VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:d312f3008b1f7b841bf75441c348e059
file type:EXE
Production company:易数科技
version:4.7.0.103---4.7.0.103
Shell or compiler information:COMPILER:NSIS
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\DiskGeniusX64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\FileType.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwLDM.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwRD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVdi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhd.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhdx.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Hdrwvm.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\IniCfg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\LangCRes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Options.ini
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\DiskGeniusX64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\FileType.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwLDM.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwRD.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVdi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhd.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhdx.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Hdrwvm.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\IniCfg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\LangCRes.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\SDL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\VPreview.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\avcodec-54.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGeniusX64
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGeniusX64\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGeniusX64\avcodec-54.dll.AmBackup15
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGeniusX64\avformat-54.dll.AmBackup16
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGeniusX64\avutil-52.dll.AmBackup17
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DiskGeniusX64\Barray.dll.AmBackup1
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\avcodec-54.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\avformat-54.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\avutil-52.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\DiskGeniusX64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\command.com
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\CTMOUSE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\diskgen.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\fdapm.com
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\fdauto.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\fdconfig.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\himem.exe
Behavior description:修改BAT脚本文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\dos\fdauto.bat ---> Offset = 0
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp ---> Offset = 33325
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp ---> Offset = 66093
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp ---> Offset = 76308
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\DiskGeniusX64.exe ---> Offset = 0
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll ---> 1c7e5f3cb176f1a0770a8d2202d596a1
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll ---> a3c5c8697c615afe4065fae531ffd3d7
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\DiskGeniusX64.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\FileType.dll ---> 3dc1dffd2f5a9ec809ea3309383c9e3d
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwLDM.dll ---> a6d9793482823f29f321dfa9eaa9e08f
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwRD.dll ---> 7bce7f9d46ace44443112a89edf6155c
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVdi.dll ---> 6508633002f31a4c4d181ba9b0da9499
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhd.dll ---> 6d8c162de5a37ed39b9328c12f0b32c5
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhdx.dll ---> 10a7751d03f640c5d6ab8678beac1e49
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Hdrwvm.dll ---> 0dad133d9e6adb268a750e3c51f23fbc
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\IniCfg.dll ---> d0dffaf69a38b53cdc07cd28180cae23
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\LangCRes.dll ---> 1b152e4b10e86971f556e8ff912937e9
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\SDL.dll ---> 0150cd5726a7a6684424ae10bb7d3d8a
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\VPreview.dll ---> 9cc688688c8d19874851dc887b36ad85
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\avcodec-54.dll ---> 文件过大!
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Barray.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Charset.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\DiskGeniusX64.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\FileType.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwLDM.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwRD.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVdi.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhd.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\HdrwVhdx.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\Hdrwvm.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\IniCfg.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\LangCRes.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\SDL.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\VPreview.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\DiskGeniusX64\avcodec-54.dll(签名验证: 通过)
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号