VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:81
Behavior list
Basic Information
MD5:a77a4c10956baf29d3152d80620e9f2d
file type:DLL
Production company:
version:2.0.8.0---2, 0, 8, 0
Shell or compiler information:COMPILER:Microsoft Visual C++ v7.1 DLL [Overlay]
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IEF..BJHGH
MSCTF.MarshalInterface.FileMap.IEF.B.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.C.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.D.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.E.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.F.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.G.BKHGH
MSCTF.Shared.SFM.IEF
MSCTF.MarshalInterface.FileMap.IEF.H.PMALH
MSCTF.MarshalInterface.FileMap.IEF.I.PMALH
MSCTF.MarshalInterface.FileMap.IEF.J.PMALH
MSCTF.MarshalInterface.FileMap.IEF.K.PMALH
MSCTF.MarshalInterface.FileMap.IEF.L.PMALH
MSCTF.MarshalInterface.FileMap.IEF.M.PMALH
Behavior description:DLL样本(x86)
details:N/A
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\Regsvr32.exe, CmdLine = Regsvr32.exe c:\docume~1\admini~1\locals~1\%temp%\996e.dll
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IEF..BJHGH
MSCTF.MarshalInterface.FileMap.IEF.B.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.C.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.D.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.E.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.F.BJHGH
MSCTF.MarshalInterface.FileMap.IEF.G.BKHGH
MSCTF.Shared.SFM.IEF
MSCTF.MarshalInterface.FileMap.IEF.H.PMALH
MSCTF.MarshalInterface.FileMap.IEF.I.PMALH
MSCTF.MarshalInterface.FileMap.IEF.J.PMALH
MSCTF.MarshalInterface.FileMap.IEF.K.PMALH
MSCTF.MarshalInterface.FileMap.IEF.L.PMALH
MSCTF.MarshalInterface.FileMap.IEF.M.PMALH
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\HELPDIR\
Other behavior
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IEF
Behavior description:DLL样本(x86)
details:N/A
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号