VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:30d9352260133abf75db78b1e0251e49
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:PE+(64)
Subfile information:BitComet_x64.exe / 230adbc9d222ed414a5e21adee085488 / EXE
BitComet.exe / 7c9516ef60da818b9785f34bc1b87c1c / EXE
VideoSnapshot.exe / a488135474e53e72115a0bb25e664aad / EXE
Updater.exe / 3cdd3eab1a3c200c18e100f9eda9135a / EXE
BitCometService.exe / f0879e255885374d4c4c65a2d64bed60 / EXE
npBitCometAgent.dll / 0383a25d0433516ca14918d3779acfd8 / DLL
BitCometBHO.dll / 7455fe2a83979f90705062160f98a96d / DLL
BitCometAgent.dll / 9effe59913e4195cf459f30eec1889ed / DLL
UPNP.exe / 83af1d82523a47b01adddba38aaba9a3 / EXE
CrashReport.exe / 69ee41e1ea0f60087dfa4979f51704ab / EXE
bitcomet-bg.mo / f5e9b0efc8c9b141d1a4e269c3bdac41 / Unknown
bitcomet-ug.mo / dd5449b6bca6170d6abd27e252d5ef3b / Unknown
bitcomet-ru.mo / c98985355ae82c78dffd2d7fdbb1a6ac / Unknown
bitcomet-th.mo / 76878ccfd7db02724654bfa865b125e7 / Unknown
bitcomet-ja.mo / 67708eaff4ed545028667cb2cbddaa93 / Unknown
bitcomet-ro.mo / 765adfd6fa4cfb49d49276c6f8b9d2ce / Unknown
bitcomet-de.mo / 9f5769c6c950826d4e476ac3e6f87cf6 / Unknown
bitcomet-zh_CN.mo / 655ef3549d6607937fb0632ecef88458 / Unknown
bitcomet-eu.mo / e1c11f1ffb0fe292bd340041823d9349 / Unknown
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0xc7e35792, EDX = 0x000000bf
EAX = 0xdaf38221, EDX = 0x000000bf
EAX = 0xdaf3826d, EDX = 0x000000bf
EAX = 0x7809c61c, EDX = 0x000000c0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\BitComet.exe
Behavior description:获取TickCount值
details:TickCount = 286687, SleepMilliseconds = 60000.
TickCount = 286734, SleepMilliseconds = 60000.
TickCount = 286765, SleepMilliseconds = 60000.
TickCount = 286796, SleepMilliseconds = 60000.
TickCount = 286812, SleepMilliseconds = 60000.
TickCount = 286828, SleepMilliseconds = 60000.
TickCount = 286843, SleepMilliseconds = 60000.
TickCount = 286859, SleepMilliseconds = 60000.
TickCount = 286875, SleepMilliseconds = 60000.
TickCount = 286890, SleepMilliseconds = 60000.
TickCount = 286921, SleepMilliseconds = 60000.
TickCount = 286937, SleepMilliseconds = 60000.
TickCount = 286984, SleepMilliseconds = 60000.
TickCount = 287000, SleepMilliseconds = 60000.
TickCount = 287015, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建进程
details:[0x00000e30]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\tools\UPNP.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\tools\UPNP.exe" -addfw -app BitComet -tcpport 12375 -udpport 12375 -q
Behavior description:创建本地线程
details:TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3400, StartAddress = 00960981, Parameter = 001E6138
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3404, StartAddress = 00960981, Parameter = 001E8A48
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3520, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3524, StartAddress = 77E56C7D, Parameter = 00235288
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3528, StartAddress = 769AE43B, Parameter = 00234D18
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3536, StartAddress = 77E56C7D, Parameter = 00237D08
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3544, StartAddress = 00960981, Parameter = 0024B278
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3548, StartAddress = 00960981, Parameter = 00258508
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3552, StartAddress = 00960981, Parameter = 00258528
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3556, StartAddress = 00960981, Parameter = 002570C0
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3560, StartAddress = 00960981, Parameter = 002594E8
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3564, StartAddress = 00960981, Parameter = 035F7680
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3568, StartAddress = 005C909D, Parameter = 00259398
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3572, StartAddress = 005C909D, Parameter = 03604B10
TargetProcess: BitComet.exe, InheritedFromPID = 2000, ProcessID = 3316, ThreadID = 3576, StartAddress = 005C909D, Parameter = 03604B70
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\BitComet\fav\download-complete.wav
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_en_us.xml
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_ja.xml
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_zh_cn.xml
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_zh_tw.xml
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\HowTo-AddYourSite.txt
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_en_us.mht
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_zh_cn.mht
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_zh_tw.mht
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_en_us.mht
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_zh_cn.mht
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_zh_tw.mht
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\cache\post_info.db
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\cache\post_info.db-journal
C:\Documents and Settings\Administrator\Local Settings\Temp\wbk3.tmp
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\html_loading[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\html_loading[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
Behavior description:复制文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\download-complete.wav ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\download-complete.wav
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\fav_en_us.xml ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_en_us.xml
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\fav_ja.xml ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_ja.xml
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\fav_zh_cn.xml ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_zh_cn.xml
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\fav_zh_tw.xml ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_zh_tw.xml
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\HowTo-AddYourSite.txt ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\HowTo-AddYourSite.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\passport_info_en_us.mht ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_en_us.mht
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\passport_info_zh_cn.mht ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_zh_cn.mht
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\passport_info_zh_tw.mht ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_zh_tw.mht
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\passport_login_en_us.mht ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_en_us.mht
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\passport_login_zh_cn.mht ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_zh_cn.mht
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\passport_login_zh_tw.mht ---> C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_zh_tw.mht
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\cache\post_info.db-journal
C:\Documents and Settings\Administrator\Local Settings\Temp\wbk3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\wbk5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\login.gif
C:\Documents and Settings\Administrator\Local Settings\Temp\wbk6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\login (1).gif
C:\Documents and Settings\Administrator\Local Settings\Temp\wbk7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\login (2).gif
C:\Documents and Settings\Administrator\Local Settings\Temp\wbk8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\login_.gif
C:\Documents and Settings\Administrator\Local Settings\Temp\wbk9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\login (3).gif
C:\Documents and Settings\Administrator\Local Settings\Temp\wbkA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\login_.gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\BitComet.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\fav\*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\lang\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\*.*
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ
FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\BitComet\fav\download-complete.wav ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_en_us.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_ja.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_zh_cn.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\fav_zh_tw.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\HowTo-AddYourSite.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_en_us.mht ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_zh_cn.mht ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_info_zh_tw.mht ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_en_us.mht ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_zh_cn.mht ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\BitComet\fav\passport_login_zh_tw.mht ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\tools\UPNP.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\tools\UPNP.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\tools\UPNP.exe ---> Offset = 131072
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = in****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00800000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Behavior description:建立到一个指定的套接字连接
details:URL: in****om, IP: **.133.40.**:443, SOCKET = 0x00000694
URL: in****om, IP: **.133.40.**:443, SOCKET = 0x00000704
URL: su****rg, IP: **.133.40.**:4100, SOCKET = 0x00000780
URL: up****om, IP: **.133.40.**:443, SOCKET = 0x00000794
URL: tr****rg, IP: **.133.40.**:80, SOCKET = 0x00000460
URL: ip****rg, IP: **.133.40.**:5435, SOCKET = 0x000007a8
Behavior description:读取网络文件
details:hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: in****om:443/start/zh_cn/1.47/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00c10600
HttpOpenRequestA: in****om:443/start/zh_cn/1.47/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00c00010
Behavior description:按名称获取主机地址
details:gethostbyname: ro****om
gethostbyname: ro****et
GetAddrInfoW: in****om
gethostbyname: su****rg
gethostbyname: up****om
gethostbyname: tr****rg
gethostbyname: ip****rg
Registry behavior
Behavior description:修改注册表_浏览器右键菜单
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载\contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载\BitCometCreated
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载\MenuID
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载全部链接\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载全部链接\contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载全部链接\BitCometCreated
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用BitComet下载全部链接\MenuID
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\
Behavior description:修改注册表_URL协议关联
details:\REGISTRY\USER\S-*_CLASSES\bc\URL Protocol
\REGISTRY\USER\S-*_CLASSES\magnet\URL Protocol
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\tools\UPNP.exe
\REGISTRY\USER\S-*\Software\BitComet\BitComet\CaptureIEDownload
\REGISTRY\USER\S-*\Software\BitComet\BitComet\IEMoniterFileExt
\REGISTRY\USER\S-*\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\Display
\REGISTRY\USER\S-*\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_VIDEO\Display
\REGISTRY\USER\S-*\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_PICTURE\Display
\REGISTRY\USER\S-*\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_PICTURE_LINK\Display
\REGISTRY\USER\S-*\Software\BitComet\BitComet\IEMenuExt\ID_EXTMENU1\ID_DOWNLOAD_FLASH\Display
\REGISTRY\MACHINE\SOFTWARE\Classes\bittorrent\EditFlags
\REGISTRY\USER\S-*\Software\BitComet\
\REGISTRY\USER\S-*_CLASSES\bc\
\REGISTRY\USER\S-*_CLASSES\bc\DefaultIcon\
\REGISTRY\USER\S-*_CLASSES\bc\shell\open\command\
\REGISTRY\USER\S-*_CLASSES\bc\shell\open\ddeexec\
\REGISTRY\USER\S-*_CLASSES\bc\shell\open\ddeexec\Application\
Behavior description:修改注册表_浏览器工具栏按钮
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\CLSID
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\BitComet_1.47\BitComet.exe
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\BitComet\DEBUG\Trace Level
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:获取光标位置
details:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
CursorPos = (27001,24465), SleepMilliseconds = 60000.
CursorPos = (5744,28146), SleepMilliseconds = 60000.
CursorPos = (23320,16828), SleepMilliseconds = 60000.
CursorPos = (10000,492), SleepMilliseconds = 60000.
CursorPos = (3034,11943), SleepMilliseconds = 60000.
CursorPos = (4866,5437), SleepMilliseconds = 60000.
CursorPos = (32430,14605), SleepMilliseconds = 60000.
CursorPos = (3941,154), SleepMilliseconds = 60000.
CursorPos = (331,12383), SleepMilliseconds = 60000.
CursorPos = (17460,18717), SleepMilliseconds = 60000.
CursorPos = (19757,19896), SleepMilliseconds = 60000.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
{SIMPLEBT-D19EACFB-5FD1-4615-A179-A9B9E38A6506}
75DAD82D-A77F-49e5-ADD3-8F11C1940689
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
{UPNP-ICF-A4AFA740-F3D0-4efc-B4BA-86948F1185D5}
{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMJJIGEAAADOAAAAA
{SIMPLEBT-53DE14D9-A616-4ff0-BA62-9DF424D0665C}
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = {2E592CB6-BDC4-419f-8B79-D4FC2FDA3C69}
EventName = {C15766D8-75BC-48b4-BE85-B891BC07F7D6}
EventName = 8A54EF8C-30F0-4aeb-B1A8-0D5E51727811
EventName = Global\25160D17-CF74-4117-ADE2-5E3FA715FFB1
EventName = 9562875F_56EE_4564_A45F_3E34F9F5ECAD
EventName = 3349796255123219076175235282402451186256
EventName = Global\5123233497962519076175235282402451186256
EventName = 2766621204348631904818312625315212199238134
EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.AKO.IC
EventName = MSCTF.SendReceiveConection.Event.AKO.IC
Behavior description:窗口信息
details:Pid = 3316, Hwnd=0x106dc, Text = 您想运行或保存此文件吗?, ClassName = Static.
Pid = 3316, Hwnd=0x106e0, Text = 名称:, ClassName = Static.
Pid = 3316, Hwnd=0x106e2, Text = update.exe, ClassName = SysLink.
Pid = 3316, Hwnd=0x106e4, Text = 发行者:, ClassName = Static.
Pid = 3316, Hwnd=0x106e8, Text = 类型:, ClassName = Static.
Pid = 3316, Hwnd=0x106ea, Text = 应用程序, 358KB, ClassName = Static.
Pid = 3316, Hwnd=0x106ec, Text = 从:, ClassName = Static.
Pid = 3316, Hwnd=0x106ee, Text = inside.bitcomet.com, ClassName = Static.
Pid = 3316, Hwnd=0x106f0, Text = 运行(&R), ClassName = Button.
Pid = 3316, Hwnd=0x106f2, Text = 保存(&S), ClassName = Button.
Pid = 3316, Hwnd=0x106f4, Text = 取消, ClassName = Button.
Pid = 3316, Hwnd=0x106f6, Text = 打开此类文件前总是询问(&W), ClassName = Button(CheckBox).
Pid = 3316, Hwnd=0x106fc, Text = 来自 Internet 的文件可能对您有所帮助,但此文件类型可能危害您的计算机。如果您不信任其来源,请不要运行或保存该软件。<A>有何风险?</A>, ClassName = SysLink.
Pid = 3316, Hwnd=0x106da, Text = 文件下载 - 安全警告, ClassName = #32770.
Pid = 3316, Hwnd=0x10690, Text = 下载完毕, ClassName = Static.
Behavior description:直接获取CPU时钟
details:EAX = 0xc7e35792, EDX = 0x000000bf
EAX = 0xdaf38221, EDX = 0x000000bf
EAX = 0xdaf3826d, EDX = 0x000000bf
EAX = 0x7809c61c, EDX = 0x000000c0
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [NDDEAgnt,NetDDE Agent]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEAJHMOAAEPMAAAAA
MSFT.VSA.COM.DISABLE.3316
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
3349796255123219076175235282402451186256
2766621204348631904818312625315212199238134
Global\crypt32LogoffEvent
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:获取TickCount值
details:TickCount = 286687, SleepMilliseconds = 60000.
TickCount = 286734, SleepMilliseconds = 60000.
TickCount = 286765, SleepMilliseconds = 60000.
TickCount = 286796, SleepMilliseconds = 60000.
TickCount = 286812, SleepMilliseconds = 60000.
TickCount = 286828, SleepMilliseconds = 60000.
TickCount = 286843, SleepMilliseconds = 60000.
TickCount = 286859, SleepMilliseconds = 60000.
TickCount = 286875, SleepMilliseconds = 60000.
TickCount = 286890, SleepMilliseconds = 60000.
TickCount = 286921, SleepMilliseconds = 60000.
TickCount = 286937, SleepMilliseconds = 60000.
TickCount = 286984, SleepMilliseconds = 60000.
TickCount = 287000, SleepMilliseconds = 60000.
TickCount = 287015, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_MANAGE_VOLUME_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 3.
[4]: MilliSeconds = 3.
[5]: MilliSeconds = 3.
[6]: MilliSeconds = 3.
[7]: MilliSeconds = 3.
[8]: MilliSeconds = 3.
[9]: MilliSeconds = 3.
[10]: MilliSeconds = 3.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [panel,wxWindowNR]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,SysTreeView32]
[Window,Class] = [,SysListView32]
[Window,Class] = [hide wnd for update tip,Static]
[Window,Class] = [其他用户:,Static]
[Window,Class] = [,Static]
[Window,Class] = [0kB/s,Static]
[Window,Class] = [,Edit]
[Window,Class] = [<A HREF="null">null</A>,SysLink]
[Window,Class] = [,SysLink]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
RasPbFile
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
CtfmonInstMutexDefaultS-*
Local\c:!documents and settings!administrator!ietldcache!
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号