VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:449751f4c1ecae6e649bff6c5aaa6e52
file type:EXE
Production company:IObit
version:2.1.2.0---2.1.2.0
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [安装向导,TApplication]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - Driver Booster 2.1,TWizardForm]
[Window,Class] = [IObit Downloader,TApplication]
Behavior description:常规加载驱动
details:\??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Driver Booster 2.lnk
Behavior description:设置特殊文件夹属性
details:C:\Program Files\IObit\Driver Booster\Update
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:创建系统服务
details:[服务创建成功]: HWiNFO32, C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Behavior description:按名称获取主机地址
details:ascstats.iobit.com
update.iobit.com
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = c:\program files\iobit\driver booster\locallang.exe, CmdLine = "c:\program files\iobit\driver booster\locallang.exe"
ImagePath = c:\program files\iobit\driver booster\setuphlp.exe, CmdLine = "c:\program files\iobit\driver booster\setuphlp.exe" /install
ImagePath = c:\program files\iobit\driver booster\promote.exe, CmdLine = "c:\program files\iobit\driver booster\promote.exe" /install db2
ImagePath = c:\program files\iobit\driver booster\freeware\iobitdownloader.exe, CmdLine = "c:\program files\iobit\driver booster\freeware\iobitdownloader.exe" "/config=http://update.iobit.com/infofiles/db2/freeware-db.upt" "1" /product=db2
ImagePath = c:\program files\iobit\driver booster\setuphlp.exe, CmdLine = "c:\program files\iobit\driver booster\setuphlp.exe" /promote
ImagePath = c:\program files\iobit\driver booster\setuphlp.exe, CmdLine = "c:\program files\iobit\driver booster\setuphlp.exe" /checkover
ImagePath = c:\program files\iobit\driver booster\autoupdate.exe, CmdLine = "c:\program files\iobit\driver booster\autoupdate.exe" /auto
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-PBIGV.tmp\sample.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-PBIGV.tmp\sample.tmp" /SL5="$1034C,10025512,139264,c:\%temp%\1421899555.632729.exe"
ImagePath = C:\Program Files\IObit\Driver Booster\HWiNFO\HWiNFO.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\HWiNFO\HWiNFO.exe" /brandname
ImagePath = C:\Program Files\IObit\Driver Booster\LocalLang.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\LocalLang.exe"
ImagePath = C:\Program Files\IObit\Driver Booster\SetupHlp.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\SetupHlp.exe" /install
ImagePath = C:\Program Files\IObit\Driver Booster\Promote.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\Promote.exe" /install db2
ImagePath = C:\Program Files\IObit\Driver Booster\DriverBooster.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\DriverBooster.exe"
ImagePath = C:\Program Files\IObit\Driver Booster\Freeware\IObitDownloader.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\Freeware\IObitDownloader.exe" "/Config=http://update.iobit.com/infofiles/db2/Freeware-db.upt" "1" /product=DB2
ImagePath = C:\Program Files\IObit\Driver Booster\SetupHlp.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\SetupHlp.exe" /promote
ImagePath = C:\Program Files\IObit\Driver Booster\SetupHlp.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\SetupHlp.exe" /checkover
ImagePath = C:\Program Files\IObit\Driver Booster\AutoUpdate.exe, CmdLine = "C:\Program Files\IObit\Driver Booster\AutoUpdate.exe" /auto
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\Driver Booster 2\Driver Booster 2.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Driver Booster 2\卸载 Driver Booster 2.lnk
Behavior description:添加计划任务
details:C:\WINDOWS\Tasks\Driver Booster Update.job
C:\WINDOWS\Tasks\Driver Booster Scan.job
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-PBIGV.tmp\sample.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-A7MBN.tmp\_isetup\_shfoldr.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-A7MBN.tmp\RdZone.dll
C:\Program Files\IObit\Driver Booster\is-4NJNJ.tmp
C:\Program Files\IObit\Driver Booster\is-18QF5.tmp
C:\Program Files\IObit\Driver Booster\is-SB7I8.tmp
C:\Program Files\IObit\Driver Booster\is-EAA3U.tmp
C:\Program Files\IObit\Driver Booster\is-4F47L.tmp
C:\Program Files\IObit\Driver Booster\is-D9HID.tmp
C:\Program Files\IObit\Driver Booster\is-2PI1G.tmp
C:\Program Files\IObit\Driver Booster\is-86HB5.tmp
C:\Program Files\IObit\Driver Booster\is-3U6IP.tmp
C:\Program Files\IObit\Driver Booster\is-M5KD2.tmp
C:\Program Files\IObit\Driver Booster\is-ISJLM.tmp
C:\Program Files\IObit\Driver Booster\is-TLQR5.tmp
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Driver Booster 2.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.AIK..PDBHF
MSCTF.MarshalInterface.FileMap.AIK.B.PDBHF
MSCTF.MarshalInterface.FileMap.AIK.C.OHBHF
MSCTF.MarshalInterface.FileMap.AIK.D.OIBHF
MSCTF.MarshalInterface.FileMap.AIK.E.OIBHF
MSCTF.MarshalInterface.FileMap.AIK.F.OIBHF
MSCTF.MarshalInterface.FileMap.AIK.G.OIBHF
MSCTF.MarshalInterface.FileMap.AIK.H.OIBHF
MSCTF.MarshalInterface.FileMap.AIK.I.OIBHF
MSCTF.MarshalInterface.FileMap.AIK.J.JFCHF
MSCTF.MarshalInterface.FileMap.AIK.K.JFCHF
MSCTF.MarshalInterface.FileMap.AIK.L.JFCHF
MSCTF.MarshalInterface.FileMap.AIK.M.JFCHF
MSCTF.MarshalInterface.FileMap.AIK.N.JFCHF
Behavior description:重命名文件
details:C:\Program Files\IObit\Driver Booster\is-4NJNJ.tmp ---> C:\Program Files\IObit\Driver Booster\unins000.exe
C:\Program Files\IObit\Driver Booster\is-18QF5.tmp ---> C:\Program Files\IObit\Driver Booster\DriverBooster.exe
C:\Program Files\IObit\Driver Booster\is-SB7I8.tmp ---> C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
C:\Program Files\IObit\Driver Booster\is-EAA3U.tmp ---> C:\Program Files\IObit\Driver Booster\SetupHlp.exe
C:\Program Files\IObit\Driver Booster\is-4F47L.tmp ---> C:\Program Files\IObit\Driver Booster\Scheduler.exe
C:\Program Files\IObit\Driver Booster\is-D9HID.tmp ---> C:\Program Files\IObit\Driver Booster\Promote.exe
C:\Program Files\IObit\Driver Booster\is-2PI1G.tmp ---> C:\Program Files\IObit\Driver Booster\MakeSFX.exe
C:\Program Files\IObit\Driver Booster\is-86HB5.tmp ---> C:\Program Files\IObit\Driver Booster\ChangeIcon.exe
C:\Program Files\IObit\Driver Booster\is-3U6IP.tmp ---> C:\Program Files\IObit\Driver Booster\AUpdate.exe
C:\Program Files\IObit\Driver Booster\is-M5KD2.tmp ---> C:\Program Files\IObit\Driver Booster\Scanner.dll
C:\Program Files\IObit\Driver Booster\is-ISJLM.tmp ---> C:\Program Files\IObit\Driver Booster\SQLite3.dll
C:\Program Files\IObit\Driver Booster\is-TLQR5.tmp ---> C:\Program Files\IObit\Driver Booster\TaskMgr.dll
C:\Program Files\IObit\Driver Booster\is-4LSPN.tmp ---> C:\Program Files\IObit\Driver Booster\SysRest.dll
C:\Program Files\IObit\Driver Booster\is-IB52R.tmp ---> C:\Program Files\IObit\Driver Booster\Register.dll
C:\Program Files\IObit\Driver Booster\is-UMF1J.tmp ---> C:\Program Files\IObit\Driver Booster\DataState.dll
Behavior description:设置特殊文件夹属性
details:C:\Program Files\IObit\Driver Booster\Update
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-A7MBN.tmp\Inno_ChineseSimp.lng---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-A7MBN.tmp\Inno_English.lng---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-A7MBN.tmp\db_xp_support.bmp---> Offset = 0
C:\Program Files\IObit\Driver Booster\Database\Games\is-3JRDR.tmp---> Offset = 0
C:\Program Files\IObit\Driver Booster\Database\Games\is-9Q49F.tmp---> Offset = 262144
C:\Program Files\IObit\Driver Booster\is-C19CP.tmp---> Offset = 0
C:\Program Files\IObit\Driver Booster\is-DD6RH.tmp---> Offset = 0
C:\Program Files\IObit\Driver Booster\Skin\is-9NLSJ.tmp---> Offset = 262144
C:\Program Files\IObit\Driver Booster\Skin\is-9LJM7.tmp---> Offset = 0
C:\Program Files\IObit\Driver Booster\Skin\is-FNDRJ.tmp---> Offset = 262144
C:\Program Files\IObit\Driver Booster\Icons\is-CAIGL.tmp---> Offset = 262144
C:\Program Files\IObit\Driver Booster\Icons\is-IUQT6.tmp---> Offset = 262144
C:\Program Files\IObit\Driver Booster\Icons\GameApp\is-IM2C4.tmp---> Offset = 0
C:\Program Files\IObit\Driver Booster\Icons\GameApp\is-RS384.tmp---> Offset = 0
C:\Program Files\IObit\Driver Booster\Icons\GameApp\is-VCPA9.tmp---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = interface.cd4o.com, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:打开HTTP请求
details:HttpOpenRequestA: interface.cd4o.com:80/api.php?action=add, hConnect = 0x00000428
HttpOpenRequestA: interface.cd4o.com:80/api.php?action=add, hConnect = 0x00000408
Behavior description:按名称获取主机地址
details:ascstats.iobit.com
update.iobit.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Inno Setup: Setup Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Inno Setup: App Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Inno Setup: Icon Group
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Inno Setup: User
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Inno Setup: Selected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Inno Setup: Deselected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Inno Setup: Language
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\QuietUninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1\NoModify
Other behavior
Behavior description:创建驱动文件镜像
details:C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Driver Booster 2
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.AIK
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
Global\Access_EC
Behavior description:隐藏指定窗口
details:[Window,Class] = [安装向导,TApplication]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - Driver Booster 2.1,TWizardForm]
[Window,Class] = [IObit Downloader,TApplication]
Behavior description:常规加载驱动
details:\??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [TFormDrvBst,]
NtUserFindWindowEx: [Class,Window] = [TfrmDownloader,]
Behavior description:启动系统服务
details:[服务启动成功]: , HWiNFO32/64 Kernel Driver, \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Behavior description:打开指定IE网页
details:http://www.iobit.com/appgoto.php?to=install&name=db&ver=2.1.2.20&lan=&ref=db2&type=free
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:创建系统服务
details:[服务创建成功]: HWiNFO32, C:\WINDOWS\system32\drivers\HWiNFO32.SYS
Behavior description:窗口信息
details:Pid = 2684, Hwnd=0x10386, Text = 欢迎使用 Driver Booster 2.1 安装向导 , ClassName = TNewStaticText.
Pid = 2684, Hwnd=0x10384, Text = 安装向导将在你的电脑上安装 Driver Booster 2.1。 建议你在继续之前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消”退, ClassName = TNewStaticText.
Pid = 2684, Hwnd=0x10378, Text = EULA in HYPERLINK "http://www.iobit.com/de/eula/db-eula.php" Deutsch, HYPERLINK "http://www.iobit.com/fr/eula/db-eula.php" Fran?a, ClassName = TRichEditViewer.
Pid = 2684, Hwnd=0x20368, Text = C:\Program Files\IObit\Driver Booster, ClassName = TEdit.
Pid = 2684, Hwnd=0x10380, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 2684, Hwnd=0x8037e, Text = 取消, ClassName = TNewButton.
Pid = 2684, Hwnd=0x2035e, Text = 安装向导 - Driver Booster 2.1, ClassName = TWizardForm.
Pid = 2684, Hwnd=0x10394, Text = 接受, ClassName = TNewButton.
Pid = 2684, Hwnd=0x10392, Text = 拒绝, ClassName = TNewButton.
Pid = 2684, Hwnd=0x1038e, Text = 许可协议, ClassName = TNewStaticText.
Pid = 2684, Hwnd=0x1038c, Text = 请在继续之前阅读以下重要信息。, ClassName = TNewStaticText.
Pid = 2684, Hwnd=0x20388, Text = 请阅读以下许可协议。在继续安装之前,你必须接受此协议的条款。, ClassName = TNewStaticText.
Pid = 2684, Hwnd=0x10390, Text = < 上一步(&B), ClassName = TNewButton.
Pid = 2684, Hwnd=0x1038e, Text = 选择附加任务, ClassName = TNewStaticText.
Pid = 2684, Hwnd=0x1038c, Text = 要执行哪些附加任务?, ClassName = TNewStaticText.
Behavior description:枚举窗口
details:N/A
Behavior description:内联HOOK
details:C:\WINDOWS\system32\shell32.dll--->SHLockShared Offset = 0x563532d
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItems@GetCount$qqrv Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItems@AddItem$qqrp18Comctrls@TListItemi Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItem@GetIndex$qqrv Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItem@SetImage$qqrii Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItem@GetHandle$qqrv Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TCustomListView@CustomSort$qqrpqqsiii$ii Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TCustomListView@AlphaSort$qqrv Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TCustomListView@GetItem$qqrrx10tagLVITEMW Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TCustomListView@UpdateGroups$qqrv Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItem@$bctr$qqrp19Comctrls@TListItems Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItem@$bdtr$qqrv Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TCustomListView@WndProc$qqrr17Messages@TMessage Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TCustomListView@DoAutoSize$qqrv Offset = 0x0
C:\Program Files\IObit\Driver Booster\vcl120.bpl--->@Comctrls@TListItem@GetSubItemImage$qqri Offset = 0x0
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-A7MBN.tmp\db_xp_support.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号