VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:a66574467828450d028b792a7e6239da
file type:EXE
Production company:
version:1.0.0.0---1.0.0.0
Shell or compiler information:PACKER:ASPack 2.12 -> Alexey Solodovnikov
Subfile information:aspack212r_80fbeaaadumpFile / big file / EXE
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
{CAF49BBB-AF40-4FDE-8757-51D5AEB5BBBF}
MSCTF.MarshalInterface.FileMap.MGK..AAJHF
MSCTF.MarshalInterface.FileMap.MGK.B.AAJHF
MSCTF.MarshalInterface.FileMap.MGK.C.AAJHF
MSCTF.MarshalInterface.FileMap.MGK.D.AAJHF
MSCTF.MarshalInterface.FileMap.MGK.E.AAJHF
MSCTF.MarshalInterface.FileMap.MGK.F.AAJHF
MSCTF.MarshalInterface.FileMap.MGK.G.PAJHF
MSCTF.Shared.SFM.MGK
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\ieframe.dll.mui,-880
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21782
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12693
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-8964
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21786
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21765
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8E849FC-2444-472A-A679-ADCE981D8F11}\Info\Data
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MGK
Behavior description:枚举窗口
details:N/A
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2664, Hwnd=0x10392, Text = 如果您使用后喜欢此软件 并且以后一直使用它,我们希望您 能够注册。注册用户将得到我们的技术支持及其他服务。并且可 以免费升级到, ClassName = TcxRichEdit.
Pid = 2664, Hwnd=0x1038a, Text = 操 作, ClassName = TcxGroupBox.
Pid = 2664, Hwnd=0x10390, Text = 终止程序, ClassName = TcxButton.
Pid = 2664, Hwnd=0x1038e, Text = 试 用, ClassName = TcxButton.
Pid = 2664, Hwnd=0x1038c, Text = 注 册, ClassName = TcxButton.
Pid = 2664, Hwnd=0x1037c, Text = 注册信息, ClassName = TcxGroupBox.
Pid = 2664, Hwnd=0x10384, Text = 未注册,请注册!, ClassName = TcxLabel.
Pid = 2664, Hwnd=0x10382, Text = 这是第0天试用,还可以试用15天, ClassName = TcxLabel.
Pid = 2664, Hwnd=0x20376, Text = nljZBlIdpZfpLmcIQbZDPp3GeUrkyxzdpJ8=, ClassName = TcxTextEdit.
Pid = 2664, Hwnd=0x20378, Text = nljZBlIdpZfpLmcIQbZDPp3GeUrkyxzdpJ8=, ClassName = TcxCustomInnerTextEdit.
Pid = 2664, Hwnd=0x10380, Text = 注册码, ClassName = TcxLabel.
Pid = 2664, Hwnd=0x1037e, Text = 账 号, ClassName = TcxLabel.
Pid = 2664, Hwnd=0x10374, Text = 软件注册, ClassName = TFRegSoft.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号