VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:72
Behavior list
Basic Information
MD5:ee31c4623040372a74dd0c038178b0da
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0
Subfile information:响亮取名软件18.03版本.exedumpFile / 169a2d3a03661ab151894c1fc3623c76 / EXE
响亮取名软件18.03版本.exe / 169a2d3a03661ab151894c1fc3623c76 / EXE
kernel32dumpFile / 40976499c7e53cb02f35e0d07205f317 / DLL
kernel32 / 40976499c7e53cb02f35e0d07205f317 / DLL
krnln.fnrdumpFile / dde0681ba7a02bbb1c9b756af7e53fd2 / DLL
krnln.fnr / dde0681ba7a02bbb1c9b756af7e53fd2 / DLL
wininet.dlldumpFile / 327dee78b7478fb079d47be465330c68 / DLL
wininet.dll / 327dee78b7478fb079d47be465330c68 / DLL
iext2.fnedumpFile / a26c8b99e1519f4367893b3d3cd8e089 / DLL
iext2.fne / a26c8b99e1519f4367893b3d3cd8e089 / DLL
RCX12A.tmpdumpFile / 0f675c9987b960b4506c9427cbd33a14 / EXE
RCX12A.tmp / 0f675c9987b960b4506c9427cbd33a14 / EXE
eAPI.fnedumpFile / 75e3942b26c39888cc2ee9b732a101c8 / DLL
eAPI.fne / 75e3942b26c39888cc2ee9b732a101c8 / DLL
CnCalendar.fnedumpFile / 5546525bdd17f8be8807a94a55fc0d6b / DLL
CnCalendar.fne / 5546525bdd17f8be8807a94a55fc0d6b / DLL
cncnv.fnedumpFile / 1882ccf17e61fdc853f44f22ff835c3c / DLL
cncnv.fne / 1882ccf17e61fdc853f44f22ff835c3c / DLL
iext.fnrdumpFile / b666d864234e2586680de95a13259829 / DLL
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005F546B
Behavior description:直接获取CPU时钟
details:EAX = 0x9d056dea, EDX = 0x0000119d
EAX = 0x9d056e36, EDX = 0x0000119d
EAX = 0x9d056e82, EDX = 0x0000119d
EAX = 0x9d056ece, EDX = 0x0000119d
EAX = 0x9d056f1a, EDX = 0x0000119d
EAX = 0x9d056f66, EDX = 0x0000119d
EAX = 0x9fb86ee2, EDX = 0x0000119d
EAX = 0x9fb86f2e, EDX = 0x0000119d
EAX = 0x9fb86f7a, EDX = 0x0000119d
EAX = 0x9fb86fc6, EDX = 0x0000119d
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x002102bc, DC = 0x01010055.
Foreground window Info: HWND = 0x000503e6, DC = 0xa701060c.
Foreground window Info: HWND = 0x00130350, DC = 0x24010301.
Foreground window Info: HWND = 0x000a03b8, DC = 0xeb0103ee.
Foreground window Info: HWND = 0x001003a0, DC = 0x1a010529.
Foreground window Info: HWND = 0x001603be, DC = 0x5701064d.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00070380, Text = 响亮宝宝取名软件 v18.03 已注册, ClassName = WTWindow.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: 响亮取名软件18.03版本.exe, InheritedFromPID = 3292, ProcessID = 3676, ThreadID = 3716, StartAddress = 77DC845A, Parameter = 00000000
File behavior
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\响亮取名软件 V18.03 破解版\Skin\pixos.she
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\响亮取名软件 V18.03 破解版\iext2.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\响亮取名软件 V18.03 破解版\Skin\pixos.she ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\响亮取名软件 V18.03 破解版\eAPI.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\响亮取名软件 V18.03 破解版\cncnv.fne ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\响亮取名软件 V18.03 破解版\zw.fne
Network behavior
Behavior description:打开指定IE网页
details:http://li****om
http://li****om/
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005F546B
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:3D21E658-B095-441a-8FE9-6C10952714C7
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AGO
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AGO.IC
EventName = MSCTF.SendReceiveConection.Event.AGO.IC
Behavior description:打开互斥体
details:DBWinMutex
ShimCacheMutex
Local\!IETld!Mutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [,Microsoft Internet Explorer]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000051
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000051
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00070380, Text = 响亮宝宝取名软件 v18.03 已注册, ClassName = WTWindow.
Behavior description:窗口信息
details:Pid = 3676, Hwnd=0x503e6, Text = (阳历), ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x403ee, Text = (淘宝仅此两家官方代理店铺,别上其他店铺当), ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x503f4, Text = 分, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x130350, Text = 分, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0xa03b8, Text = 时, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x1003a0, Text = 日, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x1603be, Text = 月, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x17033a, Text = 年, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0xb036a, Text = 出生日期:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x903a4, Text = 日, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x1402ca, Text = 年, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x1a031e, Text = 月, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x603c2, Text = 联系方式:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0x1102aa, Text = 取名软件结合周易易经五格等原理综合取名,名字仅供参考!, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3676, Hwnd=0xd0368, Text = 特别申明:, ClassName = Afx:400000:b:10011:1900015:0.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x002102bc, DC = 0x01010055.
Foreground window Info: HWND = 0x000503e6, DC = 0xa701060c.
Foreground window Info: HWND = 0x00130350, DC = 0x24010301.
Foreground window Info: HWND = 0x000a03b8, DC = 0xeb0103ee.
Foreground window Info: HWND = 0x001003a0, DC = 0x1a010529.
Foreground window Info: HWND = 0x001603be, DC = 0x5701064d.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [男,ComboBox]
[Window,Class] = [性别,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,Edit]
[Window,Class] = [姓:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [ 一 一 一   木 木 木   二 二 二   成功顺调,希望达成,基础安定,能向上发展,家门昌隆,心身健全,保得长寿大吉的配置。数凶者则有仇害之虑(吉)   一 一 三   木 木 火   二 二 四   成功顺高,无障碍而向上发展,基础境遇也得安泰,终生享受繁荣长寿的吉配置。(吉)   一 一 五   木 木 土   二 二 六   成功顺调,无障碍而向上发展,境遇坚实,如坐在磐石上,颇有安泰,能得幸福长寿而平安自在。(吉)   一 一 七
[Window,Class] = [,SysListView32]
[Window,Class] = [开始分析,Button]
[Window,Class] = [时,Afx:400000:b:10011:1900015:0]
[Window,Class] = [名,Afx:400000:b:10011:1900015:0]
[Window,Class] = [问:我都生成名字好久了,怎么还不停止呢?什么时候能停止呢? 答:我们的名字库,是取名界中最大的名字库,一次可生成过亿名字,大概要几十个小时,如果不想生成了可以点击停止按钮。 问:软件的有效期是多久? 答:我们软件一次注册,终身使用,终身免费升级。 ----------------------------------------取名技巧-------------------------------------------- 各位父母在给自己的小王子小公主取名的时
[Window,Class] = [感谢您使用本软件,本软件运用《周易》《易经》中金木水火土五行,天人地总外五格三才数理等一些知识精设而成,未注册版软件只能显示10个名字且评分较低,正式版无任何限制。注册购买请联系客服,软件采用一机一码方式注册,一经注册终身免费升级。,Afx:400000:b:10011:1900015:0]
[Window,Class] = [响亮取名软件(25元),Afx:400000:b:10011:1900015:0]
[Window,Class] = [注册方法:付款后,复制机器码给客服领取注册码,再把客服发给你的注册文件 放在和软件同一个文件夹,然后重启软件即可注册成功 ,Afx:400000:b:10011:1900015:0]
[Window,Class] = [机器码:,Afx:400000:b:10011:1900015:0]
Behavior description:直接获取CPU时钟
details:EAX = 0x9d056dea, EDX = 0x0000119d
EAX = 0x9d056e36, EDX = 0x0000119d
EAX = 0x9d056e82, EDX = 0x0000119d
EAX = 0x9d056ece, EDX = 0x0000119d
EAX = 0x9d056f1a, EDX = 0x0000119d
EAX = 0x9d056f66, EDX = 0x0000119d
EAX = 0x9fb86ee2, EDX = 0x0000119d
EAX = 0x9fb86f2e, EDX = 0x0000119d
EAX = 0x9fb86f7a, EDX = 0x0000119d
EAX = 0x9fb86fc6, EDX = 0x0000119d
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号