VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:8955f27de9706c0876586f0ec58d482d
file type:Nsis
Production company:dreamland.blog.51cto.com
version:3.7.0.8---3.7.0.8
Shell or compiler information:
Subfile information:oggenc2.exe / 91974f0026ac8aac5b327914b5ec4b8d / EXE
foobar2000.exe / 94929434e774be9b2fc7bcadb1c078f7 / EXE
foo_ui_columns.dll / df64a264e2c2e71562fa89e43b74ae3c / DLL
foo_input_std.dll / 7e0dcee059f94e19ea4dd6d8adc0603f / DLL
foo_eslyric.dll / 0c8ff424d6fdc9c9bf4cece9cb0c1c13 / DLL
foo_uie_wsh_panel_mod_plus.dll / 183be4ed2e0b34916c43d4d67ee4ac6b / DLL
foo_ui_std.dll / 92c5b7966b34aa45368688a191f5079d / DLL
neroAacEnc.exe / 0f21e58f98491ebd3346fdf3eb887891 / EXE
avcodec-fb2k-55.dll / c16ef2dd86cf66573d142cb62751c8cf / DLL
lame.exe / 984cf32c7c3aa3be876b5e164faee9e9 / EXE
foo_ui_columns.dll.cfg / 9c32744c1bc341ac58c1c419031b938d / Unknown
flac.exe / 4add826644d303b57d220f866c67292b / EXE
foo_converter.dll / 5ab8dc5aa55d6995a7cff04fa3ab2ad1 / DLL
opusenc.exe / e1b94075d9c79029cf2d5d0d769019bf / EXE
foo_input_dts.dll / 31745018356217952502536ee5914bb6 / DLL
faac.exe / 2231abc1d18362c98da09e5517589585 / EXE
pecompact2x_da224d88dumpFile / 22c732a396c6fbcd07d86f867eb1a815 / DLL
foo_rgscan.dll / 878c56d339fd4faaf158e77c00d01f7a / DLL
foo_albumlist.dll / f26a9a27ae802ae856eaf162c33877d6 / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AFN..EFAKH
MSCTF.MarshalInterface.FileMap.AFN.B.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.C.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.D.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.E.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.F.DIAKH
MSCTF.MarshalInterface.FileMap.AFN.G.DIAKH
MSCTF.Shared.SFM.AFN
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.AOH..LMKOH
MSCTF.MarshalInterface.FileMap.AOH.B.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.C.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.D.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.E.LMKOH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a0, Text = foobox 3.7 绿色版 for Foobar2000 (v1.3.2) 安装 , ClassName = #32770.
hWnd = 0x000402dc, Text = foobar2000, ClassName = #32770.
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Foobar2000.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [foobox 绿色版安装程序,Static]
[Window,Class] = [foobox 绿色版安装程序 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\notepad.exe, CmdLine = "C:\WINDOWS\notepad.exe" C:\Foobar2000\Foobox Readme.txt
Behavior description:创建新文件进程
details:ImagePath = C:\Foobar2000\foobar2000.exe, CmdLine = "C:\Foobar2000\foobar2000.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AFN..EFAKH
MSCTF.MarshalInterface.FileMap.AFN.B.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.C.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.D.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.E.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.F.DIAKH
MSCTF.MarshalInterface.FileMap.AFN.G.DIAKH
MSCTF.Shared.SFM.AFN
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.AOH..LMKOH
MSCTF.MarshalInterface.FileMap.AOH.B.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.C.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.D.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.E.LMKOH
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Foobar2000.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\InstallOptions.dll
C:\Foobar2000\components\foo_dsp_eq.dll
C:\Foobar2000\components\foo_dsp_std.dll
C:\Foobar2000\components\foo_eslyric.dll
C:\Foobar2000\components\foo_input_std.dll
C:\Foobar2000\components\foo_ui_columns.dll
C:\Foobar2000\components\foo_ui_std.dll
C:\Foobar2000\components\foo_uie_biography.dll
C:\Foobar2000\components\foo_uie_panel_splitter.dll
C:\Foobar2000\components\foo_uie_vis_channel_spectrum.dll
C:\Foobar2000\components\foo_uie_wsh_panel_mod_plus.dll
C:\Foobar2000\avcodec-fb2k-55.dll
C:\Foobar2000\avutil-fb2k-52.dll
C:\Foobar2000\foobar2000 Shell Associations Updater.exe
C:\Foobar2000\foobar2000.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-wizard.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-header.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 345
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 400
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 408
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 420
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 369
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp
FileName = C:\Foobar2000
FileName = C:\Foobar2000\foobar2000.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\notepad.exe
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AFN
_SHuassist.mtx
SHIMLIB_LOG_MUTEX
DirectSound DllMain mutex (0x00000F94)
FOOBAR2000_9D7C7BA4
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [foobox 绿色版安装程序,Static]
[Window,Class] = [foobox 绿色版安装程序 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a0, Text = foobox 3.7 绿色版 for Foobar2000 (v1.3.2) 安装 , ClassName = #32770.
hWnd = 0x000402dc, Text = foobar2000, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 3404, Hwnd=0x3029e, Text = 下一步(&N) >, ClassName = Button.
Pid = 3404, Hwnd=0x202a6, Text = 取消(&C), ClassName = Button.
Pid = 3404, Hwnd=0x302bc, Text = foobox 绿色版安装程序 , ClassName = Static.
Pid = 3404, Hwnd=0x202d4, Text = foobox 绿色版安装程序, ClassName = Static.
Pid = 3404, Hwnd=0x202c6, Text = 欢迎使用“foobox 3.7 绿色版 for Foobar2000 (v1.3.2)”安装向导, ClassName = Static.
Pid = 3404, Hwnd=0x302da, Text = Foobar2000 是一个 Windows 平台下的高级音频播放器,支持多种音频格式播放和转换及第三方组件扩展,foobox是一个基于CUI的foobar2000界面, ClassName = Static.
Pid = 3404, Hwnd=0x202a0, Text = foobox 3.7 绿色版 for Foobar2000 (v1.3.2) 安装, ClassName = #32770.
Pid = 3404, Hwnd=0x3029e, Text = 我接受(&I), ClassName = Button.
Pid = 3404, Hwnd=0x402da, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 3404, Hwnd=0x302ca, Text = 如果你接受协议中的条款,单击 [我接受(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须接受协议才能安装“foobox 3.7 绿色, ClassName = Static.
Pid = 3404, Hwnd=0x402ca, Text = 精简安装, ClassName = ComboBox.
Pid = 3404, Hwnd=0x502da, Text = 或者,自定义选定想安装的组件: , ClassName = Static.
Pid = 3404, Hwnd=0x902b8, Text = 选定安装的类型: , ClassName = Static.
Pid = 3404, Hwnd=0x202ae, Text = 所需空间: 17.8MB, ClassName = Static.
Pid = 3404, Hwnd=0x202aa, Text = 勾选你想要安装的组件,并解除勾选你不希望安装的组件。 单击 [下一步(N)] 继续。, ClassName = Static.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-header.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号