VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:59
Behavior list
Basic Information
MD5:d2d408faf702f46ed607d8502f8b7510
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:MyLanViewer.exe / 37f5b608b0df30235b08ddcbc3c199fe / EXE
MyLanViewer.chm / 4188594ca9b462dff342c71ff49df9bf / Chm
oui.txt / db45365d4a7bb36c32beeeb686d95b3d / Unknown
config.dat / 86eba9e6b0d0fda5e4ab6d0dc07ec5b9 / Unknown
Connect.wav / 3f3dbcde4543e7f3d886f9336f6530f9 / Unknown
Disconnect.wav / 3354701c24c31dd315b590a276cd49c4 / Unknown
FileRecv.wav / 19ac6b27f2256f5edda5745c0dc763f6 / Unknown
Join.wav / 076aa142ff0f5accee6ac4eaf8de5474 / Unknown
Finish.wav / 57c84867ecf6778fa4ed07754fbd6f32 / Unknown
FileComplete.wav / 297bc95d5f7385e70d4b2b6c311598bd / Unknown
Ranges.dat / 2cf01bc9d3f4f84d00fdaedf4af19641 / Unknown
mylanviewer.ini / e8e24a6754997dcfe2be8c8a04a01f1f / Unknown
New.wav / 307669f8f2529007a5e14cd4a236b07f / Unknown
MessageRecv.wav / 90ed89d6ec6d01db603013e4ffdc7221 / Unknown
Applications.dat / 4e38a06e590bbf933f61f58223d9d264 / Unknown
License.rtf / 45aa9d8af22f9f5f1fa974db1d688ff7 / Unknown
Leave.wav / 98b423781b8cdc1930a3c0ff19dfbc96 / Unknown
MessageSent.wav / d60c99e74c0d9196ad2778d9fbf03935 / Unknown
--== Readme 使用說明 ==--.txt / b419620231507b4924c17df65ddf8a2f / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.EHI..AHHHH
MSCTF.MarshalInterface.FileMap.EHI.B.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.C.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.D.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.E.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.F.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.G.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.H.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.I.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.J.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.K.PHHHH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = WinRAR 自我解壓縮檔, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RichEdit20W]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,Internet Explorer_Server]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.EHI..AHHHH
MSCTF.MarshalInterface.FileMap.EHI.B.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.C.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.D.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.E.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.F.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.G.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.H.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.I.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.J.PHHHH
MSCTF.MarshalInterface.FileMap.EHI.K.PHHHH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EHI
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = WinRAR 自我解壓縮檔, ClassName = #32770.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RichEdit20W]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:窗口信息
details:Pid = 2160, Hwnd=0x202cc, Text = 目標資料夾(&D), ClassName = Static.
Pid = 2160, Hwnd=0x202b4, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%, ClassName = ComboBox.
Pid = 2160, Hwnd=0x302ba, Text = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%, ClassName = Edit.
Pid = 2160, Hwnd=0x302bc, Text = 瀏覽(&W)..., ClassName = Button.
Pid = 2160, Hwnd=0x202d6, Text = 解壓縮進度, ClassName = Static.
Pid = 2160, Hwnd=0x202c4, Text = 解壓縮, ClassName = Button.
Pid = 2160, Hwnd=0x202c8, Text = 取消, ClassName = Button.
Pid = 2160, Hwnd=0x202a4, Text = WinRAR 自我解壓縮檔, ClassName = #32770.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号