VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:61
Behavior list
Basic Information
MD5:b34aa691220124d9e0a078e0911719db
file type:EXE
Production company:widi
version:1.0.10.20---1.0.10.20
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:rlpack_12x_full_aplib_bedd235adumpFile / 5465b83b2b7e931cac941836b8d4de25 / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBE..JHLGH
MSCTF.MarshalInterface.FileMap.IBE.B.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.C.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.D.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.E.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.F.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.G.JHLGH
MSCTF.Shared.SFM.IBE
Behavior description:检测自身是否被调试
details:N/A
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [FileMonClass,]
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBE..JHLGH
MSCTF.MarshalInterface.FileMap.IBE.B.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.C.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.D.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.E.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.F.JHLGH
MSCTF.MarshalInterface.FileMap.IBE.G.JHLGH
MSCTF.Shared.SFM.IBE
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IBE
Behavior description:内联HOOK
details:C:\WINDOWS\system32\ntdll.dll--->DbgUiRemoteBreakin Offset = 0x0
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\SIWVID
\??\NTICE
Behavior description:窗口信息
details:Pid = 872, Hwnd=0x202a8, Text = 程序启动中, ClassName = WTWindow.
Pid = 872, Hwnd=0x202ca, Text = 试 用, ClassName = Button.
Pid = 872, Hwnd=0x202c8, Text = 授 权, ClassName = Button.
Pid = 872, Hwnd=0x202c4, Text = 购 买, ClassName = Button.
Pid = 872, Hwnd=0x202c2, Text = 授 权 码, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 872, Hwnd=0x202d8, Text = 联系方式, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 872, Hwnd=0x202d6, Text = 授权用户, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 872, Hwnd=0x302dc, Text = 关 闭, ClassName = Button.
Pid = 872, Hwnd=0x202b2, Text = 授权, ClassName = WTWindow.
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [FileMonClass,]
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Abnormal crash
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IBE
Behavior description:内联HOOK
details:C:\WINDOWS\system32\ntdll.dll--->DbgUiRemoteBreakin Offset = 0x0
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\SIWVID
\??\NTICE
Behavior description:窗口信息
details:Pid = 872, Hwnd=0x202a8, Text = 程序启动中, ClassName = WTWindow.
Pid = 872, Hwnd=0x202ca, Text = 试 用, ClassName = Button.
Pid = 872, Hwnd=0x202c8, Text = 授 权, ClassName = Button.
Pid = 872, Hwnd=0x202c4, Text = 购 买, ClassName = Button.
Pid = 872, Hwnd=0x202c2, Text = 授 权 码, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 872, Hwnd=0x202d8, Text = 联系方式, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 872, Hwnd=0x202d6, Text = 授权用户, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 872, Hwnd=0x302dc, Text = 关 闭, ClassName = Button.
Pid = 872, Hwnd=0x202b2, Text = 授权, ClassName = WTWindow.
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [FileMonClass,]
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号