1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:61 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | b34aa691220124d9e0a078e0911719db |
| file type: | EXE |
| Production company: | widi |
| version: | 1.0.10.20---1.0.10.20 |
| Shell or compiler information: | PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo |
| Subfile information: | rlpack_12x_full_aplib_bedd235adumpFile / 5465b83b2b7e931cac941836b8d4de25 / EXE |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.IBE..JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.B.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.C.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.D.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.E.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.F.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.G.JHLGH | |
| MSCTF.Shared.SFM.IBE | |
| Behavior description: | 检测自身是否被调试 |
| details: | N/A |
| Behavior description: | 查找反病毒常用工具窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [FileMonClass,] |
| NtUserFindWindowEx: [Class,Window] = [OLLYDBG,] | |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.IBE..JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.B.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.C.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.D.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.E.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.F.JHLGH | |
| MSCTF.MarshalInterface.FileMap.IBE.G.JHLGH | |
| MSCTF.Shared.SFM.IBE | |
| Other behavior | |
|---|---|
| Behavior description: | 检测自身是否被调试 |
| details: | N/A |
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.IBE | |
| Behavior description: | 内联HOOK |
| details: | C:\WINDOWS\system32\ntdll.dll--->DbgUiRemoteBreakin Offset = 0x0 |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [18467-41,] |
| NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] | |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 尝试打开调试器或监控软件的驱动设备对象 |
| details: | \??\SICE |
| \??\SIWVID | |
| \??\NTICE | |
| Behavior description: | 窗口信息 |
| details: | Pid = 872, Hwnd=0x202a8, Text = 程序启动中, ClassName = WTWindow. |
| Pid = 872, Hwnd=0x202ca, Text = 试 用, ClassName = Button. | |
| Pid = 872, Hwnd=0x202c8, Text = 授 权, ClassName = Button. | |
| Pid = 872, Hwnd=0x202c4, Text = 购 买, ClassName = Button. | |
| Pid = 872, Hwnd=0x202c2, Text = 授 权 码, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 872, Hwnd=0x202d8, Text = 联系方式, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 872, Hwnd=0x202d6, Text = 授权用户, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 872, Hwnd=0x302dc, Text = 关 闭, ClassName = Button. | |
| Pid = 872, Hwnd=0x202b2, Text = 授权, ClassName = WTWindow. | |
| Behavior description: | 查找反病毒常用工具窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [FileMonClass,] |
| NtUserFindWindowEx: [Class,Window] = [OLLYDBG,] | |
| Abnormal crash | |
|---|---|
| Behavior description: | 检测自身是否被调试 |
| details: | N/A |
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.IBE | |
| Behavior description: | 内联HOOK |
| details: | C:\WINDOWS\system32\ntdll.dll--->DbgUiRemoteBreakin Offset = 0x0 |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [18467-41,] |
| NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] | |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 尝试打开调试器或监控软件的驱动设备对象 |
| details: | \??\SICE |
| \??\SIWVID | |
| \??\NTICE | |
| Behavior description: | 窗口信息 |
| details: | Pid = 872, Hwnd=0x202a8, Text = 程序启动中, ClassName = WTWindow. |
| Pid = 872, Hwnd=0x202ca, Text = 试 用, ClassName = Button. | |
| Pid = 872, Hwnd=0x202c8, Text = 授 权, ClassName = Button. | |
| Pid = 872, Hwnd=0x202c4, Text = 购 买, ClassName = Button. | |
| Pid = 872, Hwnd=0x202c2, Text = 授 权 码, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 872, Hwnd=0x202d8, Text = 联系方式, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 872, Hwnd=0x202d6, Text = 授权用户, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 872, Hwnd=0x302dc, Text = 关 闭, ClassName = Button. | |
| Pid = 872, Hwnd=0x202b2, Text = 授权, ClassName = WTWindow. | |
| Behavior description: | 查找反病毒常用工具窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [FileMonClass,] |
| NtUserFindWindowEx: [Class,Window] = [OLLYDBG,] | |
| Run screenshot |
|---|
 |
HOME
