VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:84
Behavior list
Basic Information
MD5:e87cbd264a2ca9b80cc9883b3e6f3aa9
file type:Nsis
Production company:Disc Soft Ltd.
version:1.0.0.0---1.0.0
Shell or compiler information:
Subfile information:AppDownloader.exedumpFile / b6b508e67dfeb7f6e59c956707ba2a2a / EXE
AppDownloader.exe / b6b508e67dfeb7f6e59c956707ba2a2a / EXE
dotNetFx40_Client_setup.exedumpFile / 61446fdd76788229d3ebaeabe84df38c / 7z
dotNetFx40_Client_setup.exe / 61446fdd76788229d3ebaeabe84df38c / 7z
SetupEngine.dll / 84c1daf5f30ff99895ecab3a55354bcf / DLL
SetupUi.dll / eb881e3dddc84b20bd92abcec444455f / DLL
Parameterinfo.xml / eb9d318bbea1f384a78ede1d1051f47d / Unknown
ParameterInfo.xml / eb9d318bbea1f384a78ede1d1051f47d / Unknown
sqmapi.dll / 3f0363b40376047eff6a9b97d633b750 / DLL
watermark.bmp / b0075cee80173d764c0237e840ba5879 / Unknown
SetupUtility.exe / 8dfbb95989af28058c7431704ce7cd66 / EXE
DisplayIcon.ico / f9657d290048e169ffabbbb9c7412be0 / Unknown
LocalizedData.xml / 89d4356e0f226e75ca71d48690e8ec15 / Unknown
LocalizedData.xml / 3bf8da35b14fbcc564e03f6342bb71f2 / Unknown
LocalizedData.xml / 1dad88faed661db34eef535d36563ee2 / Unknown
LocalizedData.xml / bdb583c7a48f811be3b0f01fcea40470 / Unknown
LocalizedData.xml / 8505219c0a8d950ff07dc699d8208309 / Unknown
LocalizedData.xml / 349b52a81342a7afb8842459e537ecc6 / Unknown
LocalizedData.xml / 0b6ed582eb557573e959e37ebe2fca6a / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Global\Cor_Private_IPCBlock_v4_2652
Global\Cor_SxSPublic_IPCBlock_2652
Global\NLS_CodePage_936_3_2_0_0
MSCTF.MarshalInterface.FileMap.AGK..GGCIF
MSCTF.MarshalInterface.FileMap.AGK.B.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.C.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.D.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.E.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.F.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.G.GGCIF
MSCTF.Shared.SFM.AGK
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:按名称获取主机地址
details:wpad.
downloader1.disk-tools.com
downloader2.disk-tools.com
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AppDownloader.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AppDownloader.exe
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Global\Cor_Private_IPCBlock_v4_2652
Global\Cor_SxSPublic_IPCBlock_2652
Global\NLS_CodePage_936_3_2_0_0
MSCTF.MarshalInterface.FileMap.AGK..GGCIF
MSCTF.MarshalInterface.FileMap.AGK.B.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.C.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.D.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.E.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.F.GGCIF
MSCTF.MarshalInterface.FileMap.AGK.G.GGCIF
MSCTF.Shared.SFM.AGK
Behavior description:重命名文件
details:C:\WINDOWS\system32\d3d9caps.tmp ---> C:\WINDOWS\system32\d3d9caps.dat
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AppDownloader.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dotNetFx40_Client_setup.exe
Behavior description:修改文件内容
details:C:\WINDOWS\system32\d3d9caps.dat---> Offset = 28
C:\WINDOWS\system32\d3d9caps.tmp---> Offset = 28
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Network behavior
Behavior description:按名称获取主机地址
details:wpad.
downloader1.disk-tools.com
downloader2.disk-tools.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Direct3D\MostRecentApplication\Name
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:启动系统服务
details:[服务启动成功]: NT AUTHORITY\LocalService, Windows Presentation Foundation Font Cache 4.0.0.0, C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Global\{2bab9dfc-cb32-4ca2-bf83-85582d45510}
RasPbFile
DDrawWindowListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.AGK
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号