VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :71
基本信息
MD5:33295e6ad5c7bedd485356841f85f760
文件类型:EXE
出品公司:Wise Care 365
版本:4.6.1.439---4.6.1.439
壳或编译器信息:COMPILER:NSIS
子文件信息:WiseCare365.exe / 342ddc80ab13230a6a9d5240f7fe1eb8 / EXE
geo.db / de68955775eab0a752398e05f2ac5074 / Unknown
WiseTurbo.exe / ef68ac9d05b8acd8ba54adfeeb7d5114 / EXE
WiseBootBooster.exe / e289e061546a584145d178374f7da778 / EXE
libeay32.dll / 8cd3d8e2f05669e83c2fef095b51e1ab / DLL
sqlite3.dll / eddd6fc5fe8f70f09b6fdadf643331dc / DLL
DManager.dll / 749ad4464417229d77cea38a9b4b786f / DLL
Rate.info / 2112216d729b54efea293ba12711d4f6 / Unknown
WiseEraser.dll / 67576ea59647a8b914a88a6fa55e9558 / DLL
WiseDefrag.dll / 4ab061aaffe9d4316bfa90c4b0cce1d8 / DLL
ssleay32.dll / fd833fcf0508599834e7f1a6cc2ca88a / DLL
halloween-2016.wskn / 4d4d4a3c1ecdd17e49e7fd5138769e30 / zip
skin.ico / bd185b875af6e53f699096e2fe95cbbb / Unknown
Chinese(Simplified).ini / ba745f76f05d79545714d198c7161a2f / Unknown
default.wskn / c807b976296b30e92c3f1e858e056a3e / zip
System.dll / 883eff06ac96966270731e4e22817e11 / DLL
fileshredder.ico / d8e48de3e5710fabd066c2bc02445c02 / Unknown
halloween-2016.png / 37773abb6b1d1fd71587e0e46bb0023c / Unknown
[NSIS].nsi / 72fa4b8a4de410c5f6965608a20a4861 / Unknown
关键行为
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
进程行为
行为描述:创建新文件进程
详情信息:[0x00000dcc]ImagePath = C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseCare365.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseCare365.exe"
行为描述:创建本地线程
详情信息:TargetProcess: WiseCare365.exe, InheritedFromPID = 3124, ProcessID = 3532, ThreadID = 3540, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: WiseCare365.exe, InheritedFromPID = 3124, ProcessID = 3532, ThreadID = 3572, StartAddress = 00405804, Parameter = 01E12230
TargetProcess: WiseCare365.exe, InheritedFromPID = 3124, ProcessID = 3532, ThreadID = 3576, StartAddress = 00405804, Parameter = 033AE6A0
TargetProcess: WiseCare365.exe, InheritedFromPID = 3124, ProcessID = 3532, ThreadID = 3592, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: WiseCare365.exe, InheritedFromPID = 3124, ProcessID = 3532, ThreadID = 3596, StartAddress = 7C930230, Parameter = 00000000
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DefragOptions.ini
C:\Documents and Settings\Administrator\Application Data\WiseCare365\Rate.info
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseBootBooster.exe
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseCare365.exe
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseDefrag.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseEraser.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseTurbo.exe
C:\Documents and Settings\Administrator\Application Data\WiseCare365\config.ini
C:\Documents and Settings\Administrator\Application Data\WiseCare365\config_tray.ini
C:\Documents and Settings\Administrator\Application Data\WiseCare365\fileshredder.ico
C:\Documents and Settings\Administrator\Application Data\WiseCare365\geo.db
C:\Documents and Settings\Administrator\Application Data\WiseCare365\libeay32.dll
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseBootBooster.exe
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseCare365.exe
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseDefrag.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseEraser.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseTurbo.exe
C:\Documents and Settings\Administrator\Application Data\WiseCare365\libeay32.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\sqlite3.dll
C:\Documents and Settings\Administrator\Application Data\WiseCare365\ssleay32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsm53.tmp\System.dll
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsm53.tmp
FileName = C:\Documents and Settings\Administrator\Application Data\Wise Care 365
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Wise Care 365\*.*
FileName = C:\Program Files
FileName = C:\Program Files\Common Files
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\Documents and Settings\Administrator\Favorites
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsm53.tmp
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp ---> Offset = 31421
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp ---> Offset = 64189
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp ---> Offset = 69381
C:\Documents and Settings\Administrator\Local Settings\Temp\nsl52.tmp ---> Offset = 102149
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll ---> Offset = 49152
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Application Data\WiseCare365\DefragOptions.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\WiseCare365\Rate.info ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\WiseCare365\Rate.info ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\WiseCare365\Rate.info ---> Offset = 32768
C:\Documents and Settings\Administrator\Application Data\WiseCare365\Rate.info ---> Offset = 49152
网络行为
行为描述:联网打开网址
详情信息:InternetOpenUrlA: http://ww****et/wisecleaner_feedback/index.php?to=fetch-unread-message&guid={9FCA8F53-9EAE-4080-8016-A4BD56ABEF83}, hInternet = 0x00cc0004, Flags = 0x84000000
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = ww****et, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x84000000
行为描述:打开HTTP连接
详情信息:InternetOpenA: UserAgent: , hSession = 0x00cc0004
行为描述:建立到一个指定的套接字连接
详情信息:URL: ww****et, IP: **.133.40.**:80, SOCKET = 0x0000028c
URL: ww****et, IP: **.133.40.**:80, SOCKET = 0x000003a8
行为描述:读取网络文件
详情信息:hFile = 0x00cc000c, BytesToRead =1025, BytesRead = 1025.
行为描述:发送HTTP包
详情信息:GET /wisecleaner_feedback/index.php?to=fetch-unread-message&guid={9FCA8F53-9EAE-4080-8016-A4BD56ABEF83} HTTP/1.1 Accept-Charset: utf-8 Host: ww****et Cache-Control: no-cache
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: ww****et:80/wisecleaner_feedback/index.php?to=fetch-unread-message&guid={9fca8f53-9eae-4080-8016-a4bd56abef83}, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84000000
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: ww****et
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\WiseCleaner\WiseCare365\path
\REGISTRY\MACHINE\SOFTWARE\WiseCleaner\WiseCare365\ConfigPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\WiseCare365.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:删除注册表键值
详情信息:\REGISTRY\MACHINE\SOFTWARE\WiseCleaner\WiseCare365\License Key
\REGISTRY\MACHINE\SOFTWARE\WiseCleaner\WiseCare365\Expire Date
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
WiseCare365
RasPbFile
WBEMPROVIDERSTATICMUTEX
Wise365Mutex2012
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
行为描述:窗口信息
详情信息:Pid = 3532, Hwnd=0x303f8, Text = FrmHome, ClassName = TFrmHome.
Pid = 3532, Hwnd=0xd0364, Text = FrmTools, ClassName = TFrmTools.
Pid = 3532, Hwnd=0x303fc, Text = FrmHistory, ClassName = TFrmHistory.
Pid = 3532, Hwnd=0x140350, Text = Wise Care 365, ClassName = TFrmWPMain.
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TFrmTrayMain,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
\INSTALLATION_SECURITY_HOLD
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
行为描述:枚举窗口
详情信息:N/A
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseBootBooster.exe(签名验证: 通过)
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Application Data\WiseCare365\DManager.dll ---> 749ad4464417229d77cea38a9b4b786f
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseBootBooster.exe ---> e289e061546a584145d178374f7da778
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseCare365.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseDefrag.dll ---> 4ab061aaffe9d4316bfa90c4b0cce1d8
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseEraser.dll ---> 67576ea59647a8b914a88a6fa55e9558
C:\Documents and Settings\Administrator\Application Data\WiseCare365\WiseTurbo.exe ---> ef68ac9d05b8acd8ba54adfeeb7d5114
C:\Documents and Settings\Administrator\Application Data\WiseCare365\libeay32.dll ---> 8cd3d8e2f05669e83c2fef095b51e1ab
C:\Documents and Settings\Administrator\Application Data\WiseCare365\sqlite3.dll ---> eddd6fc5fe8f70f09b6fdadf643331dc
C:\Documents and Settings\Administrator\Application Data\WiseCare365\ssleay32.dll ---> fd833fcf0508599834e7f1a6cc2ca88a
C:\Documents and Settings\Administrator\Local Settings\Temp\nsm53.tmp\System.dll ---> 883eff06ac96966270731e4e22817e11
行为描述:打开互斥体
详情信息:ShimCacheMutex
RasPbFile
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsm53.tmp\System.dll.
Image: C:\Documents and Settings\Administrator\Application Data\WiseCare365\sqlite3.dll.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号