VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:b6da356e6f78107d9690f34e485bd66e
file type:Cab
Production company:百度云管家
version:4.6.1.0---4.6.1.0
Shell or compiler information:
Subfile information:BaiduYunGuanjia.exedumpFile / b0872902ad764f524617bfdb1e2bde06 / EXE
default.dbdumpFile / 967f78355bc5027fde701e2c60a261f8 / Compound
Basement.dlldumpFile / 0316c9997c2e1de786ea31e7c89e9701 / DLL
YunLogic.dlldumpFile / 68aeb37f0578c63df292b7782a23ce9c / DLL
Bull80U.dlldumpFile / 4ee6a2058f786f0f7402c5fd37f19680 / DLL
xImage.dlldumpFile / c1b83f9db053d763b7ff676bddb40c12 / DLL
AppUtil.dlldumpFile / c4baa27c792aa68b2be2e6a1bc2bc798 / DLL
YunDb.dlldumpFile / 6c75768ec7f41b2ef53db983946c2faf / DLL
msvcr80.dlldumpFile / 1169436ee42f860c7db37a4692b38f0e / DLL
msvcp80.dlldumpFile / 8c53ccd787c381cd535d8dcca12584d8 / DLL
autobackup.icodumpFile / cea33e92dd2e8f1b4dbed22c25ac7570 / Unknown
2.wavdumpFile / 4408f456a35c301ee1b951e20ffa71bb / Unknown
channelpcsdk.dlldumpFile / 451d06ace4baec9abb7524bc28fa2ca8 / DLL
YunShellExt64.dlldumpFile / 31becef7eac5577a6fa9350fdf0e4168 / DLL
YunShellExt.dlldumpFile / 1e112eeb618d5c7a817cb946aa6cd746 / DLL
npYunWebDetect.dlldumpFile / 59b6770a545012a859f83ca1ff7bbdf8 / DLL
resource.dbdumpFile / 7b77a6373832371265087655ae59f23d / Compound
3.wavdumpFile / 9ca4aec9ef66806361f3e0ae86792c86 / Unknown
4.wavdumpFile / 0616ba6aa33fcc59c46f7edaea9b3e9e / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
[Window,Class] = [,BaseGui]
[Window,Class] = [,ATL:00BD1138]
Behavior description:按名称获取主机地址
details:pan.baidu.com
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunShellExt.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll"
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
bdlog_timing_info_V3
Baohe_BugReport_556
DfSharedHeap6F324
DfRoot00006F324
YunBrowserSharedMemory_556
MSCTF.MarshalInterface.FileMap.MDH..HCINF
MSCTF.MarshalInterface.FileMap.MDH.B.CAJNF
MSCTF.MarshalInterface.FileMap.MDH.C.CAJNF
MSCTF.MarshalInterface.FileMap.MDH.D.CAJNF
MSCTF.MarshalInterface.FileMap.MDH.E.CAJNF
MSCTF.MarshalInterface.FileMap.MDH.F.CAJNF
MSCTF.MarshalInterface.FileMap.MDH.G.CAJNF
MSCTF.Shared.SFM.MDH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull80U.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunDb.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunLogic.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunShellExt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunShellExt64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\channelpcsdk.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcp80.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcr80.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\xImage.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsa7.tmp\System.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppProperty.xml---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Microsoft.VC80.CRT.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunTorrentFile.ico---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\autobackup.ico---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\resource.db---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\skin\default.db---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\1.wav---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\2.wav---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\3.wav---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\4.wav---> Offset = 49152
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = pan.baidu.com, PORT = 80
InternetConnectA: ServerName = update.pan.baidu.com, PORT = 80
Behavior description:打开HTTP请求
details:HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804206, hConnect = 0x00000338
HttpOpenRequestA: update.pan.baidu.com:80/statistics?clienttype=8&devuid=bdimxv2%2do%5ff025928675d3418c94e1df12ae41070b%2dc%5f0%2dd%5f42563737623232333732322d3039343862622033%2dm%5f0800277a0dd3%2dv%5ff44048e7&channel=00000000000000000000000000000000&version=4
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804211, hConnect = 0x00000360
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804216, hConnect = 0x00000360
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804221, hConnect = 0x00000360
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804226, hConnect = 0x00000360
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804231, hConnect = 0x00000360
Behavior description:按名称获取主机地址
details:pan.baidu.com
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Control
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Programmable
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ToolboxBitmap32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin
Behavior description:修改注册表_文件关联
details:\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt\
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\YunShellExt\
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{B9480AFD-C7B1-4452-BE14-BB8A9540A05D}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\YunShellExt.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\YunShellExt\
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
SHIMLIB_LOG_MUTEX
locker_bdlog_timing_info_V3
YunBrowserSharedMemoryLock_556
54B55498-0BB1-4896-AC08-2595F474CBDE
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MDH
Behavior description:隐藏指定窗口
details:[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
[Window,Class] = [,BaseGui]
[Window,Class] = [,ATL:00BD1138]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 556, Hwnd=0x10380, Text = 欢迎使用百度云管家, ClassName = BaseGui.
Behavior description:内联HOOK
details:C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号