VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:78cce331d7e118dea6ed6fcf6ae49073
file type:EXE
Production company:Moritz Bunkus
version:21.0.0.0---21.0.0
Shell or compiler information:COMPILER:NSIS
Subfile information:mkvtoolnix-gui.exe / 4d11c2148c57f804e9ee4cb0a9cb96bc / EXE
mkvmerge.exe / 8b4a2dd0d08a9b8005318117f40b2359 / EXE
mkvextract.exe / cdd7047b86d590c41f7c0d0af99c40bb / EXE
mkvpropedit.exe / 6c0b1b5d30192586eb0e91d776818b25 / EXE
mkvinfo.exe / a0613e69106a2b7fd0d6c8d6d2223b0e / EXE
magic.mgc / 9886697fd2c218728857934fc825183f / Cab
mkvtoolnix.mo / f76df9b04d43cc75dd649eea0c683a46 / Unknown
NEWS.txt / 5aa071653f71942e92b001cfb37da6c4 / Unknown
mkvtoolnix.mo / ab3615e7912b5963073712a134498663 / Unknown
mkvtoolnix.mo / 5cb75be50ea687a5f4c2853707c1fd6a / Unknown
mkvtoolnix.mo / 1d6a189980bcd92e7f2939c247d227c7 / Unknown
mkvtoolnix.mo / b3646bd359f9cd22f6b8c27edbaf3e57 / Unknown
mkvtoolnix.mo / 7c3489afa5ab8dfabc397c9e892b7b0f / Unknown
mkvtoolnix.mo / 77b617bb2d6d98d085e779afe3c475fb / Unknown
mkvtoolnix.mo / 08c172702ec340966eb8d9bc1979449e / Unknown
mkvtoolnix.mo / 992769be1ad5fed8609fb5c3358b2acf / Unknown
mkvtoolnix.mo / 669b90ea03e4d8b2091053ee2e53e101 / Unknown
mkvtoolnix.mo / 952c7f2c70b47342278da8dff38a1662 / Unknown
qt_gl.qm / c3f25738abba50454dd46412cefd8aba / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0002033e, Text = MKVToolNix 21.0.0 (64-bit) 安装, ClassName = #32770.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3300, ThreadID = 3572, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3300, ThreadID = 3584, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3300, ThreadID = 3772, StartAddress = 00404AF1, Parameter = 00020384
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsu7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\StartMenu.dll
C:\Program Files\MKVToolNix\mkvextract.exe
C:\Program Files\MKVToolNix\mkvinfo.exe
C:\Program Files\MKVToolNix\mkvmerge.exe
C:\Program Files\MKVToolNix\mkvpropedit.exe
C:\Program Files\MKVToolNix\mkvtoolnix-gui.exe
C:\Program Files\MKVToolNix\MKVToolNix.url
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\MKVToolNix\MKVToolNix GUI.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\MKVToolNix\Documentation\Command line references.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\MKVToolNix\Documentation\NEWS.txt - What is new, what has changed.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\MKVToolNix\Documentation\README.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\MKVToolNix\Website.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\MKVToolNix\Uninstall.lnk
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\StartMenu.dll
C:\Program Files\MKVToolNix\mkvextract.exe
C:\Program Files\MKVToolNix\mkvinfo.exe
C:\Program Files\MKVToolNix\mkvmerge.exe
C:\Program Files\MKVToolNix\mkvpropedit.exe
C:\Program Files\MKVToolNix\mkvtoolnix-gui.exe
C:\Program Files\MKVToolNix\uninst.exe
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp
FileName = C:\WINDOWS\system32\evr.dll
FileName = C:\Program Files\MKVToolNix
FileName = C:\Program Files
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\*.*
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsu7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\StartMenu.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp ---> Offset = 84353
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp8.tmp ---> Offset = 117121
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-header.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll ---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MKVToolNix\NSIS:StartMenuDir
\REGISTRY\MACHINE\SOFTWARE\Classes\.mtxcfg\
\REGISTRY\MACHINE\SOFTWARE\Classes\MKVToolNix GUI Settings\
\REGISTRY\MACHINE\SOFTWARE\Classes\MKVToolNix GUI Settings\shell\
\REGISTRY\MACHINE\SOFTWARE\Classes\MKVToolNix GUI Settings\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\MKVToolNix GUI Settings\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\MKVToolNix GUI Settings\shell\edit\
\REGISTRY\MACHINE\SOFTWARE\Classes\MKVToolNix GUI Settings\shell\edit\command\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mkvtoolnix-gui.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MKVToolNix\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MKVToolNix\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MKVToolNix\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MKVToolNix\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MKVToolNix\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MKVToolNix\Publisher
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IOM
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [MKVToolNix 21.0.0 (64-bit) by Moritz Bunkus,Static]
[Window,Class] = [MKVToolNix 21.0.0 (64-bit) by Moritz Bunkus ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0002033e, Text = MKVToolNix 21.0.0 (64-bit) 安装, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 3300, Hwnd=0x3033c, Text = Chinese (Simplified), ClassName = ComboBox.
Pid = 3300, Hwnd=0x10344, Text = OK, ClassName = Button.
Pid = 3300, Hwnd=0x10346, Text = Cancel, ClassName = Button.
Pid = 3300, Hwnd=0x10348, Text = Please select a language., ClassName = Static.
Pid = 3300, Hwnd=0x1033e, Text = Installer Language, ClassName = #32770.
Pid = 3300, Hwnd=0x20346, Text = 下一步(&N) >, ClassName = Button.
Pid = 3300, Hwnd=0x20344, Text = 取消(&C), ClassName = Button.
Pid = 3300, Hwnd=0x40350, Text = MKVToolNix 21.0.0 (64-bit) by Moritz Bunkus , ClassName = Static.
Pid = 3300, Hwnd=0x10352, Text = MKVToolNix 21.0.0 (64-bit) by Moritz Bunkus, ClassName = Static.
Pid = 3300, Hwnd=0x10364, Text = 欢迎使用“MKVToolNix 21.0.0 (64-bit)”安装向导, ClassName = Static.
Pid = 3300, Hwnd=0x10366, Text = 这个向导将指引你完成“MKVToolNix 21.0.0 (64-bit)”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定的系统文件,而不需要重新启动你的计算机。 单击 [下一步(N)] 继续。, ClassName = Static.
Pid = 3300, Hwnd=0x2033e, Text = MKVToolNix 21.0.0 (64-bit) 安装, ClassName = #32770.
Pid = 3300, Hwnd=0x20348, Text = < 上一步(&P), ClassName = Button.
Pid = 3300, Hwnd=0x10356, Text = 选择安装位置, ClassName = Static.
Pid = 3300, Hwnd=0x10358, Text = 选择“MKVToolNix 21.0.0 (64-bit)”的安装文件夹。, ClassName = Static.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\StartMenu.dll(签名验证: 未通过)
C:\Program Files\MKVToolNix\mkvextract.exe(签名验证: 未通过)
C:\Program Files\MKVToolNix\mkvinfo.exe(签名验证: 未通过)
C:\Program Files\MKVToolNix\mkvmerge.exe(签名验证: 未通过)
C:\Program Files\MKVToolNix\mkvpropedit.exe(签名验证: 未通过)
C:\Program Files\MKVToolNix\mkvtoolnix-gui.exe(签名验证: 未通过)
C:\Program Files\MKVToolNix\uninst.exe(签名验证: 未通过)
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceiveConection.Event.IOM.IC
EventName = MSCTF.SendReceive.Event.IOM.IC
EventName = Global\userenv: User Profile setup event
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll ---> 7797271000a5d685503ade24b5a82f8a
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll ---> 0d65fa380fdf82ea3f9da4cad01cf04a
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll ---> a2f57977c31d2a8a4b69d0a19e49ed7c
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\StartMenu.dll ---> 23486dec737e5f34e498e025b483e981
C:\Program Files\MKVToolNix\mkvextract.exe ---> 文件过大!
C:\Program Files\MKVToolNix\mkvinfo.exe ---> a0613e69106a2b7fd0d6c8d6d2223b0e
C:\Program Files\MKVToolNix\mkvmerge.exe ---> 文件过大!
C:\Program Files\MKVToolNix\mkvpropedit.exe ---> 6c0b1b5d30192586eb0e91d776818b25
C:\Program Files\MKVToolNix\mkvtoolnix-gui.exe ---> 文件过大!
C:\Program Files\MKVToolNix\uninst.exe ---> 090c53e33da75f6c6a820e2e62cc6cb7
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\LangDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\nsDialogs.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\StartMenu.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号