VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :80
基本信息
MD5:df008eff6ac15bdfe63080a1b4bdfb3e
文件类型:
出品公司:
版本:
壳或编译器信息:
关键行为
行为描述:修改注册表_BHO
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\All Users\桌面\迅雷.lnk
C:\Documents and Settings\All Users\桌面\迅雷资源助手.lnk
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [Ayu,Static]
[Window,Class] = [Ayu ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [,tooltips_class32]
[Window,Class] = [,SysListView32]
[Window,Class] = [雷友信息,Afx:400000:8:10011:6:0]
[Window,Class] = [资源信息,Afx:400000:8:10011:6:0]
[Window,Class] = [ToolBarChevron,AfxWnd42]
[Window,Class] = [MenuBarChevron,AfxWnd42]
[Window,Class] = [,AfxWnd42]
行为描述:按名称获取主机地址
详情信息:hub5pn.sandai.net
hub5u.sandai.net
relay.phub.sandai.net
hub5pnc.sandai.net
hub5pr.sandai.net
score.phub.sandai.net
imhub5pr.sandai.net
vodsts.sandai.net
mvhub5pr.sandai.net
kkstat1.sandai.net
hubciddata.sandai.net
conf.sandai.net
glroute.phub.sandai.net
进程行为
行为描述:创建进程
详情信息:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "regsvr32.exe" /s "C:\Program Files\Thunder\ComDlls\ThunderAgent.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "regsvr32.exe" /s "C:\Program Files\Thunder\ComDlls\XunLeiBHO.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "regsvr32.exe" /s "C:\Program Files\Thunder\ComDlls\UriX.dll"
行为描述:创建新文件进程
详情信息:ImagePath = C:\Program Files\Thunder\AyuConfig.exe, CmdLine = "C:\Program Files\Thunder\AyuConfig.exe"
ImagePath = C:\Program Files\Thunder\Thunder.exe, CmdLine = "C:\Program Files\Thunder\Thunder.exe"
ImagePath = C:\Program Files\Thunder\Program\Thunder5.exe, CmdLine = "C:\Program Files\Thunder\Program\Thunder5.exe" /7270af40
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息:C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\扩展设置.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\启动迅雷.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\卸载迅雷.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\迅雷资源助手.lnk
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NSISHelper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\InstallOptions.dll
C:\Program Files\Thunder\ComDlls\BHOInstall.exe
C:\Program Files\Thunder\ComDlls\FirefoxPatch.exe
C:\Program Files\Thunder\ComDlls\ThunderAgent.dll
C:\Program Files\Thunder\ComDlls\ThunderAgent7.dll
C:\Program Files\Thunder\ComDlls\UriX.dll
C:\Program Files\Thunder\ComDlls\XLNonIESvr.exe
C:\Program Files\Thunder\ComDlls\XunLeiBHO.dll
C:\Program Files\Thunder\ComDlls\libexpat.dll
C:\Program Files\Thunder\ComDlls\npxunlei.dll
C:\Program Files\Thunder\ComDlls\FirefoxPatch\components\ThunderComponent.dll
C:\Program Files\Thunder\Program\atl71.dll
C:\Program Files\Thunder\Program\msvcirt.dll
C:\Program Files\Thunder\Program\msvcp60.dll
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\All Users\桌面\迅雷.lnk
C:\Documents and Settings\All Users\桌面\迅雷资源助手.lnk
行为描述:写权限映射文件
详情信息:\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
DfSharedHeapD9801
\Program Files\Thunder\Profiles\history6.dat
DfRoot0000D9801
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF982D.tmp
\Program Files\Thunder\Profiles\history6.dat.rescue
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF989B.tmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF98E1.tmp
Thunder-App-Info
Thunder_Files_ToOpen
thunder_open_ed2klink
Thunder_Special_Urls
\WINDOWS\system32\drivers\tcpip.sys
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:修改文件内容
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-header.bmp---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 324
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 379
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 387
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 399
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 348
网络行为
行为描述:联网打开网址
详情信息:InternetOpenUrlA: http://ayu.xunleihd.com/thunder/update hInternet = 0x000003e0
行为描述:建立到一个指定的套接字连接
详情信息:219.133.40.1:80
219.133.40.1:18995
行为描述:读取网络文件
详情信息:hFile = 0x000003e0, BytesToRead =7, BytesRead = 7.
行为描述:按名称获取主机地址
详情信息:hub5pn.sandai.net
hub5u.sandai.net
relay.phub.sandai.net
hub5pnc.sandai.net
hub5pr.sandai.net
score.phub.sandai.net
imhub5pr.sandai.net
vodsts.sandai.net
mvhub5pr.sandai.net
kkstat1.sandai.net
hubciddata.sandai.net
conf.sandai.net
glroute.phub.sandai.net
注册表行为
行为描述:修改注册表_浏览器右键菜单
详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Contexts
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Name
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Contexts
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Name
行为描述:删除注册表键
详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD12A3CE-9C42-11D2-BEED-0060082F2054}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD12A3CE-9C42-11D2-BEED-0060082F2054}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD12A3CE-9C42-11D2-BEED-0060082F2054}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD12A3CE-9C42-11D2-BEED-0060082F2054}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD12A3CE-9C42-11D2-BEED-0060082F2054}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{203b1eed-db9f-40fb-87bd-1990982017d2}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCF6C8B2-F6C0-461b-82DA-35945EADF54A}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCF6C8B2-F6C0-461b-82DA-35945EADF54A}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCF6C8B2-F6C0-461b-82DA-35945EADF54A}\Properties
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCF6C8B2-F6C0-461b-82DA-35945EADF54A}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCF6C8B2-F6C0-461b-82DA-35945EADF54A}\VersionIndependentProgID
行为描述:修改注册表_URL协议关联
详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\magnet\URL Protocol
行为描述:删除注册表键值_IE连接设置
详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述:修改注册表_延迟重命名项
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
行为描述:修改注册表_BHO
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Thunder Network\ThunderOem\thunder_backwnd\Path
\REGISTRY\MACHINE\SOFTWARE\Thunder Network\ThunderOem\thunder_backwnd\instdir
\REGISTRY\MACHINE\SOFTWARE\Thunder Network\ThunderOem\thunder_backwnd\Version
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\iexplore\Flags
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\InprocServer32\ThreadingModel
行为描述:修改注册表_浏览器默认下载工具
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\DownloadUI
其他行为
行为描述:设置对象安全信息
详情信息:C:\Program Files\Thunder
行为描述:创建互斥体
详情信息:SHIMLIB_LOG_MUTEX
oleacc-msaa-loaded
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
thunder5_shell_mutex
Global\thunder5_app_mutex
F8730FC7_1436_4121_9FA6_C0FBF4817482
emule_upload_list.dat
RasPbFile
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [Ayu,Static]
[Window,Class] = [Ayu ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [,tooltips_class32]
[Window,Class] = [,SysListView32]
[Window,Class] = [雷友信息,Afx:400000:8:10011:6:0]
[Window,Class] = [资源信息,Afx:400000:8:10011:6:0]
[Window,Class] = [ToolBarChevron,AfxWnd42]
[Window,Class] = [MenuBarChevron,AfxWnd42]
[Window,Class] = [,AfxWnd42]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [TfrmCmdCenter,thunder_backwnd]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 1244, Hwnd=0xb01de, Text = 下一步(&N) >, ClassName = Button.
Pid = 1244, Hwnd=0xc01d6, Text = 取消(&C), ClassName = Button.
Pid = 1244, Hwnd=0xb01b0, Text = Ayu , ClassName = Static.
Pid = 1244, Hwnd=0xa018c, Text = Ayu, ClassName = Static.
Pid = 1244, Hwnd=0xb0170, Text = 欢迎使用“迅雷5.8.14.706典藏版”安装向导, ClassName = Static.
Pid = 1244, Hwnd=0xb01ce, Text = 这个向导将指引你完成“迅雷5.8.14.706典藏版”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指, ClassName = Static.
Pid = 1244, Hwnd=0xd0180, Text = 迅雷5.8.14.706典藏版 安装, ClassName = #32770.
Pid = 1244, Hwnd=0xb016a, Text = < 上一步(&P), ClassName = Button.
Pid = 1244, Hwnd=0xb01de, Text = 我同意(&I), ClassName = Button.
Pid = 1244, Hwnd=0xa0198, Text = 许可证协议, ClassName = Static.
Pid = 1244, Hwnd=0xd01a4, Text = 在安装“迅雷5.8.14.706典藏版”之前,请阅读授权协议。, ClassName = Static.
Pid = 1244, Hwnd=0xc01ce, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 1244, Hwnd=0xd01b4, Text = 如果你接受协议中的条款,单击 [我接受(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须接受协议才能安装“迅雷5.8.14.706典, ClassName = Static.
Pid = 1244, Hwnd=0xa0198, Text = 选择组件, ClassName = Static.
Pid = 1244, Hwnd=0xd01a4, Text = 选择你想要安装“迅雷5.8.14.706典藏版”的那些功能。, ClassName = Static.
行为描述:直接操作物理设备
详情信息:\??\PhysicalDrive0
行为描述:内联HOOK
详情信息:C:\WINDOWS\system32\MFC42.DLL--->DllUnregisterServer Offset = 0x862a
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635bd1
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635acd
C:\WINDOWS\system32\MFC42.DLL--->DllUnregisterServer Offset = 0x88f6
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635d21
C:\WINDOWS\system32\MFC42.DLL--->DllUnregisterServer Offset = 0x8426
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635161
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635319
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x56353b5
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635395
C:\WINDOWS\system32\MFC42.DLL--->DllUnregisterServer Offset = 0x8422
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x563531d
行为描述:打开图片文件
详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-header.bmp
\Program Files\Thunder\ComDlls\image\waiting\001.bmp
\Program Files\Thunder\ComDlls\image\waiting\002.bmp
\Program Files\Thunder\ComDlls\image\waiting\003.bmp
\Program Files\Thunder\ComDlls\image\waiting\004.bmp
\Program Files\Thunder\ComDlls\image\waiting\005.bmp
\Program Files\Thunder\ComDlls\image\waiting\007.bmp
\Program Files\Thunder\Languages\zh_cn\FloatBar1.bmp
\Program Files\Thunder\Languages\zh_cn\FloatBar2.bmp
\Program Files\Thunder\Languages\zh_cn\FloatBar3.bmp
\Program Files\Thunder\Languages\zh_tw\FloatBar1.bmp
\Program Files\Thunder\Languages\zh_tw\FloatBar2.bmp
\Program Files\Thunder\Languages\zh_tw\FloatBar3.bmp
\Program Files\Thunder\Skins\ChinesePainting\CfgBig.bmp
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号