VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:81
Behavior list
Basic Information
MD5:52e65630dd97b165b2d9a27ced7e4b76
file type:EXE
Production company:
version:1.14.820.1---1.14.820.1
Shell or compiler information:
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [便压 安装程序,#32770]
Behavior description:按名称获取主机地址
details:update.bianya.cc
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\便压.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:创建系统服务
details:[服务创建成功]: BianYaSrv, C:\Program Files\bianya2\201503071508\BianYaSrv.exe
[服务创建成功]: BYSTSerPro, "C:\Program Files\bianya2\201503071508\BHSev.exe" -BG
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\BianYa\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BianyaAcc_2015030715
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bianya_2015030715
Process behavior
Behavior description:创建进程
details:ImagePath = C:\Program Files\bianya2\201503071508\BHSev.exe, CmdLine = "C:\Program Files\bianya2\201503071508\BHSev.exe" -unst
ImagePath = C:\Program Files\bianya2\201503071508\Bianya.exe, CmdLine = "C:\Program Files\bianya2\201503071508\Bianya.exe"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\bianya2\201503071508\BianShell.dll"
ImagePath = C:\Program Files\bianya2\201503071508\AppSrv.exe, CmdLine = "C:\Program Files\bianya2\201503071508\AppSrv.exe" 0a0
ImagePath = C:\Program Files\bianya2\201503071508\BHSev.exe, CmdLine = "C:\Program Files\bianya2\201503071508\BHSev.exe" -inst
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建可执行文件
details:C:\Program Files\bianya2\201503071508\BianYa.exe
C:\Program Files\bianya2\201503071508\BianYa.sfx
C:\Program Files\bianya2\201503071508\BianYaGui.exe
C:\Program Files\bianya2\201503071508\BianYaSRV.exe
C:\Program Files\bianya2\201503071508\BianZip.dll
C:\Program Files\bianya2\201503071508\PlayerUpdate.exe
C:\Program Files\bianya2\201503071508\Unins.exe
C:\Program Files\bianya2\201503071508\XCrashReport.exe
C:\Program Files\bianya2\201503071508\AppSrv.exe
C:\Program Files\bianya2\201503071508\BianShell32.dll
C:\Program Files\bianya2\201503071508\BianShell64.dll
C:\Program Files\bianya2\201503071508\BianYa.dll
C:\Program Files\bianya2\201503071508\BYSever.exe
C:\Program Files\bianya2\201503071508\BHSev.exe
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\便压.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.EOJ..CODGF
MSCTF.MarshalInterface.FileMap.EOJ.B.CODGF
MSCTF.MarshalInterface.FileMap.EOJ.C.CODGF
MSCTF.MarshalInterface.FileMap.EOJ.D.CODGF
MSCTF.MarshalInterface.FileMap.EOJ.E.BPDGF
MSCTF.MarshalInterface.FileMap.EOJ.F.BAEGF
MSCTF.MarshalInterface.FileMap.EOJ.G.ABEGF
MSCTF.Shared.SFM.EOJ
Local\UrlZonesSM_Administrator
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description:重命名文件
details:C:\Program Files\bianya2\201503071508\BianShell32.dll ---> C:\Program Files\bianya2\201503071508\BianShell.dll
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Program Files\bianya2\201503071508\Data\SysConfig.ini---> Offset = 0
C:\Program Files\bianya2\201503071508\Data\version.ini---> Offset = 0
C:\Program Files\bianya2\201503071508\SysConfig.ini---> Offset = 0
C:\Program Files\bianya2\201503071508\icon\360.ico---> Offset = 16384
C:\Program Files\bianya2\201503071508\icon\arrowheaddown.ico---> Offset = 0
C:\Program Files\bianya2\201503071508\icon\arrowheadup.ico---> Offset = 0
C:\Program Files\bianya2\201503071508\icon\context.bmp---> Offset = 0
C:\Program Files\bianya2\201503071508\icon\drive.ico---> Offset = 0
C:\Program Files\bianya2\201503071508\icon\key.ico---> Offset = 0
C:\Program Files\bianya2\201503071508\Lang\zh-cn.txt---> Offset = 16384
C:\Program Files\bianya2\201503071508\Lang\zh-tw.txt---> Offset = 16384
C:\Documents and Settings\All Users\桌面\便压.lnk---> Offset = 0
C:\Program Files\bianya2\201503071508\Data\SysConfig.ini---> Offset = 41
C:\Program Files\bianya2\201503071508\Data\SysConfig.ini---> Offset = 54
C:\Program Files\bianya2\201503071508\Data\User2.ini---> Offset = 0
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://updatetest.wuji.com/stj.ashx?v=1.14.820.1&t=41 hInternet = 0x00000620
InternetOpenUrlA: http://tj.wuji.com/a.ashx?v=FF2A2AE0D006EC07E3EA8AE4579F241B9486D845269B28682C726313D9F9D757361927AF1B53CA5A5EFFEE06EAB40BD3DD60F95E0A173FC27991732547EDDC45CE4274DAF1CE7F9C0D0C99C27457689588C0D2BD7FF2481E3883BBB095898FA1 hInternet = 0x00000a
InternetOpenUrlA: http://tongji.bianya.cc/a.ashx?v=FF2A2AE0D006EC07E3EA8AE4579F241B9486D845269B28682C726313D9F9D757361927AF1B53CA5A5EFFEE06EAB40BD3DD60F95E0A173FC27991732547EDDC45CE4274DAF1CE7F9C0D0C99C27457689588C0D2BD7FF2481E3883BBB095898FA1 hInternet = 0x0
InternetOpenUrlA: http://updatetest.wuji.com/stj.ashx?v=1.14.820.1&t=41 hInternet = 0x000004b0
InternetOpenUrlA: http://tongji.bianya.cc/a.ashx?v=FF2A2AE0D006EC07E3EA8AE4579F241B9486D845269B2868FC4EBEBB4782B7EC832324F7E7D36B3E951F3A51A37F457E84B9591F6BE0529C3652719D4593AD9EE8B7E9119C2CBD08DAAC7075667C23C5FAF2D89B6C82DE7AB1B0310EDAE48FA55BCC7B4084C33929
InternetOpenUrlA: http://tj.wuji.com/a.ashx?v=FF2A2AE0D006EC07E3EA8AE4579F241B9486D845269B2868FC4EBEBB4782B7EC832324F7E7D36B3E951F3A51A37F457E84B9591F6BE0529C3652719D4593AD9EE8B7E9119C2CBD08DAAC7075667C23C5FAF2D89B6C82DE7AB1B0310EDAE48FA55BCC7B4084C33929363AA
InternetOpenUrlA: http://tongji.bianya.cc/clientconfig.ashx hInternet = 0x000004bc
InternetOpenUrlA: http://updatetest.wuji.com/stj.ashx?v=1.14.820.1&t=41 hInternet = 0x000004c8
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1034
127.0.0.1:1035
Behavior description:读取网络文件
details:hFile = 0x00000620, BytesToRead =102400, BytesRead = 66560.
hFile = 0x000004b0, BytesToRead =102400, BytesRead = 66560.
hFile = 0x000004bc, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004c8, BytesToRead =102400, BytesRead = 66560.
Behavior description:下载文件
details:C:\Program Files\bianya2\201503071508\Data\WebCfgTmp.ini
Behavior description:按名称获取主机地址
details:update.bianya.cc
Registry behavior
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\BianYa\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\.7z
\REGISTRY\MACHINE\SOFTWARE\Classes\.zip
\REGISTRY\MACHINE\SOFTWARE\Classes\.ace
\REGISTRY\MACHINE\SOFTWARE\Classes\.arj
\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2
\REGISTRY\MACHINE\SOFTWARE\Classes\.bzip2
\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2
\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz
\REGISTRY\MACHINE\SOFTWARE\Classes\.rar
\REGISTRY\MACHINE\SOFTWARE\Classes\.z
\REGISTRY\MACHINE\SOFTWARE\Classes\.taz
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh
\REGISTRY\MACHINE\SOFTWARE\Classes\.lha
\REGISTRY\MACHINE\SOFTWARE\Classes\.cab
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\bianya2\Rd
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\bianya2\201503071508\BHSev.exe
\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.7z\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.7z\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.7z\shell\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.7z\shell\open\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.7z\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.7z\shellex\DropHandler\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\Progid
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\UserChoice\Progid
\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.zip\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.zip\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.zip\shell\
Behavior description:删除注册表键_删除启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\BianYa
Behavior description:删除注册表键_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\BianYa
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Behavior description:删除注册表键_文件关联
details:\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.7z\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.zip\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.ace\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.arj\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.bz2\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.bzip2\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.tbz2\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.tbz\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.rar\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.z\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.taz\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.lzh\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.lha\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.cab\shell\open\command
\REGISTRY\MACHINE\SOFTWARE\Classes\BianYa.iso\shell\open\command
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\BianYa\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BianyaAcc_2015030715
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bianya_2015030715
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
WuJiSetupApp
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EOJ
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
oleacc-msaa-loaded
SHIMLIB_LOG_MUTEX
Behavior description:隐藏指定窗口
details:[Window,Class] = [便压 安装程序,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, BianYaSrv, C:\Program Files\bianya2\201503071508\BianYaSrv.exe
[服务启动成功]: LocalSystem, BYSTSerPro, "C:\Program Files\bianya2\201503071508\BHSev.exe" -BG
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开图片文件
details:\Program Files\bianya2\201503071508\icon\context.bmp
Behavior description:窗口信息
details:Pid = 2528, Hwnd=0x10356, Text = 下一步(&N) >, ClassName = Button.
Pid = 2528, Hwnd=0x10358, Text = 取消(&C), ClassName = Button.
Pid = 2528, Hwnd=0x1035a, Text = 按[PgDn]阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 2528, Hwnd=0x1035c, Text = 便压(BianYa)是强大的压缩文件管理器。它提供了ZIP和7Z文件的完整支持,能解压RAR、 ZIP、7Z、ACE、ARJ、BZ2、CAB、GZ、ISO、JAR、LAH、, ClassName = Edit.
Pid = 2528, Hwnd=0x1035e, Text = 如果你接受协议中的条款,待机下方的勾选框。必须要接受协议才能安装便压。单击[下一步(N)]继续。, ClassName = Static.
Pid = 2528, Hwnd=0x10360, Text = 我同意协议, ClassName = Button(CheckBox).
Pid = 2528, Hwnd=0x10352, Text = 便压 安装程序, ClassName = #32770.
Pid = 2528, Hwnd=0x10368, Text = 安装(&I), ClassName = Button.
Pid = 2528, Hwnd=0x1036a, Text = 取消(&C), ClassName = Button.
Pid = 2528, Hwnd=0x1036c, Text = 安装程序将安装便压到下列文件夹。要安装到不同文件夹,单击[浏览(B)]并选择其他的文件夹。单击[安装(I)]开始安装进程。, ClassName = Static.
Pid = 2528, Hwnd=0x1036e, Text = 目标文件夹, ClassName = Button(GroupBox).
Pid = 2528, Hwnd=0x10370, Text = C:\Program Files\bianya2, ClassName = Edit.
Pid = 2528, Hwnd=0x10372, Text = 浏览(&B)..., ClassName = Button.
Pid = 2528, Hwnd=0x10374, Text = 创建桌面快捷方式, ClassName = Button(CheckBox).
Pid = 2528, Hwnd=0x10376, Text = 同意开启便压关联保护计划, ClassName = Button(CheckBox).
Behavior description:创建系统服务
details:[服务创建成功]: BianYaSrv, C:\Program Files\bianya2\201503071508\BianYaSrv.exe
[服务创建成功]: BYSTSerPro, "C:\Program Files\bianya2\201503071508\BHSev.exe" -BG
Abnormal crash
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
WuJiSetupApp
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EOJ
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
oleacc-msaa-loaded
SHIMLIB_LOG_MUTEX
Behavior description:隐藏指定窗口
details:[Window,Class] = [便压 安装程序,#32770]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, BianYaSrv, C:\Program Files\bianya2\201503071508\BianYaSrv.exe
[服务启动成功]: LocalSystem, BYSTSerPro, "C:\Program Files\bianya2\201503071508\BHSev.exe" -BG
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开图片文件
details:\Program Files\bianya2\201503071508\icon\context.bmp
Behavior description:窗口信息
details:Pid = 2528, Hwnd=0x10356, Text = 下一步(&N) >, ClassName = Button.
Pid = 2528, Hwnd=0x10358, Text = 取消(&C), ClassName = Button.
Pid = 2528, Hwnd=0x1035a, Text = 按[PgDn]阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 2528, Hwnd=0x1035c, Text = 便压(BianYa)是强大的压缩文件管理器。它提供了ZIP和7Z文件的完整支持,能解压RAR、 ZIP、7Z、ACE、ARJ、BZ2、CAB、GZ、ISO、JAR、LAH、, ClassName = Edit.
Pid = 2528, Hwnd=0x1035e, Text = 如果你接受协议中的条款,待机下方的勾选框。必须要接受协议才能安装便压。单击[下一步(N)]继续。, ClassName = Static.
Pid = 2528, Hwnd=0x10360, Text = 我同意协议, ClassName = Button(CheckBox).
Pid = 2528, Hwnd=0x10352, Text = 便压 安装程序, ClassName = #32770.
Pid = 2528, Hwnd=0x10368, Text = 安装(&I), ClassName = Button.
Pid = 2528, Hwnd=0x1036a, Text = 取消(&C), ClassName = Button.
Pid = 2528, Hwnd=0x1036c, Text = 安装程序将安装便压到下列文件夹。要安装到不同文件夹,单击[浏览(B)]并选择其他的文件夹。单击[安装(I)]开始安装进程。, ClassName = Static.
Pid = 2528, Hwnd=0x1036e, Text = 目标文件夹, ClassName = Button(GroupBox).
Pid = 2528, Hwnd=0x10370, Text = C:\Program Files\bianya2, ClassName = Edit.
Pid = 2528, Hwnd=0x10372, Text = 浏览(&B)..., ClassName = Button.
Pid = 2528, Hwnd=0x10374, Text = 创建桌面快捷方式, ClassName = Button(CheckBox).
Pid = 2528, Hwnd=0x10376, Text = 同意开启便压关联保护计划, ClassName = Button(CheckBox).
Behavior description:创建系统服务
details:[服务创建成功]: BianYaSrv, C:\Program Files\bianya2\201503071508\BianYaSrv.exe
[服务创建成功]: BYSTSerPro, "C:\Program Files\bianya2\201503071508\BHSev.exe" -BG
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号