VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:b596e7cacbad1e814b0cd053086c4900
file type:EXE
Production company:
version:1.0.7.0---1.0.7.0
Shell or compiler information:COMPILER:Microsoft Visual C# / Basic .NET
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
File behavior
Behavior description:写权限映射文件
details:Global\Cor_Private_IPCBlock_v4_300
Global\Cor_SxSPublic_IPCBlock_300
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\GDIPlus\FontCachePath
Other behavior
Behavior description:窗口信息
details:Pid = 300, Hwnd=0xb01c6, Text = 3. Attack options, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xa01aa, Text = TCP / UDP message, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xb01b0, Text = HTTP Subsite, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xa018c, Text = Timeout, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xe016e, Text = Threads, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xa0198, Text = Method, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xd01a4, Text = Port, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xc01e8, Text = <= faster Speed slower =>, ClassName = WindowsForms10.STATIC.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xa0196, Text = Wait for reply, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xc01b4, Text = A cat is fine too. Desudesudesu~, ClassName = WindowsForms10.EDIT.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xb0170, Text = /, ClassName = WindowsForms10.EDIT.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xb01ce, Text = 9001, ClassName = WindowsForms10.EDIT.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xd01ac, Text = 10, ClassName = WindowsForms10.EDIT.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xb016c, Text = 80, ClassName = WindowsForms10.EDIT.app.0.2bf8098_r21_ad1.
Pid = 300, Hwnd=0xd0190, Text = Attack status, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r21_ad1.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号