VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: 94ccf3e7342606b2e2be9f41e4eeb382
file type: Rar
Production company: 归途心诚电脑工作室
version: 1.8.0.0---1.8.0.0
Shell or compiler information: COMPILER:Elan

Key behavior

Behavior description: 修改注册表_禁用修改IE首页属性
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage
Behavior description: 修改注册表_IE首页
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,Afx:400000:b:10011:0:0]
Behavior description: 杀掉进程
details: TargetProcess = APP.EXE

File behavior

Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\app.cmd---> Offset = 0

Registry behavior

Behavior description: 修改注册表_IE首页
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description: 修改注册表_禁用修改IE首页属性
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage

Other behavior

Behavior description: 创建互斥体
details: SHIMLIB_LOG_MUTEX
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,Afx:400000:b:10011:0:0]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [,]
Behavior description: 窗口信息
details: Pid = 300, Hwnd=0xb01e0, Text = 是(&Y), ClassName = Button.
Pid = 300, Hwnd=0xb01a2, Text = 否(&N), ClassName = Button.
Pid = 300, Hwnd=0xc01b2, Text = 强烈建议将可在线听歌的5W网址导航设为IE主页并锁定防止恶意网页的篡改,选择“是”则应用该建议,选择“否”则不修改当前IE主页的设置。, ClassName = Static.
Pid = 300, Hwnd=0xe01b8, Text = 欢迎使用, ClassName = #32770.
Pid = 300, Hwnd=0xc01b6, Text = 关于我, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 300, Hwnd=0xd0190, Text = Apps应用管理器, ClassName = Button.
Pid = 300, Hwnd=0xb0164, Text = 关联文件获得单用户安装功能, ClassName = Button(CheckBox).
Pid = 300, Hwnd=0xb0170, Text = 已设置程序包 共0个:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 300, Hwnd=0xc01b4, Text = 浏览, ClassName = Button.
Pid = 300, Hwnd=0xb01be, Text = Lic许可证路径(可空):, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 300, Hwnd=0xc01e8, Text = 卸载, ClassName = Button.
Pid = 300, Hwnd=0xd01a4, Text = Lic许可证管理器, ClassName = Button.
Pid = 300, Hwnd=0xa0198, Text = 执行状态:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 300, Hwnd=0xb01b0, Text = App依赖包路径(可空):, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 300, Hwnd=0xa01aa, Text = App程序包路径:, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description: 获取系统权限
details: SE_DEBUG_PRIVILEGE
Behavior description: 枚举窗口
details: N/A

Run screenshot

VirSCAN