VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :85
基本信息
MD5:8955f27de9706c0876586f0ec58d482d
文件类型:Nsis
出品公司:dreamland.blog.51cto.com
版本:3.7.0.8---3.7.0.8
壳或编译器信息:
子文件信息:oggenc2.exe / 91974f0026ac8aac5b327914b5ec4b8d / EXE
foobar2000.exe / 94929434e774be9b2fc7bcadb1c078f7 / EXE
foo_ui_columns.dll / df64a264e2c2e71562fa89e43b74ae3c / DLL
foo_input_std.dll / 7e0dcee059f94e19ea4dd6d8adc0603f / DLL
foo_eslyric.dll / 0c8ff424d6fdc9c9bf4cece9cb0c1c13 / DLL
foo_uie_wsh_panel_mod_plus.dll / 183be4ed2e0b34916c43d4d67ee4ac6b / DLL
foo_ui_std.dll / 92c5b7966b34aa45368688a191f5079d / DLL
neroAacEnc.exe / 0f21e58f98491ebd3346fdf3eb887891 / EXE
avcodec-fb2k-55.dll / c16ef2dd86cf66573d142cb62751c8cf / DLL
lame.exe / 984cf32c7c3aa3be876b5e164faee9e9 / EXE
foo_ui_columns.dll.cfg / 9c32744c1bc341ac58c1c419031b938d / Unknown
flac.exe / 4add826644d303b57d220f866c67292b / EXE
foo_converter.dll / 5ab8dc5aa55d6995a7cff04fa3ab2ad1 / DLL
opusenc.exe / e1b94075d9c79029cf2d5d0d769019bf / EXE
foo_input_dts.dll / 31745018356217952502536ee5914bb6 / DLL
faac.exe / 2231abc1d18362c98da09e5517589585 / EXE
pecompact2x_da224d88dumpFile / 22c732a396c6fbcd07d86f867eb1a815 / DLL
foo_rgscan.dll / 878c56d339fd4faaf158e77c00d01f7a / DLL
foo_albumlist.dll / f26a9a27ae802ae856eaf162c33877d6 / DLL
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AFN..EFAKH
MSCTF.MarshalInterface.FileMap.AFN.B.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.C.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.D.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.E.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.F.DIAKH
MSCTF.MarshalInterface.FileMap.AFN.G.DIAKH
MSCTF.Shared.SFM.AFN
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.AOH..LMKOH
MSCTF.MarshalInterface.FileMap.AOH.B.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.C.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.D.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.E.LMKOH
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000202a0, Text = foobox 3.7 绿色版 for Foobar2000 (v1.3.2) 安装 , ClassName = #32770.
hWnd = 0x000402dc, Text = foobar2000, ClassName = #32770.
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\Administrator\桌面\Foobar2000.lnk
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [foobox 绿色版安装程序,Static]
[Window,Class] = [foobox 绿色版安装程序 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
进程行为
行为描述:创建进程
详情信息:ImagePath = C:\WINDOWS\notepad.exe, CmdLine = "C:\WINDOWS\notepad.exe" C:\Foobar2000\Foobox Readme.txt
行为描述:创建新文件进程
详情信息:ImagePath = C:\Foobar2000\foobar2000.exe, CmdLine = "C:\Foobar2000\foobar2000.exe"
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AFN..EFAKH
MSCTF.MarshalInterface.FileMap.AFN.B.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.C.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.D.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.E.EGAKH
MSCTF.MarshalInterface.FileMap.AFN.F.DIAKH
MSCTF.MarshalInterface.FileMap.AFN.G.DIAKH
MSCTF.Shared.SFM.AFN
\WINDOWS\system32\zh-cn\ieframe.dll.mui
MSCTF.MarshalInterface.FileMap.AOH..LMKOH
MSCTF.MarshalInterface.FileMap.AOH.B.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.C.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.D.LMKOH
MSCTF.MarshalInterface.FileMap.AOH.E.LMKOH
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\Administrator\桌面\Foobar2000.lnk
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\InstallOptions.dll
C:\Foobar2000\components\foo_dsp_eq.dll
C:\Foobar2000\components\foo_dsp_std.dll
C:\Foobar2000\components\foo_eslyric.dll
C:\Foobar2000\components\foo_input_std.dll
C:\Foobar2000\components\foo_ui_columns.dll
C:\Foobar2000\components\foo_ui_std.dll
C:\Foobar2000\components\foo_uie_biography.dll
C:\Foobar2000\components\foo_uie_panel_splitter.dll
C:\Foobar2000\components\foo_uie_vis_channel_spectrum.dll
C:\Foobar2000\components\foo_uie_wsh_panel_mod_plus.dll
C:\Foobar2000\avcodec-fb2k-55.dll
C:\Foobar2000\avutil-fb2k-52.dll
C:\Foobar2000\foobar2000 Shell Associations Updater.exe
C:\Foobar2000\foobar2000.exe
行为描述:修改文件内容
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-wizard.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-header.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 345
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 400
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 408
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 420
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\ioSpecial.ini---> Offset = 369
行为描述:查找文件
详情信息:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp
FileName = C:\Foobar2000
FileName = C:\Foobar2000\foobar2000.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\notepad.exe
行为描述:修改注册表_延迟重命名项
详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AFN
_SHuassist.mtx
SHIMLIB_LOG_MUTEX
DirectSound DllMain mutex (0x00000F94)
FOOBAR2000_9D7C7BA4
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [foobox 绿色版安装程序,Static]
[Window,Class] = [foobox 绿色版安装程序 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x000202a0, Text = foobox 3.7 绿色版 for Foobar2000 (v1.3.2) 安装 , ClassName = #32770.
hWnd = 0x000402dc, Text = foobar2000, ClassName = #32770.
行为描述:窗口信息
详情信息:Pid = 3404, Hwnd=0x3029e, Text = 下一步(&N) >, ClassName = Button.
Pid = 3404, Hwnd=0x202a6, Text = 取消(&C), ClassName = Button.
Pid = 3404, Hwnd=0x302bc, Text = foobox 绿色版安装程序 , ClassName = Static.
Pid = 3404, Hwnd=0x202d4, Text = foobox 绿色版安装程序, ClassName = Static.
Pid = 3404, Hwnd=0x202c6, Text = 欢迎使用“foobox 3.7 绿色版 for Foobar2000 (v1.3.2)”安装向导, ClassName = Static.
Pid = 3404, Hwnd=0x302da, Text = Foobar2000 是一个 Windows 平台下的高级音频播放器,支持多种音频格式播放和转换及第三方组件扩展,foobox是一个基于CUI的foobar2000界面, ClassName = Static.
Pid = 3404, Hwnd=0x202a0, Text = foobox 3.7 绿色版 for Foobar2000 (v1.3.2) 安装, ClassName = #32770.
Pid = 3404, Hwnd=0x3029e, Text = 我接受(&I), ClassName = Button.
Pid = 3404, Hwnd=0x402da, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 3404, Hwnd=0x302ca, Text = 如果你接受协议中的条款,单击 [我接受(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须接受协议才能安装“foobox 3.7 绿色, ClassName = Static.
Pid = 3404, Hwnd=0x402ca, Text = 精简安装, ClassName = ComboBox.
Pid = 3404, Hwnd=0x502da, Text = 或者,自定义选定想安装的组件: , ClassName = Static.
Pid = 3404, Hwnd=0x902b8, Text = 选定安装的类型: , ClassName = Static.
Pid = 3404, Hwnd=0x202ae, Text = 所需空间: 17.8MB, ClassName = Static.
Pid = 3404, Hwnd=0x202aa, Text = 勾选你想要安装的组件,并解除勾选你不希望安装的组件。 单击 [下一步(N)] 继续。, ClassName = Static.
行为描述:打开图片文件
详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\modern-header.bmp
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号