VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:ac19c955408881c793879ddbdc1b6fc1
file type:7z
Production company:成都鑫龙志科技有限公司
version:2.0.3.0---2.0.3.0
Shell or compiler information:
Subfile information:icudt.dll / big file / DLL
mtvdownmat.exe / big file / EXE
amnSongs.dat / big file / Unknown
Upgrade.exe / big file / EXE
libcef.dll / big file / DLL
d3dcompiler_43.dll / 1c9b45e87528b8bb8cfa884ea0099a85 / DLL
d3dx9_43.dll / 86e39e9161c3d930d93822f1563c280d / DLL
avcodec-53.dll / 9f1d0d2b018917d097799a78322f699c / DLL
libGLESv2.dll / 8573fce1ac9196cfe107a7db15d3f181 / DLL
tasklist.mdb / 225fbc86938409decced2a4d13ba7643 / Unknown
avformat-53.dll / 332852843e13d0103f7e6b236ae4f524 / DLL
avutil-51.dll / f293d94beaf54f091e400363c689e1b4 / DLL
libEGL.dll / e8d4675b98e3db7ded47578ee8fa4341 / DLL
Thumbs.db / 503e1d363b8c2fd743303bed9426ed8b / Compound
Thumbs.db / 4247a4771054f783b2ba16861781483c / Compound
Thumbs.db / 3e479aba30ab73521a3ca32ee95e1604 / Compound
Thumbs.db / 8961288485edd7a1475de9ced0f92f1a / Compound
Thumbs.db / 8de53213019ca9e16cd712d024a1f6f9 / Compound
m4.png / c81791e9a0fae225c4fa7db2aa3bdcd6 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MPH..LKJKH
MSCTF.MarshalInterface.FileMap.MPH.B.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.C.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.D.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.E.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.F.LLJKH
MSCTF.MarshalInterface.FileMap.MPH.G.LLJKH
MSCTF.MarshalInterface.FileMap.MPI..FOJMH
MSCTF.MarshalInterface.FileMap.MPI.B.FOJMH
MSCTF.MarshalInterface.FileMap.MPI.C.FOJMH
MSCTF.MarshalInterface.FileMap.MPI.D.FOJMH
MSCTF.MarshalInterface.FileMap.MPI.E.EAKMH
MSCTF.MarshalInterface.FileMap.MPI.F.EAKMH
MSCTF.MarshalInterface.FileMap.MPI.G.EAKMH
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_CU,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_LM,Static]
[Window,Class] = [MTV下载伴侣2.0.3.0 安装,MsiDialogCloseClass]
[Window,Class] = [取消,Button]
[Window,Class] = [,Button]
[Window,Class] = [阅读 “使用前说明”,Static]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = /i "C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\mtvDown_Setup.msi" AI_SETUPEXEPATH="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\EB93
ImagePath = C:\Program Files\MtvDownMat\mtvdownmat.exe, CmdLine = "C:\Program Files\MtvDownMat\mtvdownmat.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MPH..LKJKH
MSCTF.MarshalInterface.FileMap.MPH.B.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.C.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.D.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.E.LKJKH
MSCTF.MarshalInterface.FileMap.MPH.F.LLJKH
MSCTF.MarshalInterface.FileMap.MPH.G.LLJKH
MSCTF.MarshalInterface.FileMap.MPI..FOJMH
MSCTF.MarshalInterface.FileMap.MPI.B.FOJMH
MSCTF.MarshalInterface.FileMap.MPI.C.FOJMH
MSCTF.MarshalInterface.FileMap.MPI.D.FOJMH
MSCTF.MarshalInterface.FileMap.MPI.E.EAKMH
MSCTF.MarshalInterface.FileMap.MPI.F.EAKMH
MSCTF.MarshalInterface.FileMap.MPI.G.EAKMH
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\decoder.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\mtvdownmat.exe
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\Upgrade.exe
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\avcodec-53.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\avformat-53.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\avutil-51.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\d3dcompiler_43.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\d3dx9_43.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\icudt.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\libcef.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\libEGL.dll
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\libGLESv2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSIC.tmp
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\am.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\ar.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\bg.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\bn.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\ca.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\cs.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\da.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\de.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\el.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\en-GB.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\en-US.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\es-419.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\es.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\et.pak---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\MtvDownMat\locales\fa.pak---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\WINDOWS\system32\msi.dll
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\decoder.dll
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786\
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\msiexec.exe
FileName = C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣
FileName = C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install
FileName = C:\Documents and Settings\Administrator\Application Data\成都鑫龙志科技有限公司\MTV下载伴侣\install\3902786
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\MtvDownMat\mtvdownmat.exe
\REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Jet\4.0\Engines\SandBoxMode
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OSKMainClass,]
Behavior description:窗口信息
details:Pid = 372, Hwnd=0x302a4, Text = 取消, ClassName = Button.
Pid = 372, Hwnd=0x202a8, Text = 正在提取主应用程序文件..., ClassName = Static.
Pid = 372, Hwnd=0x3029e, Text = MTV下载伴侣 安装, ClassName = #32770.
Pid = 2296, Hwnd=0x402a0, Text = 取消, ClassName = Button.
Pid = 2296, Hwnd=0x402a2, Text = 正在准备安装..., ClassName = Static.
Pid = 2296, Hwnd=0x4029e, Text = Windows Installer, ClassName = #32770.
Pid = 2296, Hwnd=0x202c2, Text = 下一步(&N) >, ClassName = Button.
Pid = 2296, Hwnd=0x50276, Text = 取消, ClassName = Button.
Pid = 2296, Hwnd=0x302d8, Text = dialog_image.jpg, ClassName = Static.
Pid = 2296, Hwnd=0x202c4, Text = < 上一步(&B), ClassName = Button.
Pid = 2296, Hwnd=0x60280, Text = 欢迎使用 MTV下载伴侣2.0.3.0 安装向导, ClassName = Static.
Pid = 2296, Hwnd=0x50274, Text = 安装向导将在您的计算机上安装 MTV下载伴侣。单击 "下一步" 继续,或单击 "取消" 退出安装向导。, ClassName = Static.
Pid = 2296, Hwnd=0x50272, Text = MTV下载伴侣2.0.3.0 安装, ClassName = MsiDialogCloseClass.
Pid = 2296, Hwnd=0x1030e, Text = 下一步(&N) >, ClassName = Button.
Pid = 2296, Hwnd=0x10314, Text = 文件夹(&F):, ClassName = Static.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_CU,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_LM,Static]
[Window,Class] = [MTV下载伴侣2.0.3.0 安装,MsiDialogCloseClass]
[Window,Class] = [取消,Button]
[Window,Class] = [,Button]
[Window,Class] = [阅读 “使用前说明”,Static]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Advinst_0BF05806197D440EABD87FC28C7215EB
MSCTF.Shared.MUTEX.ELH
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.MPI
Global\_MSIExecute
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号