VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-03-04 22:36:04 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 0
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 0
avast 170109-3 4.7.4 2017-01-09 Found nothing 60
avg 2109/13550 10.0.1405 2017-03-03 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 0
baidusd 1.0 1.0 2014-04-02 Found nothing 0
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23155 0.97.5 2017-03-03 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-02-16 Found nothing 60
fortinet 45.126, 45.126, 45.126 5.4.233 2017-03-04 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.10977 25.10977 2017-03-04 Found nothing 0
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-03-02 Found nothing 0
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Found nothing 0
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-03-03 Found nothing 0
pcc 13.254.06 9.500-1005 2017-03-03 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 0
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-03-03 Found nothing 0
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 0
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 0
thehacker 6.8.0.5 6.8.0.5 2017-03-02 Found nothing 0
tws 17.47.17308 1.0.2.2108 2017-03-03 Found nothing 0
vba 3.12.29.4 beta 3.12.29.4 beta 2017-03-02 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:02e5d3d14c31f7dbc30e01c3fc05b189
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\ProductCodes
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0x63010acf.
Foreground window Info: HWND = 0x00000000, DC = 0xec010988.
Foreground window Info: HWND = 0x00000000, DC = 0x0e010aac.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Users\Administrator\AppData\Local\Temp\CVRA60E.tmp
C:\Users\Administrator\AppData\Local\Temp\763421.od
C:\Users\Administrator\AppData\Local\%temp%\****.pptx
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK
行为描述: 查找文件
详情信息: FileName = C:\Program Files\Common Files\Microsoft Shared\office12
FileName = C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
FileName = C:\Program Files\Common Files\Microsoft Shared\office12\*.*
FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office 2007
FileName = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\v2.0.0\mscorwks.dll
FileName = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
FileName = C:\Users\Administrator\AppData\Local\Microsoft\Office\PowerPoint.qat
FileName = C:\Users\Administrator\AppData\Local\%temp%\****.pptx
FileName = C:\Users\Administrator
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
行为描述: 删除文件
详情信息: C:\Users\Administrator\AppData\Local\%temp%\****.pptx
行为描述: 复制文件
详情信息: C:\PROGRA~2\MICROS~1\OFFICE\DATA\OPA12.BAK ---> C:\PROGRA~2\MICROS~1\OFFICE\DATA\opa12.dat
行为描述: 重命名文件
详情信息: C:\Users\Administrator\AppData\Local\Temp\CVRA60E.tmp ---> C:\Users\ADMINI~1\AppData\Local\Temp\CVRA60E.tmp.cvr
行为描述: 修改文件内容
详情信息: C:\Users\Administrator\AppData\Local\Temp\763421.od ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\763421.od ---> Offset = 29
C:\Users\Administrator\AppData\Local\Temp\763421.od ---> Offset = 33
C:\Users\Administrator\AppData\Local\Temp\763421.od ---> Offset = 54
C:\Users\Administrator\AppData\Local\Temp\763421.od ---> Offset = 60
C:\Users\Administrator\AppData\Local\%temp%\****.pptx ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\****.pptx ---> Offset = 55
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%\****.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 80
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\%temp%.LNK ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat ---> Offset = 40
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\?45
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\2052
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\1033
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\PPTFiles
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\ProductFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\|?5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\zb5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\)b5
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109110000000000000000F01FEC\Usage\ProductNonBootFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\{d5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\xe5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\he5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\:r5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 1
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\|?5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\zb5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\)b5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\{d5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\xe5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\he5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Max Display
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 1
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 2
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 3
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 4
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 6
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 7
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\File MRU\Item 8
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\ProductCodes
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\PowerPoint\Resiliency\StartupItems\
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 创建互斥体
详情信息: DBWinMutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述: 创建事件对象
详情信息: EventName = Local\PP12Running_S-*
EventName = FADEOUTMANAGER_MESSAGE_HWND_CREATED_EVENT
行为描述: 窗口信息
详情信息: Pid = 2456, Hwnd=0x1b01ac, Text = MsoDockTop, ClassName = MsoCommandBarDock.
Pid = 2456, Hwnd=0x170306, Text = Ribbon, ClassName = MsoCommandBar.
Pid = 2456, Hwnd=0x160302, Text = MsoDockBottom, ClassName = MsoCommandBarDock.
Pid = 2456, Hwnd=0x190114, Text = 状态栏, ClassName = MsoCommandBar.
Pid = 2456, Hwnd=0x23016c, Text = MsoWorkPane, ClassName = MsoWorkPane.
Pid = 2456, Hwnd=0x1601ce, Text = MsoWorkPane, ClassName = MsoWorkPane.
Pid = 2456, Hwnd=0x1c01c0, Text = Microsoft PowerPoint - [b70c], ClassName = PP12FrameClass.
Pid = 2456, Hwnd=0x702a4, Text = Ribbon, ClassName = MsoWorkPane.
Pid = 2456, Hwnd=0x20017a, Text = 状态栏, ClassName = MsoWorkPane.
Pid = 2456, Hwnd=0x1d018a, Text = b70c, ClassName = mdiClass.
Pid = 2456, Hwnd=0x1a0272, Text = Slide, ClassName = paneClassDC.
Pid = 2456, Hwnd=0x1901e2, Text = 垂直, ClassName = NUIScrollbar.
Pid = 2456, Hwnd=0x1801a8, Text = 水平, ClassName = NUIScrollbar.
Pid = 2456, Hwnd=0x8028e, Text = Thumbnails, ClassName = paneClassDC.
Pid = 2456, Hwnd=0x170146, Text = 垂直, ClassName = NUIScrollbar.
行为描述: 打开事件
详情信息: Local\PP12Running_S-*
\KernelObjects\MaximumCommitCondition
Local\MSCTF.AsmCacheReady.Default1
Global\TermSrvReadyEvent
MSFT.VSA.COM.DISABLE.2456
MSFT.VSA.IEC.STATUS.6c736db0
Global\ShutdownMSIDLLv327680.498156650
Global\RestartMSIDLLv327680.498156650
Local\MSCTF.CtfActivated.Default1
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0x63010acf.
Foreground window Info: HWND = 0x00000000, DC = 0xec010988.
Foreground window Info: HWND = 0x00000000, DC = 0x0e010aac.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ThunderRT6Main]
[Window,Class] = [,UserControl]
行为描述: 打开互斥体
详情信息: Local\MSCTF.Asm.MutexDefault1
Local\MU_ACBPIDS09_S-1-5-5-0-96182
运行截图
VirSCANVirSCAN
VirSCAN