VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:a7cba918ce5368b4c8db05be83d01b7f
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

File behavior

Behavior description: 创建可执行文件
details: C:\Users\ADMINI~1\AppData\Local\Temp\evb91E5.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb91F6.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9207.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9237.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb92E3.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb92F4.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9314.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9315.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9336.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9346.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9347.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb95D8.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb95E9.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9657.tmp
C:\Users\ADMINI~1\AppData\Local\Temp\evb9668.tmp

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\sample_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\sample_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\sample_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\sample_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\sample_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\sample_RASAPI32\FileDirectory
\REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
\REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
\REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect
\REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
Behavior description: 删除注册表键值_IE连接设置
details: \REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-525766890-2467490387-4115552148-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

Other behavior

Behavior description: 窗口信息
details: Pid = 2704, Hwnd=0x30260, Text = 错误信息, ClassName = #32770.
Pid = 2704, Hwnd=0x30288, Text = DiskGenius V4.5.0 x64 专业版, ClassName = Afx:0000000140000000:b:0000000000010003:0000000000000006:0000000000320137.
Pid = 2704, Hwnd=0x102e0, Text = 发现刚刚使用的功能不错呦,我也要分享一下,让更多人使用!, ClassName = Static.
Pid = 2704, Hwnd=0x102e2, Text = 不再提示, ClassName = Button(CheckBox).
Pid = 2704, Hwnd=0x40274, Text = Tab1, ClassName = SysTabControl32.
Pid = 2704, Hwnd=0x60250, Text = 分析, ClassName = Button.
Pid = 2704, Hwnd=0x30202, Text = 当前字节序: 大端, ClassName = Static.
Pid = 2704, Hwnd=0x401fa, Text = 8位(±):, ClassName = Static.
Pid = 2704, Hwnd=0x301fc, Text = 8位(+):, ClassName = Static.
Pid = 2704, Hwnd=0x301fe, Text = 16位(±):, ClassName = Static.
Pid = 2704, Hwnd=0x901d0, Text = 16位(+):, ClassName = Static.
Pid = 2704, Hwnd=0x30206, Text = 24位(±):, ClassName = Static.
Pid = 2704, Hwnd=0x301e8, Text = 24位(+):, ClassName = Static.
Pid = 2704, Hwnd=0x301ea, Text = 32位(±):, ClassName = Static.
Pid = 2704, Hwnd=0x301b8, Text = 32位(+):, ClassName = Static.