VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:9c15f29135e1dff1c4cfc7f7d7ca4778
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 (Delphi) stub -> Markus & Laszlo [Overlay]
Subfile information:flexhex_setup.exe / e8abb3835277f3a42e6ab12b553f0ade / EXE
upx_c_0807be08dumpFile / 75de2db4b87394759d90ac0ba16286a4 / EXE
Readme-说明.htm / a59029ce16322dbd57343463ae17df56 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MJB..LBLGH
MSCTF.MarshalInterface.FileMap.MJB.B.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.C.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.D.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.E.LDLGH
MSCTF.MarshalInterface.FileMap.MJB.F.KELGH
MSCTF.MarshalInterface.FileMap.MJB.G.KFLGH
MSCTF.Shared.SFM.MJB
MSCTF.MarshalInterface.FileMap.MJB.H.KBPKH
MSCTF.MarshalInterface.FileMap.MJB.I.JCPKH
MSCTF.MarshalInterface.FileMap.MJB.J.JCPKH
MSCTF.MarshalInterface.FileMap.MJB.K.JCPKH
MSCTF.MarshalInterface.FileMap.MJB.L.JDPKH
MSCTF.MarshalInterface.FileMap.MJB.M.JEPKH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MJB..LBLGH
MSCTF.MarshalInterface.FileMap.MJB.B.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.C.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.D.LCLGH
MSCTF.MarshalInterface.FileMap.MJB.E.LDLGH
MSCTF.MarshalInterface.FileMap.MJB.F.KELGH
MSCTF.MarshalInterface.FileMap.MJB.G.KFLGH
MSCTF.Shared.SFM.MJB
MSCTF.MarshalInterface.FileMap.MJB.H.KBPKH
MSCTF.MarshalInterface.FileMap.MJB.I.JCPKH
MSCTF.MarshalInterface.FileMap.MJB.J.JCPKH
MSCTF.MarshalInterface.FileMap.MJB.K.JCPKH
MSCTF.MarshalInterface.FileMap.MJB.L.JDPKH
MSCTF.MarshalInterface.FileMap.MJB.M.JEPKH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\unpack.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\Resume.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\plugins\0\CustomUI.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\splash.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup.rgn---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup.bmp---> Offset = 32432
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\banner.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\watermark.bmp---> Offset = 34172
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_warn.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_cancel.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_inf.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_que.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\unbanner.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\unwatermark.bmp---> Offset = 52668
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\maintenance.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\license.rtf---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\packagedb---> Offset = 45898
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\languages---> Offset = 14691
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\20K697NO
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\20K697QS
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\20K697U0
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\unpack.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445311752.662696.exe_7zdump\flexhex_setup.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\splash.bmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\splash.rgn
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup.rgn
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\languages
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\WINDOWS
FileName = C:\WINDOWS\Fonts
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
{11056249-9F13-49F9-B64B-39E760EC656D} setup
MSCTF.Shared.MUTEX.MJB
Behavior description:隐藏指定窗口
details:[Window,Class] = [,tooltips_class32]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1360, Hwnd=0x202c2, Text = < Back, ClassName = Button.
Pid = 1360, Hwnd=0x202c4, Text = Welcome to the FlexHEX Setup program. This program will install FlexHEX on your computer. It is strongly recommended that you , ClassName = Static.
Pid = 1360, Hwnd=0x202c8, Text = Welcome to the Installation Wizard, ClassName = Static.
Pid = 1360, Hwnd=0x202c6, Text = Cancel, ClassName = Button.
Pid = 1360, Hwnd=0x302da, Text = Next >, ClassName = Button.
Pid = 1360, Hwnd=0x202d6, Text = FlexHEX setup, ClassName = CUIWindow.
Pid = 1360, Hwnd=0x202d4, Text = FlexHEX Editor 2.6, ClassName = Static.
Pid = 1360, Hwnd=0x302dc, Text = FlexHEX Editor 2.6, ClassName = Static.
Pid = 1360, Hwnd=0x302ba, Text = FlexHEX setup, ClassName = CUIWindow.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\splash.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\banner.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\watermark.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_warn.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_cancel.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_inf.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\butt_que.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\unbanner.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\unwatermark.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20K697KJ\flexhex_setup\presetup\maintenance.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号