VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:c4d642e339b542c324649de476a15d26
file type:EXE
Production company:Locktime Software
version:3.0.0.11---3.0.0.11
Shell or compiler information:
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [Property: AI_IESEARCH, Signature: AI_IESearchSgn,Static]
[Window,Class] = [Property: IE6, Signature: SystemFolderIE6,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [NetLimiter 3 Setup,MsiDialogCloseClass]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = /i "C:\Documents and Settings\Administrator\Application Data\Locktime\NetLimiter\3\install\nl3setup-x86.msi" AI_SETUPEXEPATH="c:\%temp%\1417536382.229436.exe" SETUPEXEDIR="c:\monitor\" EXE_CMD_LINE="/exenoupdates
File behavior
Behavior description:写权限映射文件
details:DfSharedHeapBE905
DfRoot0000BE905
DfSharedHeapBEB3C
DfRoot0000BEB3C
DfSharedHeapBEC2A
DfRoot0000BEC2A
DfSharedHeapBEC6C
DfRoot0000BEC6C
DfSharedHeapBEC87
DfRoot0000BEC87
DfSharedHeapBED04
DfRoot0000BED04
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI2.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI6.tmp
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Locktime\NetLimiter\3\install\nl3setup-x86.msi---> Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\14a67f.msi---> Offset = 113184
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
Other behavior
Behavior description:窗口信息
details:Pid = 1920, Hwnd=0xc01b6, Text = &Next >, ClassName = Button.
Pid = 1920, Hwnd=0xb01e0, Text = Cancel, ClassName = Button.
Pid = 1920, Hwnd=0xb01a2, Text = dialog, ClassName = Static.
Pid = 1920, Hwnd=0xe01b8, Text = < &Back, ClassName = Button.
Pid = 1920, Hwnd=0xd0190, Text = Welcome to the NetLimiter 3 Setup Wizard, ClassName = Static.
Pid = 1920, Hwnd=0xb0174, Text = The Setup Wizard will install NetLimiter 3 on your computer. Click "Next" to continue or "Cancel" to exit the Setup Wizard., ClassName = Static.
Pid = 1920, Hwnd=0xb0192, Text = NetLimiter 3 Setup, ClassName = MsiDialogCloseClass.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [Property: AI_IESEARCH, Signature: AI_IESearchSgn,Static]
[Window,Class] = [Property: IE6, Signature: SystemFolderIE6,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [NetLimiter 3 Setup,MsiDialogCloseClass]
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号