VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :78
基本信息
MD5:7162cae5feec94d54218ba513046d233
文件类型:EXE
出品公司:DriverPack
版本:1.0.0.0---1.0
壳或编译器信息:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
子文件信息:WdfCoInstaller01009.dll / 4da5da193e0e4f86f6f8fd43ef25329a / DLL
WdfCoInstaller01009.dll / 4da5da193e0e4f86f6f8fd43ef25329a / DLL
WdfCoInstaller01009.dll / a9970042be512c7981b36e689c5f3f9f / DLL
dpinst64.exe / 52e274e8d666af78c7ae82eaaa8141f0 / EXE
DriverPack-Notifier.exe / ce7f09dfe931203793f754fd9aa53c1a / EXE
dpinst.exe / bbde50ee5f06533fa799fb073f5b113a / EXE
driverpack-wget.exe / d7aa0d7109e1a0623e5a5929dc872bc3 / EXE
polyfills.js / 32dd27de70fca65ac73a1f9835d8f0c3 / Unknown
bluebird.js / afbb5c813add5d4df9b32419e6a89834 / Unknown
main.js / 28396d494d3c7eafb997e1a46c911381 / Unknown
DriverPack.exe / bea0e0db0118ad8ad5ebd72b79c5ce4a / EXE
nuvotonir.sys / b4922563019ccaa82d52584d4a82df8f / SYS
nuvotonir.sys / 2fe8fe8bfd64e91b4e0a9992645e68c8 / SYS
nuvotoncir.sys / 4f990bd111cf94891104193f8787788f / SYS
nuvotoncir.sys / 97564839dc47131bb5e1eafd1f884415 / SYS
nuviocir_x64.sys / 32cbe33ce8afe77eecabf656f561ec8a / SYS
nuvotonhidcir.sys / e00cc5f0d26316190fa4ba19b393e37c / SYS
nuvotonhidcir.sys / 7ebba989973d47fd4fefd8c188b374e9 / SYS
Icon.ico / 73c365efc22f21785caf62a83c563da0 / Unknown
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000b02ae, Text = sfx, ClassName = tooltips_class32.
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述:获取TickCount值
详情信息:TickCount = 5433895, SleepMilliseconds = 20.
TickCount = 5433910, SleepMilliseconds = 20.
TickCount = 5434004, SleepMilliseconds = 20.
TickCount = 5434051, SleepMilliseconds = 20.
TickCount = 5434066, SleepMilliseconds = 20.
TickCount = 5434160, SleepMilliseconds = 20.
TickCount = 5434223, SleepMilliseconds = 20.
TickCount = 5434363, SleepMilliseconds = 20.
TickCount = 5434379, SleepMilliseconds = 20.
TickCount = 5438238, SleepMilliseconds = 20.
TickCount = 5438254, SleepMilliseconds = 20.
TickCount = 5438457, SleepMilliseconds = 20.
TickCount = 5438520, SleepMilliseconds = 20.
TickCount = 5438535, SleepMilliseconds = 20.
TickCount = 5438582, SleepMilliseconds = 20.
进程行为
行为描述:隐藏窗口创建进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DriverPack.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DriverPack.exe" --sfx %temp%\****.exe
ImagePath = C:\WINDOWS\System32\cmd.exe, CmdLine = "C:\WINDOWS\System32\cmd.exe" /c Tools\init.cmd "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "%temp%\****.exe"
行为描述:创建进程
详情信息:[0x00000e58]ImagePath = C:\WINDOWS\system32\wscript.exe, CmdLine = "C:\WINDOWS\system32\wscript.exe" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\tools\start.js" ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DriverPack.exe" --sfx "%temp%\****.exe""
[0x00000efc]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\System32\cmd.exe" /c Tools\init.cmd "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "%temp%\****.exe"
[0x00000f04]ImagePath = C:\WINDOWS\system32\reg.exe, CmdLine = reg import C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\tools\\patch.reg
[0x00000f0c]ImagePath = C:\WINDOWS\system32\mshta.exe, CmdLine = "C:\WINDOWS\System32\mshta.exe" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\Tools\run.hta" "--sfx" "%temp%\****.exe"
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3440, ThreadID = 3452, StartAddress = 0040266D, Parameter = 00B80250
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3440, ThreadID = 3456, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3440, ThreadID = 3472, StartAddress = 77C0A341, Parameter = 00B8CC90
TargetProcess: wscript.exe, InheritedFromPID = 3440, ProcessID = 3672, ThreadID = 3680, StartAddress = 01002FD4, Parameter = 008E2B80
TargetProcess: wscript.exe, InheritedFromPID = 3440, ProcessID = 3672, ThreadID = 3684, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: wscript.exe, InheritedFromPID = 3440, ProcessID = 3672, ThreadID = 3688, StartAddress = 765E964D, Parameter = 001BCFB8
TargetProcess: wscript.exe, InheritedFromPID = 3440, ProcessID = 3672, ThreadID = 3692, StartAddress = 77E56C7D, Parameter = 001B2BD8
TargetProcess: wscript.exe, InheritedFromPID = 3440, ProcessID = 3672, ThreadID = 3696, StartAddress = 769AE43B, Parameter = 001C11F0
TargetProcess: mshta.exe, InheritedFromPID = 3764, ProcessID = 3852, ThreadID = 3892, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: mshta.exe, InheritedFromPID = 3764, ProcessID = 3852, ThreadID = 3948, StartAddress = 6359727B, Parameter = 00E381E0
TargetProcess: mshta.exe, InheritedFromPID = 3764, ProcessID = 3852, ThreadID = 3952, StartAddress = 77E56C7D, Parameter = 00288AD8
TargetProcess: mshta.exe, InheritedFromPID = 3764, ProcessID = 3852, ThreadID = 3956, StartAddress = 769AE43B, Parameter = 00EBA340
TargetProcess: mshta.exe, InheritedFromPID = 3764, ProcessID = 3852, ThreadID = 3976, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: mshta.exe, InheritedFromPID = 3764, ProcessID = 3852, ThreadID = 3980, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: mshta.exe, InheritedFromPID = 3764, ProcessID = 3852, ThreadID = 3988, StartAddress = 6359727B, Parameter = 00294788
行为描述:创建新文件进程
详情信息:[0x00000eb4]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DriverPack.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DriverPack.exe" --sfx %temp%\****.exe
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\DriverPack.html
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\bluebird.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\globe.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\language.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\languages\en.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\languages\ru.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\loading.gif
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\main.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\med_logo_dark_new.png
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\polyfills.js
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\styles.css
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\Icon.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\init.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\patch.reg
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\DriverPack.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\DriverPack-Notifier.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\driverpack-wget.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\CIRCoInst.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\WdfCoInstaller01009.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\WdfCoInstaller01009.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\hidshim.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotoncir.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotonhidcir.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotonir.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\WdfCoInstaller01009.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\hidshim.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\nuvotoncir.sys
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\error[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\error[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\warning[1]
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\DriverPack.html
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\bluebird.js
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\globe.png
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\language.js
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\languages\en.js
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\languages\ru.js
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\loading.gif
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\main.js
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\med_logo_dark_new.png
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\polyfills.js
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\styles.css
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\tools\Icon.ico
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\tools\dpinst.xml
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\bin\tools\init.cmd
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\nano[1]
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\DriverPack.html ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\bluebird.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\globe.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\language.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\languages\en.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\languages\ru.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\loading.gif ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\main.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\med_logo_dark_new.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\polyfills.js ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\styles.css ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\Icon.ico ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\init.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\patch.reg ---> Offset = 0
网络行为
行为描述:连接指定站点
详情信息:InternetConnectA: ServerName = up****su, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述:打开HTTP连接
详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
行为描述:建立到一个指定的套接字连接
详情信息:URL: up****su, IP: **.133.40.**:80, SOCKET = 0x00000410
行为描述:读取网络文件
详情信息:hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
行为描述:发送HTTP包
详情信息:GET /nano/ HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: up****su Connection: Keep-Alive
行为描述:打开HTTP请求
详情信息:HttpOpenRequestA: up****su:80/nano/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: up****su
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\wscript.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7ZipSfx.000\DriverPack.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update\http
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update\https
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update-test2\http
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drp.su\update-test2\https
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Styles\MaxScriptStatements
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\mshta.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\mshta.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX\mshta.exe
\REGISTRY\MACHINE\SOFTWARE\Classes\.JS\Content Type
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\System32\mshta.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
RasPbFile
行为描述:创建事件对象
详情信息:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
MSFT.VSA.COM.DISABLE.3672
MSFT.VSA.IEC.STATUS.6c736db0
MSFT.VSA.COM.DISABLE.3852
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000054
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000054
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
行为描述:获取TickCount值
详情信息:TickCount = 5433895, SleepMilliseconds = 20.
TickCount = 5433910, SleepMilliseconds = 20.
TickCount = 5434004, SleepMilliseconds = 20.
TickCount = 5434051, SleepMilliseconds = 20.
TickCount = 5434066, SleepMilliseconds = 20.
TickCount = 5434160, SleepMilliseconds = 20.
TickCount = 5434223, SleepMilliseconds = 20.
TickCount = 5434363, SleepMilliseconds = 20.
TickCount = 5434379, SleepMilliseconds = 20.
TickCount = 5438238, SleepMilliseconds = 20.
TickCount = 5438254, SleepMilliseconds = 20.
TickCount = 5438457, SleepMilliseconds = 20.
TickCount = 5438520, SleepMilliseconds = 20.
TickCount = 5438535, SleepMilliseconds = 20.
TickCount = 5438582, SleepMilliseconds = 20.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000b02ae, Text = sfx, ClassName = tooltips_class32.
行为描述:窗口信息
详情信息:Pid = 3440, Hwnd=0x100320, Text = Cancel, ClassName = Button.
Pid = 3440, Hwnd=0x60380, Text = 37% Extracting, ClassName = #32770.
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\DriverPack.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\DriverPack-Notifier.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst64.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\driverpack-wget.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\CIRCoInst.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\WdfCoInstaller01009.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\WdfCoInstaller01009.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\hidshim.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotoncir.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotonhidcir.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotonir.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\WdfCoInstaller01009.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\hidshim.sys(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\nuvotoncir.sys(签名验证: 未通过)
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 20.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [,Static]
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\DriverPack.exe ---> bea0e0db0118ad8ad5ebd72b79c5ce4a
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\DriverPack-Notifier.exe ---> ce7f09dfe931203793f754fd9aa53c1a
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst.exe ---> bbde50ee5f06533fa799fb073f5b113a
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\dpinst64.exe ---> 52e274e8d666af78c7ae82eaaa8141f0
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\bin\tools\driverpack-wget.exe ---> d7aa0d7109e1a0623e5a5929dc872bc3
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\CIRCoInst.dll ---> fc1b8162b5300f77b4f341b0ad21d8ce
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\WdfCoInstaller01009.dll ---> 4da5da193e0e4f86f6f8fd43ef25329a
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\WdfCoInstaller01009.dll ---> 4da5da193e0e4f86f6f8fd43ef25329a
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\hidshim.sys ---> 794868b22ec45220f91d077fec3eb1f8
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotoncir.sys ---> 4f990bd111cf94891104193f8787788f
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotonhidcir.sys ---> e00cc5f0d26316190fa4ba19b393e37c
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\amd64\nuvotonir.sys ---> b4922563019ccaa82d52584d4a82df8f
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\WdfCoInstaller01009.dll ---> a9970042be512c7981b36e689c5f3f9f
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\hidshim.sys ---> 073cd8015a21d27dc3ab1b934ddfa8c3
C:\Documents and Settings\Administrator\Local Settings\Temp\7ZipSfx.000\drivers\DP_Misc_17062\Nuvoton\FORCED\7x64\i386\nuvotoncir.sys ---> 97564839dc47131bb5e1eafd1f884415
行为描述:打开互斥体
详情信息:ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\c:!documents and settings!administrator!ietldcache!
CtfmonInstMutexDefaultS-*
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号