1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:81 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | a77a4c10956baf29d3152d80620e9f2d |
| file type: | DLL |
| Production company: | |
| version: | 2.0.8.0---2, 0, 8, 0 |
| Shell or compiler information: | COMPILER:Microsoft Visual C++ v7.1 DLL [Overlay] |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.IEF..BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.B.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.C.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.D.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.E.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.F.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.G.BKHGH | |
| MSCTF.Shared.SFM.IEF | |
| MSCTF.MarshalInterface.FileMap.IEF.H.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.I.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.J.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.K.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.L.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.M.PMALH | |
| Behavior description: | DLL样本(x86) |
| details: | N/A |
| Process behavior | |
|---|---|
| Behavior description: | 创建进程 |
| details: | ImagePath = C:\WINDOWS\system32\Regsvr32.exe, CmdLine = Regsvr32.exe c:\docume~1\admini~1\locals~1\%temp%\996e.dll |
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.IEF..BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.B.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.C.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.D.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.E.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.F.BJHGH | |
| MSCTF.MarshalInterface.FileMap.IEF.G.BKHGH | |
| MSCTF.Shared.SFM.IEF | |
| MSCTF.MarshalInterface.FileMap.IEF.H.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.I.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.J.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.K.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.L.PMALH | |
| MSCTF.MarshalInterface.FileMap.IEF.M.PMALH | |
| Registry behavior | |
|---|---|
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\ |
| \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\FLAGS\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\0\win32\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8F08C31B-DDA6-44CD-95A3-6B81764432DC}\1.0\HELPDIR\ | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | SHIMLIB_LOG_MUTEX |
| CTF.LBES.MutexDefaultS-* | |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.IEF | |
| Behavior description: | DLL样本(x86) |
| details: | N/A |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 获取系统权限 |
| details: | SE_LOAD_DRIVER_PRIVILEGE |
| SE_DEBUG_PRIVILEGE | |
| Run screenshot |
|---|
 |
HOME
