VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: c527d0b31671b97326881ba0c8747f87
file type: EXE
Production company: pendrivelinux.com
version: 2.0.4.9---2.0.4.9
Shell or compiler information: COMPILER:NSIS
{$lang.habo.subfile_info}>: 7z.dll / 04ad4b80880b32c94be8d0886482c774 / DLL
7z.dll / 04ad4b80880b32c94be8d0886482c774 / DLL

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsc51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dskvol.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpart.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\w2gdiskpart.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dd-diskpart.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpartformat.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpartdetach.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\autounattend.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.cfg
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\legacy-yumi
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\menu.lst
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\vhd.lst
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsc51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7z.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7zG.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\antivirus.cfg
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\autounattend.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\boot.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\chain.c32
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dd-diskpart.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpart.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpartdetach.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpartformat.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dskvol.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\ei.cfg
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7zG.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7z.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimboot
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\fat32format.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\YUMI-2.0.4.9.src\wimlib\libwim-15.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\YUMI-2.0.4.9.src\wimlib\wimlib-imagex.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimlib\libwim-15.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimlib\wimlib-imagex.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\System.dll
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\UserInfo.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpart.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\w2gdiskpart.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dd-diskpart.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpartformat.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\diskpartdetach.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\autounattend.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe ---> Offset = 29846
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe ---> Offset = 54407
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe ---> Offset = 71539
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe ---> Offset = 88607
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.cfg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\menu.lst ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\vhd.lst ---> Offset = 0
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp
FileName = X:\NUL
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp\7z.dll.AmBackup4
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp\7zG.exe.AmBackup3
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp\dd.exe.AmBackup6

Registry behavior

Behavior description: 修改注册表_延迟重命名项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABM
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Button]
[Window,Class] = [,ComboLBox]
[Window,Class] = [< &Back,Button]
[Window,Class] = [Browse,Button]
[Window,Class] = [Visit the HomePage,Button]
[Window,Class] = [,Static]
[Window,Class] = [,msctls_trackbar32]
[Window,Class] = [NTFS Format (Wipes Drive),Button]
[Window,Class] = [Fat32 Format (Wipes Drive),Button]
[Window,Class] = [Show All ISOs?,Button]
[Window,Class] = [View or Remove Installed Distros?,Button]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000054
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000054
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 3084, Hwnd=0x140306, Text = I &Agree, ClassName = Button.
Pid = 3084, Hwnd=0xa03b0, Text = Cancel, ClassName = Button.
Pid = 3084, Hwnd=0x603c6, Text = YUMI 2.0.4.9 , ClassName = Static.
Pid = 3084, Hwnd=0xc038a, Text = YUMI 2.0.4.9, ClassName = Static.
Pid = 3084, Hwnd=0x403ca, Text = License Agreement, ClassName = Static.
Pid = 3084, Hwnd=0x6037e, Text = Please review the license terms before proceeding, ClassName = Static.
Pid = 3084, Hwnd=0x503b2, Text = The software within this program falls under the following Licenses., ClassName = Static.
Pid = 3084, Hwnd=0x1f02fe, Text = YUMI (Your Universal Multiboot Integrator) ?011-2017 Lance www.pendrivelinux.com This Open Source tool is covered under GNU Gener, ClassName = RichEdit20A.
Pid = 3084, Hwnd=0xa03ac, Text = You must accept the terms of this License agreement to run this YUMI. If you agree, Click I Agree to Continue., ClassName = Static.
Pid = 3084, Hwnd=0x1d02b6, Text = YUMI 2.0.4.9 Setup , ClassName = #32770.
Pid = 3084, Hwnd=0x60380, Text = < &Back, ClassName = Button.
Pid = 3084, Hwnd=0x140306, Text = Create, ClassName = Button.
Pid = 3084, Hwnd=0x403ca, Text = Drive Selection and Distro Options Page, ClassName = Static.
Pid = 3084, Hwnd=0x6037e, Text = Choose your Flash Drive, and a Distro, ISO/ZIP file. Additional Distributions can be added each time this tool is run., ClassName = Static.
Pid = 3084, Hwnd=0x303d0, Text = View or Remove Installed Distros?, ClassName = Button(CheckBox).
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\UserInfo.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7zG.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7z.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimboot(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dd.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\fat32format.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\YUMI-2.0.4.9.src\wimlib\libwim-15.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\YUMI-2.0.4.9.src\wimlib\wimlib-imagex.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimlib\libwim-15.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimlib\wimlib-imagex.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\System.dll(签名验证: 未通过)
Behavior description: 创建事件对象
details: EventName = MSCTF.SendReceive.Event.ABM.IC
EventName = MSCTF.SendReceiveConection.Event.ABM.IC
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\UserInfo.dll ---> 7579ade7ae1747a31960a228ce02e666
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\syslinux.exe ---> d2922ad355ea02a59e563f327521a888
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7zG.exe ---> 130f7190fa9c17f6c88b103a9b93d930
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\7z.dll ---> 04ad4b80880b32c94be8d0886482c774
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimboot ---> bd1589c6aa6eb738d23fee5ad9b34228
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\dd.exe ---> 07b1675393a6c80078e29c9ea72de943
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\fat32format.exe ---> f991a44f667fe67f435c42f9b26e22fb
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\YUMI-2.0.4.9.src\wimlib\libwim-15.dll ---> 7829f6137e580a068be932d6b9f5623d
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\YUMI-2.0.4.9.src\wimlib\wimlib-imagex.exe ---> b96514629aff5d87afb710b18d688c4c
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimlib\libwim-15.dll ---> 7829f6137e580a068be932d6b9f5623d
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\wimlib\wimlib-imagex.exe ---> b96514629aff5d87afb710b18d688c4c
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\nsDialogs.dll ---> c10e04dd4ad4277d5adc951bb331c777
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw52.tmp\System.dll ---> c17103ae9072a06da581dec998343fc1
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 加载新释放的文件
details: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp\UserInfo.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp\nsDialogs.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw52.tmp\System.dll.

Run screenshot

VirSCAN