VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:f0ee0fe6cc055fcebe2b417d6acaef57
file type:Nsis
Production company:ParetoLogic Inc.
version:3.1.0.0---3.1.0.0
Shell or compiler information:
Subfile information:PCHA.exe / d6417e3ee99744edecc5978cac82a1b0 / EXE
Utility.pxt / 83a0365b1e36c4e496b6efa6a67b525c / DLL
MyResources.dll / 5d0e9450dbbd6709fcb5bca4772199a4 / DLL
splash.bmp / 37ed2e982dae9e1810938428713706f3 / Unknown
SandBoxer.dll / cef4a3cf56e65fcafcf076f4120ac5df / DLL
7ZipDLL.dll / 03543353deecf8cc23836b52e90167e7 / DLL
UUS3.dll / bb4a83a07a44e2716887b4e742915b94 / DLL
noapp.exe / 80d93995ad838a8d333df1596baa7d11 / EXE
sqlite3.dll / da25d9633cb3669411ca07e29f8f7b55 / DLL
uninstall.exe / d2b89edf868b594567ac096bee450029 / Nsis
Pareto_Update3.exe / b681116d816d3ca62e9da7c0a7a1ce9a / EXE
HandleUpdate.dll / ee3175c263efde156ffe2ec3ad48824c / DLL
CommonSpecialist.pxt / fc5a9aada350da25f05b7e71a8d69f4a / DLL
CommonLoggingExtension.pxt / 2dfc8eaf0c5c865771d7b513ed14be81 / DLL
RegHookSpecialist.pxt / 1d73e42ec723d6af337c2d7bcb9fef1f / DLL
bg.png / 7fcecf9d2dd04b7352b0dc401a899ac7 / Unknown
modern-wizard.bmp / 0af6827b707e1c988032f72fade4f59d / Unknown
ExtensionManager.dll / ab106407705af354454ebf395d032ee8 / DLL
ParetoLogicUpdate.chm / 52f71b6fede4b53123adbe2cf83f7d41 / Chm
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHI..NIBKH
MSCTF.MarshalInterface.FileMap.EHI.B.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.C.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.D.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.E.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.F.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.G.MKBKH
MSCTF.Shared.SFM.EHI
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000e029c, Text = PC Health Advisor-installatie, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.46-Unicode,Static]
[Window,Class] = [Nullsoft Install System v2.46-Unicode ,Static]
[Window,Class] = [,Static]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHI..NIBKH
MSCTF.MarshalInterface.FileMap.EHI.B.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.C.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.D.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.E.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.F.NJBKH
MSCTF.MarshalInterface.FileMap.EHI.G.MKBKH
MSCTF.Shared.SFM.EHI
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\UserInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\AdvSplash.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\KillProcDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\nsDialogs.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\splash.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\modern-header.bmp---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd5.tmp---> Offset = 98304
C:\WINDOWS\wininit.ini---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\AdvSplash.dll.AmBackup3
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\KillProcDLL.dll.AmBackup4
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\nsDialogs.dll.AmBackup5
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\System.dll.AmBackup1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\UserInfo.dll.AmBackup2
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
{
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EHI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.46-Unicode,Static]
[Window,Class] = [Nullsoft Install System v2.46-Unicode ,Static]
[Window,Class] = [,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 505953, SleepMilliseconds = 2000.
TickCount = 505984, SleepMilliseconds = 2000.
TickCount = 506000, SleepMilliseconds = 2000.
TickCount = 506015, SleepMilliseconds = 2000.
TickCount = 506031, SleepMilliseconds = 2000.
TickCount = 506078, SleepMilliseconds = 2000.
TickCount = 506093, SleepMilliseconds = 2000.
TickCount = 511750, SleepMilliseconds = 2000.
TickCount = 525656, SleepMilliseconds = 2000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000e029c, Text = PC Health Advisor-installatie, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2160, Hwnd=0xc029c, Text = _sp, ClassName = _sp.
Pid = 2160, Hwnd=0x402a2, Text = &Volgende >, ClassName = Button.
Pid = 2160, Hwnd=0x302a0, Text = Annuleren, ClassName = Button.
Pid = 2160, Hwnd=0x202d4, Text = Nullsoft Install System v2.46-Unicode , ClassName = Static.
Pid = 2160, Hwnd=0x302dc, Text = Nullsoft Install System v2.46-Unicode, ClassName = Static.
Pid = 2160, Hwnd=0x302da, Text = Welkom bij de PC Health Advisor-installatiewizard, ClassName = Static.
Pid = 2160, Hwnd=0x302b8, Text = Deze wizard zal PC Health Advisor op uw systeem installeren. Het wordt aanbevolen alle overige toepassingen af te sluiten alvo, ClassName = Static.
Pid = 2160, Hwnd=0xe029c, Text = PC Health Advisor-installatie, ClassName = #32770.
Pid = 2160, Hwnd=0x10344, Text = 是(&Y), ClassName = Button.
Pid = 2160, Hwnd=0x10346, Text = 否(&N), ClassName = Button.
Pid = 2160, Hwnd=0x1034a, Text = Weet u zeker dat u de PC Health Advisor-installatie wilt afsluiten?, ClassName = Static.
Pid = 2160, Hwnd=0x30342, Text = PC Health Advisor-installatie, ClassName = #32770.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 2000.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\splash.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\modern-header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy6.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号