VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:dd975c2f3f7ee74705380d2dd98b4ef1
file type:zip
Production company:
version:
Shell or compiler information:
Subfile information:jquery-1.7.2.jsdumpFile / af693f9aea7dae36fb3bef4c9b6e56fb / Unknown
jquery-1.7.2.js / af693f9aea7dae36fb3bef4c9b6e56fb / Unknown
banner_1.jpg / cf5f5d97a6c1f9f9731e5f9061eb7522 / Unknown
banner_1.jpgdumpFile / cf5f5d97a6c1f9f9731e5f9061eb7522 / Unknown
about_banner.jpgdumpFile / 4ecd6310ea18f574ec0186c08cd4bd7d / Unknown
about_banner.jpg / 4ecd6310ea18f574ec0186c08cd4bd7d / Unknown
products_banner.jpg / c7d5dadc1d518169a80982610cf363e2 / Unknown
products_banner.jpgdumpFile / c7d5dadc1d518169a80982610cf363e2 / Unknown
news_detail.jpg / 9dacdc0d66fa2af36dc55f72128d5452 / Unknown
news_detail.jpgdumpFile / 9dacdc0d66fa2af36dc55f72128d5452 / Unknown
news_banner.jpg / 4176e440a675aa784164e1271eadeb2d / Unknown
news_banner.jpgdumpFile / 4176e440a675aa784164e1271eadeb2d / Unknown
map_contact.jpg / 3d0127cb3303d5fd950d6afadfe504bf / Unknown
map_contact.jpgdumpFile / 3d0127cb3303d5fd950d6afadfe504bf / Unknown
contact_banner.jpgdumpFile / 0b091ebf11c6b4a19a8c5b26ae153b67 / Unknown
contact_banner.jpg / 0b091ebf11c6b4a19a8c5b26ae153b67 / Unknown
rec_banner.jpgdumpFile / 51a84cd12e780a71860e4d692ca816e3 / Unknown
rec_banner.jpg / 51a84cd12e780a71860e4d692ca816e3 / Unknown
res_img.jpgdumpFile / b58d5a7aea869e790a57af5fc64c60f8 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082320160824
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Process behavior
Behavior description:创建本地线程
details:TargetProcess: iexplore.exe, InheritedFromPID = 3076, ProcessID = 3120, ThreadID = 3308, StartAddress = 6359727B, Parameter = 00259010
TargetProcess: iexplore.exe, InheritedFromPID = 3076, ProcessID = 3120, ThreadID = 3312, StartAddress = 77E56C7D, Parameter = 0026FAC0
TargetProcess: iexplore.exe, InheritedFromPID = 3076, ProcessID = 3120, ThreadID = 3320, StartAddress = 6359727B, Parameter = 00275C10
TargetProcess: iexplore.exe, InheritedFromPID = 3076, ProcessID = 3120, ThreadID = 3372, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 3076, ProcessID = 3120, ThreadID = 3416, StartAddress = 5DE05A52, Parameter = 032C3400
TargetProcess: iexplore.exe, InheritedFromPID = 3076, ProcessID = 3120, ThreadID = 3484, StartAddress = 6359727B, Parameter = 00275DF0
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082320160824\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\products_detail.html
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\css\public.css
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\css\style.css
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js\jquery-1.7.2.js
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js\nav.js
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\css
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\js
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\images\logo.jpg
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\images\products_banner.jpg
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favcenter[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082320160824
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016082320160824\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\dnserrordiagoff[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2] ---> Offset = 0
Network behavior
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Type
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Flags
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore\Time
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082320160824\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082320160824\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082320160824\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082320160824\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016082320160824\CacheRepair
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016061420160615\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\
Other behavior
Behavior description:创建互斥体
details:Local\!PrivacIE!SharedMemory!Mutex
SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-*
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016082320160824!
MSCTF.Shared.MUTEX.ELH
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
MSIMGSIZECacheMutex
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:Global\crypt32LogoffEvent
Isolation Signal Registry Event (8EB84CF7-68D9-11E6-91BE-7B****28, 0)
MSFT.VSA.COM.DISABLE.3120
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Behavior description:窗口信息
details:Pid = 3076, Hwnd=0x603ac, Text = 导航栏, ClassName = WorkerW.
Pid = 3076, Hwnd=0xe039e, Text = 地址组合控制, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0x110342, Text = 页面控制, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0x1302b8, Text = 搜索..., ClassName = Edit.
Pid = 3076, Hwnd=0x160324, Text = 搜索组合控制, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0x1702b6, Text = 搜索控制, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0xc034e, Text = 命令栏, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0x100334, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0x603a4, Text = LinksBand, ClassName = LinksBandClass.
Pid = 3076, Hwnd=0xb0370, Text = 收藏夹栏, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0xa0368, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
Pid = 3120, Hwnd=0xd0312, Text = ITBarHost, ClassName = InternetToolbarHost.
Pid = 3120, Hwnd=0xb0348, Text = 菜单栏, ClassName = WorkerW.
Pid = 3120, Hwnd=0x2702f0, Text = 缩放级别, ClassName = ToolbarWindow32.
Pid = 3076, Hwnd=0xd035e, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\products_det - Windows Internet Explorer, ClassName = IEFrame.
Behavior description:隐藏指定窗口
details:[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
Behavior description:打开互斥体
details:CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016082320160824!
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号