VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:e4cc2079f78eba1a74faedd4cf317d85
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [Smart Install Maker,obj_Form]
[Window,Class] = [Install FDFRun 1.3.2.2014.0,obj_Form]
[Window,Class] = [,obj_BUTTON]
[Window,Class] = [,obj_STATIC]

Process behavior

Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MNJ..HCLFF
MSCTF.MarshalInterface.FileMap.MNJ.B.EKLFF
MSCTF.MarshalInterface.FileMap.MNJ.C.EKLFF
MSCTF.MarshalInterface.FileMap.MNJ.D.EKLFF
MSCTF.MarshalInterface.FileMap.MNJ.E.ELLFF
MSCTF.MarshalInterface.FileMap.MNJ.F.ELLFF
MSCTF.MarshalInterface.FileMap.MNJ.G.ELLFF
MSCTF.Shared.SFM.MNJ
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\2.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\4.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\5.tmp---> Offset = 28490
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\7.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\8.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\15.tmp---> Offset = 3134
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\20.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\$inst\21.tmp---> Offset = 0

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MNJ
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [Smart Install Maker,obj_Form]
[Window,Class] = [Install FDFRun 1.3.2.2014.0,obj_Form]
[Window,Class] = [,obj_BUTTON]
[Window,Class] = [,obj_STATIC]
Behavior description: 窗口信息
details: Pid = 2520, Hwnd=0x10358, Text = Please select a language., ClassName = obj_STATIC.
Pid = 2520, Hwnd=0x1035a, Text = English, ClassName = obj_COMBOBOX.
Pid = 2520, Hwnd=0x1035e, Text = OK, ClassName = obj_BUTTON.
Pid = 2520, Hwnd=0x10360, Text = Cancel, ClassName = obj_BUTTON.
Pid = 2520, Hwnd=0x10356, Text = Install FDFRun 1.3.2.2014.0, ClassName = obj_Form.
Pid = 2520, Hwnd=0x1036e, Text = Launch FDFRun, ClassName = obj_BUTTON.
Pid = 2520, Hwnd=0x10370, Text = View Readme, ClassName = obj_BUTTON.
Pid = 2520, Hwnd=0x10372, Text = Visit product web site, ClassName = obj_BUTTON.
Pid = 2520, Hwnd=0x103b2, Text = Welcome to the FDFRun Setup Wizard, ClassName = obj_STATIC.
Pid = 2520, Hwnd=0x103b4, Text = This wizard will guide you through the installation of FDFRun. It is recommended that you close all other applications before , ClassName = obj_STATIC.
Pid = 2520, Hwnd=0x1037a, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install FDFRun., ClassName = obj_STATIC.
Pid = 2520, Hwnd=0x1037c, Text = LICENSE AGREEMENT (English) License type: Freeware (Free of charge) Program: FDFRun/DrvInfo ? VRCP Soft Author: Saltykov D, ClassName = obj_RichEdit50W.
Pid = 2520, Hwnd=0x10386, Text = Select the Start Menu folder in which you would like to create the program"s shortcuts. You can also enter a name to create a new, ClassName = obj_STATIC.
Pid = 2520, Hwnd=0x10388, Text = VRCP Soft\FDFRun, ClassName = obj_EDIT.
Pid = 2520, Hwnd=0x103b0, Text = Do not create shortcuts, ClassName = obj_BUTTON.
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE