VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:99c0c01769c486e173dbfb6bc65b83d0
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Borland Delphi 4.0 - 5.0
Subfile information:aspack2000_320f8f15dumpFile / big file / EXE
mpcarsetup.exe / fb9135a77a4a3d189a709ee189ed4543 / Nsis
mpcar.exe / 5b2619a17f2134f34c3fde215af1fdd1 / EXE
mpgif.dlldumpFile / 99f80ca1ebe95677668f54cac6f4ad6d / DLL
mpcar.exedumpFile / c689123b61e9c071a3ebedbea1ff3ff2 / EXE
mpqcmr.mdbdumpFile / 42ffa9448e6c1da1a779eced2352ad1c / Unknown
aspack2000_7de6184ddumpFile / 74ff8db77bc77a066ea440b174717d0c / DLL
aspack2000_666c17c1dumpFile / 539c26964f81fd0ce715c6f5d35e0071 / DLL
spltmp.bmpdumpFile / 8f0529da13c81706ca3c84b23dbb5838 / Unknown
aspack2000_717d9699dumpFile / b962a5670eacc678280dac386bd902d5 / DLL
RWic.dlldumpFile / 84bf87e56dc52ce5f57b955f38019546 / DLL
SWind.dlldumpFile / 7fb2c39405435d1a01314f6ce2c15dc1 / DLL
Mwic_32.dlldumpFile / ac05698361d5e8da4194cc681a79af34 / DLL
image041.gifdumpFile / 60fa10557654bc6e2a253540e3d59ded / Unknown
image048.gifdumpFile / 8f04cfab93590a4e7815b79b483c07df / Unknown
aspack2000_86ec68d8dumpFile / ef934d0767f3e4cced8c350ae3bb4026 / DLL
modern-wizard.bmpdumpFile / 0bd1fee9a62869073c651e0f87579e64 / Unknown
image042.gifdumpFile / 6376bf568dd88037fb62c4b93df7565e / Unknown
image038.gifdumpFile / 317161e20acdf6b8cb423e25f0e558d0 / Unknown
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\美萍汽车美容管理系统.lnk
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\msv60.drv
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [MpSoft - http://www.mpsoft.net.cn,Static]
[Window,Class] = [MpSoft - http://www.mpsoft.net.cn ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装程序已成功地运行完成。,Static]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\MpSoft\mpcar\mpcar.exe, CmdLine = "C:\Program Files\MpSoft\mpcar\mpcar.exe"
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\MpSoft\mpcar\卸载美萍汽车美容管理系统.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\MpSoft\mpcar\美萍汽车美容管理系统.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\MpSoft\mpcar\技术支持主页.url
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\advsplash.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\InstallOptions.dll
C:\WINDOWS\system32\mpgif.dll
C:\Program Files\MpSoft\mpcar\mpcar.exe
C:\Program Files\MpSoft\mpcar\SWind.dll
C:\Program Files\MpSoft\mpcar\Mwic_32.dll
C:\Program Files\MpSoft\mpcar\RWic.dll
C:\Program Files\MpSoft\mpcar\skin.dll
C:\Program Files\MpSoft\mpcar\mpgif.dll
C:\Program Files\MpSoft\mpcar\uninst.exe
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\美萍汽车美容管理系统.lnk
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\msv60.drv
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.AMM..JECHF
MSCTF.MarshalInterface.FileMap.AMM.B.JFCHF
MSCTF.MarshalInterface.FileMap.AMM.C.JFCHF
MSCTF.MarshalInterface.FileMap.AMM.D.JFCHF
MSCTF.MarshalInterface.FileMap.AMM.E.JFCHF
MSCTF.MarshalInterface.FileMap.AMM.F.IGCHF
MSCTF.MarshalInterface.FileMap.AMM.G.IGCHF
MSCTF.Shared.SFM.AMM
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\spltmp.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\modern-wizard.bmp---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\modern-header.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 335
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 390
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 398
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 410
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\ioSpecial.ini---> Offset = 82
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\MpSoft\mpcar\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mpcar\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mpcar\UninstallString
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\4.0\Engines\SandBoxMode
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.AMM
{1B655094-FE2A-433c-A877-FF9793445069}
DirectSound DllMain mutex (0x00000C38)
DDrawWindowListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [MpSoft - http://www.mpsoft.net.cn,Static]
[Window,Class] = [MpSoft - http://www.mpsoft.net.cn ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装程序已成功地运行完成。,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [,美萍汽车美容管理系统V4.0 连锁店试用版]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3256, Hwnd=0x2034e, Text = _sp, ClassName = _sp.
Pid = 3256, Hwnd=0x3035a, Text = 下一步(&N) >, ClassName = Button.
Pid = 3256, Hwnd=0x20352, Text = 取消(&C), ClassName = Button.
Pid = 3256, Hwnd=0x10362, Text = MpSoft - http://www.mpsoft.net.cn , ClassName = Static.
Pid = 3256, Hwnd=0x10364, Text = MpSoft - http://www.mpsoft.net.cn, ClassName = Static.
Pid = 3256, Hwnd=0x10376, Text = 欢迎使用 美萍汽车美容管理系统 v4.0(试用版) 安装向导, ClassName = Static.
Pid = 3256, Hwnd=0x10378, Text = 这个向导将指引你完成 美萍汽车美容管理系统 v4.0(试用版) 的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装, ClassName = Static.
Pid = 3256, Hwnd=0x3034e, Text = 美萍汽车美容管理系统 安装, ClassName = #32770.
Pid = 3256, Hwnd=0x30354, Text = < 上一步(&P), ClassName = Button.
Pid = 3256, Hwnd=0x3035a, Text = 我同意(&I), ClassName = Button.
Pid = 3256, Hwnd=0x10368, Text = 许可证协议, ClassName = Static.
Pid = 3256, Hwnd=0x1036a, Text = 在安装 美萍汽车美容管理系统 之前,请检阅授权条款。, ClassName = Static.
Pid = 3256, Hwnd=0x20378, Text = 检阅协议的其余部分,请按 [PgDn] 往下卷动页面。, ClassName = Static.
Pid = 3256, Hwnd=0x20374, Text = 如果你接受协议中的条款,单击 [我同意(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须要接受协议才能安装 美萍汽车美容管, ClassName = Static.
Pid = 3256, Hwnd=0x10368, Text = 选定组件, ClassName = Static.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\spltmp.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz7.tmp\modern-header.bmp
\Program Files\MpSoft\mpcar\help\boxset.jpg
\Program Files\MpSoft\mpcar\help\about.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号