VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:a1a309603b88818daeea847e46051957
file type:EXE
Production company:百度在线网络技术(北京)有限公司
version:3.0.9.0---3.0.9.0
Shell or compiler information:COMPILER:NSIS
Subfile information:bg_setup_instl.bmp / a8693961d871262c8c028fe9f9119aff / Unknown
BwifiWinManager.exe / e59d7f01eaee5895b8b13cd68d1ab84d / EXE
netr28ux.sys / 585cc7812eb8049899dcf5bb68e68f48 / SYS
netr28ux.sys / 01db854b267cbdab411c089558d7f57a / SYS
RT2870.sys / 62aa0568a42a9edf7799d4c190e53144 / SYS
netr28u.sys / 0134ac3e06bc8a7667a83e208f205066 / SYS
duNetSh.dll / c54fd18c2c87023c1553ba577449a774 / DLL
RT2870.sys / f6349e1755c01b4fdaa78078c5e05b97 / SYS
netr28u.sys / 0e436e234c214d25e54b84316a7d1e04 / SYS
DuiLib_d.dll / 496412e89b11a128bacfdac8bc37ee55 / DLL
DuiLib_ud.dll / 4b3b627e801b02cf8153827b832a8b77 / DLL
RaAPAPI.dll / 2ed8949c43ad083ca19f657ca16287fe / DLL
DPInst64.exe / fb5d2817bdaec22ca960f04afc8f55f1 / EXE
netr28u.inf / 2270946e282150d002308500ef6e69a5 / Unknown
netr28ux.inf / 164d6f3da1f0a84dc4aedcaa75dda427 / Unknown
netr28ux.inf / 8a02afee15bd92258e9261d7eab4db65 / Unknown
netr28u.inf / 352ed6d158c474bb36e7d43f227043de / Unknown
RT2870.inf / a8422ba26c9a1d17725875053351e4be / Unknown
RT2870.inf / b26e3ae023db6295c430c2161a9369d4 / Unknown
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\小度WiFi.lnk
Behavior description:获取TickCount值
details:TickCount = 5369346, SleepMilliseconds = 50.
TickCount = 5369362, SleepMilliseconds = 50.
TickCount = 5369393, SleepMilliseconds = 50.
TickCount = 5369409, SleepMilliseconds = 50.
TickCount = 5369425, SleepMilliseconds = 50.
TickCount = 5369440, SleepMilliseconds = 50.
TickCount = 5369471, SleepMilliseconds = 50.
TickCount = 5369487, SleepMilliseconds = 50.
TickCount = 5369503, SleepMilliseconds = 50.
TickCount = 5369518, SleepMilliseconds = 50.
TickCount = 5369534, SleepMilliseconds = 50.
TickCount = 5369550, SleepMilliseconds = 50.
TickCount = 5369565, SleepMilliseconds = 50.
TickCount = 5369581, SleepMilliseconds = 50.
TickCount = 5369596, SleepMilliseconds = 50.
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\小度WiFi
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4E.tmp" C:\Program Files\Baidu\小度WiFi\snetcfg.exe -u ms_XiaoduWiFiNAT
ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4F.tmp" CMD /c
ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns50.tmp" "C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe" "C:\Program Files\Baidu\小度WiFi"
ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns51.tmp" "C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe" "C:\Program Files\Baidu\小度WiFi\B_WiFi.ini"
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = CMD /c
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3360, ThreadID = 3556, StartAddress = 0040538A, Parameter = 001303BE
TargetProcess: BwifiWinManager.exe, InheritedFromPID = 3360, ProcessID = 3936, ThreadID = 3912, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: BwifiWinManager.exe, InheritedFromPID = 3936, ProcessID = 3960, ThreadID = 3992, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: BwifiWinManager.exe, InheritedFromPID = 3936, ProcessID = 3960, ThreadID = 3976, StartAddress = 004468A0, Parameter = 00000000
TargetProcess: BwifiWinManager.exe, InheritedFromPID = 3936, ProcessID = 3960, ThreadID = 3980, StartAddress = 0041EDF0, Parameter = 00000000
TargetProcess: BwifiWinManager.exe, InheritedFromPID = 3936, ProcessID = 3960, ThreadID = 3984, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: BwifiWinManager.exe, InheritedFromPID = 3936, ProcessID = 3960, ThreadID = 3924, StartAddress = 01845820, Parameter = 01893D38
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4E.tmp" C:\Program Files\Baidu\小度WiFi\snetcfg.exe -u ms_XiaoduWiFiNAT
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4F.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4F.tmp" CMD /c
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns50.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns50.tmp" "C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe" "C:\Program Files\Baidu\小度WiFi"
ImagePath = C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe, CmdLine = "C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe" "C:\Program Files\Baidu\小度WiFi"
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns51.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns51.tmp" "C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe" "C:\Program Files\Baidu\小度WiFi\B_WiFi.ini"
ImagePath = C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe, CmdLine = "C:\Program Files\Baidu\小度WiFi\SetAllAccessRights.exe" "C:\Program Files\Baidu\小度WiFi\B_WiFi.ini"
ImagePath = C:\Program Files\Baidu\小度WiFi\BwifiWinManager.exe, CmdLine = "C:\Program Files\Baidu\小度WiFi\BwifiWinManager.exe"
ImagePath = C:\Program Files\Baidu\小度WiFi\BwifiWinManager.exe, CmdLine = "C:\Program Files\Baidu\小度WiFi\BwifiWinManager.exe" /admin
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsa4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup_instl.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_close.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_agreement.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\license.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\checkbox1.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\checkbox2.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_install.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\loading1.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\loading2.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\SkinBtn.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\ioSpecial.ini
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\小度WiFi\小度WiFi.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\小度WiFi\Uninstall.lnk
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\SkinBtn.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\SkinProgress.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\WndProc.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\FindProcDLL.dll
C:\Program Files\Baidu\小度WiFi\msvcp100.dll
C:\Program Files\Baidu\小度WiFi\msvcr100.dll
C:\Program Files\Baidu\小度WiFi\bdxlog.dll
C:\Program Files\Baidu\小度WiFi\RaAPAPI.dll
C:\Program Files\Baidu\小度WiFi\libupnp.dll
C:\Program Files\Baidu\小度WiFi\DuiLib_ud.dll
C:\Program Files\Baidu\小度WiFi\DuiLib_u.dll
C:\Program Files\Baidu\小度WiFi\DuiLib_d.dll
C:\Program Files\Baidu\小度WiFi\DuiLib.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_close.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\ns4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\ns4F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\ns50.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\ns51.tmp
Behavior description:复制文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\nsExec.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4E.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\nsExec.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns4F.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\nsExec.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns50.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\nsExec.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\ns51.tmp
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\小度WiFi.lnk
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsa4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup_instl.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_agreement.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_close.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_install.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\checkbox1.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\checkbox2.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\FindProcDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\license.rtf
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\loading1.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\loading2.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\modern-wizard.bmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp
FileName = C:\Program Files\Baidu\小度WiFi\UnSharing.exe
FileName = C:\Program Files\Baidu\小度WiFi\RaRegistry.exe
FileName = C:\Program Files\Baidu\小度WiFi\RaRegistry64.exe
FileName = C:\Program Files\Baidu\小度WiFi\duNet.dll
FileName = C:\Program Files\Baidu\小度WiFi
FileName = C:\Program Files\Baidu
FileName = C:\Program Files
FileName = C:\Program Files\Baidu\小度WiFi\update.exe
FileName = C:\Program Files\Baidu\小度WiFi\version.ini
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup.bmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup.bmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup_instl.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup_instl.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup_instl.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup_instl.bmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\bg_setup_instl.bmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_close.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\btn_agreement.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\license.rtf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\license.rtf ---> Offset = 32768
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BwifiWinManager.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小度WiFi\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小度WiFi\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小度WiFi\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小度WiFi\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小度WiFi\Publisher
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Baidu\小度WiFi\BwifiWinManager.exe
Behavior description:删除注册表键_删除启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\Shell
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\小度WiFi
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\小度WiFi
Other behavior
Behavior description:获取光标位置
details:CursorPos = (71,18468), SleepMilliseconds = 300000.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SMAPLE_MUTEX
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEN
RasPbFile
oleacc-msaa-loaded
Global\MsgQueueMutex
BAIDU_SECTION_IME_XLOGSETTING_INIT
BAIDU_SECTION_IME_XLOGSETTING_OP
Local\ZonesCounterMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [Nullsoft Install System v2.46 ,Static]
[Window,Class] = [Nullsoft Install System v2.46,Static]
[Window,Class] = [,Button]
[Window,Class] = [安装(&I),Button]
[Window,Class] = [取消(&C),Button]
[Window,Class] = [,RichEdit20A]
[Window,Class] = [安装完成,Static]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [< 上一步(&P),Button]
[Window,Class] = [一键安装,Button]
[Window,Class] = [勾选表示已阅读并同意,Static]
[Window,Class] = [许可协议,Button]
[Window,Class] = [BaiduWifi_Shadow,BAIDUWIFI_CLASS_1E9C5B65-4DF1-44B5-90E5-847077A03F71]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [SysListView32,]
NtUserFindWindowEx: [Class,Window] = [,小度_WiFi]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
MSCTF.SendReceiveConection.Event.ELH.IO
MSCTF.SendReceive.Event.ELH.IO
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000044
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000044
Behavior description:获取TickCount值
details:TickCount = 5369346, SleepMilliseconds = 50.
TickCount = 5369362, SleepMilliseconds = 50.
TickCount = 5369393, SleepMilliseconds = 50.
TickCount = 5369409, SleepMilliseconds = 50.
TickCount = 5369425, SleepMilliseconds = 50.
TickCount = 5369440, SleepMilliseconds = 50.
TickCount = 5369471, SleepMilliseconds = 50.
TickCount = 5369487, SleepMilliseconds = 50.
TickCount = 5369503, SleepMilliseconds = 50.
TickCount = 5369518, SleepMilliseconds = 50.
TickCount = 5369534, SleepMilliseconds = 50.
TickCount = 5369550, SleepMilliseconds = 50.
TickCount = 5369565, SleepMilliseconds = 50.
TickCount = 5369581, SleepMilliseconds = 50.
TickCount = 5369596, SleepMilliseconds = 50.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3360, Hwnd=0x1302c4, Text = 小度WiFi, ClassName = Static.
Pid = 3360, Hwnd=0x13033a, Text = 一键安装, ClassName = Button.
Pid = 3360, Hwnd=0x110342, Text = 勾选表示已阅读并同意, ClassName = Static.
Pid = 3360, Hwnd=0x7038e, Text = 许可协议, ClassName = Button.
Pid = 3360, Hwnd=0x7037c, Text = 安装完成, ClassName = Static.
Pid = 3360, Hwnd=0x1002c8, Text = 安装(&I), ClassName = Button.
Pid = 3360, Hwnd=0x1802fe, Text = 取消(&C), ClassName = Button.
Pid = 3360, Hwnd=0x1902ce, Text = Nullsoft Install System v2.46 , ClassName = Static.
Pid = 3360, Hwnd=0x7038a, Text = Nullsoft Install System v2.46, ClassName = Static.
Pid = 3360, Hwnd=0x802da, Text = 小度WiFi 3.0.9.0 安装, ClassName = #32770.
Pid = 3360, Hwnd=0x11032e, Text = 抽取: RaAPAPI.dll... 100%, ClassName = Static.
Pid = 3360, Hwnd=0x7037c, Text = 正在安装..., ClassName = Static.
Pid = 3360, Hwnd=0x9039c, Text = 小度WiFi, ClassName = Static.
Pid = 3360, Hwnd=0xd035e, Text = < 上一步(&P), ClassName = Button.
Pid = 3360, Hwnd=0x1002c8, Text = 下一步(&N) >, ClassName = Button.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\SkinBtn.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\SkinProgress.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\WndProc.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\FindProcDLL.dll(签名验证: 未通过)
C:\Program Files\Baidu\小度WiFi\msvcp100.dll(签名验证: 通过)
C:\Program Files\Baidu\小度WiFi\msvcr100.dll(签名验证: 通过)
C:\Program Files\Baidu\小度WiFi\bdxlog.dll(签名验证: 通过)
C:\Program Files\Baidu\小度WiFi\RaAPAPI.dll(签名验证: 通过)
C:\Program Files\Baidu\小度WiFi\libupnp.dll(签名验证: 未通过)
C:\Program Files\Baidu\小度WiFi\DuiLib_ud.dll(签名验证: 未通过)
C:\Program Files\Baidu\小度WiFi\DuiLib_u.dll(签名验证: 未通过)
C:\Program Files\Baidu\小度WiFi\DuiLib_d.dll(签名验证: 未通过)
C:\Program Files\Baidu\小度WiFi\DuiLib.dll(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
[1]: MilliSeconds = 300.
[1]: MilliSeconds = 300000.
[2]: MilliSeconds = 14400000.
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.AEN.IC
EventName = MSCTF.SendReceiveConection.Event.AEN.IC
EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = Global\MsgQueueQueueEvent
EventName = Global\crypt32LogoffEvent
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\System.dll ---> c17103ae9072a06da581dec998343fc1
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\SkinBtn.dll ---> e4ec95271ff1bcebab49bdfed6817a22
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\nsDialogs.dll ---> c10e04dd4ad4277d5adc951bb331c777
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\SkinProgress.dll ---> cc037c4703d3ec257efeef2ce0a1a20e
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\WndProc.dll ---> f0cb331dd4bd92a6ebce45e7cd1cf5ef
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv4D.tmp\FindProcDLL.dll ---> 8614c450637267afacad1645e23ba24a
C:\Program Files\Baidu\小度WiFi\msvcp100.dll ---> e3c817f7fe44cc870ecdbcbc3ea36132
C:\Program Files\Baidu\小度WiFi\msvcr100.dll ---> bf38660a9125935658cfa3e53fdc7d65
C:\Program Files\Baidu\小度WiFi\bdxlog.dll ---> 38630d5d79fe22a3c903e579333fa12d
C:\Program Files\Baidu\小度WiFi\RaAPAPI.dll ---> 2ed8949c43ad083ca19f657ca16287fe
C:\Program Files\Baidu\小度WiFi\libupnp.dll ---> edf8e54fc414ffee60d02dd641aa53fd
C:\Program Files\Baidu\小度WiFi\DuiLib_ud.dll ---> 4b3b627e801b02cf8153827b832a8b77
C:\Program Files\Baidu\小度WiFi\DuiLib_u.dll ---> d3ab16794532a7c56d3901f9ab2c5d2d
C:\Program Files\Baidu\小度WiFi\DuiLib_d.dll ---> 496412e89b11a128bacfdac8bc37ee55
C:\Program Files\Baidu\小度WiFi\DuiLib.dll ---> d60abef1e7b3d07fdc94f9a4614d5703
Behavior description:打开互斥体
details:ShimCacheMutex
RasPbFile
DBWinMutex
Local\!IETld!Mutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\SkinBtn.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\nsDialogs.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\SkinProgress.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\WndProc.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\FindProcDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv4D.tmp\nsExec.dll.
Image: C:\Program Files\Baidu\小度WiFi\PhoneConnect.dll.
Image: C:\Program Files\Baidu\小度WiFi\duNetSh.dll.
Image: C:\Program Files\Baidu\小度WiFi\BDMWiFiNATDll.dll.
Image: C:\Program Files\Baidu\小度WiFi\BaiduMediaService.dll.
Image: C:\Program Files\Baidu\小度WiFi\RaAPAPI.dll.
Image: C:\Program Files\Baidu\小度WiFi\DuiLib.dll.
Image: C:\Program Files\Baidu\小度WiFi\msvcr100.dll.
Image: C:\Program Files\Baidu\小度WiFi\libcurl.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号