VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :50
基本信息
MD5:2b7b15ad2b472e498a1e8fa2780c6891
文件类型:7z
出品公司:
版本:
壳或编译器信息:
子文件信息:download_engine.dll / 1a87ff238df9ea26e76b56f34e18402c / DLL
百度网盘不限速下载器.exe / 6842bc7f835adb54de99f5d2569c47bf / EXE
msvcp71.dll / a94dc60a90efd7a35c36d971e3ee7470 / DLL
msvcr71.dll / ca2f560921b7b8be1cf555a5a18d54c3 / DLL
xldl.dll / 40e8d381da7c2badc4b6f0cdb4b5378f / DLL
MiniThunderPlatform.exe / 0c8f2b0ee5bf990c6541025e94985c9f / EXE
XLBugReport.exe / 67c767470d0893c4a2e46be84c9afcbb / EXE
XLBugHandler.dll / 92154e720998acb6fa0f7bad63309470 / DLL
dl_peer_id.dll / dba9a19752b52943a0850a7e19ac600a / DLL
atl71.dll / 79cb6457c81ada9eb7f2087ce799aaa7 / DLL
zlib1.dll / 89f6488524eaa3e5a66c5f34f3b92405 / DLL
minizip.dll / 7fd4f79aca0b09fd3a60841a47ca96e7 / DLL
id.dat / 6154289e92bb0bfe3ff41409992e9b56 / Unknown
关键行为
行为描述:直接获取CPU时钟
详情信息:EAX = 0x1206eaff, EDX = 0x000000b9
EAX = 0x1206eb4b, EDX = 0x000000b9
EAX = 0x1206eb97, EDX = 0x000000b9
EAX = 0x1206ebe3, EDX = 0x000000b9
EAX = 0x1206ec2f, EDX = 0x000000b9
EAX = 0x1206ec7b, EDX = 0x000000b9
EAX = 0x1206ecc7, EDX = 0x000000b9
EAX = 0x1206ed13, EDX = 0x000000b9
EAX = 0x1206ed5f, EDX = 0x000000b9
EAX = 0x1206edab, EDX = 0x000000b9
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0001034a, DC = 0x0a010684.
Foreground window Info: HWND = 0x0001035c, DC = 0x1d010620.
Foreground window Info: HWND = 0x0001034a, DC = 0x1d010620.
Foreground window Info: HWND = 0x0001035c, DC = 0x01010057.
进程行为
行为描述:创建进程
详情信息:[0x00000f54]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\download\MiniThunderPlatform.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\download\MiniThunderPlatform.exe" -StartTP
行为描述:创建本地线程
详情信息:TargetProcess: 百度网盘不限速下载器.exe, InheritedFromPID = 2000, ProcessID = 3852, ThreadID = 3876, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3932, StartAddress = 765E964D, Parameter = 0018C8C8
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3936, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3940, StartAddress = 0168AB50, Parameter = 00AEC350
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3944, StartAddress = 0168AB50, Parameter = 00AEC3E8
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3948, StartAddress = 0168AB50, Parameter = 00AE5058
TargetProcess: 百度网盘不限速下载器.exe, InheritedFromPID = 2000, ProcessID = 3852, ThreadID = 3952, StartAddress = 014CBFA9, Parameter = 01504BF0
TargetProcess: 百度网盘不限速下载器.exe, InheritedFromPID = 2000, ProcessID = 3852, ThreadID = 3956, StartAddress = 014CBFA9, Parameter = 01504C48
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3984, StartAddress = 015AC6F0, Parameter = 0BEF0048
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3988, StartAddress = 0168AB50, Parameter = 00AE9EA8
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 3996, StartAddress = 0168AB50, Parameter = 00AE9B70
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 4000, StartAddress = 014CC250, Parameter = 00AE3C70
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 4004, StartAddress = 014CC250, Parameter = 0BEF2158
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 4024, StartAddress = 014CC250, Parameter = 0BEF7660
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 3852, ProcessID = 3924, ThreadID = 4028, StartAddress = 014CC250, Parameter = 0BEF8450
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\error.dat
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\asyn_frame.dat
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\stat.dat
行为描述:修改文件内容
详情信息:C:\Documents and Settings\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat ---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\error.dat ---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\error.dat ---> Offset = 25
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\error.dat ---> Offset = 51
C:\Documents and Settings\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat ---> Offset = 19
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\error.dat ---> Offset = 73
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\error.dat ---> Offset = 97
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\asyn_frame.dat ---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\asyn_frame.dat ---> Offset = 49
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\asyn_frame.dat ---> Offset = 84
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\asyn_frame.dat ---> Offset = 121
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\asyn_frame.dat ---> Offset = 160
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwMDA=\Version_3_2_1_40\Profiles\stat.dat ---> Offset = 0
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\download\MiniThunderPlatform.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\download
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\WINDOWS\system32\drivers\etc\Hosts
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\筱杰.ini
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:URL: hu****et, IP: **.133.40.**:80, SOCKET = 0x00000300
URL: pm****et, IP: **.133.40.**:80, SOCKET = 0x00000328
URL: hu****et, IP: **.133.40.**:80, SOCKET = 0x0000033c
URL: im****et, IP: **.133.40.**:80, SOCKET = 0x0000032c
URL: sc****et, IP: **.133.40.**:80, SOCKET = 0x00000334
行为描述:发送HTTP包
详情信息:POST / HTTP/1.1 Host: hu****et:80 Content-type: application/octet-stream Content-Length: 268 Connection: Keep-Alive =
POST / HTTP/1.1 Host: pm****et:80 Content-type: application/octet-stream Content-Length: 92 Connection: Keep-Alive @
POST / HTTP/1.1 Host: hu****et:80 Content-type: application/octet-stream Content-Length: 44 Connection: Keep-Alive A
POST / HTTP/1.1 Host: im****et:80 Content-type: application/octet-stream Content-Length: 44 Connection: Keep-Alive A
POST / HTTP/1.1 Host: sc****et:80 Content-type: application/octet-stream Content-Length: 92 Connection: Keep-Alive <
行为描述:按名称获取主机地址
详情信息:gethostbyname: hu****et
gethostbyname: re****et
gethostbyname: computer
gethostbyname: pm****et
gethostbyname: im****et
gethostbyname: sc****et
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
其他行为
行为描述:创建互斥体
详情信息:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tp_connector_tpka_m_2013515_360_a
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tpka_m_2013515_360_a
MSCTF.Shared.MUTEX.IOH
F8730FC7_1436_4121_9FA6_C0FBF4817482
MSCTF.Shared.MUTEX.ABP
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tpstart_up_e_20130515_360_a
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tpstart_up_failed_e_20130515_360_a
EventName = Global\crypt32LogoffEvent
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tpr_e_2013515_360_a
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tpw_e_2013515_360_a
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tp_alive_check_e_2013515_360_a
EventName = MSCTF.SendReceive.Event.ABP.IC
EventName = MSCTF.SendReceiveConection.Event.ABP.IC
行为描述:打开互斥体
详情信息:RasPbFile
ShimCacheMutex
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tpka_m_2013515_360_a
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tp_connector_tpka_m_2013515_360_a
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 3852, Hwnd=0x1038e, Text = 下载进度:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x10384, Text = /KB, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x10380, Text = 限速, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x1037e, Text = 选择框, ClassName = Button(CheckBox).
Pid = 3852, Hwnd=0x1037a, Text = 网盘地址:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x10376, Text = 解析, ClassName = Button.
Pid = 3852, Hwnd=0x10372, Text = 无分享密码,不填即可, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x1036e, Text = 有验证码点击此处解析, ClassName = Button.
Pid = 3852, Hwnd=0x1036a, Text = 验证码:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x10366, Text = 分享密码:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x1035c, Text = 网盘地址:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x1035a, Text = 解析, ClassName = Button.
Pid = 3852, Hwnd=0x10356, Text = 选择目录, ClassName = Button.
Pid = 3852, Hwnd=0x10354, Text = 下载目录:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 3852, Hwnd=0x10352, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\下载内容, ClassName = Edit.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/download/minithunderplatform.exe_mini_tpstart_up_e_20130515_360_a
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0001034a, DC = 0x0a010684.
Foreground window Info: HWND = 0x0001035c, DC = 0x1d010620.
Foreground window Info: HWND = 0x0001034a, DC = 0x1d010620.
Foreground window Info: HWND = 0x0001035c, DC = 0x01010057.
行为描述:直接操作物理设备
详情信息:\??\PhysicalDrive0
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,SysListView32]
[Window,Class] = [下载目录:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [选择目录,Button]
[Window,Class] = [,Button]
[Window,Class] = [解析,Button]
[Window,Class] = [,Edit]
[Window,Class] = [网盘地址:,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [选择框,Button]
[Window,Class] = [限速,Afx:400000:b:10011:1900015:0]
[Window,Class] = [/KB,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [下载进度:,Afx:400000:b:10011:1900015:0]
行为描述:直接获取CPU时钟
详情信息:EAX = 0x1206eaff, EDX = 0x000000b9
EAX = 0x1206eb4b, EDX = 0x000000b9
EAX = 0x1206eb97, EDX = 0x000000b9
EAX = 0x1206ebe3, EDX = 0x000000b9
EAX = 0x1206ec2f, EDX = 0x000000b9
EAX = 0x1206ec7b, EDX = 0x000000b9
EAX = 0x1206ecc7, EDX = 0x000000b9
EAX = 0x1206ed13, EDX = 0x000000b9
EAX = 0x1206ed5f, EDX = 0x000000b9
EAX = 0x1206edab, EDX = 0x000000b9
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号