VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:96bd700b14982efe8aaf6a06b42a8109
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:kugousetup_NoAD_VIP_3000Yuan.exe / big file / Nsis
使用说明.txt / 9e62ab7a119ffaf01ecf7b3e5f312e86 / Unknown
需要更多_百度搜索.url / 3516c308d924a62b4bb893c07470045e / Unknown
使用必读.url / b72fb6817f28cc91c35322b3c9864a12 / Unknown
JZ5U绿色下载站.url / 3e8d917d0d10210cd051d7c251bcb9d9 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AFF..GIOGH
MSCTF.MarshalInterface.FileMap.AFF.B.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.C.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.D.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.E.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.F.GKOGH
MSCTF.MarshalInterface.FileMap.AFF.G.GKOGH
MSCTF.Shared.SFM.AFF
MSCTF.MarshalInterface.FileMap.AFF.H.OOALH
MSCTF.MarshalInterface.FileMap.AFF.I.OOALH
MSCTF.MarshalInterface.FileMap.AFF.J.OOALH
MSCTF.MarshalInterface.FileMap.AFF.K.OOALH
MSCTF.MarshalInterface.FileMap.AFF.L.OOALH
MSCTF.MarshalInterface.FileMap.AFF.M.OOALH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a4, Text = 酷狗音乐安装程序, ClassName = #32770.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Guangzhou KuGou Computer Technology Co., Ltd.,Static]
[Window,Class] = [,Static]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AFF..GIOGH
MSCTF.MarshalInterface.FileMap.AFF.B.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.C.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.D.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.E.GJOGH
MSCTF.MarshalInterface.FileMap.AFF.F.GKOGH
MSCTF.MarshalInterface.FileMap.AFF.G.GKOGH
MSCTF.Shared.SFM.AFF
MSCTF.MarshalInterface.FileMap.AFF.H.OOALH
MSCTF.MarshalInterface.FileMap.AFF.I.OOALH
MSCTF.MarshalInterface.FileMap.AFF.J.OOALH
MSCTF.MarshalInterface.FileMap.AFF.K.OOALH
MSCTF.MarshalInterface.FileMap.AFF.L.OOALH
MSCTF.MarshalInterface.FileMap.AFF.M.OOALH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\WaterCtrl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\ButtonLinker.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\nsDialogs.dll
Behavior description:修改文件内容
details:C:\Progress.bmp---> Offset = 0
C:\ProgressBar.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\bg.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\modern-header.bmp---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\modern-wizard.bmp---> Offset = 49152
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1445741339.889258.exe_7zdump
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MusicInstall
MSCTF.Shared.MUTEX.AFF
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Guangzhou KuGou Computer Technology Co., Ltd.,Static]
[Window,Class] = [,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000302a4, Text = 酷狗音乐安装程序, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 1388, Hwnd=0x302b4, Text = 下一步(&N) >, ClassName = Button.
Pid = 1388, Hwnd=0x302cc, Text = 取消(&C), ClassName = Button.
Pid = 1388, Hwnd=0x202d8, Text = Guangzhou KuGou Computer Technology Co., Ltd. , ClassName = Static.
Pid = 1388, Hwnd=0x202c2, Text = Guangzhou KuGou Computer Technology Co., Ltd., ClassName = Static.
Pid = 1388, Hwnd=0x302da, Text = 不到一分钟,立入7块现金的诀窍!, ClassName = Static.
Pid = 1388, Hwnd=0x302a4, Text = 酷狗音乐安装程序, ClassName = #32770.
Pid = 1388, Hwnd=0x10344, Text = 是(&Y), ClassName = Button.
Pid = 1388, Hwnd=0x10346, Text = 否(&N), ClassName = Button.
Pid = 1388, Hwnd=0x1034a, Text = 你确实要退出“酷狗音乐7.7.40.17685”安装程序?, ClassName = Static.
Pid = 1388, Hwnd=0x60342, Text = 酷狗音乐安装程序, ClassName = #32770.
Behavior description:打开图片文件
details:\Progress.bmp
\ProgressBar.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\bg.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\modern-header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst6.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号