VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:7887d38e098149436bc2deec3761cb0a
file type:EXE
Production company:
version:2.3.0.1---2, 3, 0, 1
Shell or compiler information:PACKER:ASPack 2.12 -> Alexey Solodovnikov [Overlay]
Subfile information:aspack22_cf031946dumpFile / big file / EXE
Key behavior
Behavior description:写权限映射文件
details:Local\MidwareV2_MapFile_872
Global\SHARE_MEMORY_D4D4AAA9_D2DB_4809_B42A_B142A9A689E5{CBF824D9-7526-4a1b-8105-BC0F0A0C7C14}
CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBE..CELHH
MSCTF.MarshalInterface.FileMap.IBE.B.CELHH
MSCTF.MarshalInterface.FileMap.IBE.C.CELHH
MSCTF.MarshalInterface.FileMap.IBE.D.CELHH
MSCTF.MarshalInterface.FileMap.IBE.E.CFLHH
MSCTF.MarshalInterface.FileMap.IBE.F.CFLHH
MSCTF.MarshalInterface.FileMap.IBE.G.CFLHH
MSCTF.MarshalInterface.FileMap.EPK..AFLIH
MSCTF.MarshalInterface.FileMap.EPK.B.AFLIH
MSCTF.MarshalInterface.FileMap.EPK.C.AFLIH
MSCTF.MarshalInterface.FileMap.EPK.D.AFLIH
MSCTF.MarshalInterface.FileMap.EPK.E.AFLIH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = 交通银行智慧网盾(文鼎创)安装向导, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [完成,Button]
[Window,Class] = [卸载,Button]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:Local\MidwareV2_MapFile_872
Global\SHARE_MEMORY_D4D4AAA9_D2DB_4809_B42A_B142A9A689E5{CBF824D9-7526-4a1b-8105-BC0F0A0C7C14}
CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBE..CELHH
MSCTF.MarshalInterface.FileMap.IBE.B.CELHH
MSCTF.MarshalInterface.FileMap.IBE.C.CELHH
MSCTF.MarshalInterface.FileMap.IBE.D.CELHH
MSCTF.MarshalInterface.FileMap.IBE.E.CFLHH
MSCTF.MarshalInterface.FileMap.IBE.F.CFLHH
MSCTF.MarshalInterface.FileMap.IBE.G.CFLHH
MSCTF.MarshalInterface.FileMap.EPK..AFLIH
MSCTF.MarshalInterface.FileMap.EPK.B.AFLIH
MSCTF.MarshalInterface.FileMap.EPK.C.AFLIH
MSCTF.MarshalInterface.FileMap.EPK.D.AFLIH
MSCTF.MarshalInterface.FileMap.EPK.E.AFLIH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\System32(x86)\EsBOCOMBankCspV2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\System32(x86)\EsBOCOMBankCspSV2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\System32(x64)\EsBOCOMBankCspV2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\System32(x64)\EsBOCOMBankCspSV2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Uninstall.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\OnlineUpdate.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\CryptoPro.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\bocom_wdc_ui.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\bocom_wdc_mon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\COMSystem32(x86)\NetSign20.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\COMSystem32(x86)\BocomAssistComm.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\COMSystem32(x64)\NetSign20_64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\COMSystem32(x64)\BocomAssistComm.dll
C:\Program Files\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\bocom_wdc_mon.exe
C:\Program Files\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\bocom_wdc_ui.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\CombineFile.combine---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\System32(x86)\MidwareV2Config_BOCOM.bin---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\System32(x86)\EsBOCOMBankCspV2.bin---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\System32(x64)\EsBOCOMBankCspV2.bin---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\Reg\x86_64.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\Reg\x86.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\Reg\x64.reg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\warning.ico---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\USBKey_Confirm.png---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\shift_normal.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\shift_hover.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\shift_down.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\ManagerTool.ico---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\MAIL.ICO---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\Logo_Long.bmp---> Offset = 12288
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\MidwareV2Package_00004789\\*
Registry behavior
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:Local\MidwareV2_Mutex_872
Global\MutexShareMemoryMutext_{CBF824D9-7526-4a1b-8105-BC0F0A0C7C14}
Global\Mutex{CBF824D9-7526-4a1b-8105-BC0F0A0C7C14}_Mutex_Communication
Global\Mutex{DFD35F70-D1D4-463d-A777-ADA3799C1B27}
Global\Mutex
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IBE
MSCTF.Shared.MUTEX.EPK
Behavior description:隐藏指定窗口
details:[Window,Class] = [完成,Button]
[Window,Class] = [卸载,Button]
Behavior description:样本控制台输出内容
details:N/A
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 488228, SleepMilliseconds = 10.
TickCount = 488260, SleepMilliseconds = 10.
TickCount = 488291, SleepMilliseconds = 10.
TickCount = 488322, SleepMilliseconds = 10.
TickCount = 488353, SleepMilliseconds = 10.
TickCount = 488385, SleepMilliseconds = 10.
TickCount = 488416, SleepMilliseconds = 10.
TickCount = 488937, SleepMilliseconds = 500.
TickCount = 488478, SleepMilliseconds = 10.
TickCount = 488510, SleepMilliseconds = 10.
TickCount = 488541, SleepMilliseconds = 10.
TickCount = 488572, SleepMilliseconds = 10.
TickCount = 488603, SleepMilliseconds = 10.
TickCount = 488635, SleepMilliseconds = 10.
TickCount = 488666, SleepMilliseconds = 10.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 10.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a2, Text = 交通银行智慧网盾(文鼎创)安装向导, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 872, Hwnd=0x202a6, Text = 安装, ClassName = Button.
Pid = 872, Hwnd=0x202a8, Text = 卸载, ClassName = Button.
Pid = 872, Hwnd=0x202b4, Text = 欢迎使用交通银行智慧网盾(文鼎创)安装向导,请点击 <安装> 按钮继续您的操作。, ClassName = Static.
Pid = 872, Hwnd=0x202b2, Text = 取消, ClassName = Button.
Pid = 872, Hwnd=0x302ba, Text = Progress1, ClassName = msctls_progress32.
Pid = 872, Hwnd=0x302bc, Text = 完成, ClassName = Button.
Pid = 872, Hwnd=0x202a2, Text = 交通银行智慧网盾(文鼎创)安装向导, ClassName = #32770.
Pid = 872, Hwnd=0x202b4, Text = 正在安装交通银行智慧网盾(文鼎创),请稍候…, ClassName = Static.
Pid = 872, Hwnd=0x3015a, Text = 确定, ClassName = Button.
Pid = 872, Hwnd=0x202d8, Text = 拒绝访问。 , ClassName = Static.
Pid = 872, Hwnd=0x150134, Text = 996E, ClassName = #32770.
Pid = 872, Hwnd=0x102f8, Text = 确定, ClassName = Button.
Pid = 872, Hwnd=0x102fc, Text = 拒绝访问。 , ClassName = Static.
Pid = 872, Hwnd=0x102f4, Text = 996E, ClassName = #32770.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\shift_normal.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\shift_hover.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\shift_down.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\Logo_Long.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\key_normal.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\key_hover.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\key_down.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\Keyboard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\caps_normal.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\caps_hover.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MidwareV2Package_00004789\PackageFiles\ProgramFiles(x86)\BOCOM\Smart USBKey\Smart USBKey-WDC-OKey\Res\caps_down.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号