VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :50
基本信息
MD5:60603de735f25f6e17405af731cc0928
文件类型:EXE
出品公司:
版本:2018.2.11.27---2018.2.11.27
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000201b6, Text = ZHPCLEANER 2018, ClassName = AutoIt v3 GUI.
行为描述:在桌面创建文件
详情信息:C:\Users\Administrator\Desktop\ZHPCleaner.lnk
行为描述:获取TickCount值
详情信息:TickCount = 165775, SleepMilliseconds = 10.
TickCount = 165791, SleepMilliseconds = 10.
TickCount = 165806, SleepMilliseconds = 10.
TickCount = 165822, SleepMilliseconds = 10.
TickCount = 165838, SleepMilliseconds = 10.
TickCount = 165853, SleepMilliseconds = 10.
TickCount = 165869, SleepMilliseconds = 10.
TickCount = 165885, SleepMilliseconds = 10.
TickCount = 165900, SleepMilliseconds = 10.
TickCount = 165916, SleepMilliseconds = 10.
TickCount = 165931, SleepMilliseconds = 10.
TickCount = 165947, SleepMilliseconds = 10.
TickCount = 165963, SleepMilliseconds = 10.
TickCount = 165978, SleepMilliseconds = 10.
TickCount = 165994, SleepMilliseconds = 10.
进程行为
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\aut837E.tmp
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_GG.png
C:\Users\Administrator\AppData\Local\Temp\aut837F.tmp
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_FF.png
C:\Users\Administrator\AppData\Local\Temp\aut8390.tmp
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_OP.png
C:\Users\Administrator\AppData\Local\Temp\aut8391.tmp
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_IE.png
C:\Users\Administrator\AppData\Local\Temp\aut83A1.tmp
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileIcone.ico
C:\Users\Administrator\AppData\Local\Temp\aut83A2.tmp
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileBGSocial.png
C:\Users\Administrator\AppData\Local\Temp\aut83B3.tmp
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileBroom.png
C:\Users\Administrator\AppData\Local\Temp\aut83B4.tmp
行为描述:覆盖已有文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\aut837E.tmp
C:\Users\Administrator\AppData\Local\Temp\aut837F.tmp
C:\Users\Administrator\AppData\Local\Temp\aut8390.tmp
C:\Users\Administrator\AppData\Local\Temp\aut8391.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83A1.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83A2.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83B3.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83B4.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83C4.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83C5.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83D6.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83D7.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83E8.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83E9.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83EA.tmp
行为描述:查找文件
详情信息:FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
FileName = C:\Users\Administrator\AppData\Roaming\ZHP\TraceZHPCleaner.txt
FileName = C:\Users\Administrator\AppData\Local\ZHP
FileName = C:\Coolman
FileName = C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_GG.png
FileName = C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_FF.png
FileName = C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_OP.png
FileName = C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_IE.png
FileName = C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileIcone.ico
FileName = C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileBGSocial.png
行为描述:删除文件
详情信息:C:\Users\Administrator\AppData\Local\Temp\aut837E.tmp
C:\Users\Administrator\AppData\Local\Temp\aut837F.tmp
C:\Users\Administrator\AppData\Local\Temp\aut8390.tmp
C:\Users\Administrator\AppData\Local\Temp\aut8391.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83A1.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83A2.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83B3.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83B4.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83C4.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83C5.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83D6.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83D7.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83E8.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83E9.tmp
C:\Users\Administrator\AppData\Local\Temp\aut83EA.tmp
行为描述:复制文件
详情信息:C:\Users\ADMINI~1\AppData\Local\Temp\aut837E.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_GG.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut837F.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_FF.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut8390.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_OP.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut8391.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_IE.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83A2.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileBGSocial.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83B3.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileBroom.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83B4.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileForum.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83C4.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileCheck.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83C5.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileRapport.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83D6.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileTransGui.jpg
C:\Users\ADMINI~1\AppData\Local\Temp\aut83D7.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFilelogo-texte.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83E8.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileClose.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83E9.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileDetected.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83EA.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileExit-40.png
C:\Users\ADMINI~1\AppData\Local\Temp\aut83FA.tmp ---> C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileInfo.png
行为描述:修改文件内容
详情信息:C:\Users\Administrator\AppData\Local\Temp\aut837E.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut837E.tmp ---> Offset = 4096
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_GG.png ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut837F.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut837F.tmp ---> Offset = 4096
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_FF.png ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut8390.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_OP.png ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut8391.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut8391.tmp ---> Offset = 4096
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileNav_IE.png ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut83A1.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\aut83A1.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileIcone.ico ---> Offset = 0
C:\Users\Administrator\AppData\Local\ZHP\ZHPCFileIcone.ico ---> Offset = 65536
行为描述:在桌面创建文件
详情信息:C:\Users\Administrator\Desktop\ZHPCleaner.lnk
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Langue
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\EnableValidity
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\NumVersion
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Modules\Temporary File
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Modules\Temporary Folder
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Modules\Empty Folder Clsid
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Modules\Empty Folder Other
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Modules\Empty Folder Low
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Modules\Empty Folder Local
\REGISTRY\USER\S-*\Software\ZHP\ZHPcleaner\Modules\Obsolete File
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [AutoIt v3,AutoIt v3]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
\INSTALLATION_SECURITY_HOLD
Global\SvcctrlStartEvent_A3752DX
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
行为描述:获取TickCount值
详情信息:TickCount = 165775, SleepMilliseconds = 10.
TickCount = 165791, SleepMilliseconds = 10.
TickCount = 165806, SleepMilliseconds = 10.
TickCount = 165822, SleepMilliseconds = 10.
TickCount = 165838, SleepMilliseconds = 10.
TickCount = 165853, SleepMilliseconds = 10.
TickCount = 165869, SleepMilliseconds = 10.
TickCount = 165885, SleepMilliseconds = 10.
TickCount = 165900, SleepMilliseconds = 10.
TickCount = 165916, SleepMilliseconds = 10.
TickCount = 165931, SleepMilliseconds = 10.
TickCount = 165947, SleepMilliseconds = 10.
TickCount = 165963, SleepMilliseconds = 10.
TickCount = 165978, SleepMilliseconds = 10.
TickCount = 165994, SleepMilliseconds = 10.
行为描述:调整进程token权限
详情信息:SE_DEBUG_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000201b6, Text = ZHPCLEANER 2018, ClassName = AutoIt v3 GUI.
行为描述:窗口信息
详情信息:Pid = 2888, Hwnd=0x101bc, Text = X, ClassName = Static.
Pid = 2888, Hwnd=0x101be, Text = ZHPCLEANER 2018, ClassName = Static.
Pid = 2888, Hwnd=0x101c0, Text = TERMS OF USE BY USING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE , DO NOT USE THE SOFTWARE. 1. PARTIES This agreement is between the software developer, Nicolas Coolman ( hereinafter referred to as "the developer" ) , , ClassName = Edit.
Pid = 2888, Hwnd=0x201c6, Text = I agree, ClassName = Static.
Pid = 2888, Hwnd=0x201ca, Text = I decline, ClassName = Static.
Pid = 2888, Hwnd=0x201b6, Text = ZHPCLEANER 2018, ClassName = AutoIt v3 GUI.
行为描述:调用Sleep函数
详情信息:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述:获取光标位置
详情信息:CursorPos = (48,18794), SleepMilliseconds = 10.
CursorPos = (6341,26827), SleepMilliseconds = 10.
CursorPos = (19176,16051), SleepMilliseconds = 10.
CursorPos = (11485,29685), SleepMilliseconds = 10.
CursorPos = (26969,24791), SleepMilliseconds = 10.
CursorPos = (5712,28472), SleepMilliseconds = 10.
CursorPos = (23288,17154), SleepMilliseconds = 10.
CursorPos = (9968,818), SleepMilliseconds = 10.
CursorPos = (3002,12269), SleepMilliseconds = 10.
CursorPos = (4834,5763), SleepMilliseconds = 10.
CursorPos = (32398,14931), SleepMilliseconds = 10.
CursorPos = (3909,480), SleepMilliseconds = 10.
CursorPos = (299,12709), SleepMilliseconds = 10.
CursorPos = (17428,19043), SleepMilliseconds = 10.
CursorPos = (19725,20222), SleepMilliseconds = 10.
行为描述:打开互斥体
详情信息:Local\MSCTF.Asm.MutexDefault1
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号