VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:e8ba0812fdb0a38ca48c6c4bfd578a59
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0xf69d18f1, EDX = 0x00000038
EAX = 0xf950186d, EDX = 0x00000038
EAX = 0xf95018b9, EDX = 0x00000038
EAX = 0x111981dc, EDX = 0x00000039

File behavior

Behavior description: 查找文件
details: FileName = C:\Windows\system32\perfc804.dat
FileName = C:\Windows\system32\prfc??04.dat
FileName = C:\Windows\system32\perfc004.dat
FileName = C:\Windows\system32\perfc009.dat

Network behavior

Behavior description: 按名称获取主机地址
details: gethostbyname: a-PC

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 创建互斥体
details: Global\LOADPERF_MUTEX
.NET CLR Data_Perf_Library_Lock_PID_998
.NET CLR Networking_Perf_Library_Lock_PID_998
.NET Data Provider for Oracle_Perf_Library_Lock_PID_998
.NET Data Provider for SqlServer_Perf_Library_Lock_PID_998
.NETFramework_Perf_Library_Lock_PID_998
BITS_Perf_Library_Lock_PID_998
ESENT_Perf_Library_Lock_PID_998
Lsa_Perf_Library_Lock_PID_998
MSDTC_Perf_Library_Lock_PID_998
MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_998
MSSCNTRS_Perf_Library_Lock_PID_998
PerfDisk_Perf_Library_Lock_PID_998
PerfNet_Perf_Library_Lock_PID_998
PerfOS_Perf_Library_Lock_PID_998
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,#32770]
Behavior description: 打开互斥体
details: Local\MSCTF.Asm.MutexDefault1
Behavior description: 窗口信息
details: Pid = 2456, Hwnd=0x2017a, Text = 上线特征码, ClassName = Button(GroupBox).
Pid = 2456, Hwnd=0x30178, Text = 上线主机, ClassName = Static.
Pid = 2456, Hwnd=0x20174, Text = 端口, ClassName = Static.
Pid = 2456, Hwnd=0x20170, Text = 上线字串, ClassName = Static.
Pid = 2456, Hwnd=0x2016e, Text = 系统配置, ClassName = Button(GroupBox).
Pid = 2456, Hwnd=0x20166, Text = 应用, ClassName = Button.
Pid = 2456, Hwnd=0x20168, Text = 监听端口, ClassName = Static.
Pid = 2456, Hwnd=0x20156, Text = 连接上限, ClassName = Static.
Pid = 2456, Hwnd=0x20160, Text = 自动, ClassName = Button(CheckBox).
Pid = 2456, Hwnd=0x3015e, Text = 代理主机, ClassName = Static.
Pid = 2456, Hwnd=0x2015a, Text = 端口, ClassName = Static.
Pid = 2456, Hwnd=0x101e8, Text = 需要验证, ClassName = Button(CheckBox).
Pid = 2456, Hwnd=0x101ea, Text = 使用socks5代理上线, ClassName = Button(CheckBox).
Pid = 2456, Hwnd=0x101ec, Text = 用 户 名, ClassName = Static.
Pid = 2456, Hwnd=0x101f2, Text = 密码, ClassName = Static.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Behavior description: 直接获取CPU时钟
details: EAX = 0xf69d18f1, EDX = 0x00000038
EAX = 0xf950186d, EDX = 0x00000038
EAX = 0xf95018b9, EDX = 0x00000038
EAX = 0x111981dc, EDX = 0x00000039