VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:6ea259c212c469636cc9c58e407b47ce
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:KuGou.exe / big file / EXE
kgplayer.dll / 5c6bea5336df7af82932813d5ea93bdb / DLL
codecs.dll / aa7139501dfd55b88bf8884b79aa669d / DLL
skinres.skn / b198a426ae6d702ecbe452c0e2b6049d / zip
SingerRes.zip / 5b6755c521bd0f51b3d4345d0b530b98 / zip
login.wav / d44eb7d9780b482d303f5ec977c8f272 / Unknown
appres.kgp / c0f209fd914008f535fb6fbce594ddb0 / Unknown
RadioLocalData.ini / 469dbf5161409d7d91eb79180bb1560f / Unknown
AppStore.ini / 2190bb67fd839d014a3fff796d89f225 / Unknown
卸载.bat / 15e60f70acbc2187f7428697954b1301 / Unknown
绿化.bat / 731dea88feffe947159651bbdeca9c83 / Unknown
Key behavior
Behavior description:写权限映射文件
details:DebugSharedMemory
CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Application Data\Kugou7\LastStatus.dat
KGDeamon2
\Documents and Settings\Administrator\Application Data\Kugou7\IntegralData.dat
\Documents and Settings\Administrator\Application Data\Kugou7\OfflineData.dat
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
Local\KuGooExeInterface
Local\KuGouExeInterface
KuGooMappingFile
MSCTF.MarshalInterface.FileMap.IHE..BPAKH
MSCTF.MarshalInterface.FileMap.IHE.B.BPAKH
MSCTF.MarshalInterface.FileMap.IHE.C.BPAKH
Behavior description:设置特殊文件夹属性
details:C:\KuGouCache
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,CWebFloatWnd]
[Window,Class] = [,KgWebControl]
[Window,Class] = [,CMagicSplitPannel]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:按名称获取主机地址
details:computer
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:DebugSharedMemory
CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Application Data\Kugou7\LastStatus.dat
KGDeamon2
\Documents and Settings\Administrator\Application Data\Kugou7\IntegralData.dat
\Documents and Settings\Administrator\Application Data\Kugou7\OfflineData.dat
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
Local\KuGooExeInterface
Local\KuGouExeInterface
KuGooMappingFile
MSCTF.MarshalInterface.FileMap.IHE..BPAKH
MSCTF.MarshalInterface.FileMap.IHE.B.BPAKH
MSCTF.MarshalInterface.FileMap.IHE.C.BPAKH
Behavior description:设置特殊文件夹属性
details:C:\KuGouCache
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Kugou7\Config.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Kugou7\Config.ini---> Offset = 26
C:\KuGouCache\tmpFile.tmp---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Kugou7\kugou.ini---> Offset = 41
C:\Documents and Settings\Administrator\Application Data\Kugou7\kugou.ini---> Offset = 112
C:\Documents and Settings\Administrator\Application Data\Kugou7\KGData.db-journal---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Kugou7\KGData.db-journal---> Offset = 516
C:\Documents and Settings\Administrator\Application Data\Kugou7\kugou.log---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Kugou7\KGData.bak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Kugou7\ErrorPage.zip---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\images\disconnection.jpg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\disconnection.html---> Offset = 0
C:\KuGou\tmpFile.tmp---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Kugou7\netentstat.ini---> Offset = 23
C:\Documents and Settings\Administrator\Application Data\Kugou7\PlugData.VST---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445750939.179727.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445750939.183204.exe_7zdump\KuGou2012
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445750939.186697.exe_7zdump\KuGou2012\KgDaemon.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445750939.190191.exe_7zdump\KuGou2012\KgDaemon.exe\*.*
FileName = C:\Documents and Settings\Administrator\Application Data\Kugou7\CloudSyncLog.bin
FileName = C:\Documents and Settings\Administrator\Application Data\Kugou7\\network_log\CommandIDPackgeLog.bin
FileName = C:\Documents and Settings\Administrator\Application Data\Kugou7\network_log\cloud_upload.bin
FileName = C:\Documents and Settings\Administrator\Application Data\Kugou7\network_log\cloud_protocol.bin
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = install.kugou.com, PORT = 80
InternetConnectA: ServerName = softstart.kugou.com, PORT = 80
InternetConnectA: ServerName = www2.kugou.com, PORT = 80
InternetConnectA: ServerName = softstat.kugou.com, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1031
Behavior description:打开HTTP请求
details:HttpOpenRequestA: install.kugou.com:80/instal2010.aspx?content=9aa14a1f35529baed70a5e8fb642979655e0584716e94aaf429613522e6145d606ce9f535c49db31c64053dc6316e62821c1348fc087d30e47b5ae90b796b4a081b1372d498422db4801451e2e5c30fbef43133e9b724f37d1ac56067437a19de28f
HttpOpenRequestA: softstart.kugou.com:80/startstat.aspx?content=f66a11629b840c54e510f2a60338a6e33cd19f9c4944c87c67bb8040706e58ae5ead97b4e651f578e3d92b8b46cff40ea68d53660e56bf469a79ff6f2c604df9c43408b7fa5d550f096939df3c45956603ce9c6cbed9b3ae19e9ed0c60a98c8ecca
HttpOpenRequestA: www2.kugou.com:80/fm/html, hConnect = 0x00000228
HttpOpenRequestA: www2.kugou.com:80/fm/html, hConnect = 0x00000238
HttpOpenRequestA: softstat.kugou.com:80/?actiontype=1&version=7139&type=21&state=4, hConnect = 0x0000037c
HttpOpenRequestA: softstat.kugou.com:80/?actiontype=1&version=7139&type=18&state=1, hConnect = 0x0000037c
HttpOpenRequestA: softstat.kugou.com:80/?actiontype=1&version=7139&type=18&state=1, hConnect = 0x00000348
Behavior description:按名称获取主机地址
details:computer
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8CC497C9-A1DF-11CE-8098-00AA0047BE5D}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8CC497C9-A1DF-11CE-8098-00AA0047BE5D}\1.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8CC497C9-A1DF-11CE-8098-00AA0047BE5D}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8CC497C9-A1DF-11CE-8098-00AA0047BE5D}\1.0\HELPDIR\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C0-A1DF-11CE-8098-00AA0047BE5D}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C0-A1DF-11CE-8098-00AA0047BE5D}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C0-A1DF-11CE-8098-00AA0047BE5D}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C0-A1DF-11CE-8098-00AA0047BE5D}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C0-A1DF-11CE-8098-00AA0047BE5D}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C2-A1DF-11CE-8098-00AA0047BE5D}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C2-A1DF-11CE-8098-00AA0047BE5D}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C2-A1DF-11CE-8098-00AA0047BE5D}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CC497C2-A1DF-11CE-8098-00AA0047BE5D}\TypeLib\
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP1\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4A\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AA\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.APE\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLAC\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\UserChoice
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPC\UserChoice
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Kugou7
Kugou7MainFormMutex
Kugou7DestroyingMutex
RasPbFile
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,CWebFloatWnd]
[Window,Class] = [,KgWebControl]
[Window,Class] = [,CMagicSplitPannel]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1276, Hwnd=0x202b2, Text = PopPlayProgressAnimationWnd, ClassName = CCommonPopWnd.
Pid = 1276, Hwnd=0x202a8, Text = 酷狗音乐2012, ClassName = KugouMainPlayer.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\images\disconnection.jpg
\Documents and Settings\Administrator\Local Settings\Temp\images\disconnection.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号