VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:e2954cc26b74403386db42358d230b87
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Basic 5.0 / 6.0
Subfile information:pecompact2x_240c1ed1dumpFile / 40157b80c1c2be36b7b01d179380a519 / EXE
MSCOMCTL.OCX / f7bbb7d79adb9e3adc13f3b3c33d3d4d / DLL
Trial-Reset.exe / e7f45a987aa7bba0034acac76ae64c32 / EXE
EditPlus.txt / 1a66bd303885facddc65b67310094a68 / Unknown
WinImage.txt / 6bb6fb0e3351cccfe02e8dd1d1dac034 / Unknown
REAL Studio 2010r1.txt / d4614c4bf8da8183f72d152afc8cb0e6 / Unknown
WinZip.txt / 96a107e8c8cb11469095e1ab87df6b63 / Unknown
WinRAR.txt / bc41fe6a2737bde58b92751a6c157ec7 / Unknown
Trialware Dialog.txt / 94b0eb4467a02d01419623a7466db9a5 / Unknown
GoldWave.txt / ea1a252992b88ab59e03d9413a2f6f87 / Unknown
BlumentalsSoftware.txt / a009e0f5fd0472e573f6a7ed7338cc9c / Unknown
NetMeter.txt / e0474c1d1ddc127aab391e933043d8a3 / Unknown
WinRK.txt / 28b30ff983ac34627408e0998dd54b35 / Unknown
PECompact.txt / 80f34c1451b960fd237c77ff648f2964 / Unknown
AkaraExeLock320.txt / e9cc9ef1ddde5cf0bb93a2c272bc9309 / Unknown
RegHide.txt / 9491a23edcaa8db8e5914c341856bff8 / Unknown
Reggie.txt / a941d45e6a427368b1387cf6ab802f8e / Unknown
EleFun Games.txt / 309b08f6d3cedea5c86ddaee0bc00e0b / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3D3E65
DFMap0-4013692
DfRoot0003D3E65
MSCTF.MarshalInterface.FileMap.MPE..CFPGH
MSCTF.MarshalInterface.FileMap.MPE.B.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.C.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.D.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.E.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.F.BGPGH
MSCTF.MarshalInterface.FileMap.MPE.G.BGPGH
MSCTF.Shared.SFM.MPE
MSCTF.MarshalInterface.FileMap.MPE.H.EAALH
MSCTF.MarshalInterface.FileMap.MPE.I.EAALH
MSCTF.MarshalInterface.FileMap.MPE.J.EAALH
Behavior description:隐藏指定窗口
details:[Window,Class] = [Trial-Reset 4.0 Final,ThunderRT6Form]
[Window,Class] = [Protected List,ThunderRT6Form]
[Window,Class] = [Autocleaning List,ThunderRT6Form]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3D3E65
DFMap0-4013692
DfRoot0003D3E65
MSCTF.MarshalInterface.FileMap.MPE..CFPGH
MSCTF.MarshalInterface.FileMap.MPE.B.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.C.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.D.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.E.CFPGH
MSCTF.MarshalInterface.FileMap.MPE.F.BGPGH
MSCTF.MarshalInterface.FileMap.MPE.G.BGPGH
MSCTF.Shared.SFM.MPE
MSCTF.MarshalInterface.FileMap.MPE.H.EAALH
MSCTF.MarshalInterface.FileMap.MPE.I.EAALH
MSCTF.MarshalInterface.FileMap.MPE.J.EAALH
Behavior description:查找文件
details:FileName = C:\WINDOWS\system32\ntdll.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445390606.110399.exe_7zdump\ahi\Plugins\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445390606.113894.exe_7zdump\ahi\Lists\*.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445390606.117374.exe_7zdump\ahi\Trial-Reset-Test
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Version\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ToolboxBitmap32\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 1144, Hwnd=0x302ba, Text = Abort, ClassName = ThunderRT6CommandButton.
Pid = 1144, Hwnd=0x302bc, Text = Pause, ClassName = ThunderRT6CommandButton.
Pid = 1144, Hwnd=0x202b4, Text = Trial-Reset 4.0 Final, ClassName = ThunderRT6Form.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Trial-Reset 4.0 Final,ThunderRT6Form]
[Window,Class] = [Protected List,ThunderRT6Form]
[Window,Class] = [Autocleaning List,ThunderRT6Form]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MPE
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号