VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:a1c07d6450fdb5e37d4fa33a83bdbded
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:plugin32_pvrtexlib.dll / 9f79f43c3fba945a457cf78a58e788aa / DLL
txdfucker32_build_419_night.exe / b47b7ca9da69a1d08e89eb3d4369b519 / EXE
plugin32_dxt_libsquish.dll / 4226b18f89092ea7079ddbf046c5d919 / DLL
plugin32_etc_rgetc1.dll / 4b0d466a8739c7a05a6a02910a3726b8 / DLL
plugin32_dxt_ryg.dll / ffeb06f7facc66cb3589de50cc2f8c1a / DLL
changelog.txt / fef4d7009ec557b5606dead03da8039a / Unknown
readme.txt / 5f2c9106ece8c0c9a68fe8eba3caf137 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.APD..OJKGH
MSCTF.MarshalInterface.FileMap.APD.B.OLKGH
MSCTF.MarshalInterface.FileMap.APD.C.OLKGH
MSCTF.MarshalInterface.FileMap.APD.D.NMKGH
MSCTF.MarshalInterface.FileMap.APD.E.NMKGH
MSCTF.MarshalInterface.FileMap.APD.F.NMKGH
MSCTF.MarshalInterface.FileMap.APD.G.NMKGH
MSCTF.Shared.SFM.APD
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a2, Text = TXDFucker 0.7b NIGHT build #419, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [不能渲染纹理.,Static]
[Window,Class] = [,Static]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.APD..OJKGH
MSCTF.MarshalInterface.FileMap.APD.B.OLKGH
MSCTF.MarshalInterface.FileMap.APD.C.OLKGH
MSCTF.MarshalInterface.FileMap.APD.D.NMKGH
MSCTF.MarshalInterface.FileMap.APD.E.NMKGH
MSCTF.MarshalInterface.FileMap.APD.F.NMKGH
MSCTF.MarshalInterface.FileMap.APD.G.NMKGH
MSCTF.Shared.SFM.APD
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.963677.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.967217.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 22
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.970773.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 42
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.974306.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 84
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.977860.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.981393.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 164
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.984944.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.988482.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 195
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.992038.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 192
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.995576.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032015.999142.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 231
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032016.002776.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 243
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032016.006319.exe_7zdump\txdfucker32_build_419_night.ini---> Offset = 252
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032016.009871.exe_7zdump\txdfucker32_build_419_night.log---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
FileName = plugins\*.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446032016.157216.exe_7zdump\\lang\*.dll
Other behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a2, Text = TXDFucker 0.7b NIGHT build #419, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 1352, Hwnd=0x202ca, Text = 确定, ClassName = Button.
Pid = 1352, Hwnd=0x302da, Text = 嗨.你们好. 这个项目还没有完成,所以别忘了检查最新版本 http://gta.nick7.com/. 程序没有“撤销”功能所以之前备份所有游戏资源下面点击, ClassName = Static.
Pid = 1352, Hwnd=0x202c8, Text = Alpha version, bitches, ClassName = #32770.
Pid = 1352, Hwnd=0x302dc, Text = 不能渲染纹理., ClassName = Static.
Pid = 1352, Hwnd=0x202c4, Text = TXDFucker is ready to fuck you up.DictionaryRenderWare Texture Dictionary, ClassName = msctls_statusbar32.
Pid = 1352, Hwnd=0x302a2, Text = TXDFucker 0.7b NIGHT build #419, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [不能渲染纹理.,Static]
[Window,Class] = [,Static]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.APD
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号