VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load
文件信息
安全评分 :73
基本信息
MD5:91c4d297261cdb4e1e3cf7d68581b417
文件类型:zip
出品公司:
版本:
壳或编译器信息:
子文件信息:CCleaner64.exe / dd3952e3a7df8f3c0b93f32e0be15be8 / EXE
CCleaner.exe / 357cc6fc92569467a5407f3574d69008 / EXE
lang-1032.dll / 5263bee33150c8e1a3e81045cb8ba012 / DLL
lang-1036.dll / ad9acd7104511cc7815d93cb84db3531 / DLL
lang-1155.dll / 2ec2fbdc210f1778ad2be7b7f249a25c / DLL
lang-1043.dll / 84c0d7a5ed7b1baddc4495e0e121ca3a / DLL
lang-1034.dll / 34e0095c79bf513b0d7018ee71a20be2 / DLL
lang-1027.dll / 7e4603338a45e4c46df5b31cf7ace8ba / DLL
lang-2070.dll / b0ae2ddaf84e7378678d68e340c6bfa0 / DLL
lang-1046.dll / 468cf12fb8103cd5a4ec4d5b4bb0551a / DLL
lang-1045.dll / 70072ce2b8d1f5babc7357c12b4b915d / DLL
lang-1071.dll / 2d2c76a38e0033b94457dfd5d68c3856 / DLL
lang-1040.dll / 2eae6af6b5f177179469d3f8f7078311 / DLL
lang-1050.dll / 18b1ae1069f98b597dc5c7eeaeff0f98 / DLL
lang-1038.dll / 207b669b031890e050ba2d1a5791bd62 / DLL
lang-1109.dll / fc37c2e962359e6b4d494a790d305f8c / DLL
lang-1035.dll / 05955c195bf98c6f5f591c33121686ec / DLL
lang-1090.dll / 8e5c06b2c2719e130eccb7f8139efb59 / DLL
lang-1060.dll / 0968d230f007f23e21a4ac21800c94ec / DLL
关键行为
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DOMStore
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\UserData
进程行为
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:创建文件
详情信息:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RWPAYSV20LFZCPQ7DFB8.temp
行为描述:重命名文件
详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RWPAYSV20LFZCPQ7DFB8.temp ---> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\25ca5ec3bcbe6aeb.customDestinations-ms
行为描述:设置特殊文件夹属性
详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\DOMStore
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\UserData
行为描述:修改文件内容
详情信息:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 36
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 57
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 122
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 132
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RWPAYSV20LFZCPQ7DFB8.temp ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RWPAYSV20LFZCPQ7DFB8.temp ---> Offset = 4096
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RWPAYSV20LFZCPQ7DFB8.temp ---> Offset = 8192
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 146
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 162
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 177
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 195
C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\ccleaner.ini ---> Offset = 214
行为描述:查找文件
详情信息:FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe_7zdump\CCleaner.exe
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\*.txt
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\*.cookie
FileName = C:\Windows\Cookies\*.txt
FileName = C:\Windows\Cookies\*.cookie
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\low\*.txt
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\low\*.cookie
FileName = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Flock\User Data\*
FileName = C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\*
网络行为
行为描述:联网打开网址
详情信息:InternetOpenUrlA: https://ww****om/go/app_cc_pro_trialkey, hInternet = 0x00cc0004, Flags = 0x80800000
行为描述:打开HTTP连接
详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (CCleaner, 5.40.6411), hSession = 0x00cc0004
行为描述:建立到一个指定的套接字连接
详情信息:URL: ww****om, IP: **.133.40.**:443, SOCKET = 0x00000434
行为描述:按名称获取主机地址
详情信息:GetAddrInfoW: ww****om
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASAPI32\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASMANCS\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASMANCS\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASMANCS\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASMANCS\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASMANCS\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\CCleaner_RASMANCS\FileDirectory
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:删除注册表键值
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
其他行为
行为描述:检测自身是否被调试
详情信息:IsDebuggerPresent
行为描述:创建互斥体
详情信息:Piriform_CCleaner_PreventSecondInstance
Piriform_CCleaner_SystemTrayIconActive
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\c:!users!administrator!appdata!local!microsoft!internet explorer!domstore!
Local\c:!users!administrator!appdata!roaming!microsoft!internet explorer!userdata!
_SHuassist.mtx
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\ZonesCounterMutex
Local\ZonesCacheCounterMutex
行为描述:创建事件对象
详情信息:EventName = CCLEANER_UI_LOCKING_EVENT
行为描述:窗口信息
详情信息:Pid = 3788, Hwnd=0x101e4, Text = &Analyze, ClassName = Button.
Pid = 3788, Hwnd=0x101e6, Text = &Run Cleaner, ClassName = Button.
Pid = 3788, Hwnd=0x101c0, Text = Update available, ClassName = Button.
Pid = 3788, Hwnd=0x101c2, Text = Check for &updates, ClassName = Static.
Pid = 3788, Hwnd=0x101b6, Text = &Cleaner, ClassName = Button.
Pid = 3788, Hwnd=0x101b8, Text = Re&gistry, ClassName = Button.
Pid = 3788, Hwnd=0x101ba, Text = &Tools, ClassName = Button.
Pid = 3788, Hwnd=0x101bc, Text = &Options, ClassName = Button.
Pid = 3788, Hwnd=0x101be, Text = &Upgrade, ClassName = Button.
Pid = 3788, Hwnd=0x301b0, Text = Piriform CCleaner, ClassName = PiriformCCleaner.
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagALMELDBAMMOAAAAA
Global\SvcctrlStartEvent_A3752DX
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [Update available,Button]
[Window,Class] = [&Upgrade,Button]
[Window,Class] = [,Edit]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [Piriform CCleaner,PiriformCCleaner]
[Window,Class] = [,#32770]
行为描述:打开互斥体
详情信息:Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\c:!users!administrator!appdata!local!microsoft!internet explorer!domstore!
Local\c:!users!administrator!appdata!roaming!microsoft!internet explorer!userdata!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号