VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Scanner(s) (0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-23 10:10:07 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 7
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 26
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.4014 25.4014 2015-10-23 Found nothing 35
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 26
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 6
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Found nothing 5
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 23
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 35
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 18
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 35
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :75
基本信息
VirSCANVirSCAN
MD5:5ecc1844aaffdcfe845881dfbf59e127
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000170-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_170
Isolation Process Registry (57AE9D7F-792D-11E5-91BE-000000000000)
Isolation Signal Registry (57AE9D7F-792D-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!368
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<368>
AtlDebugAllocator_FileMappingNameStatic3_170
DfRoot0003DB8A7
DfRoot0003DC38B
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.IMD..MLCOH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000170-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_170
Isolation Process Registry (57AE9D7F-792D-11E5-91BE-000000000000)
Isolation Signal Registry (57AE9D7F-792D-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!368
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<368>
AtlDebugAllocator_FileMappingNameStatic3_170
DfRoot0003DB8A7
DfRoot0003DC38B
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.IMD..MLCOH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000170-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_170
Isolation Process Registry (57AE9D7F-792D-11E5-91BE-000000000000)
Isolation Signal Registry (57AE9D7F-792D-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!368
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<368>
AtlDebugAllocator_FileMappingNameStatic3_170
DfRoot0003DB8A7
DfRoot0003DC38B
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.IMD..MLCOH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015102320151024\index.dat---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Program Files\Common Files\Adobe\Acrobat
FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.695220.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.698740.exe_7zdump\Payload
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.702251.exe_7zdump\Payload\etao4iphone.app
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445567176.705799.exe_7zdump\Payload\etao4iphone.app\lazyload.html
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://110.110.110.110:80/wpad.dat hInternet = 0x000003ec
InternetOpenUrlA: http://110.110.110.110:80/wpad.dat hInternet = 0x000007d4
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://www.live.com/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
URLDownloadToFileW: https://go.microsoft.com/fwlink/?LinkId=141260 ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno3.tmp
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = g.assets.daily.taobao.net, PORT = 80
InternetConnectA: ServerName = a.tbcdn.cn, PORT = 80
InternetConnectA: ServerName = gtms04.alicdn.com, PORT = 80
InternetConnectA: ServerName = gtms01.alicdn.com, PORT = 80
InternetConnectA: ServerName = img01.taobaocdn.com, PORT = 80
InternetConnectA: ServerName = g.tbcdn.cn, PORT = 80
InternetConnectA: ServerName = cdn.mmstat.com, PORT = 80
InternetConnectA: ServerName = gtms02.alicdn.com, PORT = 80
行为描述: 建立到一个指定的套接字连接
详情信息: 127.0.0.1:1031
行为描述: 读取网络文件
详情信息: hFile = 0x000003ec, BytesToRead =4010, BytesRead = 4010.
hFile = 0x000005c8, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000005ec, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000005f4, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000005fc, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00000604, BytesToRead =2048, BytesRead = 2048.
hFile = 0x000007d4, BytesToRead =4010, BytesRead = 4010.
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/angela/0.6.7/index.css, hConnect = 0x00000478
HttpOpenRequestA: g.assets.daily.taobao.net:80/??ecc/angela/0.6.7/index.js,ecc/mstat/1.0.7/ext.js,ecc/mstat/1.0.7/index.js,tb/kimi/0.0.5/kimi-min.js,seajs/seajs/2.2.0/sea.js,seajs/seajs/2.2.0/plugin-combo.js,mtb/lib-mtop/0.5.13/mtop.debug.js,mtb/lib-login/0.2
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/angela/0.6.7/index.css, hConnect = 0x00000570
HttpOpenRequestA: a.tbcdn.cn:80/s/aplus_wap.js, hConnect = 0x0000056c
HttpOpenRequestA: a.tbcdn.cn:80/s/fdc/??spm_wap.js,spmact_wap.js?v=140220, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/??etao/m-index/1.0.3/components/floatlayer/floatlayer.css,etao/m-index/1.0.3/components/addtodesktop/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/??mcommon/1.1.1/index.css,mcommon/1.1.1/popup.css,mcommon/1.1.1/weixin.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/??etao/m-youhui/1.0.8/components/youhui/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/etao/m-youhui/1.0.8/components/mask/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/etao/m-youhui/1.0.8/components/recommend-guess/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/toast/1.0.2/index.css, hConnect = 0x00000570
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/actionsheet/1.0.1/index.css, hConnect = 0x00000578
HttpOpenRequestA: g.assets.daily.taobao.net:80/ecc/loading/1.0.2/index.css, hConnect = 0x00000578
HttpOpenRequestA: a.tbcdn.cn:80/s/aplus_wap.js, hConnect = 0x000005ac
HttpOpenRequestA: a.tbcdn.cn:80/s/aplus_wap.js, hConnect = 0x00000598
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{57AE9D82-792D-11E5-91BE-000000000000}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Type
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Flags
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015102320151024\CachePath
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!BrowserEmulation!SharedMemory!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
ConnHashTable<368>_HashTable_Mutex
oleacc-msaa-loaded
Local\ZonesCounterMutex
Local\RSS Eventing Connection Database Mutex 00000170
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
运行截图
VirSCANVirSCAN
VirSCAN