VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :86
基本信息
MD5:b2249d823b48531ae452b58a294a0d7e
文件类型:Nsis
出品公司:Secunia
版本:3.0.0.11005---3.0.0.11005
壳或编译器信息:
子文件信息:psi.exe / ba3c25d3cb3e7b79ca112573a0a83aa3 / EXE
psia.exe / be43b6172ac5961017762ab3c9b9b4c6 / EXE
sua.exe / c85ee9529401bf0467daceb3d4bd1eaf / EXE
amiri-regular.ttf / 92af17a0f16624bb81d845626fe10b44 / Unknown
amiri-bold.ttf / 93e9c8044025556cbfe223cdc0707724 / Unknown
psi_tray.exe / cee32dd34eaf0429cde6d77ca76e9aa3 / EXE
OpenSans-Bold.ttf / 50145685042b4df07a1fd19957275b81 / Unknown
OpenSans-Light.ttf / 1bf71be111189e76987a4bb9b3115cb7 / Unknown
OpenSans-Regular.ttf / 629a55a7e793da068dc580d184cc0e31 / Unknown
pkill.dll / 778ea8a29f4310477ff61a56d2b3f6b5 / DLL
pbar.dll / fdcaa4ffe06049625f31a7fb544b281c / DLL
PSI_terms_and_conditions.rtf / 5b058fff16755926fee0e77740dee5d5 / Unknown
help.chm / 3ae7f995d702500a7e18f9a8af232cb3 / Chm
help.chm / 39a630101f19adf1c63fd672142fe3df / Chm
help.chm / 453b1167a56b2d278bbdebe82f511a02 / Chm
help.chm / 79eae3a6557e6319e998f3204667b50a / Chm
help.chm / b321a9192c82854121e22f60b8c7e03d / Chm
help.chm / 8e9c825e43ae9f81b71ac76449586f4b / Chm
help.chm / f1abef589b6bd204718d8b518960a56f / Chm
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000402a4, Text = PSI Setup, ClassName = #32770.
进程行为
行为描述:创建本地线程
详情信息:N/A
行为描述:进程退出
详情信息:N/A
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:创建文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_oldinstall.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_autoupdates.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_csitoken.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_proxy.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-wizard.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-header.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll
C:\WINDOWS\wininit.ini
行为描述:修改文件内容
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_oldinstall.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_oldinstall.ini---> Offset = 52
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_autoupdates.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_autoupdates.ini---> Offset = 52
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_csitoken.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_csitoken.ini---> Offset = 52
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_proxy.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_proxy.ini---> Offset = 52
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 74
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-wizard.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 250
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-header.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 88
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini---> Offset = 122
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll
行为描述:删除文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\ioSpecial.ini-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-header.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-header.bmp-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-wizard.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\modern-wizard.bmp-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_autoupdates.ini
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_autoupdates.ini-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\page_csitoken.ini
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\*.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll.AmBackup3
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll.AmBackup2
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\System.dll.AmBackup1
注册表行为
行为描述:修改注册表_延迟重命名项
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MHL
行为描述:创建事件对象
详情信息:EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceiveConection.Event.MHL.IC
EventName = MSCTF.SendReceive.Event.MHL.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000402a4, Text = PSI Setup, ClassName = #32770.
行为描述:窗口信息
详情信息:Pid = 2936, Hwnd=0x202a8, Text = English, ClassName = ComboBox.
Pid = 2936, Hwnd=0x202b4, Text = OK, ClassName = Button.
Pid = 2936, Hwnd=0x202b2, Text = Cancel, ClassName = Button.
Pid = 2936, Hwnd=0x302ba, Text = Please select a language., ClassName = Static.
Pid = 2936, Hwnd=0x202a4, Text = Installer Language, ClassName = #32770.
Pid = 2936, Hwnd=0x402d6, Text = &Next >, ClassName = Button.
Pid = 2936, Hwnd=0x402bc, Text = Cancel, ClassName = Button.
Pid = 2936, Hwnd=0x302d4, Text = Nullsoft Install System v2.50.0-Unicode , ClassName = Static.
Pid = 2936, Hwnd=0x202d8, Text = Nullsoft Install System v2.50.0-Unicode, ClassName = Static.
Pid = 2936, Hwnd=0x3015a, Text = Welcome to the PSI Setup, ClassName = Static.
Pid = 2936, Hwnd=0x402c8, Text = Setup will guide you through the installation of PSI. It is recommended that you close all other applications before starting , ClassName = Static.
Pid = 2936, Hwnd=0x402a4, Text = PSI Setup, ClassName = #32770.
Pid = 2936, Hwnd=0x302a6, Text = < &Back, ClassName = Button.
Pid = 2936, Hwnd=0x202c4, Text = License Agreement, ClassName = Static.
Pid = 2936, Hwnd=0x202ca, Text = Please review the license terms before installing PSI., ClassName = Static.
行为描述:可执行文件签名信息
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\System.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll(签名验证: 未通过)
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.50.0-Unicode,Static]
[Window,Class] = [Nullsoft Install System v2.50.0-Unicode ,Static]
[Window,Class] = [,Static]
[Window,Class] = [License Agreement,Static]
[Window,Class] = [Please review the license terms before installing PSI.,Static]
行为描述:可执行文件MD5
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\System.dll ---> 41a3c964232edd2d7d5edea53e8245cd
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll ---> 47352ef3e79fa0f07ec3b96df9249d05
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll ---> 04b12452e607f4411f3f859724a971a4
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\LangDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp\InstallOptions.dll.
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号