VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:c839b0900d59993d93be459cf746f333
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [RAR SFX] *
Subfile information:WinRAR.exe / 859ce8ab908b1ea10ccb4045132402eb / EXE
Rar.exe / 099581a6970110d0ce9ef552acc1fb2b / EXE
RarExt64.dll / 09f9db8680d30c5456d896abaccbdd89 / DLL
UnRAR.exe / 827a31c86c05d1e1218d6f20e309a022 / EXE
RarExt.dll / d0bfc1a232d1b0248bba0cd68ade0f4e / DLL
WinRAR.chm / eec4f3cf2d0a2361792dc255412b93f1 / Chm
WinCon.SFX / af42a7901d9b3e4bc3564a34b8abd1cc / EXE
Default.SFX / 5c08c8de77196064bf06ed7dc7c6702e / EXE
Zip.SFX / b515e6298bdb1849ad2f55d31ed1ccaa / EXE
Uninstall.exe / d47070d9cc588032339adcfe953ca3c4 / EXE
7zxa.dll / 9df6e520fa019fd34f92f3f769910756 / DLL
Rar.txt / af65d295f498939287d335875661e38c / Unknown
UNACEV2.DLL / de02c4d04088b69e64ecc30a3d9e22e5 / DLL
WhatsNew.txt / 3230ad93eb5492782538a56901f79800 / Unknown
License.txt / 672064cf19db0b083b981cf0be7662b0 / Unknown
Order.htm / 5bfbad2b771c10c15d9a64f46ee72dd6 / Unknown
ReadMe.txt / 6a697fe386885ea78ab05ad1bd4a96eb / Unknown
RarFiles.lst / e512032c09734ded90826ed6171bba91 / Unknown
Descript.ion / 73e2e911b7730a92c04298ec770b0ab6 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3152, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3168, StartAddress = 6359727B, Parameter = 001B0C50
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3172, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3064, ThreadID = 3176, StartAddress = 7C930230, Parameter = 00000000
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\WinRAR SFX\C%%Program Files%WinRAR
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MPL
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.MPL.IC
EventName = MSCTF.SendReceiveConection.Event.MPL.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:窗口信息
details:Pid = 3064, Hwnd=0xd035e, Text = TITLE_BMP, ClassName = Static.
Pid = 3064, Hwnd=0x1802fe, Text = 版权所有 ? 1993-2016, ClassName = Static.
Pid = 3064, Hwnd=0xb032a, Text = by Alexander Roshal, ClassName = Static.
Pid = 3064, Hwnd=0x503b0, Text = 目标文件夹(&D), ClassName = Static.
Pid = 3064, Hwnd=0x703ba, Text = C:\Program Files\WinRAR, ClassName = ComboBox.
Pid = 3064, Hwnd=0x403a2, Text = C:\Program Files\WinRAR, ClassName = Edit.
Pid = 3064, Hwnd=0x1902ce, Text = 浏览(&W)..., ClassName = Button.
Pid = 3064, Hwnd=0x1d02bc, Text = 如果您同意最终用户许可协议(EULA),请点击“安装”。如果您不同意,请点击“取消”。, ClassName = Static.
Pid = 3064, Hwnd=0x603ac, Text = 安装, ClassName = Button.
Pid = 3064, Hwnd=0xc03a0, Text = 取消, ClassName = Button.
Pid = 3064, Hwnd=0x902da, Text = WinRAR 5.40 简体中文版, ClassName = #32770.
Pid = 3064, Hwnd=0x9038e, Text = 确定, ClassName = Button.
Pid = 3064, Hwnd=0x180324, Text = "" 文件夹无法访问, ClassName = Static.
Pid = 3064, Hwnd=0x130342, Text = 错误, ClassName = #32770.
Pid = 3064, Hwnd=0x7038a, Text = 正解压文件到 文件夹 , ClassName = RichEdit20W.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RichEdit20W]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [如果您同意最终用户许可协议(EULA),请点击“安装”。如果您不同意,请点击“取消”。,Static]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:打开互斥体
details:ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号