VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us VirSCAN  URL detection VirSCAN  API VirSCAN  uploader for windows(test)
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:76
Behavior list
Basic Information
MD5:d0da29bb6a5786d87863a0227288a918
file type:zip
Production company:
version:
Shell or compiler information:PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
Subfile information:upx_c_ca21f7cfdumpFile / 5982003aecf4a8d221394d45714051c1 / EXE
upx_c_72699636dumpFile / 5982003aecf4a8d221394d45714051c1 / EXE
ESET_VC52_UPID.exedumpFile / 495a5b2ea2e1da743762e38f79c5b0e5 / Autoit
ESET_VC52_UPID.exe / 495a5b2ea2e1da743762e38f79c5b0e5 / Autoit
XP510下载须知.txtdumpFile / 996fcedd03f33601691e182fe1bc16d3 / Unknown
XP510下载须知.txt / 996fcedd03f33601691e182fe1bc16d3 / Unknown
tool.batdumpFile / dee5e6cc3654d69afc273dbc7c572e50 / Unknown
tool.bat / dee5e6cc3654d69afc273dbc7c572e50 / Unknown
636网址导航.urldumpFile / 3688d42285b5e6a8a3c9f5658483ddba / Unknown
636网址导航.url / 3688d42285b5e6a8a3c9f5658483ddba / Unknown
软件使用说明.htmldumpFile / d9ca7d1f89782cd376a0eef1e487335f / Unknown
软件使用说明.html / d9ca7d1f89782cd376a0eef1e487335f / Unknown
list.txtdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
ESETUPIDdumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown
list.txt / d41d8cd98f00b204e9800998ecf8427e / Unknown
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Process behavior
Behavior description:创建本地线程
details:TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2188, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2200, StartAddress = 0044FA78, Parameter = 01694378
TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2204, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: ESET_VC52_UPID.exe, InheritedFromPID = 1944, ProcessID = 2168, ThreadID = 2208, StartAddress = 7C930230, Parameter = 00000000
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut14.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\ojyhytg ---> Offset = 94208
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\ESET_UP\yzfwq
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 2168, Hwnd=0x6034e, Text = 确定, ClassName = Button.
Pid = 2168, Hwnd=0x70338, Text = 未找到 ESET 安全软件,我只能退出!, ClassName = Static.
Pid = 2168, Hwnd=0xa0302, Text = ESET VC52 UPID 6.3.1.2, ClassName = #32770.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号