VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :86
基本信息
MD5:b38e0cd08ca9821004b3940ffc60371a
文件类型:EXE
出品公司:
版本:
壳或编译器信息:COMPILER:NSIS
子文件信息:licecap.exe / 75b14bed42a96fda105bfeda771a6f20 / EXE
license.txt / fdafc691aa5fb7f8e2a9e9521fef771b / Unknown
whatsnew.txt / 6b282d033c4155532d3018259562938e / Unknown
[NSIS].nsi / ac9089ec3e867c8a9a7c6c15320b7d4a / Unknown
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00010344, Text = LICEcap v1.28 Setup , ClassName = #32770.
行为描述:在桌面创建文件
详情信息:C:\Documents and Settings\Administrator\桌面\LICEcap.lnk
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2832, ThreadID = 3052, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2832, ThreadID = 3056, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2832, ThreadID = 3096, StartAddress = 00404F56, Parameter = 0004036A
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp
C:\Program Files\LICEcap\licecap.exe
C:\Program Files\LICEcap\Uninstall.exe
C:\Program Files\LICEcap\license.txt
C:\Program Files\LICEcap\whatsnew.txt
行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息:C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\LICEcap.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\LICEcap License.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\Whatsnew.txt.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\Uninstall LICEcap.lnk
行为描述:创建可执行文件
详情信息:C:\Program Files\LICEcap\licecap.exe
C:\Program Files\LICEcap\Uninstall.exe
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Program Files\LICEcap
FileName = C:\Program Files
FileName = C:\Program Files\LICEcap\LICEcap.exe
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr5.tmp
行为描述:在桌面创建文件
详情信息:C:\Documents and Settings\Administrator\桌面\LICEcap.lnk
行为描述:修改文件内容
详情信息:C:\Program Files\LICEcap\licecap.exe ---> Offset = 0
C:\Program Files\LICEcap\licecap.exe ---> Offset = 32768
C:\Program Files\LICEcap\licecap.exe ---> Offset = 38020
C:\Program Files\LICEcap\licecap.exe ---> Offset = 70788
C:\Program Files\LICEcap\licecap.exe ---> Offset = 72198
C:\Program Files\LICEcap\Uninstall.exe ---> Offset = 0
C:\Program Files\LICEcap\Uninstall.exe ---> Offset = 50176
C:\Program Files\LICEcap\license.txt ---> Offset = 0
C:\Program Files\LICEcap\whatsnew.txt ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\LICEcap.lnk ---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\LICEcap.lnk ---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\LICEcap License.lnk ---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\Whatsnew.txt.lnk ---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\LICEcap\Uninstall LICEcap.lnk ---> Offset = 0
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\LICEcap\
其他行为
行为描述:创建互斥体
详情信息:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EBL
行为描述:创建事件对象
详情信息:EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EBL.IC
EventName = MSCTF.SendReceiveConection.Event.EBL.IC
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
行为描述:窗口信息
详情信息:Pid = 2832, Hwnd=0x10348, Text = I &Agree, ClassName = Button.
Pid = 2832, Hwnd=0x1034a, Text = Cancel, ClassName = Button.
Pid = 2832, Hwnd=0x10356, Text = Nullsoft Install System v2.51 , ClassName = Static.
Pid = 2832, Hwnd=0x10358, Text = Nullsoft Install System v2.51, ClassName = Static.
Pid = 2832, Hwnd=0x1035c, Text = License Agreement, ClassName = Static.
Pid = 2832, Hwnd=0x1035e, Text = Please review the license terms before installing LICEcap v1.28., ClassName = Static.
Pid = 2832, Hwnd=0x10366, Text = Press Page Down to see the rest of the agreement., ClassName = Static.
Pid = 2832, Hwnd=0x10368, Text = GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. , ClassName = RichEdit20A.
Pid = 2832, Hwnd=0x1036a, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install LICEcap v1.28., ClassName = Static.
Pid = 2832, Hwnd=0x10344, Text = LICEcap v1.28 Setup , ClassName = #32770.
Pid = 2832, Hwnd=0x20342, Text = < &Back, ClassName = Button.
Pid = 2832, Hwnd=0x10348, Text = &Next >, ClassName = Button.
Pid = 2832, Hwnd=0x1035c, Text = Choose Components, ClassName = Static.
Pid = 2832, Hwnd=0x1035e, Text = Choose which features of LICEcap v1.28 you want to install., ClassName = Static.
Pid = 2832, Hwnd=0x2036a, Text = Custom, ClassName = ComboBox.
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x00010344, Text = LICEcap v1.28 Setup , ClassName = #32770.
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
行为描述:可执行文件签名信息
详情信息:C:\Program Files\LICEcap\licecap.exe(签名验证: 未通过)
C:\Program Files\LICEcap\Uninstall.exe(签名验证: 未通过)
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
行为描述:可执行文件MD5
详情信息:C:\Program Files\LICEcap\licecap.exe ---> 75b14bed42a96fda105bfeda771a6f20
C:\Program Files\LICEcap\Uninstall.exe ---> 4a197db1b9d8e9b90ac4f6cc1d238ce6
行为描述:打开互斥体
详情信息:ShimCacheMutex
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号