VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:3b2f6cec98dd78cb240e5d630197baba
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:guandan.msi / big file / Compound
disk1.cabdumpFile / big file / Cab
guandan_setup.exe / e8c76d5a750cfee25921b1002b64d0d4 / EXE
Binary.Prereq.dlldumpFile / ec762829da9ee98c7f68637565ae215f / DLL
!_StringDatadumpFile / 341e56ada156c770091f05638dde6ded / Unknown
Binary.aicustact.dlldumpFile / 259a4d570031e6aaa548335348159c08 / DLL
Binary.dialogdumpFile / 8a372c8339a8facc35088ce99a977d96 / Unknown
Icon.GuanDan.exedumpFile / ef5fb08aa7d564353282ec88494e0d3e / Unknown
!_StringPooldumpFile / 880f57a1402a8b50c14c3d0c958f98db / Unknown
!_ValidationdumpFile / 67903414c222bf0735e3eccfeafc24d1 / Unknown
!ControldumpFile / 2fd99bd7e26934edd99d1d8754a8c879 / Unknown
下载说明.htm / 98ff68c0fdfcfda488faa60fbac6cc9b / Unknown
Binary.bannerdumpFile / c6b57f973a3273cb37a77c11b1aa498f / Unknown
Binary.removicodumpFile / 20d25e871a244b94574c47726de745d6 / Unknown
Binary.custicondumpFile / 3eaebdade778394f06b29659c9c01ed7 / Unknown
Binary.repairicdumpFile / d234ca0358b21bdcfc5e3f9b2e7c7a22 / Unknown
Binary.insticondumpFile / 66c842af0b4fc1c918f531d2e1087b82 / Unknown
Binary.completidumpFile / 45b0e074f96a859adae198187ab9fa11 / Unknown
Binary.cmdlinkarrowdumpFile / 983358ce03817f1ca404befbe1e4d96a / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3D53B8
DfRoot0003D53B8
DfSharedHeap3D5624
DfRoot0003D5624
MSCTF.MarshalInterface.FileMap.MHL..IKIHH
MSCTF.MarshalInterface.FileMap.MHL.B.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.C.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.D.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.E.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.F.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.G.IKIHH
MSCTF.Shared.SFM.MHL
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [单机掼蛋 Setup,MsiDialogCloseClass]
[Window,Class] = [Cancel,Button]
[Window,Class] = [取消,Button]
[Window,Class] = [View readme file,Static]
[Window,Class] = [Launch 单机掼蛋,Static]
[Window,Class] = [,Button]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = /i "C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446186574.399138.exe_7zdump\掼蛋安装\guandan.msi" AI_SETUPEXEPATH="C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446186574.399138.exe_7zdump\掼蛋安装\guandan_setup.exe" SETUPEX
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
DfSharedHeap3D53B8
DfRoot0003D53B8
DfSharedHeap3D5624
DfRoot0003D5624
MSCTF.MarshalInterface.FileMap.MHL..IKIHH
MSCTF.MarshalInterface.FileMap.MHL.B.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.C.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.D.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.E.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.F.IKIHH
MSCTF.MarshalInterface.FileMap.MHL.G.IKIHH
MSCTF.Shared.SFM.MHL
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI7.tmp
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\77136.msi---> Offset = 121368
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\WINDOWS\system32\msi.dll
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\msiexec.exe
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446186574.898427.exe_7zdump\掼蛋安装
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446186574.901946.exe_7zdump\掼蛋安装\guandan.msi
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2936, Hwnd=0x102e0, Text = &Next >, ClassName = Button.
Pid = 2936, Hwnd=0x202d2, Text = Cancel, ClassName = Button.
Pid = 2936, Hwnd=0x102e4, Text = dialog, ClassName = Static.
Pid = 2936, Hwnd=0x102de, Text = < &Back, ClassName = Button.
Pid = 2936, Hwnd=0x202d0, Text = Welcome to 单机掼蛋 Setup Wizard, ClassName = Static.
Pid = 2936, Hwnd=0x302b6, Text = The Setup Wizard will install 单机掼蛋 on your computer. Click Next to continue or Cancel to exit the Setup Wizard., ClassName = Static.
Pid = 2936, Hwnd=0x702c0, Text = 单机掼蛋 Setup, ClassName = MsiDialogCloseClass.
Pid = 2936, Hwnd=0x402da, Text = &Next >, ClassName = Button.
Pid = 2936, Hwnd=0x102ea, Text = &Folder:, ClassName = Static.
Pid = 2936, Hwnd=0x102ec, Text = C:\Program Files\tonycoming\单机掼蛋\, ClassName = RichEdit20W.
Pid = 2936, Hwnd=0x402b8, Text = Br&owse..., ClassName = Button.
Pid = 2936, Hwnd=0x302ca, Text = Advanced Installer, ClassName = Static.
Pid = 2936, Hwnd=0x302ae, Text = Cancel, ClassName = Button.
Pid = 2936, Hwnd=0x302b0, Text = < &Back, ClassName = Button.
Pid = 2936, Hwnd=0x102e6, Text = banner, ClassName = Static.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [单机掼蛋 Setup,MsiDialogCloseClass]
[Window,Class] = [Cancel,Button]
[Window,Class] = [取消,Button]
[Window,Class] = [View readme file,Static]
[Window,Class] = [Launch 单机掼蛋,Static]
[Window,Class] = [,Button]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Advinst_F961C84B72534D78BDDD64BEE2DC0DA8
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MHL
Global\_MSIExecute
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号