VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:d1cdf330daf13c88dd19755cc8b4c508
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:Br.Gov.Sp.Fazenda.CCI.ValidadorFCI.Setup.msi / 3ba5834c33cdde34448328759105ef94 / Compound
_96CED10B727CFB606950BD313C5E2F53dumpFile / 3b068e7c6131f4d89f7faaa9d3887824 / Cab
setup.exe / d4950543efe8cf6bb4cb6f11bf01255e / EXE
Binary.MSVBDPCADLLdumpFile / def1669123bc5bd8e9a3a93e7f68b58c / DLL
Binary.DefBannerBitmapdumpFile / 38617ddf5e07791c6db90f7f5b5a4218 / Unknown
!_StringDatadumpFile / a0dd8807cf2bcbd1c966496797ee3f24 / Unknown
Icon._FAD689062C8CECD609A0D9.exedumpFile / 892aed07547bd59908ffdea090334a01 / Unknown
Icon._47C2F31B644EDA13DE505B.exedumpFile / 892aed07547bd59908ffdea090334a01 / Unknown
Binary.VSDNETCFGdumpFile / 1e96a0ff494083e91aeec61731e6521f / Unknown
!_ValidationdumpFile / a20864885779b14d0aaa6b0d10415625 / Unknown
!ControldumpFile / c657c20cd012fb64f09affeef496c910 / Unknown
!_StringPooldumpFile / 6c3c28cdf4bd0aea0b2578970eed8bab / Unknown
!_ColumnsdumpFile / 0ce8b7ea6500eceeb71f02a10da5a0b2 / Unknown
!ControlEventdumpFile / 918563fac2ca6b9a4032b3ce581a059b / Unknown
!ControlConditiondumpFile / 41bdeb8dc96674c24fb843e4e62638a2 / Unknown
!DialogdumpFile / 41b71ae51c0d078db3f573f2a88cb71f / Unknown
_SummaryInformationdumpFile / 1bcea3431c4516407f6a3f3e36a0ed0e / Unknown
!InstallExecuteSequencedumpFile / beb529ae09a0dc2744b8d718b47252c0 / Unknown
Binary.UpFldrBtndumpFile / 4638b2aa55fbd0fa73bb08181895cbe7 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MKI..GDBHH
MSCTF.MarshalInterface.FileMap.MKI.B.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.C.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.D.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.E.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.F.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.G.GDBHH
Local\UrlZonesSM_Administrator
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.AIJ..ICGHH
MSCTF.MarshalInterface.FileMap.AIJ.B.GFGHH
MSCTF.MarshalInterface.FileMap.AIJ.C.GFGHH
MSCTF.MarshalInterface.FileMap.AIJ.D.GFGHH
MSCTF.MarshalInterface.FileMap.AIJ.E.GFGHH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302d0, Text = Instalação do Validador Ficha de Conteúdo de Importação, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Pro&curar...,Button]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0,ComboBox]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [Instalação do Validador Ficha de Conteúdo de Importação,#32770]
[Window,Class] = [,Static]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\setup.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\setup.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MKI..GDBHH
MSCTF.MarshalInterface.FileMap.MKI.B.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.C.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.D.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.E.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.F.GDBHH
MSCTF.MarshalInterface.FileMap.MKI.G.GDBHH
Local\UrlZonesSM_Administrator
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.AIJ..ICGHH
MSCTF.MarshalInterface.FileMap.AIJ.B.GFGHH
MSCTF.MarshalInterface.FileMap.AIJ.C.GFGHH
MSCTF.MarshalInterface.FileMap.AIJ.D.GFGHH
MSCTF.MarshalInterface.FileMap.AIJ.E.GFGHH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\setup.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\Br.Gov.Sp.Fazenda.CCI.ValidadorFCI.Setup.msi---> Offset = 51200
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VSD4.tmp\install.log---> Offset = 82
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445292521.432671.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\setup.exe
FileName = C:\*.*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\setup.exe
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.AIJ
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Pro&curar...,Button]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0,ComboBox]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [Instalação do Validador Ficha de Conteúdo de Importação,#32770]
[Window,Class] = [,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302d0, Text = Instalação do Validador Ficha de Conteúdo de Importação, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2428, Hwnd=0x402b6, Text = &N?o Aceito, ClassName = Button.
Pid = 2428, Hwnd=0x102f6, Text = Para os seguintes componentes:, ClassName = Static.
Pid = 2428, Hwnd=0x102f8, Text = Microsoft .NET Framework 4 Client Profile (x86 e x64), ClassName = Edit.
Pid = 2428, Hwnd=0x102fa, Text = Leia o contrato de licen?a a seguir. Pressione a tecla Page Down para ver a continua??o do contrato., ClassName = Static.
Pid = 2428, Hwnd=0x102fc, Text = TERMOS DE LICEN?A COMPLEMENTARES PARA SOFTWARE DA MICROSOFT MICROSOFT .NET FRAMEWORK 4 PARA SISTEMA OPERACIONAL MICROSOFT WINDOW, ClassName = RichEdit20W.
Pid = 2428, Hwnd=0x802c0, Text = Exibir o EULA para impress?o, ClassName = Button.
Pid = 2428, Hwnd=0x10300, Text = Exibir o EULA para impress?o, ClassName = Static.
Pid = 2428, Hwnd=0x10302, Text = Deseja aceitar os termos do Contrato de Licen?a pendente?, ClassName = Static.
Pid = 2428, Hwnd=0x10304, Text = Se você escolher N?o Aceito, a instala??o será encerrada. Para instalar, você deve aceitar este contrato., ClassName = Static.
Pid = 2428, Hwnd=0x10306, Text = &Aceito, ClassName = Button.
Pid = 2428, Hwnd=0x302d0, Text = Instala??o do Validador Ficha de Conteúdo de Importa??o, ClassName = #32770.
Pid = 2428, Hwnd=0x1037a, Text = 确定, ClassName = Button.
Pid = 2428, Hwnd=0x1037e, Text = Você decidiu n?o aceitar o EULA. A instala??o será encerrada agora., ClassName = Static.
Pid = 2428, Hwnd=0x40378, Text = Validador Ficha de Conteúdo de Importa??o, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号