VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:39
Behavior list
Basic Information
MD5:8a859f11b9d1aea4682d280cb6cbea60
file type:EXE
Production company:文件夹
version:1.0.0.0---1.0.0.0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Key behavior
Behavior description:杀掉进程
details:TASKKILL = taskkill /im qq.exe /f
Behavior description:删除QQ登录信息的数据库文件
details:C:\Program Files\Tencent\QQ\Users\All Users\QQ\Registry.db
Behavior description:设置特殊文件夹属性
details:C:\autorun.inf
C:\autorun.inf\文件免疫
C:\Program Files\autorun.inf
C:\Program Files\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\autorun.inf
C:\Program Files\Windows Media Player\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\autorun.inf
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Behavior description:杀掉QQ进程
details:C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\%temp%\****.exe
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
ImagePath = , CmdLine = C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat
ImagePath = , CmdLine = "C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe " folder
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c "C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat"
ImagePath = C:\WINDOWS\system32\taskkill.exe, CmdLine = taskkill /im qq.exe /f
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c "C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat"
ImagePath = C:\WINDOWS\system32\cacls.exe, CmdLine = cacls "C:\Program Files\Windows Media Player\9" /d everyone /e
ImagePath = C:\WINDOWS\explorer.exe, CmdLine = explorer "C:\Documents and Settings\Administrator\Local Settings\%temp%\996E"
Behavior description:创建本地线程
details:TargetProcess: taskkill.exe, InheritedFromPID = 444, ProcessID = 1360, ThreadID = 1408, StartAddress = 77E56C7D, Parameter = 000EAC20
TargetProcess: taskkill.exe, InheritedFromPID = 444, ProcessID = 1360, ThreadID = 556, StartAddress = 769AE43B, Parameter = 000ED5C0
TargetProcess: taskkill.exe, InheritedFromPID = 444, ProcessID = 1360, ThreadID = 1004, StartAddress = 77E56C7D, Parameter = 000EDC58
TargetProcess: svchost.exe , InheritedFromPID = 2016, ProcessID = 2220, ThreadID = 2332, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 51ca3b.tmp.exe, InheritedFromPID = 2220, ProcessID = 2392, ThreadID = 2420, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 51d17f.tmp.exe, InheritedFromPID = 2220, ProcessID = 2460, ThreadID = 2528, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:杀掉进程
details:TASKKILL = taskkill /im qq.exe /f
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe , CmdLine = "C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe " folder
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\51ca3b.tmp.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\51ca3b.tmp.exe" qjb 525028
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\51d17f.tmp.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\51d17f.tmp.exe" qjb 131352
Behavior description:杀掉QQ进程
details:C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\%temp%\****.exe
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
C:\autorun.inf\desktop.ini
C:\Program Files\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\desktop.ini
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\desktop.ini
Behavior description:删除QQ登录信息的数据库文件
details:C:\Program Files\Tencent\QQ\Users\All Users\QQ\Registry.db
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe 
C:\Documents and Settings\Administrator\Local Settings\Temp\51ca3b.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\51d17f.tmp.exe
C:\222c25ed.exe
C:\autorun.inf.exe
C:\DiskD.exe
C:\DiskX.exe
C:\Documents and Settings.exe
C:\Program Files.exe
C:\Python27.exe
C:\RECYCLER.exe
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne
Behavior description:复制文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe 
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\51ca3b.tmp.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\51d17f.tmp.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\222c25ed.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\AnalyzeControl.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\autorun.inf.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DiskD.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\DiskX.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\Documents and Settings.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\EasyWebSvr.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\monitor.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\Program Files.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\Python27.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\RECYCLER.exe
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> C:\StaticAnalyze.exe
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\taskkill.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\taskkill
FileName = C:\Python27\taskkill.*
FileName = C:\Python27\taskkill
FileName = C:\Python27\Scripts\taskkill.*
FileName = C:\Python27\Scripts\taskkill
FileName = C:\WINDOWS\system32\taskkill.*
FileName = C:\WINDOWS\system32\taskkill.COM
FileName = C:\WINDOWS\system32\taskkill.EXE
Behavior description:修改BAT脚本文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\CQ.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\temp.bat ---> Offset = 0
Behavior description:重命名文件
details:C:\autorun.inf\文件免疫 ---> C:\autorun.inf\文件免疫.\
C:\Program Files\autorun.inf\文件免疫 ---> C:\Program Files\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\autorun.inf\文件免疫.\
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\autorun.inf\文件免疫 ---> C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\autorun.inf\文件免疫.\
Behavior description:设置特殊文件夹属性
details:C:\autorun.inf
C:\autorun.inf\文件免疫
C:\Program Files\autorun.inf
C:\Program Files\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\autorun.inf
C:\Program Files\Windows Media Player\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\autorun.inf
C:\Program Files\Windows Media Player\9\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\文件免疫
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne ---> Offset = 0
C:\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\autorun.inf\desktop.ini ---> Offset = 0
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\autorun.inf\desktop.ini ---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\LoveQ\first
\REGISTRY\MACHINE\SOFTWARE\Classes\.exe \
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = LoveQ-BYxiaofeng_sp5
Behavior description:窗口信息
details:Pid = 2392, Hwnd=0x1046c, Text = 取回密码, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2392, Hwnd=0x1046a, Text = 注册新账号, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2392, Hwnd=0x10464, Text = <请输入账号>, ClassName = Edit.
Pid = 2392, Hwnd=0x10460, Text = QQ2009 , ClassName = WTWindow.
Pid = 2460, Hwnd=0x104ae, Text = 取回密码, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2460, Hwnd=0x104ac, Text = 注册新账号, ClassName = Afx:10000000:b:10011:1900015:0.
Pid = 2460, Hwnd=0x104a6, Text = <请输入账号>, ClassName = Edit.
Pid = 2460, Hwnd=0x104a2, Text = QQ2009 , ClassName = WTWindow.
Pid = 2392, Hwnd=0x10466, Text = 123456, ClassName = Edit.
Pid = 2460, Hwnd=0x104a8, Text = 123456, ClassName = Edit.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.1360
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
LoveQ-BYxiaofeng_sp5
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000044
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000044
Behavior description:调整进程token权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne(签名验证: 未通过)
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe (签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\51ca3b.tmp.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\51d17f.tmp.exe(签名验证: 未通过)
C:\222c25ed.exe(签名验证: 未通过)
C:\autorun.inf.exe(签名验证: 未通过)
C:\DiskD.exe(签名验证: 未通过)
C:\DiskX.exe(签名验证: 未通过)
C:\Documents and Settings.exe(签名验证: 未通过)
C:\Program Files.exe(签名验证: 未通过)
C:\Python27.exe(签名验证: 未通过)
C:\RECYCLER.exe(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:10000000:8:10011:1900015:0]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\krnln.fnr ---> 4b30dbe1a79b2b7572ff637cb3765ced
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\eAPI.fne ---> 3102c454a9543e58fe3ad5f783f5a690
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\Md5.fne ---> 992322b55f2684fe4c83b8e94dd54adb
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N4\internet.fne ---> c1180974dd8a7c6d9f8fcc13096b4f7a
C:\Program Files\Windows Media Player\9\c\b\c\c\0\5\6\9\a\a\e\1\9\8\5\4\9\8\d\f\9\b\f\f\6\4\9\8\1\2\8\autorun.inf\svchost.exe  ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\Documents and Settings\Administrator\Local Settings\Temp\51ca3b.tmp.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\Documents and Settings\Administrator\Local Settings\Temp\51d17f.tmp.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\222c25ed.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\autorun.inf.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\DiskD.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\DiskX.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\Documents and Settings.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\Program Files.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\Python27.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
C:\RECYCLER.exe ---> 8a859f11b9d1aea4682d280cb6cbea60
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\Md5.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\eAPI.fne.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号