VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :80
基本信息
MD5:18cd906a98e8712d5c5883b9f540f5ff
文件类型:zip
出品公司:
版本:
壳或编译器信息:COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
子文件信息:pdftowordgw.exedumpFile / c518cbb8bd65c038806f39cdbaa3d11f / EXE
pdftowordgw.exe / c518cbb8bd65c038806f39cdbaa3d11f / EXE
安装使用说明.txtdumpFile / 83b273e887da19bad605081a012c2829 / Unknown
安装使用说明.txt / 83b273e887da19bad605081a012c2829 / Unknown
最新QQ软件下载.urldumpFile / 9f36733525857a875b9aa9b0dc78da08 / Unknown
最新QQ软件下载.url / 9f36733525857a875b9aa9b0dc78da08 / Unknown
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000c03b0, Text = 安装向导 - PDF转Word转换器V4.0, ClassName = TWizardForm.
hWnd = 0x00060380, Text = 安装向导, ClassName = TApplication.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: pdftowordgw.tmp, InheritedFromPID = 2212, ProcessID = 2256, ThreadID = 2340, StartAddress = 4AEA7456, Parameter = 00000000
行为描述:创建新文件进程
详情信息:[0x000008d0]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-SQGR1.tmp\pdftowordgw.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-SQGR1.tmp\pdftowordgw.tmp" /SL5="$C02AE,16873026,313344,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\pdftowordgw.exe"
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\webctrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\WSysInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\CallbackCtrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\botva2.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\chk_custom.png
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\CheckBox.png
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Btn_Inst.png
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Btn_Dir.png
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Btn_Done.png
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Btn_Close.png
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\bkg_welcome.jpg
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\bkg_installing.jpg
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\webctrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\WSysInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\CallbackCtrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\botva2.dll
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\webctrl.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\webctrl.dll ---> Offset = 4096
行为描述:查找文件
详情信息:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-SQGR1.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-SQGR1.tmp\pdftowordgw.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
其他行为
行为描述:创建互斥体
详情信息:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ENI
行为描述:创建事件对象
详情信息:EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.ENI.IC
EventName = MSCTF.SendReceiveConection.Event.ENI.IC
行为描述:窗口信息
详情信息:Pid = 2256, Hwnd=0x1502c8, Text = 我同意用户使用, ClassName = TNewCheckBox.
Pid = 2256, Hwnd=0x13035e, Text = 自定义, ClassName = TNewCheckBox.
Pid = 2256, Hwnd=0x8036e, Text = C:\Program Files\PDF转Word转换器V4.0, ClassName = TEdit.
Pid = 2256, Hwnd=0xc03b0, Text = 安装向导 - PDF转Word转换器V4.0, ClassName = TWizardForm.
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000c03b0, Text = 安装向导 - PDF转Word转换器V4.0, ClassName = TWizardForm.
hWnd = 0x00060380, Text = 安装向导, ClassName = TApplication.
行为描述:枚举窗口
详情信息:N/A
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\webctrl.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\WSysInfo.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\CallbackCtrl.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\botva2.dll(签名验证: 未通过)
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [安装向导,TApplication]
[Window,Class] = [,Button]
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-SQGR1.tmp\pdftowordgw.tmp ---> 47c632924f1b3769588806a80c780405
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\Ksicfg.dll ---> fe99097e6928edb3731e4c7d162cd9b5
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\beepdl.dll ---> 1c53bf360dbcd74cca338e7c6314fa85
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\webctrl.dll ---> d0372bedb70710aeff382818ad683f54
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\WSysInfo.dll ---> 7770ca8b1e7d6ce392eb0f0adfad3437
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\CallbackCtrl.dll ---> f07e819ba2e46a897cfabf816d7557b2
C:\Documents and Settings\Administrator\Local Settings\Temp\is-CIUMF.tmp\botva2.dll ---> 9076347bbeb70f995d0c419212960597
行为描述:打开互斥体
详情信息:ShimCacheMutex
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-CIUMF.tmp\botva2.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-CIUMF.tmp\CallbackCtrl.dll.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号