VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:30abfadfade7d962a225b1ec82788c51
file type:Nsis
Production company:PPlayer Corporation
version:1.2.2.0---1.2.2
Shell or compiler information:
Subfile information:avformat-55.dll / big file / DLL
QtGui4.dll / big file / DLL
QtCore4.dll / 333479a7a67da81e316d4ee55682e75a / DLL
avcodec-55.dll / big file / DLL
file_proxy.exe / c3deb4a0b3b757389d99dd8838dd8c98 / EXE
updater.exe / cc550e0b2c81a665bdc9c289262e6694 / EXE
swscale-2.dll / c707cd428a746b6dbc9becb4563d7df7 / DLL
QtNetwork4.dll / 74b5163797992a14d0796c6e83bdd593 / DLL
libeay32.dll / ce4dd10bde6f69fd3affbab1bf799c1e / DLL
VSFilter.dll / bfcb5a1850a5dab1844e59787c5221cc / DLL
play.exe / cf14f1f77eb316c39bc7003a2c56bfcf / EXE
avutil-52.dll / eb45f064ea66d618aa270a144bad5030 / DLL
QtOpenGL4.dll / 03202e35dd59602a555d838384b4880b / DLL
msvcr100.dll / 67ec459e42d3081dd8fd34356f7cafc1 / DLL
npdplayer.dll / 072c86187f74d117fbd424b2598517cd / DLL
advert.exe / 5b1877047109f95f7aaca4f66aeee0ab / EXE
msvcp100.dll / 03e9314004f504a14a61c3d364b62f66 / DLL
QtXml4.dll / 662b511776db4e9fb59d740cd2d18d28 / DLL
qtiff4.dll / c9b54969a20b6bb294bcfeda0acef326 / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AIO..BPAKH
MSCTF.MarshalInterface.FileMap.AIO.B.AABKH
MSCTF.MarshalInterface.FileMap.AIO.C.AABKH
MSCTF.MarshalInterface.FileMap.AIO.D.AABKH
MSCTF.MarshalInterface.FileMap.AIO.E.AABKH
MSCTF.MarshalInterface.FileMap.AIO.F.AABKH
MSCTF.MarshalInterface.FileMap.AIO.G.AABKH
MSCTF.Shared.SFM.AIO
AtlDebugAllocator_FileMappingNameStatic3_92c
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0003029e, Text = 啪啪影音 1.2.2 安装 , ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [啪啪影音,Static]
[Window,Class] = [啪啪影音 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [选择组件,Static]
[Window,Class] = [选择你想要安装“啪啪影音 1.2.2”的那些功能。,Static]
[Window,Class] = [显示细节(&D),Button]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" "C:\Program Files\PPlayer\npdplayer.dll"
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\PPlayer\file_proxy.exe, CmdLine = "C:\Program Files\PPlayer\file_proxy.exe"
ImagePath = C:\Program Files\PPlayer\play.exe, CmdLine = "C:\Program Files\PPlayer\play.exe" -hide
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AIO..BPAKH
MSCTF.MarshalInterface.FileMap.AIO.B.AABKH
MSCTF.MarshalInterface.FileMap.AIO.C.AABKH
MSCTF.MarshalInterface.FileMap.AIO.D.AABKH
MSCTF.MarshalInterface.FileMap.AIO.E.AABKH
MSCTF.MarshalInterface.FileMap.AIO.F.AABKH
MSCTF.MarshalInterface.FileMap.AIO.G.AABKH
MSCTF.Shared.SFM.AIO
AtlDebugAllocator_FileMappingNameStatic3_92c
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\InstallOptions.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\nsDialogs.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\KillProcDLL.dll
C:\Program Files\PPlayer\QtCore4.dll
C:\Program Files\PPlayer\QtGui4.dll
C:\Program Files\PPlayer\QtNetwork4.dll
C:\Program Files\PPlayer\QtOpenGL4.dll
C:\Program Files\PPlayer\QtXml4.dll
C:\Program Files\PPlayer\VSFilter.dll
C:\Program Files\PPlayer\advert.exe
C:\Program Files\PPlayer\avcodec-55.dll
C:\Program Files\PPlayer\avformat-55.dll
C:\Program Files\PPlayer\avutil-52.dll
C:\Program Files\PPlayer\file_proxy.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\welcome.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\modern-wizard.bmp---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 318
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 373
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 381
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 393
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\ioSpecial.ini---> Offset = 342
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp
FileName = C:\NUL
FileName = D:\NUL
FileName = C:\Program Files\PPlayer\npdplayer.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Icon\avi.ico
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Icon\mkv.ico
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Icon\ogm.ico
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Icon\mp4.ico
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Icon\m4p.ico
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\Icon\m4b.ico
Network behavior
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1035
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Back.PPlayer\.avi\
\REGISTRY\MACHINE\SOFTWARE\Classes\.avi\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.avi\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.avi\shell\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.avi\shell\open\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.avi\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.avi\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Back.PPlayer\
\REGISTRY\MACHINE\SOFTWARE\Classes\Back.PPlayer\.mkv\
\REGISTRY\MACHINE\SOFTWARE\Classes\.mkv\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.mkv\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.mkv\shell\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.mkv\shell\open\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.mkv\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\PPlayer.mkv\DefaultIcon\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\file_proxy\DEBUG\Trace Level
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AIO
SHIMLIB_LOG_MUTEX
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
QtLockedFile mutex c:/docume~1/admini~1/locals~1/temp/qtsingleapplication-7dac-0-lockfile
QtLockedFile mutex c:/docume~1/admini~1/locals~1/temp/qtsingleapplication-8549-0-lockfile
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [啪啪影音,Static]
[Window,Class] = [啪啪影音 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [选择组件,Static]
[Window,Class] = [选择你想要安装“啪啪影音 1.2.2”的那些功能。,Static]
[Window,Class] = [显示细节(&D),Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_MANAGE_VOLUME_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0003029e, Text = 啪啪影音 1.2.2 安装 , ClassName = #32770.
Behavior description:窗口信息
details:Pid = 3708, Hwnd=0x202a2, Text = unpacking data: 64%, ClassName = Static.
Pid = 3708, Hwnd=0x202a6, Text = Please wait while Setup is loading..., ClassName = Static.
Pid = 3708, Hwnd=0x2029e, Text = unpacking data: 64%, ClassName = #32770.
Pid = 3708, Hwnd=0x302a2, Text = 下一步(&N) >, ClassName = Button.
Pid = 3708, Hwnd=0x302a0, Text = 取消(&C), ClassName = Button.
Pid = 3708, Hwnd=0x202d4, Text = 啪啪影音 , ClassName = Static.
Pid = 3708, Hwnd=0x302dc, Text = 啪啪影音, ClassName = Static.
Pid = 3708, Hwnd=0x302da, Text = 欢迎使用“啪啪影音 1.2.2”安装向导, ClassName = Static.
Pid = 3708, Hwnd=0x302b8, Text = 这个向导将指引你完成“啪啪影音 1.2.2”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定的系, ClassName = Static.
Pid = 3708, Hwnd=0x3029e, Text = 啪啪影音 1.2.2 安装, ClassName = #32770.
Pid = 3708, Hwnd=0x402b8, Text = 自定义, ClassName = ComboBox.
Pid = 3708, Hwnd=0x302c6, Text = 所需空间: 83.4MB, ClassName = Static.
Pid = 3708, Hwnd=0x302a2, Text = 安装(&I), ClassName = Button.
Pid = 3708, Hwnd=0x180134, Text = 选择啪啪影音安装路径, ClassName = Button(GroupBox).
Pid = 3708, Hwnd=0x50272, Text = C:\Program Files\PPlayer, ClassName = Edit.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\welcome.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsnC.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号