VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:89
Behavior list
Basic Information
MD5:e28cdc16459a5595d33e8b1ee5144b3e
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:log4net.dll / ca8c34cfb6573800b9d6af99c419228c / DLL
CallerClient.exe / 11b5242f7511b8afd68b273affaa1b15 / EXE
ATopSoft.Common.pdb / 95b6adae58189279dc81205a14152c87 / Unknown
CallerClient.pdb / d1f2b2f1f2cb1f233b29529a9b9ad826 / Unknown
ATopSoft.Common.dll / 4d5912a6ba502bcb2791328efc1cf782 / DLL
Server.Entity.pdb / 040435470707d422b48a8b8ad6809637 / Unknown
tc.bmp / bbcafcd031b78cd17b13c150aea3db05 / Unknown
Server.Entity.dll / a5dddf7696807c8cef3f2370f081cf62 / DLL
ATopSoft.Log.pdb / 646f010e724348e09649deaa5c4c535d / Unknown
Client.MessageHandler.MsgBoxAlertClass.pdb / cb2e527317a4f4c82a6cd5c0027c77e0 / Unknown
Client.MessageHandler.ShutdownClientClass.pdb / c8d5bad7a03d01c26bd8f9277e95359f / Unknown
Client.MessageHandlerFactory.pdb / 8e2abc2443295a55b6f6f045f9bc338b / Unknown
Appicon.ico / c8db23bcf4cdb298fb8056610fe90c6e / Unknown
Appicon.ico / c8db23bcf4cdb298fb8056610fe90c6e / Unknown
ATopSoft.Log.dll / 11a476c003115583aca49f24215c56ea / DLL
Client.IMessageHandler.pdb / f1d6fbb12c06cd0ef82d47dce4f4caa8 / Unknown
Thumbs.db / bb36a927274ae76d5b898655be91a4a6 / Compound
log4net.config / ab9b7369a88c89458daf0612033d32c1 / Unknown
Client.MessageHandlerFactory.dll / 994564122c9fe37bb01ad86d845e696b / DLL
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取TickCount值
details:TickCount = 488237, SleepMilliseconds = 50.
TickCount = 488315, SleepMilliseconds = 50.
TickCount = 488331, SleepMilliseconds = 50.
TickCount = 488346, SleepMilliseconds = 50.
TickCount = 488362, SleepMilliseconds = 50.
TickCount = 488378, SleepMilliseconds = 50.
TickCount = 488393, SleepMilliseconds = 50.
TickCount = 488425, SleepMilliseconds = 50.
TickCount = 488456, SleepMilliseconds = 50.
TickCount = 488471, SleepMilliseconds = 50.
TickCount = 488487, SleepMilliseconds = 50.
TickCount = 488503, SleepMilliseconds = 50.
TickCount = 488518, SleepMilliseconds = 50.
TickCount = 488550, SleepMilliseconds = 50.
TickCount = 488565, SleepMilliseconds = 50.
Process behavior
Behavior description:创建本地线程
details:N/A
Behavior description:创建新文件进程
details:ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\1457605285.033099.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\1457605285.033099.exe" -el -s2 "-d" "-p" "-sp"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1457605285.037456.exe
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MPK
_SHuassist.mtx
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\Microsoft Smart Card Resource Manager Started
EventName = MSCTF.SendReceive.Event.MPK.IC
EventName = MSCTF.SendReceiveConection.Event.MPK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 488237, SleepMilliseconds = 50.
TickCount = 488315, SleepMilliseconds = 50.
TickCount = 488331, SleepMilliseconds = 50.
TickCount = 488346, SleepMilliseconds = 50.
TickCount = 488362, SleepMilliseconds = 50.
TickCount = 488378, SleepMilliseconds = 50.
TickCount = 488393, SleepMilliseconds = 50.
TickCount = 488425, SleepMilliseconds = 50.
TickCount = 488456, SleepMilliseconds = 50.
TickCount = 488471, SleepMilliseconds = 50.
TickCount = 488487, SleepMilliseconds = 50.
TickCount = 488503, SleepMilliseconds = 50.
TickCount = 488518, SleepMilliseconds = 50.
TickCount = 488550, SleepMilliseconds = 50.
TickCount = 488565, SleepMilliseconds = 50.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 50.
CursorPos = (6399,26500), SleepMilliseconds = 50.
CursorPos = (19234,15724), SleepMilliseconds = 50.
CursorPos = (11543,29358), SleepMilliseconds = 50.
CursorPos = (27027,24464), SleepMilliseconds = 50.
CursorPos = (5770,28145), SleepMilliseconds = 50.
CursorPos = (23346,16827), SleepMilliseconds = 50.
CursorPos = (10026,491), SleepMilliseconds = 50.
CursorPos = (3060,11942), SleepMilliseconds = 50.
CursorPos = (4892,5436), SleepMilliseconds = 50.
CursorPos = (32456,14604), SleepMilliseconds = 50.
CursorPos = (3967,153), SleepMilliseconds = 50.
CursorPos = (357,12382), SleepMilliseconds = 50.
CursorPos = (17486,18716), SleepMilliseconds = 50.
CursorPos = (19783,19895), SleepMilliseconds = 50.
Behavior description:窗口信息
details:Pid = 2808, Hwnd=0x102e2, Text = 接受, ClassName = Button.
Pid = 2808, Hwnd=0x102e4, Text = 拒绝, ClassName = Button.
Pid = 2808, Hwnd=0x202d0, Text = 点锋呼叫中心 用户协议, ClassName = #32770.
Pid = 2808, Hwnd=0x202cc, Text = 目标文件夹(&D), ClassName = Static.
Pid = 2808, Hwnd=0x202b4, Text = C:\Program Files\CallerClient\, ClassName = ComboBox.
Pid = 2808, Hwnd=0x302ba, Text = C:\Program Files\CallerClient\, ClassName = Edit.
Pid = 2808, Hwnd=0x302bc, Text = 浏览(&W)..., ClassName = Button.
Pid = 2808, Hwnd=0x302dc, Text = 安装进度, ClassName = Static.
Pid = 2808, Hwnd=0x202c2, Text = 安装, ClassName = Button.
Pid = 2808, Hwnd=0x202c4, Text = 取消, ClassName = Button.
Pid = 2808, Hwnd=0x202a4, Text = 点锋呼叫中心 客户端安装程序, ClassName = #32770.
Pid = 2808, Hwnd=0x702e6, Text = 您想使用哪个用户帐户运行这个程序?, ClassName = Static.
Pid = 2808, Hwnd=0x202e4, Text = 当前用户(&C) (COMPUTER\Administrator), ClassName = Button(RadioButton).
Pid = 2808, Hwnd=0x202e2, Text = 保护我的计算机和数据不受未授权程序的活动影响(&P) 这个选项可以保护您的计算机或个人数据不受病毒损害,但是选择这项可能会引起程序工作, ClassName = Button(CheckBox).
Pid = 2808, Hwnd=0x202e0, Text = 下列用户(&F):, ClassName = Button(RadioButton).
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 500.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,RICHEDIT]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Edit]
[Window,Class] = [,Internet Explorer_Server]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号