VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:a237eb3c8bd0bf0143f20aa175e4ba15
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Borland C++ 1999 [Overlay]
Subfile information:易语言制作QQ轰炸机.exedumpFile / big file / EXE
易语言制作QQ轰炸机.exe / big file / EXE
新建 文本文档 (2).txtdumpFile / 22e8a1aa847f7aa2af395aabf587ec70 / Unknown
新建 文本文档 (2).txt / 22e8a1aa847f7aa2af395aabf587ec70 / Unknown
打开这里更多最新超值海量免费网赚资源分享.urldumpFile / 2a126664f62f70149f68e57daedb451d / Unknown
打开这里更多最新超值海量免费网赚资源分享.url / 2a126664f62f70149f68e57daedb451d / Unknown
日赚500项目,绝对真实,超级给力!.urldumpFile / 324e90f53697d29d1d59216a0956d976 / Unknown
日赚500项目,绝对真实,超级给力!.url / 324e90f53697d29d1d59216a0956d976 / Unknown
牧马人易语言14之制作QQ轰炸机dumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:获取TickCount值
details:TickCount = 5358885, SleepMilliseconds = 10.
TickCount = 5368572, SleepMilliseconds = 10.
TickCount = 5368588, SleepMilliseconds = 10.
TickCount = 5383635, SleepMilliseconds = 10.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 易语言制作QQ轰炸机.exe, InheritedFromPID = 1944, ProcessID = 2368, ThreadID = 2444, StartAddress = 76B2B128, Parameter = 00192F10
TargetProcess: 易语言制作QQ轰炸机.exe, InheritedFromPID = 1944, ProcessID = 2368, ThreadID = 2820, StartAddress = 76B2AEAF, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\plzj0.wav
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\plzj0.wav
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\plzj0.wav ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\plzj0.wav ---> Offset = 100000
C:\Documents and Settings\Administrator\Local Settings\Temp\plzj0.wav ---> Offset = 200000
C:\Documents and Settings\Administrator\Local Settings\Temp\plzj0.wav ---> Offset = 300000
C:\Documents and Settings\Administrator\Local Settings\Temp\plzj0.wav ---> Offset = 400000
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EEJ
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EEJ.IC
EventName = MSCTF.SendReceiveConection.Event.EEJ.IC
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007B4.00000000.0000003F
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.0000003F
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
LXPLAYFF
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2368, Hwnd=0xc032a, Text = OK, ClassName = TButton.
Pid = 2368, Hwnd=0x1a02fe, Text = Player, ClassName = TMessageForm.
Behavior description:获取TickCount值
details:TickCount = 5358885, SleepMilliseconds = 10.
TickCount = 5368572, SleepMilliseconds = 10.
TickCount = 5368588, SleepMilliseconds = 10.
TickCount = 5383635, SleepMilliseconds = 10.
Behavior description:获取光标位置
details:CursorPos = (71,18468), SleepMilliseconds = 10.
CursorPos = (6364,26501), SleepMilliseconds = 10.
CursorPos = (19199,15725), SleepMilliseconds = 10.
CursorPos = (11508,29359), SleepMilliseconds = 10.
CursorPos = (26992,24465), SleepMilliseconds = 10.
CursorPos = (5735,28146), SleepMilliseconds = 10.
CursorPos = (23311,16828), SleepMilliseconds = 10.
CursorPos = (9991,492), SleepMilliseconds = 10.
CursorPos = (3025,11943), SleepMilliseconds = 10.
CursorPos = (4857,5437), SleepMilliseconds = 10.
CursorPos = (32421,14605), SleepMilliseconds = 10.
CursorPos = (3932,154), SleepMilliseconds = 10.
CursorPos = (322,12383), SleepMilliseconds = 10.
CursorPos = (17451,18717), SleepMilliseconds = 10.
CursorPos = (19748,19896), SleepMilliseconds = 10.
Behavior description:枚举窗口
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [进度,TJdForm]
[Window,Class] = [控制,TControlForm]
Behavior description:打开互斥体
details:ShimCacheMutex
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号