VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:59
Behavior list
Basic Information
MD5:6df035153fd41354939bb852d4701ca7
file type:7z
Production company:Asion - Space
version:0.0.1.0---0.0.1.2
Shell or compiler information:
Subfile information:Asion 新浪博客.url / 66d39c12c0d06ca1e4dd62ea24e5de9c / Unknown
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Foobar2000.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Asion 汉化作品 (编译于 2013-04-22 星期一 16:51:47 下午),Static]
[Window,Class] = [Asion 汉化作品 (编译于 2013-04-22 星期一 16:51:47 下午) ,Static]
[Window,Class] = [,Static]
[Window,Class] = [< 上一步(&P),Button]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [取消(&C),Button]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Foobar2000\ShellExt32.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Foobar2000\ShellExt64.dll"
ImagePath = C:\WINDOWS\notepad.exe, CmdLine = "C:\WINDOWS\notepad.exe" C:\Program Files\Foobar2000\汉化说明.txt
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Foobar2000\foobar2000 Shell Associations Updater.exe, CmdLine = "C:\Program Files\Foobar2000\foobar2000 Shell Associations Updater.exe" /registershellext
ImagePath = C:\Program Files\Foobar2000\foobar2000.exe, CmdLine = "C:\Program Files\Foobar2000\foobar2000.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\Foobar2000\Foobar2000.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\Foobar2000\汉化说明.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\Foobar2000\访问Asion的博客.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\Foobar2000\卸载 Foobar2000.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\UAC.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\FindProcDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\ButtonLinker.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\nsDialogs.dll
C:\Program Files\Foobar2000\foobar2000.exe
C:\Program Files\Foobar2000\zlib1.dll
C:\Program Files\Foobar2000\avcodec-fb2k-54.dll
C:\Program Files\Foobar2000\avutil-fb2k-52.dll
C:\Program Files\Foobar2000\foobar2000 Shell Associations Updater.exe
C:\Program Files\Foobar2000\ShellExt32.dll
C:\Program Files\Foobar2000\shared.dll
C:\Program Files\Foobar2000\components\foo_input_std.dll
C:\Program Files\Foobar2000\components\foo_ui_std.dll
C:\Program Files\Foobar2000\components\foo_cdda.dll
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Foobar2000.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.IPJ..ACEGF
MSCTF.MarshalInterface.FileMap.IPJ.B.ACEGF
MSCTF.MarshalInterface.FileMap.IPJ.C.ACEGF
MSCTF.MarshalInterface.FileMap.IPJ.D.ACEGF
MSCTF.MarshalInterface.FileMap.IPJ.E.ADEGF
MSCTF.MarshalInterface.FileMap.IPJ.F.ADEGF
MSCTF.MarshalInterface.FileMap.IPJ.G.ADEGF
MSCTF.Shared.SFM.IPJ
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.AFJ..FCOMF
MSCTF.MarshalInterface.FileMap.AFJ.B.FCOMF
MSCTF.MarshalInterface.FileMap.AFJ.C.FCOMF
MSCTF.MarshalInterface.FileMap.AFJ.D.FCOMF
Behavior description:重命名文件
details:C:\Program Files\Foobar2000\theme.fth.tmp ---> C:\Program Files\Foobar2000\theme.fth
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\modern-header.bmp---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\modern-wizard.bmp---> Offset = 49152
C:\Program Files\Foobar2000\Query Syntax Help.html---> Offset = 0
C:\Program Files\Foobar2000\titleformat_help.css---> Offset = 0
C:\Program Files\Foobar2000\titleformat_help.html---> Offset = 16384
C:\Program Files\Foobar2000\汉化说明.txt---> Offset = 0
C:\Program Files\Foobar2000\themes\按专辑分组.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\白色.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\长视图 + 标签栈.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\橙色.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\分离专辑 & 艺术家分栏.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\粉红色.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\黑 + 灰 + 红.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\黑色.fth---> Offset = 0
C:\Program Files\Foobar2000\themes\黄绿色.fth---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\foobar2000\InstallDir
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\foobar2000.exe\
\REGISTRY\MACHINE\SOFTWARE\Applications\foobar2000.exe\
\REGISTRY\MACHINE\SOFTWARE\Applications\foobar2000.exe\shell\
\REGISTRY\MACHINE\SOFTWARE\Applications\foobar2000.exe\shell\open\
\REGISTRY\MACHINE\SOFTWARE\Applications\foobar2000.exe\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Applications\foobar2000.exe\shell\enqueue\
\REGISTRY\MACHINE\SOFTWARE\Applications\foobar2000.exe\shell\enqueue\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3B3052C5-E430-4A00-84C9-BFD43336940B}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Fb2kShellExt.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\CurVer\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\Programmable
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\MayChangeDefaultMenu
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Foobar2000 汉化版
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.IPJ
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
_SHuassist.mtx
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Asion 汉化作品 (编译于 2013-04-22 星期一 16:51:47 下午),Static]
[Window,Class] = [Asion 汉化作品 (编译于 2013-04-22 星期一 16:51:47 下午) ,Static]
[Window,Class] = [,Static]
[Window,Class] = [< 上一步(&P),Button]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [取消(&C),Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2548, Hwnd=0x10356, Text = < 上一步(&P), ClassName = Button.
Pid = 2548, Hwnd=0x10358, Text = 下一步(&N) >, ClassName = Button.
Pid = 2548, Hwnd=0x1035a, Text = 取消(&C), ClassName = Button.
Pid = 2548, Hwnd=0x10366, Text = Asion 汉化作品 (编译于 2013-04-22 星期一 16:51:47 下午) , ClassName = Static.
Pid = 2548, Hwnd=0x10368, Text = Asion 汉化作品 (编译于 2013-04-22 星期一 16:51:47 下午), ClassName = Static.
Pid = 2548, Hwnd=0x10372, Text = 关于(&A), ClassName = Button.
Pid = 2548, Hwnd=0x10374, Text = 访问我的博客, ClassName = Static.
Pid = 2548, Hwnd=0x1037c, Text = Foobar2000 v1.2.5 Final 汉化版, ClassName = Static.
Pid = 2548, Hwnd=0x1037e, Text = Foobar2000 是一个 Windows 平台下的高级音频播放器.包含了一些播放增益支持、低内存占用等基本特色以及内置支持一些流行的音频格式. , ClassName = Static.
Pid = 2548, Hwnd=0x10380, Text = 博客:, ClassName = Static.
Pid = 2548, Hwnd=0x10382, Text = blog.sina.com.cn/go2spa, ClassName = Button.
Pid = 2548, Hwnd=0x10384, Text = 新浪微博, ClassName = Static.
Pid = 2548, Hwnd=0x10386, Text = weibo.com/asionwxk, ClassName = Button.
Pid = 2548, Hwnd=0x10388, Text = 腾讯微博:, ClassName = Static.
Pid = 2548, Hwnd=0x1038a, Text = t.qq.com/asionwxk, ClassName = Button.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\modern-header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi6.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号