VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:4b0583fc1af29505aad47c4779f32ba0
file type:7z
Production company:深圳市迅雷网络技术有限公司
version:7.9.40.5004---7.9.40.5004
Shell or compiler information:
Subfile information:ThunderCore.xar / 5ccc9843d24eb702feb1adaac2592fda / Unknown
XLUE.dll / a7f29efe885f0d243cffa4a920df5175 / DLL
DownloadKernel.dll / f6091f0c302cca7a57b7498d3d5c78b5 / DLL
stream.dll / 567de70743206321e0ce02ce8050ff96 / DLL
np_tdieplat.dll / 28a9c1b9fbcea96d821a342d4051f29d / DLL
Offline.xar / 707e80001e209843e1f6ec50608f7370 / Unknown
ThunderNewTask.exe / ac8ac6de1023f6515d518939cc699785 / EXE
Thunder.exe / 555b9e006c32c4a40c437bc556a3b0ec / EXE
bt_kernel.dll / f82f45c8df103f1309fcfe89acbfd281 / DLL
p2sp.dll / b712c42b40afb4bf6fa7d4b1829721eb / DLL
emule_kernel.dll / 0cc401e466252c2648e858a61a9247bf / DLL
p2p.dll / f89458a3399d284778c879cf9d00818d / DLL
ThunderBHOPlatform.exe / 595c46bc83bc93030314b62376be01fc / Nsis
asyn_download_interface.dll / d8dfe7a13fdb7d47f2dac03ce7df820d / DLL
XLUserS.dll / 40b5ba914b7a932f37b997ed1ad829e0 / DLL
XLGraphic.dll / e098b036af80cda7febf4176d13cc690 / DLL
ptl.dll / 2153c5cd726a91545f0d19c9f08e0af7 / DLL
ZipPasswordSharing.zip / de73d74a3c46fbae58314374b3534c1e / zip
ThunderUninstall.exe / c0868534aec441ddff40974a7bad833c / zip
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
ThunderInstall_SharedMemory
MSCTF.MarshalInterface.FileMap.MKK..CCOJH
MSCTF.MarshalInterface.FileMap.MKK.B.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.C.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.D.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.E.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.F.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.G.CDOJH
MSCTF.Shared.SFM.MKK
MSCTF.MarshalInterface.FileMap.MKK.H.MINNH
MSCTF.MarshalInterface.FileMap.MKK.I.MINNH
MSCTF.MarshalInterface.FileMap.MKK.J.MINNH
MSCTF.MarshalInterface.FileMap.MKK.K.MINNH
MSCTF.MarshalInterface.FileMap.MKK.L.MINNH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202cc, Text = 迅雷7安装向导, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Program Files\Thunder Network\Thunder-InstallInfo
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:004D99A0]
[Window,Class] = [检测到已安装迅雷,Static]
[Window,Class] = [,Button]
[Window,Class] = [filename,Static]
[Window,Class] = [filesize,Static]
[Window,Class] = [任务,Static]
[Window,Class] = [loading,Static]
[Window,Class] = [,#32770]
[Window,Class] = [迅雷7安装向导,#32770]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
ThunderInstall_SharedMemory
MSCTF.MarshalInterface.FileMap.MKK..CCOJH
MSCTF.MarshalInterface.FileMap.MKK.B.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.C.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.D.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.E.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.F.CDOJH
MSCTF.MarshalInterface.FileMap.MKK.G.CDOJH
MSCTF.Shared.SFM.MKK
MSCTF.MarshalInterface.FileMap.MKK.H.MINNH
MSCTF.MarshalInterface.FileMap.MKK.I.MINNH
MSCTF.MarshalInterface.FileMap.MKK.J.MINNH
MSCTF.MarshalInterface.FileMap.MKK.K.MINNH
MSCTF.MarshalInterface.FileMap.MKK.L.MINNH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\thundersetup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\thundersetupex.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource.zip---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\AddrBtn.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\Bird.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\bkg.shadow.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\BtnContent.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\BtnExperiences.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\BtnUseNow.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\CheckButton.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\CloseBtn.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\CustomBtn.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\CustomBtnCover.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\DoneBtn.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\DoneText.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\EditBorder.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\7.9.40.5004\InstallResource\InstallNow.png---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Program Files\Thunder Network\Thunder-InstallInfo
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\Program Files\Thunder Network\Thunder-InstallInfo\*
FileName = C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\*
FileName = C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\*
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://stat.download.xunlei.com:8080/?aid=1009&id=1&f=00000&peerid=000000000000AD9Q&version=7.9.40.5004&filename=%temp%\1445653446.727723.exe hInternet = 0x00000618
InternetOpenUrlA: http://02.rcv.sandai.net/install_stat?appname=xl_thunder_pc&appversion=7.9.40.5004&processid=2744&peerid=000000000000AD9Q&channel=00000&filename=%temp%\1445653446.731280.exe&osversion=5.1.3.0.1&slience=0&offline=1&new=1 hInternet = 0x00000618
InternetOpenUrlA: http://xlstat.client.xunlei.com/stat?aid=10001&id=1&param=%2FDAPq8DG%2FyoagJkNxJBWQDzcMgVtRvEXdMy7mG0XoIIse12uf1Rg4B1QfaYWhsgAJj39T7m3Jz7WVpvDTGqWk8mcD%2BTWkT%2Fx%2FIkp9Fd10dlYobt4ARESrRQy3qEXkLRtugBNdOLH4stsCKU6uFkAvoVvI3IfqdPa7KCHlazSEZUTG
InternetOpenUrlA: http://stat.download.xunlei.com:8080/?aid=1032&id=604&val1=-2045247483&val2=Program/download-complete.wav&val3=000000000000AD9Q&val4=7.9.40.5004&val5=2744&val6=&val7=5904&val8=5904 hInternet = 0x00000610
InternetOpenUrlA: http://stat.download.xunlei.com:8099/?xlbtid=1&aid=1019&id=1&peerid=000000000000AD9Q&userid=&referfrom=00000&OS=win&OSversion=5.1.3.0.1&productname=thunder8&productversion=7.9.40.5004&filename=%temp%\1445653446.742155.exe&issilence=0&isoffline=1&installtype=1&c
InternetOpenUrlA: http://02.rcv.sandai.net/insend_stat?appname=xl_thunder_pc&processid=2744&peerid=000000000000AD9Q&endstatus=0 hInternet = 0x000005fc
InternetOpenUrlA: http://xlstat.client.xunlei.com/stat?aid=10001&id=2&param=%2FDAPq8DG%2FyoagJkNxJBWQDzcMgVtRvEXdMy7mG0XoIJ2bwcKNvpHFo84s65wav%2BOt6OQyAbDVZ53V95I1Vgsk9loQMqR6jq1G70BgsemT%2FI%3D hInternet = 0x00000600
InternetOpenUrlA: http://stat.download.xunlei.com:8080/?aid=1009&id=2&f=00000&peerid=000000000000AD9Q&version=7.9.40.5004&filename=%temp%\1445653446.752924.exe hInternet = 0x00000600
InternetOpenUrlA: http://help.xunlei.com/online/stat_inst.php?thunderver=7.9.40.5004&thundertype=4&peerid=000000000000AD9Q&filename=%temp%\1445653446.756498.exe hInternet = 0x00000618
InternetOpenUrlA: http://stat.download.xunlei.com:8080/?aid=1021&id=200&val1=0&val2=&val3=&val4=4&val5=7.9.40.5004&val6=000000000000AD9Q hInternet = 0x00000618
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\thunder_is1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\thunder_is1\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\thunder_is1\Inno Setup: Icon Group
\REGISTRY\USER\S-*\Software\Thunder Network\Record\Thunder\Install
\REGISTRY\USER\S-*\Software\Thunder Network\Record\Thunder\Version
Behavior description:修改注册表_浏览器右键菜单
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载\Name
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载\Contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载全部链接\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载全部链接\Name
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载全部链接\Contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷离线下载\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷离线下载\Name
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷离线下载\Contexts
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ThunderInstallApplication{8CDCCCB8-83C8-4f06-8A79-205D5E2E6160}
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MKK
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:004D99A0]
[Window,Class] = [检测到已安装迅雷,Static]
[Window,Class] = [,Button]
[Window,Class] = [filename,Static]
[Window,Class] = [filesize,Static]
[Window,Class] = [任务,Static]
[Window,Class] = [loading,Static]
[Window,Class] = [,#32770]
[Window,Class] = [迅雷7安装向导,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 522343, SleepMilliseconds = 5000.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202cc, Text = 迅雷7安装向导, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2744, Hwnd=0x302bc, Text = 许可协议, ClassName = Static.
Pid = 2744, Hwnd=0x202d4, Text = 已阅读并同意迅雷软件, ClassName = Button(CheckBox).
Pid = 2744, Hwnd=0x202d8, Text = 检测到已安装迅雷, ClassName = Static.
Pid = 2744, Hwnd=0x202c4, Text = filename, ClassName = Static.
Pid = 2744, Hwnd=0x202c8, Text = filesize, ClassName = Static.
Pid = 2744, Hwnd=0x202ca, Text = 任务, ClassName = Static.
Pid = 2744, Hwnd=0x202c6, Text = loading, ClassName = Static.
Pid = 2744, Hwnd=0x302b8, Text = C:\Program Files\Thunder Network\Thunder, ClassName = Edit.
Pid = 2744, Hwnd=0x202b0, Text = 浏览..., ClassName = Button.
Pid = 2744, Hwnd=0x202ae, Text = 添加桌面快捷方式, ClassName = Button(CheckBox).
Pid = 2744, Hwnd=0x202aa, Text = 添加多浏览器支持, ClassName = Button(CheckBox).
Pid = 2744, Hwnd=0x202ac, Text = 开机启动迅雷7, ClassName = Button(CheckBox).
Pid = 2744, Hwnd=0x402be, Text = 安装位置:, ClassName = Static.
Pid = 2744, Hwnd=0x302b6, Text = 立即安装, ClassName = Button.
Pid = 2744, Hwnd=0x202d0, Text = 返回, ClassName = Button.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 5000.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号