VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: a941fa076201fbec8d0a048ff58eb3ed
file type: EXE
Production company:
version: 1.0.0.0---1.0.0.0
Shell or compiler information: PACKER:PolyEnE 0.01+ by Lennart Hedlund *

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0x69e42ed0, EDX = 0x00001190
EAX = 0x69e42f1c, EDX = 0x00001190
EAX = 0x69e42f68, EDX = 0x00001190
EAX = 0x69e42fb4, EDX = 0x00001190
EAX = 0x6c972f30, EDX = 0x00001190
EAX = 0x71d1fde9, EDX = 0x00001190
EAX = 0x71d1fe35, EDX = 0x00001190
EAX = 0x71d1fe81, EDX = 0x00001190
EAX = 0x71d1fecd, EDX = 0x00001190
EAX = 0x71d1ff19, EDX = 0x00001190
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x180104b7.

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EJ
Behavior description: 直接获取CPU时钟
details: EAX = 0x69e42ed0, EDX = 0x00001190
EAX = 0x69e42f1c, EDX = 0x00001190
EAX = 0x69e42f68, EDX = 0x00001190
EAX = 0x69e42fb4, EDX = 0x00001190
EAX = 0x6c972f30, EDX = 0x00001190
EAX = 0x71d1fde9, EDX = 0x00001190
EAX = 0x71d1fe35, EDX = 0x00001190
EAX = 0x71d1fe81, EDX = 0x00001190
EAX = 0x71d1fecd, EDX = 0x00001190
EAX = 0x71d1ff19, EDX = 0x00001190
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description: 窗口信息
details: Pid = 1388, Hwnd=0x15030c, Text = 确定, ClassName = Button.
Pid = 1388, Hwnd=0x403ca, Text = Enable to load Settings.ini, ClassName = Static.
Pid = 1388, Hwnd=0xc038a, Text = Loading Error, ClassName = #32770.
Pid = 1388, Hwnd=0x503ca, Text = 确定, ClassName = Button.
Pid = 1388, Hwnd=0x16030c, Text = Enable to load ServerList.txt, ClassName = Static.
Pid = 1388, Hwnd=0xd038a, Text = Loading Error, ClassName = #32770.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x180104b7.
Behavior description: 打开互斥体
details: ShimCacheMutex

Run screenshot

VirSCAN