VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:84
Behavior list
Basic Information
MD5:e8d52dbc9225e14fa241a887d281d6ae
file type:EXE
Production company:Mozilla Corporation
version:1.0.0.0---52.2.1
Shell or compiler information:COMPILER:NSIS
Subfile information:ApplicationID.dll / 439928666a6baa4f9d2a1b0fb92265ec / DLL
CityHash.dll / 737379945745bb94f8a0dadcc18cad8d / DLL
modern-header.bmp / 67552e422d0324e23cbb0b16a5599cfd / Unknown
[NSIS].nsi / 204d46c3f914b21be600cae485aaab08 / Unknown
UAC.dll / 113c5f02686d865bc9e8332350274fd1 / DLL
System.dll / 17ed1c86bd67e78ade4712be48a7d2bd / DLL
liteFirewallW.dll / 2c8980aa8fad2477864defb3fde39ca4 / DLL
nsExec.dll / b55f7f1b17c39018910c23108f929082 / DLL
AppAssocReg.dll / 1145a8e66064f36640e62e7ed58472bd / DLL
ServicesHelper.dll / d0b5c37ca029913314dfc21924423c6f / DLL
ShellLink.dll / d62d3e349689811f838dd10fb216eba1 / DLL
InvokeShellVerb.dll / 1a6e1ea7e90e50d9a18e034e7cde41a6 / DLL
UserInfo.dll / 1b446b36f5b4022d50ffdc0cf567b24a / DLL
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsy7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp\System.dll
C:\WINDOWS\wininit.ini
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsy7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp\System.dll
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp\System.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp\System.dll ---> Offset = 0
C:\WINDOWS\wininit.ini ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn8.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\distribution\setup.ini
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\firefox.exe.moz-upgrade
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\firefox.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn8.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn8.tmp\System.dll.AmBackup1
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp\System.dll(签名验证: 未通过)
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsn8.tmp\System.dll ---> 17ed1c86bd67e78ade4712be48a7d2bd
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn8.tmp\System.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号