VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us VirSCAN  URL detection VirSCAN  API VirSCAN  uploader for windows(test)
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:75
Behavior list
Basic Information
MD5:dea231617e16445403db129d7a2b7548
file type:7z
Production company:天晴数码娱乐
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
Subfile information:3.C3 / 4a4eec560d6aa38357d37aad782b88cb / Unknown
4.C3 / 4270de88121aad28672fe8120d3a6ef8 / Unknown
5.dds / 43599fc8faff3d08f62e832170ccb289 / Unknown
1.dds / 05bd4ba450414c7558893315b25a8962 / Unknown
2.dds / 2ca71166475b218a437fcb3c50a09761 / Unknown
3.dds / a5d907dc777d75466720c56be359cb55 / Unknown
5.C3 / eb5cf59dd54696a0fc28ec4b02d5cceb / Unknown
1.C3 / a242c6c97993aa263b757f2792c416d9 / Unknown
4.dds / 49e7218240dea403124ac67e7f704582 / Unknown
1.dds / 7082956e57e08b104ebe0916c845a5c6 / Unknown
2.C3 / cc93ecadf9fdaa74af495e3c0dcdd77a / Unknown
1.C3 / dcb3edacb3d14d44eb39c3406c8b1ab2 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_MSHist012015101620151017_index.dat_16384
Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_MSHist012015101620151017_index.dat_32768
MSCTF.MarshalInterface.FileMap.IDI..HLOMH
MSCTF.MarshalInterface.FileMap.IDI.B.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.C.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.D.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.E.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.F.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.G.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.H.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.I.HMOMH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202b4, Text = <Conquista> Actualizar juego, ClassName = TNdZipSfxFrm.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101620151017
Behavior description:隐藏指定窗口
details:[Window,Class] = [<Conquista> Actualizar juego,TNdZipSfxFrm]
[Window,Class] = [,Internet Explorer_Server]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_MSHist012015101620151017_index.dat_16384
Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_MSHist012015101620151017_index.dat_32768
MSCTF.MarshalInterface.FileMap.IDI..HLOMH
MSCTF.MarshalInterface.FileMap.IDI.B.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.C.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.D.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.E.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.F.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.G.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.H.HMOMH
MSCTF.MarshalInterface.FileMap.IDI.I.HMOMH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101620151017
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Config.7z---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Config.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Readme.7z---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Readme.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Logo.7z---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\西语a1.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Language.7z---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Spanish.ini---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101620151017\index.dat---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Config.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Readme.txt
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\InstallTmp\Readme.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\西语a1.bmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\Spanish.ini
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\History
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101620151017\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101620151017\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101620151017\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101620151017\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101620151017\CacheRepair
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012015101620151017!
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IDI
Behavior description:隐藏指定窗口
details:[Window,Class] = [<Conquista> Actualizar juego,TNdZipSfxFrm]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:窗口信息
details:Pid = 2100, Hwnd=0x302dc, Text = Destino: carpeta de, ClassName = TStaticText.
Pid = 2100, Hwnd=0x202d4, Text = Salir(&E), ClassName = TButton.
Pid = 2100, Hwnd=0x302bc, Text = Iniciar(&I), ClassName = TButton.
Pid = 2100, Hwnd=0x202b4, Text = <Conquista> Actualizar juego, ClassName = TNdZipSfxFrm.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 528421, SleepMilliseconds = 250.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 250.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202b4, Text = <Conquista> Actualizar juego, ClassName = TNdZipSfxFrm.
Behavior description:枚举窗口
details:N/A
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\InstallTmp\西语a1.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号