VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:a2b8f499e28d7ceb9db7a935f6e39a3d
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.AOI..LDFKG
MSCTF.MarshalInterface.FileMap.AOI.B.LEFKG
MSCTF.MarshalInterface.FileMap.AOI.C.LEFKG
MSCTF.MarshalInterface.FileMap.AOI.D.LEFKG
MSCTF.MarshalInterface.FileMap.AOI.E.KFFKG
MSCTF.MarshalInterface.FileMap.AOI.F.KGFKG
MSCTF.MarshalInterface.FileMap.AOI.G.JIFKG
MSCTF.Shared.SFM.AOI
MSCTF.MarshalInterface.FileMap.AOI.H.KKONG
MSCTF.MarshalInterface.FileMap.AOI.I.KKONG
MSCTF.MarshalInterface.FileMap.AOI.J.KKONG
MSCTF.MarshalInterface.FileMap.AOI.K.KKONG
MSCTF.MarshalInterface.FileMap.AOI.L.KKONG
MSCTF.MarshalInterface.FileMap.AOI.M.KLONG
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x0e0104e8, DC = 0x0e0104e8.
Foreground window Info: HWND = 0x120104a5, DC = 0x120104a5.
Behavior description: 按名称获取主机地址
details: dev.voicecloud.cn

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.AOI..LDFKG
MSCTF.MarshalInterface.FileMap.AOI.B.LEFKG
MSCTF.MarshalInterface.FileMap.AOI.C.LEFKG
MSCTF.MarshalInterface.FileMap.AOI.D.LEFKG
MSCTF.MarshalInterface.FileMap.AOI.E.KFFKG
MSCTF.MarshalInterface.FileMap.AOI.F.KGFKG
MSCTF.MarshalInterface.FileMap.AOI.G.JIFKG
MSCTF.Shared.SFM.AOI
MSCTF.MarshalInterface.FileMap.AOI.H.KKONG
MSCTF.MarshalInterface.FileMap.AOI.I.KKONG
MSCTF.MarshalInterface.FileMap.AOI.J.KKONG
MSCTF.MarshalInterface.FileMap.AOI.K.KKONG
MSCTF.MarshalInterface.FileMap.AOI.L.KKONG
MSCTF.MarshalInterface.FileMap.AOI.M.KLONG
Behavior description: 查找文件
details: FileName = c:\%temp%\1439188572.078938.exe_7zdump\炫勇文字转成语音生成器\SkinH_EL.dll

Network behavior

Behavior description: 按名称获取主机地址
details: dev.voicecloud.cn

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.AOI
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 获取TickCount值
details: TickCount = 434000, SleepMilliseconds = 500.
TickCount = 434015, SleepMilliseconds = 500.
TickCount = 434031, SleepMilliseconds = 500.
TickCount = 434062, SleepMilliseconds = 500.
TickCount = 434078, SleepMilliseconds = 500.
TickCount = 434093, SleepMilliseconds = 500.
TickCount = 434109, SleepMilliseconds = 500.
TickCount = 434125, SleepMilliseconds = 500.
TickCount = 434140, SleepMilliseconds = 500.
TickCount = 434156, SleepMilliseconds = 500.
TickCount = 434171, SleepMilliseconds = 500.
TickCount = 434187, SleepMilliseconds = 500.
TickCount = 434203, SleepMilliseconds = 500.
TickCount = 434218, SleepMilliseconds = 500.
TickCount = 434234, SleepMilliseconds = 500.
Behavior description: 窗口信息
details: Pid = 2268, Hwnd=0x301d4, Text = 提示:请把压缩包里东西全部解压出来,不要单独打开软件! 请先点击“保存语音文件”再输入文字,再点击“开始生成” 【点击查看演示】, ClassName = Button.
Pid = 2268, Hwnd=0x3023a, Text = 炫勇QQ:812096619, ClassName = Button.
Pid = 2268, Hwnd=0x301dc, Text = 保存语音文件, ClassName = Button(CheckBox).
Pid = 2268, Hwnd=0x3021a, Text = 已成功连接服务器, ClassName = msctls_statusbar32.
Pid = 2268, Hwnd=0x60240, Text = 生成设置, ClassName = Button(GroupBox).
Pid = 2268, Hwnd=0x4023e, Text = 压缩等级, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2268, Hwnd=0x301f0, Text = 7, ClassName = ComboBox.
Pid = 2268, Hwnd=0x60212, Text = 默认值, ClassName = Button.
Pid = 2268, Hwnd=0x50208, Text = 音频格式, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2268, Hwnd=0x60214, Text = audio/L16;rate=16000, ClassName = ComboBox.
Pid = 2268, Hwnd=0x4023c, Text = 音频编码, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2268, Hwnd=0x4021e, Text = speex, ClassName = ComboBox.
Pid = 2268, Hwnd=0x50216, Text = 背景音, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2268, Hwnd=0x501bc, Text = 0, ClassName = ComboBox.
Pid = 2268, Hwnd=0x50230, Text = 文本编码, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x0e0104e8, DC = 0x0e0104e8.
Foreground window Info: HWND = 0x120104a5, DC = 0x120104a5.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 500.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 500.
[5]: MilliSeconds = 500.
[6]: MilliSeconds = 500.
[7]: MilliSeconds = 500.
[8]: MilliSeconds = 500.
[9]: MilliSeconds = 500.
[10]: MilliSeconds = 500.
[11]: MilliSeconds = 500.
[12]: MilliSeconds = 500.
[13]: MilliSeconds = 500.
[14]: MilliSeconds = 500.
[15]: MilliSeconds = 500.
Behavior description: 内联HOOK
details: C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0