VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-23 10:10:07 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 7
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 26
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.4014 25.4014 2015-10-23 Found nothing 35
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 26
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 6
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Found nothing 5
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 23
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 35
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 18
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 35
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :75
基本信息
VirSCANVirSCAN
MD5:5ecc1844aaffdcfe845881dfbf59e127
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000170-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_170
Isolation Process Registry (57AE9D7F-792D-11E5-91BE-000000000000)
Isolation Signal Registry (57AE9D7F-792D-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!368
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<368>
AtlDebugAllocator_FileMappingNameStatic3_170
DfRoot0003DB8A7
DfRoot0003DC38B
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.IMD..MLCOH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000170-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_170
Isolation Process Registry (57AE9D7F-792D-11E5-91BE-000000000000)
Isolation Signal Registry (57AE9D7F-792D-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!368
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<368>
AtlDebugAllocator_FileMappingNameStatic3_170
DfRoot0003DB8A7
DfRoot0003DC38B
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.IMD..MLCOH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000170-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_170
Isolation Process Registry (57AE9D7F-792D-11E5-91BE-000000000000)
Isolation Signal Registry (57AE9D7F-792D-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!368
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<368>
AtlDebugAllocator_FileMappingNameStatic3_170
DfRoot0003DB8A7
DfRoot0003DC38B
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.IMD..MLCOH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024\index.dat---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Program Files\Common Files\Adobe\Acrobat
FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.695220.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.698740.exe_7zdump\Payload
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.702251.exe_7zdump\Payload\etao4iphone.app
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.705799.exe_7zdump\Payload\etao4iphone.app\lazyload.html
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://110.110.110.110:80/wpad.dat hInternet = 0x000003ec
InternetOpenUrlA: http://110.110.110.110:80/wpad.dat hInternet = 0x000007d4
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://www.live.com/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
URLDownloadToFileW: https://go.microsoft.com/fwlink/?LinkId=141260 ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno3.tmp
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = g.assets.daily.taobao.net, PORT = 80
InternetConnectA: ServerName = a.tbcdn.cn, PORT = 80
InternetConnectA: ServerName = gtms04.alicdn.com, PORT = 80
InternetConnectA: ServerName = gtms01.alicdn.com, PORT = 80
InternetConnectA: ServerName = img01.taobaocdn.com, PORT = 80
InternetConnectA: ServerName = g.tbcdn.cn, PORT = 80
InternetConnectA: ServerName = cdn.mmstat.com, PORT = 80
InternetConnectA: ServerName = gtms02.alicdn.com, PORT = 80
行为描述: 建立到一个指定的套接字连接
详情信息: 127.0.0.1:1031
行为描述: 读取网络文件
详情信息: hFile = 0x000003ec, BytesToRead =4010, BytesRead = 4010.
hFile = 0x000005c8, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000005ec, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000005f4, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000005fc, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00000604, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000007d4, BytesToRead =4010, BytesRead = 4010.
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/angela/0.6.7/index.css, hConnect = 0x00000478
HttpOpenRequestA: g.assets.daily.taobao.net:80/??ecc/angela/0.6.7/index.js,ecc/mstat/1.0.7/ext.js,ecc/mstat/1.0.7/index.js,tb/kimi/0.0.5/kimi-min.js,seajs/seajs/2.2.0/sea.js,seajs/seajs/2.2.0/plugin-combo.js,mtb/lib-mtop/0.5.13/mtop.debug.js,mtb/lib-login/0.2
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/angela/0.6.7/index.css, hConnect = 0x00000570
HttpOpenRequestA: a.tbcdn.cn:80/s/aplus_wap.js, hConnect = 0x0000056c
HttpOpenRequestA: a.tbcdn.cn:80/s/fdc/??spm_wap.js,spmact_wap.js?v=140220, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/??etao/m-index/1.0.3/components/floatlayer/floatlayer.css,etao/m-index/1.0.3/components/addtodesktop/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/??mcommon/1.1.1/index.css,mcommon/1.1.1/popup.css,mcommon/1.1.1/weixin.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/??etao/m-youhui/1.0.8/components/youhui/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/etao/m-youhui/1.0.8/components/mask/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/etao/m-youhui/1.0.8/components/recommend-guess/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/toast/1.0.2/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/actionsheet/1.0.1/index.css, hConnect = 0x00000578
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/loading/1.0.2/index.css, hConnect = 0x00000578
HttpOpenRequestA: a.tbcdn.cn:80/s/aplus_wap.js, hConnect = 0x000005ac
HttpOpenRequestA: a.tbcdn.cn:80/s/aplus_wap.js, hConnect = 0x00000598
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{57AE9D82-792D-11E5-91BE-000000000000}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Type
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Flags
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015102320151024\CachePath
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!BrowserEmulation!SharedMemory!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
ConnHashTable<368>_HashTable_Mutex
oleacc-msaa-loaded
Local\ZonesCounterMutex
Local\RSS Eventing Connection Database Mutex 00000170
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
运行截图
VirSCANVirSCAN
VirSCAN