VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:82
Behavior list
Basic Information
MD5:aaf0b6c59b1b5be392b134987231bd20
file type:EXE
Production company:www.3lsoft.com
version:5.0.1.8071---5.0.1.08071
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:Uninstall.exe / 4028779c18b6cb629d4a634da9c50834 / EXE
VStart.exe / b7b8ce6da220e6fca645bd00692a138f / EXE
comctl32.ocx / e2bed335446b7321ff38a138b3962e8a / DLL
msg.wav / dde597ffd855f89de33951973426a3cb / Unknown
Vstart64.dll / 7d62aebc8423a479406e33aaf62ffea3 / DLL
RICHTX32.OCX / 045a16822822426c305ea7280270a3d6 / DLL
万年历.exe / 854cb89ad7c715dc063acff36bae98d0 / EXE
Skin-6.bmp / 37773e37d6eb2315732119cef79d3168 / Unknown
MyWeather.exe / ebed575e66af2697b9448c2bbe6523b8 / EXE
mswinsck.ocx / e8a2190a9e8ee5e5d2e0b599bbf9dda6 / DLL
Skin-8.bmp / 437e40bfa2141c01cd3e696db162ac94 / Unknown
vb6chs.dll / 992f9318a8a70927db171db83ffcbbb3 / DLL
vsEnFolder.exe / 1db9ee508f11eada9ad3d4779c3435a0 / EXE
City.txt / 7c63e1a6d4d3ed8b888a1f96cf3d130e / Unknown
City.txt / 7c63e1a6d4d3ed8b888a1f96cf3d130e / Unknown
Skin-7.bmp / f70e1fe0ff340f3af9e0e443d4676f2e / Unknown
EasyPanel.exe / 5a15e58065f4b77bde871ee7fe5460b9 / EXE
Skin-5.bmp / fbc23336d877ee0b0d0b436af8ed1364 / Unknown
RegAsm.exe / c1d166c8a81be8727c12e5d30c523639 / EXE
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x16740b5d, EDX = 0x000003a0
EAX = 0x1baeda16, EDX = 0x000003a0
EAX = 0x3b3ae0e3, EDX = 0x000003a0
EAX = 0x48637d39, EDX = 0x000003a0
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
Behavior description:查找文件
details:FileName = C:\Program Files\VStart\*.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\USER\S-*\Software\Microsoft\GDIPlus\FontCachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:VStartSetup
Behavior description:直接获取CPU时钟
details:EAX = 0x16740b5d, EDX = 0x000003a0
EAX = 0x1baeda16, EDX = 0x000003a0
EAX = 0x3b3ae0e3, EDX = 0x000003a0
EAX = 0x48637d39, EDX = 0x000003a0
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description:窗口信息
details:Pid = 2976, Hwnd=0x120166, Text = 音速启动 - 安装程序, ClassName = MainFrameInstall.
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号