VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:65148fe329b3dae9e43c8adba3222495
file type:Cab
Production company:驱动之家
version:9.0.812.1078---9.0.812.1078
Shell or compiler information:
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.IJJ..AOCOG
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.IJJ.B.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.C.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.D.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.E.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.F.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.G.DAFOG
MSCTF.MarshalInterface.FileMap.IJJ.H.DAFOG
MSCTF.MarshalInterface.FileMap.IJJ.I.ONFOG
MSCTF.MarshalInterface.FileMap.IJJ.J.ONFOG
MSCTF.MarshalInterface.FileMap.IJJ.K.ONFOG
MSCTF.MarshalInterface.FileMap.IJJ.L.ONFOG
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ShadeWnd]
[Window,Class] = [,DGShadowUI]
Behavior description:按名称获取主机地址
details:liveupdate5.drivergenius.com
liveupdate51.drivergenius.com
www.baidu.com
www.ijinshan.com
www.163.com
www.sohu.com
liveupdate8.drivergenius.com
www.qq.com
www.xunlei.com
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = c:\docume~1\admini~1\locals~1\temp\drivergenius\qqdl\tencentdl.exe /install
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\DriverGenius.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\DriverGenius.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgvuldect.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgvuldect.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.IJJ..AOCOG
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.IJJ.B.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.C.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.D.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.E.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.F.EPEOG
MSCTF.MarshalInterface.FileMap.IJJ.G.DAFOG
MSCTF.MarshalInterface.FileMap.IJJ.H.DAFOG
MSCTF.MarshalInterface.FileMap.IJJ.I.ONFOG
MSCTF.MarshalInterface.FileMap.IJJ.J.ONFOG
MSCTF.MarshalInterface.FileMap.IJJ.K.ONFOG
MSCTF.MarshalInterface.FileMap.IJJ.L.ONFOG
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\7z.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\7z.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cactus.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cysvc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\cyui.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dg3rdhmpg.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dg3rdhmpg64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgbackup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgbase.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgcomponent.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgcore.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgctrl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgdectrl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dghmpg.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\kdumpcfg.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\microsoft.vc80.crt.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\microsoft.vc80.mfc.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\nic.db---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\safepatch.dat---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\data\dgkit.dat---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 207
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 232
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 322
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\config.ini---> Offset = 450
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\uplive.svr---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\uplive.svr---> Offset = 22
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Application Data\dg
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator\Application Data\dg\*.*
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\MSVCR80.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\DriverGenius\Microsoft.VC80.CRT.manifest
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Network behavior
Behavior description:按名称获取主机地址
details:liveupdate5.drivergenius.com
liveupdate51.drivergenius.com
www.baidu.com
www.ijinshan.com
www.163.com
www.sohu.com
liveupdate8.drivergenius.com
www.qq.com
www.xunlei.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DriverGenius\dgvuldect.exe
\REGISTRY\MACHINE\SOFTWARE\MyDrivers\DriverGenius\UUID
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid\Guid
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.AEH
Global\{727729E3-F09F-4483-AC99-3872EE7AB8F4}
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ShadeWnd]
[Window,Class] = [,DGShadowUI]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TFormReceiver,FormReceiver]
NtUserFindWindowEx: [Class,Window] = [,补丁]
NtUserFindWindowEx: [Class,Window] = [Progman,Program Manager]
NtUserFindWindowEx: [Class,Window] = [SHELLDLL_DefView,]
NtUserFindWindowEx: [Class,Window] = [SysListView32,FolderView]
Behavior description:启动系统服务
details:[服务启动成功]: NT AUTHORITY\NetworkService, Remote Procedure Call (RPC) Locator, C:\WINDOWS\system32\locator.exe
[服务启动成功]: LocalSystem, WMI Performance Adapter, C:\WINDOWS\system32\wbem\wmiapsrv.exe
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2452, Hwnd=0x30206, Text = 驱动精灵, ClassName = CMainFrm.
Behavior description:枚举WLAN信息
details:N/A
Behavior description:直接操作物理设备
details:\??\PHYSICALDRIVE0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号