VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:e95054e0ca457c2863fe6354a22838a6
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 探测 Virtual PC是否存在
details: N/A
Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000202a2, Text = 冰火島任務庫查詢工具, ClassName = #32770.
Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MPB..AJPGH
MSCTF.MarshalInterface.FileMap.MPB.B.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.C.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.D.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.E.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.F.AKPGH
MSCTF.MarshalInterface.FileMap.MPB.G.AKPGH
MSCTF.Shared.SFM.MPB
Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description: 查找指定内核模块
details: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
Behavior description: 查找反病毒常用工具窗口
details: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]

Process behavior

Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MPB..AJPGH
MSCTF.MarshalInterface.FileMap.MPB.B.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.C.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.D.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.E.AJPGH
MSCTF.MarshalInterface.FileMap.MPB.F.AKPGH
MSCTF.MarshalInterface.FileMap.MPB.G.AKPGH
MSCTF.Shared.SFM.MPB

Other behavior

Behavior description: 探测 Virtual PC是否存在
details: N/A
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MPB
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 尝试打开调试器或监控软件的驱动设备对象
details: \??\SICE
\??\SIWVID
\??\NTICE
Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000202a2, Text = 冰火島任務庫查詢工具, ClassName = #32770.
Behavior description: 窗口信息
details: Pid = 180, Hwnd=0x202a6, Text = YY教系列任務, ClassName = Button.
Pid = 180, Hwnd=0x202a8, Text = 京龍幫系列任務, ClassName = Button.
Pid = 180, Hwnd=0x202cc, Text = 梨花教系列任務, ClassName = Button.
Pid = 180, Hwnd=0x202b4, Text = 麻衣教系列任務, ClassName = Button.
Pid = 180, Hwnd=0x202b2, Text = 幽靈船系列任務, ClassName = Button.
Pid = 180, Hwnd=0x302ba, Text = 保龍幫系列任務, ClassName = Button.
Pid = 180, Hwnd=0x302bc, Text = 五毒教系列任務, ClassName = Button.
Pid = 180, Hwnd=0x202d4, Text = 魔教系列任務, ClassName = Button.
Pid = 180, Hwnd=0x302dc, Text = 武林盟系列任務, ClassName = Button.
Pid = 180, Hwnd=0x202d6, Text = 丐幫系列任務, ClassName = Button.
Pid = 180, Hwnd=0x202d8, Text = 繁體化: 風雲武林 , ClassName = Static.
Pid = 180, Hwnd=0x202c2, Text = 結束, ClassName = Button.
Pid = 180, Hwnd=0x202c4, Text = 紫色任務, ClassName = Button.
Pid = 180, Hwnd=0x202c8, Text = 作者: 電信1-仙境 冰藍楓, ClassName = Static.
Pid = 180, Hwnd=0x202ca, Text = 稱謂任務, ClassName = Button.
Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Behavior description: 查找指定内核模块
details: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
Behavior description: 查找反病毒常用工具窗口
details: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]