VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: b930078103cfacd49c723c152ba8abb6
file type: EXE
Production company: Noël Danjou
version: 9.21.156.3---9.21.156.3
Shell or compiler information: COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *

Key behavior

Behavior description: 获取文件属性探测虚拟机
details: GetFileAttributesEx: FileName = C:\WINDOWS\system32\VBoxDisp.dll

File behavior

Behavior description: 创建文件
details: C:\WINDOWS\system32\d3d9caps.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini
Behavior description: 重命名文件
details: C:\WINDOWS\system32\d3d9caps.tmp ---> C:\WINDOWS\system32\d3d9caps.dat
Behavior description: 获取文件属性探测虚拟机
details: GetFileAttributesEx: FileName = C:\WINDOWS\system32\VBoxDisp.dll
Behavior description: 删除文件
details: C:\WINDOWS\system32\d3d9caps.dat
Behavior description: 修改文件内容
details: C:\WINDOWS\system32\d3d9caps.tmp ---> Offset = 0
C:\WINDOWS\system32\d3d9caps.tmp ---> Offset = 4
C:\WINDOWS\system32\d3d9caps.tmp ---> Offset = 28
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 21
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 51
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 76
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 102
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 125
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 150
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 169
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 182
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 209
C:\Documents and Settings\Administrator\Local Settings\Application Data\Noël Danjou\AMCap\996E.ini ---> Offset = 225

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\USER\S-*\Software\Microsoft\ActiveMovie\devenum\Version

Other behavior

Behavior description: 创建互斥体
details: AMResourceMutex2
VideoRenderer
StiTraceMutexSti_Trace.log
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DDrawWindowListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
DDrawDriverObjectListMutex
eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-*
MSCTF.Shared.MUTEX.IOH
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.EJK.IC
EventName = MSCTF.SendReceiveConection.Event.EJK.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 2704, Hwnd=0x30366, Text = 确定, ClassName = Button.
Pid = 2704, Hwnd=0x6035e, Text = Sorry, you have no video capture hardware. Video capture will not function properly., ClassName = Static.
Pid = 2704, Hwnd=0x10368, Text = AMCap, ClassName = #32770.
Pid = 2704, Hwnd=0x40182, Text = AMCap (Demo Version), ClassName = #100.
Behavior description: 打开互斥体
details: __DDrawExclMode__
__DDrawCheckExclMode__
ShimCacheMutex

Run screenshot

VirSCAN