VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:1a4c112ed9bb552c95bdee5f7f90805c
file type:Nsis
Production company:驱动精灵9.0
version:9.0.807.1077---9.0.807.1077
Shell or compiler information:
Subfile information:dgcore.dll / aa51cadb6f490cc201676eac8249be46 / DLL
drivergenius.exe / b94b8982263f0dbcf5a41858b8027b61 / EXE
dgres.dll / 5444b9aa45b0c1750fc305364679798a / zip
7z.dll / 617eb10ef16e3af5294e3f4e93d49f04 / DLL
dgctrl.dll / 90551d9a3bfe750368050ef803421f14 / DLL
pnpsup.dll / 954bd2a6e84f3eefbb03f9c9e77c35f7 / DLL
cactus.dll / 3fc6556ed2a3b51bc1762c80e44ea14f / DLL
dghelper.exe / c7d002e4552355638616eea3e5bf0a75 / EXE
upx30_e4097c22dumpFile / 889f85dd213fe018b7511142f6b992c7 / DLL
duilib.dll / 60618024a8bc36015708095b1d117575 / DLL
upx30_4534a23edumpFile / a6603a9c3ff4a39afe717bfeaffbdb19 / DLL
dgbackup.exe / 49047e5925c67c8e68c97ba2ceeed566 / EXE
sqlite3.dll / fad666b4fba02e3cd7be7e25a3f7a0e7 / DLL
patchcore.dll / ad30e753e57da572dce2d3f2d4710da5 / DLL
cysvc.dll / eb057cf059fd53a146f1a344b7ee524b / DLL
dgvuln.dll / 4cbae63ac55ba22c734a761633707164 / DLL
dgbase.dll / 0c68b3424912d65de1a45aa09a0b18e5 / DLL
dghmpg.dll / 833a974bb3380878983b53716029c740 / DLL
dguimn64.dll / 261bea72e70b2c10df544eae5e4d3a4f / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
{6AC4F574-C76A-4c31-9BE6-246A75010000}
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.IJD..MHLOG
MSCTF.MarshalInterface.FileMap.IJD.B.MHLOG
MSCTF.MarshalInterface.FileMap.IJD.C.LILOG
MSCTF.MarshalInterface.FileMap.IJD.D.LILOG
MSCTF.MarshalInterface.FileMap.IJD.E.LJLOG
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.IJD.F.EMMOG
MSCTF.MarshalInterface.FileMap.IJD.G.EMMOG
MSCTF.MarshalInterface.FileMap.IJD.H.EMMOG
MSCTF.MarshalInterface.FileMap.IJD.I.GJBPG
MSCTF.MarshalInterface.FileMap.IJD.J.GJBPG
MSCTF.MarshalInterface.FileMap.IJD.K.GJBPG
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ShadeWnd]
[Window,Class] = [,DGShadowUI]
Behavior description:按名称获取主机地址
details:liveupdate5.drivergenius.com
liveupdate51.drivergenius.com
www.baidu.com
www.ijinshan.com
www.sohu.com
www.qq.com
liveupdate8.drivergenius.com
www.xunlei.com
www.sina.com
www.163.com
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = c:\docume~1\admini~1\locals~1\temp\drivergenius\qqdl\tencentdl.exe /install
ImagePath = c:\docume~1\admini~1\locals~1\temp\drivergenius\dghelper.exe, CmdLine = "c:\docume~1\admini~1\locals~1\temp\drivergenius\dghelper.exe" --getproblemtool
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\DriverGenius.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\DriverGenius.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghelper.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghelper.exe" --getproblemtool
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
{6AC4F574-C76A-4c31-9BE6-246A75010000}
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.IJD..MHLOG
MSCTF.MarshalInterface.FileMap.IJD.B.MHLOG
MSCTF.MarshalInterface.FileMap.IJD.C.LILOG
MSCTF.MarshalInterface.FileMap.IJD.D.LILOG
MSCTF.MarshalInterface.FileMap.IJD.E.LJLOG
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.IJD.F.EMMOG
MSCTF.MarshalInterface.FileMap.IJD.G.EMMOG
MSCTF.MarshalInterface.FileMap.IJD.H.EMMOG
MSCTF.MarshalInterface.FileMap.IJD.I.GJBPG
MSCTF.MarshalInterface.FileMap.IJD.J.GJBPG
MSCTF.MarshalInterface.FileMap.IJD.K.GJBPG
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\7z.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cactus.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cysvc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgbackup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgbase.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgcomponent.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgcore.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgctrl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghelper.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghelper.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghmpg.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghmpg64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dglse.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgres.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dguimn.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\microsoft.vc80.crt.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\microsoft.vc80.mfc.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cfg\dgscript.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cfg\hotfix.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cfg\kccfg.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cfg\kcinfo.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cfg\kpcfg.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cfg\ksopop.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cfg\vulcfg.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\data\dgkit.dat---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\data\repair_tools.dat---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 154
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 168
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 182
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\monitor
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc6.tmp
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\MSVCR80.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\DriverGenius\Microsoft.VC80.CRT.manifest
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghelper.exe
Network behavior
Behavior description:按名称获取主机地址
details:liveupdate5.drivergenius.com
liveupdate51.drivergenius.com
www.baidu.com
www.ijinshan.com
www.sohu.com
www.qq.com
liveupdate8.drivergenius.com
www.xunlei.com
www.sina.com
www.163.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghelper.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\BitNames
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
DriverGenius
RasPbFile
MSCTF.Shared.MUTEX.AEH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Global\{727729E3-F09F-4483-AC99-3872EE7AB8F4}
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ShadeWnd]
[Window,Class] = [,DGShadowUI]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TFormReceiver,FormReceiver]
NtUserFindWindowEx: [Class,Window] = [,补丁]
NtUserFindWindowEx: [Class,Window] = [Progman,Program Manager]
NtUserFindWindowEx: [Class,Window] = [SHELLDLL_DefView,]
NtUserFindWindowEx: [Class,Window] = [SysListView32,FolderView]
Behavior description:启动系统服务
details:[服务启动成功]: NT AUTHORITY\NetworkService, Remote Procedure Call (RPC) Locator, C:\WINDOWS\system32\locator.exe
[服务启动成功]: LocalSystem, WMI Performance Adapter, C:\WINDOWS\system32\wbem\wmiapsrv.exe
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 564, Hwnd=0x60240, Text = 驱动精灵, ClassName = CMainFrm.
Behavior description:枚举WLAN信息
details:N/A
Behavior description:直接操作物理设备
details:\??\PHYSICALDRIVE0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号