VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:44
Behavior list
Basic Information
MD5:0bb400b910356a51951eb27f81f4585a
file type:Nsis
Production company:
version:
Shell or compiler information:
Subfile information:BitComet.exe / big file / EXE
BcNsisHelper.dll / 2c7d8df87426208519c3f7b635376db2 / DLL
VideoSnapshot.exe / a488135474e53e72115a0bb25e664aad / EXE
BitCometService.exe / f0879e255885374d4c4c65a2d64bed60 / EXE
http_Downloader.exe / b57d15325636150eb138da1ac7387524 / EXE
BitCometBHO_1.5.4.11.dll / 7455fe2a83979f90705062160f98a96d / DLL
Updater.exe / 310b233e73b198fcc41e462be8973aa5 / EXE
BitCometAgent_1.38.3.18.dll / 9effe59913e4195cf459f30eec1889ed / DLL
UPNP.exe / 83af1d82523a47b01adddba38aaba9a3 / EXE
CrashReport.exe / 69ee41e1ea0f60087dfa4979f51704ab / EXE
bitcomet-bg.mo / fc667e412cbedaec1857981b9f544931 / Unknown
bitcomet-ug.mo / e7647a3a9d88fc1462c4216ac2841893 / Unknown
bitcomet-ru.mo / ddd925ecdc5d2100e0764702c6ae8b59 / Unknown
bitcomet-th.mo / cf6b3a748a8010c61b7bd0757dab7a7d / Unknown
bitcomet-ja.mo / 711503e4ed96e03bbd3f8e25f679d286 / Unknown
bitcomet-ro.mo / 9cef55b631ccea018e1379eb97e81d29 / Unknown
bitcomet-de.mo / 3c44ad07e45feae16ca5a224eb10cf2b / Unknown
bitcomet-eu.mo / 988398e7e693ec346b3df4095cce81b8 / Unknown
bitcomet-pl.mo / ef41e8d2f213fc0a3eb93dec08a82181 / Unknown
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [BitComet(比特彗星) 1.40 64-bit,Static]
[Window,Class] = [BitComet(比特彗星) 1.40 64-bit ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [支持我们,Static]
[Window,Class] = [ 比特彗星是一款免费软件,需要您的热心支持!,Static]
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000701f2, Text = BitComet(比特彗星) 1.40 64-bit 安装 , ClassName = #32770.
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\BitComet.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABO..NEPIH
MSCTF.MarshalInterface.FileMap.ABO.B.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.C.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.D.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.E.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.F.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.G.NEPIH
MSCTF.Shared.SFM.ABO
MSCTF.MarshalInterface.FileMap.ABO.H.NJFNH
MSCTF.MarshalInterface.FileMap.ABO.I.NKFNH
MSCTF.MarshalInterface.FileMap.ABO.J.NKFNH
MSCTF.MarshalInterface.FileMap.ABO.K.NKFNH
MSCTF.MarshalInterface.FileMap.ABO.L.MLFNH
MSCTF.MarshalInterface.FileMap.ABO.M.MMFNH
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\BitComet (64-bit)\BitComet.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\BitComet (64-bit)\访问BitComet主页.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\BitComet (64-bit)\卸载BitComet.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\UserInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\BcNsisHelper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\http_Downloader.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\BitComet_stats.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\InstallOptions.dll
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\CrashReport.exe
C:\Program Files\BitComet\tools\UPNP.exe
C:\Program Files\BitComet\tools\VideoSnapshot.exe
C:\Program Files\BitComet\tools\Updater.exe
C:\Program Files\BitComet\tools\ChromeLauncher.exe
C:\Program Files\BitComet\tools\BitCometAgent_1.38.3.18.dll
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp
FileName = \extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\*.*
FileName = C:\Program Files\BitComet
FileName = C:\Program Files
FileName = C:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
FileName = C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
FileName = C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
FileName = C:\Program Files\BitComet\BitCometBar\BitCometBar0.4.dll
FileName = C:\Program Files\BitComet\BitCometBar\BitCometBar0.5.dll
FileName = C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\BitComet.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABO..NEPIH
MSCTF.MarshalInterface.FileMap.ABO.B.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.C.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.D.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.E.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.F.NEPIH
MSCTF.MarshalInterface.FileMap.ABO.G.NEPIH
MSCTF.Shared.SFM.ABO
MSCTF.MarshalInterface.FileMap.ABO.H.NJFNH
MSCTF.MarshalInterface.FileMap.ABO.I.NKFNH
MSCTF.MarshalInterface.FileMap.ABO.J.NKFNH
MSCTF.MarshalInterface.FileMap.ABO.K.NKFNH
MSCTF.MarshalInterface.FileMap.ABO.L.MLFNH
MSCTF.MarshalInterface.FileMap.ABO.M.MMFNH
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\firefoxextension.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\bitcomet_extension_signed.xpi---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\SetHomePage.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\SetHomePage.ini---> Offset = 142
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\SetHomePage_cn.gif---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\SetHomePage_en.gif---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 74
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 250
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 68
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 88
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 122
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 556
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\ioSpecial.ini---> Offset = 642
Registry behavior
Behavior description:修改注册表_浏览器右键菜单
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载\contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载\BitCometCreated
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载全部链接\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载全部链接\contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载全部链接\BitCometCreated
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Behavior description:修改注册表_浏览器默认下载工具
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\DownloadUI
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{B99B5DF3-3AD2-463F-8F8C-86787623E1D5}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\BitCometAgent.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent\
\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\BitCometAgent.BcAgent\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C8FF2A06-638A-4913-8403-50294CFF6608}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D2C1FBD-624D-4789-9AE0-F4B66F9EE6E2}\1.0\
Behavior description:修改注册表_浏览器工具栏按钮
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\CLSID
Behavior description:修改注册表_URL协议关联
details:\REGISTRY\MACHINE\SOFTWARE\Classes\bc\URL Protocol
\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Start Page
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
oleacc-msaa-loaded
MSCTF.Shared.MUTEX.ABO
{SIMPLEBT-D19EACFB-5FD1-4615-A179-A9B9E38A6506}
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [BitComet(比特彗星) 1.40 64-bit,Static]
[Window,Class] = [BitComet(比特彗星) 1.40 64-bit ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [支持我们,Static]
[Window,Class] = [ 比特彗星是一款免费软件,需要您的热心支持!,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [#32770,HiddenBrowser]
NtUserFindWindowEx: [Class,Window] = [,{DA9B97AA-C937-4f3b-9B7A-59403A583CDA}_BitCometMsgSink]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 516778, SleepMilliseconds = 200.
TickCount = 516793, SleepMilliseconds = 200.
TickCount = 516809, SleepMilliseconds = 200.
TickCount = 516825, SleepMilliseconds = 200.
TickCount = 516840, SleepMilliseconds = 200.
TickCount = 518559, SleepMilliseconds = 200.
TickCount = 518903, SleepMilliseconds = 200.
TickCount = 518934, SleepMilliseconds = 200.
TickCount = 518950, SleepMilliseconds = 200.
TickCount = 518965, SleepMilliseconds = 200.
TickCount = 518981, SleepMilliseconds = 200.
TickCount = 518996, SleepMilliseconds = 200.
TickCount = 519012, SleepMilliseconds = 200.
TickCount = 519028, SleepMilliseconds = 200.
TickCount = 519043, SleepMilliseconds = 200.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000701f2, Text = BitComet(比特彗星) 1.40 64-bit 安装 , ClassName = #32770.
Behavior description:窗口信息
details:Pid = 3596, Hwnd=0x202a2, Text = 简体中文, ClassName = ComboBox.
Pid = 3596, Hwnd=0x202a6, Text = OK, ClassName = Button.
Pid = 3596, Hwnd=0x202a8, Text = Cancel, ClassName = Button.
Pid = 3596, Hwnd=0x202cc, Text = Please select a language., ClassName = Static.
Pid = 3596, Hwnd=0x401f2, Text = Installer Language, ClassName = #32770.
Pid = 3596, Hwnd=0x402a6, Text = 下一步(&N) >, ClassName = Button.
Pid = 3596, Hwnd=0x402a8, Text = 取消(&C), ClassName = Button.
Pid = 3596, Hwnd=0x202d4, Text = BitComet(比特彗星) 1.40 64-bit , ClassName = Static.
Pid = 3596, Hwnd=0x302dc, Text = BitComet(比特彗星) 1.40 64-bit, ClassName = Static.
Pid = 3596, Hwnd=0x302da, Text = 欢迎使用“BitComet(比特彗星) 1.40 64-bit”安装向导, ClassName = Static.
Pid = 3596, Hwnd=0x302b8, Text = 这个向导将指引你完成“BitComet(比特彗星) 1.40 64-bit”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程, ClassName = Static.
Pid = 3596, Hwnd=0x701f2, Text = BitComet(比特彗星) 1.40 64-bit 安装, ClassName = #32770.
Pid = 3596, Hwnd=0x402a6, Text = 我接受(&I), ClassName = Button.
Pid = 3596, Hwnd=0x402b8, Text = 按 [PgDn] 阅读“许可协议”的其余部分。, ClassName = Static.
Pid = 3596, Hwnd=0x402da, Text = BitComet软件许可协议 本协议是用户(您)和BitComet开发小组(BitComet)之间关于使用BitComet软件(本软件)达成的法律协议。您安装或者, ClassName = RichEdit20W.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg6.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号