VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Basic Information

MD5: fa2575f80192f5ba431be67bef4866fc
file type: EXE
Production company: www.CompulsiveCode.com
version: 4.0.6319.27135---4.0.6319.27135
Shell or compiler information: COMPILER:Microsoft Visual C# / Basic .NET

Key behavior

Behavior description: 获取TickCount值
details: TickCount = 277781, SleepMilliseconds = 60000.
TickCount = 277828, SleepMilliseconds = 60000.
TickCount = 277890, SleepMilliseconds = 60000.
TickCount = 277953, SleepMilliseconds = 60000.
TickCount = 277968, SleepMilliseconds = 60000.
TickCount = 278015, SleepMilliseconds = 60000.
TickCount = 278031, SleepMilliseconds = 60000.
TickCount = 286671, SleepMilliseconds = 60000.
TickCount = 286687, SleepMilliseconds = 60000.
TickCount = 287890, SleepMilliseconds = 60000.
TickCount = 287906, SleepMilliseconds = 60000.
TickCount = 287921, SleepMilliseconds = 60000.
TickCount = 287937, SleepMilliseconds = 60000.
TickCount = 300546, SleepMilliseconds = 60000.
TickCount = 300562, SleepMilliseconds = 60000.

File behavior

Behavior description: 覆盖已有文件
details: C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description: 查找文件
details: FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.INI
FileName = C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
FileName = C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\UnitOfMeasure
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\OutputType
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\Out_Path
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\Out_Folder_Specific
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\Out_Multi
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\Out_FileName
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\UseEXIForientation
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\PageSize_MatchImage
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\PageSize_Width
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\PageSize_Height
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\PageSize_ShrinkOversized
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\PageSize_EnlargeSmall
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\Margins_Top
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\Margins_Bottom
\REGISTRY\USER\S-*\Software\VB and VBA Program Settings\CompulsiveCode_JpegToPDF\Settings\Margins_Left

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AJK
Behavior description: 创建事件对象
details: EventName = Global\CorDBIPCSetupSyncEvent_2700
EventName = MSCTF.SendReceive.Event.AJK.IC
EventName = MSCTF.SendReceiveConection.Event.AJK.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 打开事件
details: Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2700
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 获取TickCount值
details: TickCount = 277781, SleepMilliseconds = 60000.
TickCount = 277828, SleepMilliseconds = 60000.
TickCount = 277890, SleepMilliseconds = 60000.
TickCount = 277953, SleepMilliseconds = 60000.
TickCount = 277968, SleepMilliseconds = 60000.
TickCount = 278015, SleepMilliseconds = 60000.
TickCount = 278031, SleepMilliseconds = 60000.
TickCount = 286671, SleepMilliseconds = 60000.
TickCount = 286687, SleepMilliseconds = 60000.
TickCount = 287890, SleepMilliseconds = 60000.
TickCount = 287906, SleepMilliseconds = 60000.
TickCount = 287921, SleepMilliseconds = 60000.
TickCount = 287937, SleepMilliseconds = 60000.
TickCount = 300546, SleepMilliseconds = 60000.
TickCount = 300562, SleepMilliseconds = 60000.
Behavior description: 获取光标位置
details: CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
Behavior description: 窗口信息
details: Pid = 2700, Hwnd=0x1034e, Text = www.CompulsiveCode.com, ClassName = WindowsForms10.STATIC.app.0.378734a.
Pid = 2700, Hwnd=0x10350, Text = Output Path, ClassName = WindowsForms10.Window.8.app.0.378734a.
Pid = 2700, Hwnd=0x10352, Text = Use image folder, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10356, Text = ..., ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10358, Text = Write Files to:, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x1035a, Text = C:\, ClassName = WindowsForms10.EDIT.app.0.378734a.
Pid = 2700, Hwnd=0x1035c, Text = Output Type, ClassName = WindowsForms10.Window.8.app.0.378734a.
Pid = 2700, Hwnd=0x1035e, Text = XPS, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10360, Text = PDF, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10362, Text = Image Files, ClassName = WindowsForms10.Window.8.app.0.378734a.
Pid = 2700, Hwnd=0x10364, Text = Move Sel Down, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10366, Text = Move Sel Up, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10370, Text = Remove Selected, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10372, Text = Add Files, ClassName = WindowsForms10.BUTTON.app.0.378734a.
Pid = 2700, Hwnd=0x10374, Text = Unit of Measure, ClassName = WindowsForms10.Window.8.app.0.378734a.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = -1.
Behavior description: 打开互斥体
details: ShimCacheMutex
Global\CLR_CASOFF_MUTEX

Run screenshot

VirSCAN