLL
国标清单-安装.dek / 78402749a55d9abf3996444a2eb8fb49 / Unknown
GSCellPro.ocx / 1472abc1324946767545dd06e9571c64 / DLL
ssl_ico.exe / c1d4e1fae99084eadb759177a070baf9 / EXE
eGrid.fne / 99811b86d81bcfce57cfff07b5939593 / DLL
eAPI.fne / 75e3942b26c39888cc2ee9b732a101c8 / DLL
com.run / a50997b4c89c65c884962b7329f79482 / DLL
iext.fnr / 3f1b2b497172b65f7bb15453d0d93de0 / DLL
RegEx.fnr / f7c219df1d95ac5f9273411a57fcf227 / DLL
ExtMenu.fnr / 815f7b24563a687ac83d177487463171 / DLL
国标清单-装饰.dek / d00977815b1cac047cba9ff3e394827c / Unknown
script.fne / f8a655e81afbd29bffb1529eb81c0bce / DLL
国标清单-土建.dek / 23a01689a1b026b92fe90043bd7be688 / Unknown
dp1.fne / 07201b1fd5f8925dd49a4556ac3b5bab / DLL
commobj.fne / 2b86ad8cd1903916ae5a3cd7ec2f1b9e / DLL
EDataStructure.fne / 50b10397fb6caed2e4719747191c893d / DLL
1-11#楼-外墙涂料.ssl / ef4350795d7eeb7070e656d891a5cc87 / Unknown
Key behavior
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00030340, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00030340, DC = 0x01010055.
Foreground window Info: HWND = 0x00030340, DC = 0x01010057.
Foreground window Info: HWND = 0x00030340, DC = 0x0a010375.
Behavior description:获取TickCount值
details:TickCount = 280046, SleepMilliseconds = 60000.
TickCount = 280062, SleepMilliseconds = 60000.
TickCount = 280093, SleepMilliseconds = 60000.
TickCount = 280171, SleepMilliseconds = 60000.
TickCount = 280187, SleepMilliseconds = 60000.
TickCount = 280265, SleepMilliseconds = 60000.
TickCount = 280328, SleepMilliseconds = 60000.
TickCount = 280359, SleepMilliseconds = 60000.
TickCount = 280421, SleepMilliseconds = 60000.
TickCount = 280515, SleepMilliseconds = 60000.
TickCount = 280531, SleepMilliseconds = 60000.
TickCount = 280609, SleepMilliseconds = 60000.
TickCount = 280671, SleepMilliseconds = 60000.
TickCount = 280703, SleepMilliseconds = 60000.
TickCount = 280765, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 算算量 V3.1.exe, InheritedFromPID = 2000, ProcessID = 3520, ThreadID = 3564, StartAddress = 77E56C7D, Parameter = 001BCE30
TargetProcess: 算算量 V3.1.exe, InheritedFromPID = 2000, ProcessID = 3520, ThreadID = 3568, StartAddress = 769AE43B, Parameter = 001BF690
TargetProcess: 算算量 V3.1.exe, InheritedFromPID = 2000, ProcessID = 3520, ThreadID = 3572, StartAddress = 77E56C7D, Parameter = 001BFE18
TargetProcess: 算算量 V3.1.exe, InheritedFromPID = 2000, ProcessID = 3520, ThreadID = 3604, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 算算量 V3.1.exe, InheritedFromPID = 2000, ProcessID = 3520, ThreadID = 3676, StartAddress = 76B2AEAF, Parameter = 00000000
TargetProcess: 算算量 V3.1.exe, InheritedFromPID = 2000, ProcessID = 3520, ThreadID = 3680, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: 算算量 V3.1.exe, InheritedFromPID = 2000, ProcessID = 3520, ThreadID = 3684, StartAddress = 77C0A341, Parameter = 02E4E978
File behavior
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\krnln.fnr ---> Offset = 884736
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\krnln.fnr ---> Offset = 958464
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\com.run ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\com.run ---> Offset = 233472
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\DiDaPG.ocx ---> Offset = 659456
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\DiDaPG.ocx ---> Offset = 1003520
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\DiDaPG.ocx ---> Offset = 1085440
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\DiDaPG.ocx ---> Offset = 1150976
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\DiDaPG.ocx ---> Offset = 1216512
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\iext.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\iext.fnr ---> Offset = 151552
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\iext.fnr ---> Offset = 180224
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\script.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\ExtMenu.fnr ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\算算量 V3.1-破解版\
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{064C3949-0D3A-4505-A9DC-AE89A6498597}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{064C3949-0D3A-4505-A9DC-AE89A6498597}\1.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{064C3949-0D3A-4505-A9DC-AE89A6498597}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{064C3949-0D3A-4505-A9DC-AE89A6498597}\1.0\HELPDIR\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724A0FCB-DC4C-4492-82D1-3E8070510CE2}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724A0FCB-DC4C-4492-82D1-3E8070510CE2}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724A0FCB-DC4C-4492-82D1-3E8070510CE2}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724A0FCB-DC4C-4492-82D1-3E8070510CE2}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{724A0FCB-DC4C-4492-82D1-3E8070510CE2}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C230046-48F9-4EC2-828D-5380235F0B7A}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C230046-48F9-4EC2-828D-5380235F0B7A}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C230046-48F9-4EC2-828D-5380235F0B7A}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C230046-48F9-4EC2-828D-5380235F0B7A}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C230046-48F9-4EC2-828D-5380235F0B7A}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F6CFC57-DF3B-48CF-8346-C7BCE995590B}\
Other behavior
Behavior description:获取光标位置
details:CursorPos = (80,18468), SleepMilliseconds = 250.
CursorPos = (6373,26501), SleepMilliseconds = 250.
CursorPos = (19208,15725), SleepMilliseconds = 250.
CursorPos = (11517,29359), SleepMilliseconds = 250.
CursorPos = (27001,24465), SleepMilliseconds = 250.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Global\FC5F09D0-9A16-4a8f-8740-D7A9BB7E481A
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EMN
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.EMN.IC
EventName = MSCTF.SendReceiveConection.Event.EMN.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.3520
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:获取TickCount值
details:TickCount = 280046, SleepMilliseconds = 60000.
TickCount = 280062, SleepMilliseconds = 60000.
TickCount = 280093, SleepMilliseconds = 60000.
TickCount = 280171, SleepMilliseconds = 60000.
TickCount = 280187, SleepMilliseconds = 60000.
TickCount = 280265, SleepMilliseconds = 60000.
TickCount = 280328, SleepMilliseconds = 60000.
TickCount = 280359, SleepMilliseconds = 60000.
TickCount = 280421, SleepMilliseconds = 60000.
TickCount = 280515, SleepMilliseconds = 60000.
TickCount = 280531, SleepMilliseconds = 60000.
TickCount = 280609, SleepMilliseconds = 60000.
TickCount = 280671, SleepMilliseconds = 60000.
TickCount = 280703, SleepMilliseconds = 60000.
TickCount = 280765, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3520, Hwnd=0x203a0, Text = 确定, ClassName = Button.
Pid = 3520, Hwnd=0x2039e, Text = 您未启动AUTOCAD程序, ClassName = Static.
Pid = 3520, Hwnd=0x40382, Text = 友情提示, ClassName = #32770.
Pid = 3520, Hwnd=0x103a6, Text = <font charset = “ DEFAULT_CHARSET ” fontname = “ 宋体 ” italic = “ 1 ” orientation = “ 90 ” strikeout = “ 1 ” weight = “ FW_BOLD ” fontsize = “120” underline = “ 1 ” ></font>, ClassName = Edit.
Pid = 3520, Hwnd=0x103a4, Text = 热键, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 3520, Hwnd=0x103a2, Text = (command "-layer" "on" "*" "") , ClassName = Edit.
Pid = 3520, Hwnd=0x30340, Text = 算算量 V3.1-专业版, ClassName = WTWindow.
Pid = 3520, Hwnd=0x1037c, Text = 123456, ClassName = Edit.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00030340, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00030340, DC = 0x01010055.
Foreground window Info: HWND = 0x00030340, DC = 0x01010057.
Foreground window Info: HWND = 0x00030340, DC = 0x0a010375.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ScrollBar]
[Window,Class] = [,DiDaSG]
[Window,Class] = [,Edit]
[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
[Window,Class] = [,Afx:3420000:b:10011:1900010:0]
[Window,Class] = [,Afx:3460000:b:10011:110005b:0]
[Window,Class] = [(command "-layer" "on" "*" "") ,Edit]
[Window,Class] = [热键,Afx:10000000:b:10011:1900015:0]
[Window,Class] = [<font charset = “ DEFAULT_CHARSET ” fontname = “ 宋体 ” italic = “ 1 ” orientation = “ 90 ” strikeout = “ 1 ” weight = “ FW_BOLD ” fontsize = “120” underline = “ 1 ” ></font>,Edit]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号