VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:9c0301861a35f203f3697a9f603bc18b
file type:EXE
Production company:Yanu|CCAV1.COM
version:1.4.0.558---1.4.0.558
Shell or compiler information:
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..MINGH
MSCTF.MarshalInterface.FileMap.EHF.B.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.C.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.D.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.E.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.F.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.G.LLNGH
MSCTF.MarshalInterface.FileMap.MOM..ANBIH
MSCTF.MarshalInterface.FileMap.MOM.B.ANBIH
MSCTF.MarshalInterface.FileMap.MOM.C.ANBIH
MSCTF.MarshalInterface.FileMap.MOM.D.AOBIH
MSCTF.MarshalInterface.FileMap.MOM.E.POBIH
MSCTF.MarshalInterface.FileMap.MOM.F.POBIH
MSCTF.MarshalInterface.FileMap.MOM.G.POBIH
Behavior description:关机或重启
details:N/A
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Shadow Defender.lnk
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shadow Defender Daemon
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Setup.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Setup.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\Shadow Defender\Shadow Defender.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Shadow Defender\Help.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Shadow Defender\Uninstall Shadow Defender.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\CmdTool.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Commit.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Daemon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Defender.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Service.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\ShellExt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Uninstall.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\diskpt.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\CmdTool.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\Commit.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\Daemon.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\Defender.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\Service.exe
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd5.tmp
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Setup.exe
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\*
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\*
FileName = C:\Program Files\Shadow Defender\CmdTool.exe
FileName = C:\Program Files
FileName = C:\Program Files\Shadow Defender
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Shadow Defender.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..MINGH
MSCTF.MarshalInterface.FileMap.EHF.B.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.C.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.D.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.E.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.F.LLNGH
MSCTF.MarshalInterface.FileMap.EHF.G.LLNGH
MSCTF.MarshalInterface.FileMap.MOM..ANBIH
MSCTF.MarshalInterface.FileMap.MOM.B.ANBIH
MSCTF.MarshalInterface.FileMap.MOM.C.ANBIH
MSCTF.MarshalInterface.FileMap.MOM.D.AOBIH
MSCTF.MarshalInterface.FileMap.MOM.E.POBIH
MSCTF.MarshalInterface.FileMap.MOM.F.POBIH
MSCTF.MarshalInterface.FileMap.MOM.G.POBIH
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\CmdTool.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\Help.chm---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\eula.rtf---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x86\res.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\CmdTool.txt---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\Help.chm---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\eula.rtf---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SD1.4.0.558_CN\Setup_x64\res.ini---> Offset = 0
C:\Program Files\Shadow Defender\res.ini---> Offset = 0
C:\Program Files\Shadow Defender\CmdTool.txt---> Offset = 0
C:\Program Files\Shadow Defender\Help.chm---> Offset = 262144
C:\Program Files\Shadow Defender\eula.rtf---> Offset = 0
C:\Program Files\Shadow Defender\user.dat---> Offset = 0
C:\WINDOWS\diskpt.crt---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\Shadow Defender\Shadow Defender.lnk---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\Group
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\Control
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\UpperFilters
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\LowerFilters
\REGISTRY\MACHINE\SOFTWARE\Shadow Defender\Path
\REGISTRY\MACHINE\SOFTWARE\Shadow Defender\RegURL
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\GUID
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\Sync
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{FF2EA936-C1E1-428D-9572-F4285AFC4F48}\
\REGISTRY\MACHINE\SOFTWARE\Classes\DefenderShellExt.ContextMenuExt.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\DefenderShellExt.ContextMenuExt.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\DefenderShellExt.ContextMenuExt\
\REGISTRY\MACHINE\SOFTWARE\Classes\DefenderShellExt.ContextMenuExt\CLSID\
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表_服务项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\diskpt\Start
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\DefenderContextMenuExt\
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Shadow Defender Daemon
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
S
MSCTF.Shared.MUTEX.ELH
SHIMLIB_LOG_MUTEX
Global\{44EE29B3-FD3D-4E65-BDFC-ABDA82EE76B0}
MSCTF.Shared.MUTEX.MOM
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,Shadow Defender Daemon Window]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:关机或重启
details:N/A
Behavior description:窗口信息
details:Pid = 1344, Hwnd=0x202a8, Text = 确定, ClassName = Button.
Pid = 1344, Hwnd=0x202cc, Text = 安装完毕SD软件提示重启,点击“No-否”那个稍后重启选项,然后用系统内置的重启,重新启动电脑(因为此过程要写入注册脚本)。, ClassName = Static.
Pid = 1344, Hwnd=0x202a4, Text = Shadow Defender Chinese Setup, ClassName = #32770.
Pid = 3304, Hwnd=0x3015a, Text = &Next >, ClassName = Button.
Pid = 3304, Hwnd=0xa02a4, Text = Cancel, ClassName = Button.
Pid = 3304, Hwnd=0x302a6, Text = Welcome to the Shadow Defender Setup Wizard, ClassName = Static.
Pid = 3304, Hwnd=0x302cc, Text = This will install Shadow Defender 1.4.0.558 on your computer. It is recommended that you close all other applications before con, ClassName = Static.
Pid = 3304, Hwnd=0x140134, Text = Setup - Shadow Defender, ClassName = #32770.
Pid = 3304, Hwnd=0x402a6, Text = &Next >, ClassName = Button.
Pid = 3304, Hwnd=0x402a8, Text = Cancel, ClassName = Button.
Pid = 3304, Hwnd=0xb02a4, Text = License Agreement, ClassName = Static.
Pid = 3304, Hwnd=0x4015a, Text = Please read the following important information before continuing., ClassName = Static.
Pid = 3304, Hwnd=0x402cc, Text = 中文注册版由 Yanu 制作 -安装后即是简体中文,自动激活,无需注册码 -完美模拟官方安装流程,支持覆盖安装 -32位和64位二合一版本,自, ClassName = RichEdit20W.
Pid = 3304, Hwnd=0x402ba, Text = I &accept the agreement, ClassName = Button(CheckBox).
Pid = 3304, Hwnd=0x302dc, Text = < &Back, ClassName = Button.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号