VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:c237ef8eabc02040addfdec32093c66f
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C# / Basic .NET
Subfile information:x360ce.exedumpFile / e38562ed52977b1fe2e631907106b03b / EXE
x360ce.exe / e38562ed52977b1fe2e631907106b03b / EXE
xinput1_1.dlldumpFile / f26b59ba3bece9d04b92415a3205667a / DLL
xinput1_1.dll / f26b59ba3bece9d04b92415a3205667a / DLL
xinput1_4.dll / f26b59ba3bece9d04b92415a3205667a / DLL
xinput1_2.dlldumpFile / ed3d459106b3f9aa103dee6c2b8e17b9 / DLL
xinput1_2.dll / ed3d459106b3f9aa103dee6c2b8e17b9 / DLL
xinput1_3.dll / ed3d459106b3f9aa103dee6c2b8e17b9 / DLL
xinput9_1_0.dll / ed3d459106b3f9aa103dee6c2b8e17b9 / DLL
dinput8.dlldumpFile / 158e2a924c844330081efbd45939abd3 / DLL
dinput8.dll / 158e2a924c844330081efbd45939abd3 / DLL
LGPL.txtdumpFile / 38138baa100d7259934590850bc0406e / Unknown
LGPL.txt / 38138baa100d7259934590850bc0406e / Unknown
x360ce.gdbdumpFile / b8f71a8f8d3f0bfab8fb940e8b7e4d51 / Unknown
x360ce.gdb / b8f71a8f8d3f0bfab8fb940e8b7e4d51 / Unknown
LICENSE.txtdumpFile / 2a79927a9c3ee337dbe6b9e07706e996 / Unknown
LICENSE.txt / 2a79927a9c3ee337dbe6b9e07706e996 / Unknown
x360ce.inidumpFile / 4409511584c156e8c7dd552fecc120ab / Unknown
x360ce.ini / 4409511584c156e8c7dd552fecc120ab / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:直接获取CPU时钟
details:N/A
Behavior description:获取TickCount值
details:TickCount = 5415687, SleepMilliseconds = 60000.
TickCount = 5415703, SleepMilliseconds = 60000.
TickCount = 5416390, SleepMilliseconds = 60000.
TickCount = 5416406, SleepMilliseconds = 60000.
TickCount = 5417062, SleepMilliseconds = 60000.
TickCount = 5417187, SleepMilliseconds = 60000.
TickCount = 5417218, SleepMilliseconds = 60000.
TickCount = 5417234, SleepMilliseconds = 60000.
TickCount = 5417250, SleepMilliseconds = 60000.
TickCount = 5417265, SleepMilliseconds = 60000.
TickCount = 5417312, SleepMilliseconds = 60000.
TickCount = 5417984, SleepMilliseconds = 60000.
TickCount = 5418046, SleepMilliseconds = 60000.
TickCount = 5418062, SleepMilliseconds = 60000.
TickCount = 5418078, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3048, StartAddress = 792A741C, Parameter = 00000000
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3052, StartAddress = 791F59C0, Parameter = 001B01B0
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3072, StartAddress = 77E56C7D, Parameter = 001CF130
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3076, StartAddress = 769AE43B, Parameter = 001D80F8
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3092, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3096, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3100, StartAddress = 792C4BE2, Parameter = 0012E94C
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3108, StartAddress = 791F59C0, Parameter = 00204CF0
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3120, StartAddress = 791F59C0, Parameter = 00204CF0
TargetProcess: x360ce.exe, InheritedFromPID = 1944, ProcessID = 3032, ThreadID = 3500, StartAddress = 792F7F68, Parameter = 00000000
File behavior
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\杂牌手柄模拟360手柄补丁\x360ce.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\杂牌手柄模拟360手柄补丁
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\杂牌手柄模拟360手柄补丁\x360ce.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MNL
Behavior description:创建事件对象
details:EventName = Global\CPFATE_3032_v4.0.30319
EventName = MSCTF.SendReceive.Event.MNL.IC
EventName = MSCTF.SendReceiveConection.Event.MNL.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.3032
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:获取TickCount值
details:TickCount = 5415687, SleepMilliseconds = 60000.
TickCount = 5415703, SleepMilliseconds = 60000.
TickCount = 5416390, SleepMilliseconds = 60000.
TickCount = 5416406, SleepMilliseconds = 60000.
TickCount = 5417062, SleepMilliseconds = 60000.
TickCount = 5417187, SleepMilliseconds = 60000.
TickCount = 5417218, SleepMilliseconds = 60000.
TickCount = 5417234, SleepMilliseconds = 60000.
TickCount = 5417250, SleepMilliseconds = 60000.
TickCount = 5417265, SleepMilliseconds = 60000.
TickCount = 5417312, SleepMilliseconds = 60000.
TickCount = 5417984, SleepMilliseconds = 60000.
TickCount = 5418046, SleepMilliseconds = 60000.
TickCount = 5418062, SleepMilliseconds = 60000.
TickCount = 5418078, SleepMilliseconds = 60000.
Behavior description:窗口信息
details:Pid = 3032, Hwnd=0x13033a, Text = Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt t, ClassName = WindowsForms10.STATIC.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x110342, Text = &Details, ClassName = WindowsForms10.BUTTON.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x7038e, Text = &Continue, ClassName = WindowsForms10.BUTTON.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x10032e, Text = &Quit, ClassName = WindowsForms10.BUTTON.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0xe02aa, Text = See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** , ClassName = WindowsForms10.EDIT.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0xe039e, Text = TocaEdit Xbox 360 Controller Emulator Application, ClassName = WindowsForms10.Window.8.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x1902ce, Text = Emulator will allow you to use Direct Input controllers in games which support XBOX 360 Controller or XInput controllers only by , ClassName = WindowsForms10.STATIC.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x7037c, Text = Controler 1 - General, ClassName = WindowsForms10.STATIC.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x9039c, Text = statusStrip1, ClassName = WindowsForms10.Window.8.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x603ac, Text = Controller 1, ClassName = WindowsForms10.Window.8.app.0.39490e2_r19_ad1.
Pid = 3032, Hwnd=0x703ba, Text = TocaEdit Xbox 360 Controller Emulator Application, ClassName = WindowsForms10.Window.8.app.0.39490e2_r19_ad1.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = -1.
[3]: MilliSeconds = -1.
[4]: MilliSeconds = -1.
[5]: MilliSeconds = 250.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = -1.
Behavior description:隐藏指定窗口
details:[Window,Class] = [TocaEdit Xbox 360 Controller Emulator Application,WindowsForms10.Window.8.app.0.39490e2_r19_ad1]
Behavior description:直接获取CPU时钟
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号