VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:84
Behavior list
Basic Information
MD5:b5b28baf93ef0faece78c2abcacd2899
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:至尊搜索神器.exe / 5d91f3e00040df0e92c1be9e6449dba9 / Nsis
至尊搜索神器.exedumpFile / 5d91f3e00040df0e92c1be9e6449dba9 / Nsis
ss.exe / 8915992c12588457bdf43382b297a0ea / EXE
ss.exedumpFile / 8915992c12588457bdf43382b297a0ea / EXE
ss.exedumpFile / 8915992c12588457bdf43382b297a0ea / EXE
System.Data.SQLite.dll / 332638395640220e4466a9c894a32edd / DLL
System.Data.SQLite.dlldumpFile / 332638395640220e4466a9c894a32edd / DLL
System.Data.SQLite.dlldumpFile / 332638395640220e4466a9c894a32edd / DLL
IrisSkin2.dlldumpFile / 7deaf4a6fa52e8d23f75cf998d6cfe2b / DLL
IrisSkin2.dlldumpFile / 7deaf4a6fa52e8d23f75cf998d6cfe2b / DLL
IrisSkin2.dll / 7deaf4a6fa52e8d23f75cf998d6cfe2b / DLL
llq.dlldumpFile / 0175b6a191ded90c16d2cb4cac201701 / DLL
llq.dll / 0175b6a191ded90c16d2cb4cac201701 / DLL
llq.dlldumpFile / 0175b6a191ded90c16d2cb4cac201701 / DLL
without.dll / beb5cf1f8f9d2ba239f65133e0da2402 / DLL
without.dlldumpFile / beb5cf1f8f9d2ba239f65133e0da2402 / DLL
without.dlldumpFile / beb5cf1f8f9d2ba239f65133e0da2402 / DLL
caiyunxueyuan.dlldumpFile / e2793ffc92f5a396aad0bd8ca950f054 / DLL
caiyunxueyuan.dlldumpFile / e2793ffc92f5a396aad0bd8ca950f054 / DLL
Key behavior
Behavior description:探测 Virtual PC 是否存在
details:N/A
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\至尊搜索神器.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\DiskD\NetFrameWork
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.46,Static]
[Window,Class] = [Nullsoft Install System v2.46 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [至尊搜索神器 【支持排序】 ★百度云搜索 女神/电影/番号/种子/磁力链接 搜索,WindowsForms10.Window.8.app.0.1a0e24_r21_ad1]
Behavior description:按名称获取主机地址
details:wpad.
www.beijing-time.org
www.so.com
t1.qpic.cn
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\至尊搜索神器\ss.exe, CmdLine = "C:\Program Files\至尊搜索神器\ss.exe"
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\至尊搜索神器\至尊搜索神器.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\至尊搜索神器\彩云学院.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\至尊搜索神器\Uninstall.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\InstallOptions.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\StartMenu.dll
C:\Program Files\至尊搜索神器\caiyunxueyuan.dll
C:\Program Files\至尊搜索神器\IrisSkin2.dll
C:\Program Files\至尊搜索神器\llq.dll
C:\Program Files\至尊搜索神器\ss.exe
C:\Program Files\至尊搜索神器\VmDetectLibrary.dll
C:\Program Files\至尊搜索神器\System.Data.SQLite.dll
C:\Program Files\至尊搜索神器\without.dll
C:\Program Files\至尊搜索神器\uninst.exe
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\至尊搜索神器.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.AHO..DLNHF
MSCTF.MarshalInterface.FileMap.AHO.B.DLNHF
MSCTF.MarshalInterface.FileMap.AHO.C.DLNHF
MSCTF.MarshalInterface.FileMap.AHO.D.DLNHF
MSCTF.MarshalInterface.FileMap.AHO.E.DLNHF
MSCTF.MarshalInterface.FileMap.AHO.F.DLNHF
MSCTF.MarshalInterface.FileMap.AHO.G.DLNHF
MSCTF.Shared.SFM.AHO
Global\Cor_Private_IPCBlock_v4_2200
Global\Cor_SxSPublic_IPCBlock_2200
Global\NLS_CodePage_936_3_2_0_0
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\DiskD\NetFrameWork
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\modern-wizard.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 321
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 376
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 396
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 344
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\ioSpecial.ini---> Offset = 631
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = www.youdao.com, PORT = 80
InternetConnectA: ServerName = caiyunxy.ys168.com, PORT = 80
InternetConnectA: ServerName = hi.baidu.com, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:127.0.0.1:1037
Behavior description:读取网络文件
details:hFile = 0x0000050c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000460, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000810, BytesToRead =1024, BytesRead = 1024.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: www.youdao.com:80/search?q=%e5%8c%97%e4%ba%ac%e6%97%b6%e9%97%b4, hConnect = 0x00000520
HttpOpenRequestA: caiyunxy.ys168.com:80/, hConnect = 0x000006e8
HttpOpenRequestA: hi.baidu.com:80/dasqtactbhbauyq/item/d073784d985eaccfdc0f6cd3, hConnect = 0x000007b8
HttpOpenRequestA: www.youdao.com:80/search?q=%e5%8c%97%e4%ba%ac%e6%97%b6%e9%97%b4, hConnect = 0x0000080c
Behavior description:按名称获取主机地址
details:wpad.
www.beijing-time.org
www.so.com
t1.qpic.cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\至尊搜索神器\NSIS:StartMenuDir
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ss.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\至尊搜索神器\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\至尊搜索神器\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\至尊搜索神器\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\至尊搜索神器\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\至尊搜索神器\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\至尊搜索神器\Publisher
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.AHO
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
oleacc-msaa-loaded
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.46,Static]
[Window,Class] = [Nullsoft Install System v2.46 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [至尊搜索神器 【支持排序】 ★百度云搜索 女神/电影/番号/种子/磁力链接 搜索,WindowsForms10.Window.8.app.0.1a0e24_r21_ad1]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:探测 Virtual PC 是否存在
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3692, Hwnd=0x10354, Text = 下一步(&N) >, ClassName = Button.
Pid = 3692, Hwnd=0x10356, Text = 取消(&C), ClassName = Button.
Pid = 3692, Hwnd=0x10362, Text = Nullsoft Install System v2.46 , ClassName = Static.
Pid = 3692, Hwnd=0x10364, Text = Nullsoft Install System v2.46, ClassName = Static.
Pid = 3692, Hwnd=0x10374, Text = 欢迎使用“至尊搜索神器 5.36”安装向导, ClassName = Static.
Pid = 3692, Hwnd=0x10376, Text = 这个向导将指引你完成“至尊搜索神器 5.36”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定, ClassName = Static.
Pid = 3692, Hwnd=0x1034e, Text = 至尊搜索神器 5.36 安装, ClassName = #32770.
Pid = 3692, Hwnd=0x10352, Text = < 上一步(&B), ClassName = Button.
Pid = 3692, Hwnd=0x10368, Text = 选择安装位置, ClassName = Static.
Pid = 3692, Hwnd=0x1036a, Text = 选择“至尊搜索神器 5.36”的安装文件夹。, ClassName = Static.
Pid = 3692, Hwnd=0x20376, Text = C:\Program Files\至尊搜索神器, ClassName = Edit.
Pid = 3692, Hwnd=0x20374, Text = 浏览(&B)..., ClassName = Button.
Pid = 3692, Hwnd=0x20372, Text = 可用空间: 5.8GB, ClassName = Static.
Pid = 3692, Hwnd=0x1037c, Text = 所需空间: 4.3MB, ClassName = Static.
Pid = 3692, Hwnd=0x1037e, Text = 现在将安装 至尊搜索神器 5.36 到下列文件夹。要安装到其他文件夹请单击 [浏览(B)] 进行选择。 单击 [下一步(N)] 继续。, ClassName = Static.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd7.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号