VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:b804f6bbe42bc7c7e19f3d0c6f17794d
file type:Nsis
Production company:
version:
Shell or compiler information:
Subfile information:QtGui4.dll / big file / DLL
QtCore4.dll / 51daf8c3010f6ce7b3ca88f820e3dc2d / DLL
poppler-qt4.dll / 85f9ca80e79791d7acda9b764e72721d / DLL
libeay32.dll / 640b2f9bd36c04884b4e28b6db164792 / DLL
QtNetwork4.dll / fec802737e1ee5736f4d8bab49781728 / DLL
msvcr100.dll / 0e37fbfa79d349d672456923ec5fbbe3 / DLL
ZhizhiReader.exe / 8a4b330a63dcb2f383591035e8373b29 / EXE
freetype.dll / 3e15ae94f634ed8d2afaa7ff7ba1ad29 / DLL
libsqlite.dll / daf9be99af9e44383275d499abc199c1 / DLL
msvcp100.dll / bc83108b18756547013ed443b8cdb31b / DLL
tiff3.dll / cae8b532cb7124fcf2caecb0d3afcc66 / DLL
QtXml4.dll / 4cf7ba04cb041bb6193b04aa0b6343a2 / DLL
UniCNS-UCS2-H / 7aaa246da13887fda0923b2a8a3eb425 / Unknown
UniCNS-UTF32-H / 0b320475a596fa8575020185a925c3ec / Unknown
PDF-STREAM-6dumpFile / 0fd6c8f4d3ffe3e42d6d581735eced30 / Unknown
qtiff4.dll / 5ed9d9559e835b8bed0444f506bc1f26 / DLL
lcms2.dll / c60cd04f022e2b11a9f16e7e98487a99 / DLL
UniCNS-UTF8-H / 949b6656e396689589d87c4d9d1980a6 / Unknown
UCS2-ETen-B5 / 65d26473b089761e37b0193b0255775e / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ILI..HLHKH
MSCTF.MarshalInterface.FileMap.ILI.B.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.C.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.D.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.E.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.F.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.G.HLHKH
MSCTF.Shared.SFM.ILI
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000402a8, Text = 知之阅读, ClassName = QWidget.
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\知之阅读.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v3.0b1,Static]
[Window,Class] = [Nullsoft Install System v3.0b1 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Show &details,Button]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
[Window,Class] = [知之阅读,QWidget]
Behavior description:按名称获取主机地址
details:www.google-analytics.com
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Zhizhi Reader\ZhizhiReader.exe, CmdLine = "C:\Program Files\Zhizhi Reader\ZhizhiReader.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\知之阅读\知之阅读.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\知之阅读\Website.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\知之阅读\Uninstall.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\InstallOptions.dll
C:\Program Files\Zhizhi Reader\freetype.dll
C:\Program Files\Zhizhi Reader\jpeg.dll
C:\Program Files\Zhizhi Reader\lcms2.dll
C:\Program Files\Zhizhi Reader\libeay32.dll
C:\Program Files\Zhizhi Reader\libpng15.dll
C:\Program Files\Zhizhi Reader\libsqlite.dll
C:\Program Files\Zhizhi Reader\msvcp100.dll
C:\Program Files\Zhizhi Reader\msvcr100.dll
C:\Program Files\Zhizhi Reader\openjpeg.dll
C:\Program Files\Zhizhi Reader\plugins\iconengines\qsvgicon4.dll
C:\Program Files\Zhizhi Reader\plugins\imageformats\qgif4.dll
C:\Program Files\Zhizhi Reader\plugins\imageformats\qico4.dll
C:\Program Files\Zhizhi Reader\plugins\imageformats\qjpeg4.dll
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp
FileName = C:\Program Files\Zhizhi Reader
FileName = C:\Program Files
FileName = C:\Documents and Settings\Administrator\My Documents\知之阅读\*
FileName = C:\Documents and Settings\Administrator\My Documents\知之阅读
FileName = C:\Program Files\Zhizhi Reader\ZhizhiReader.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\知之阅读.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ILI..HLHKH
MSCTF.MarshalInterface.FileMap.ILI.B.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.C.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.D.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.E.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.F.HLHKH
MSCTF.MarshalInterface.FileMap.ILI.G.HLHKH
MSCTF.Shared.SFM.ILI
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\modern-wizard.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 320
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 375
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 383
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 395
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 344
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\ioSpecial.ini---> Offset = 713
Network behavior
Behavior description:按名称获取主机地址
details:www.google-analytics.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ZhizhiReader.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zhizhi Reader\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zhizhi Reader\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zhizhi Reader\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zhizhi Reader\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zhizhi Reader\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zhizhi Reader\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zhizhi Reader\NSIS:Language
\REGISTRY\USER\S-*\Software\Zhizhi\Zhizhi Desktop\GAnalytics-cid
\REGISTRY\USER\S-*\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files\Zhizhi Reader\sqldrivers\qsqlite4.dll
\REGISTRY\USER\S-*\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files\Zhizhi Reader\sqldrivers\qsqlite4.dll
\REGISTRY\USER\S-*\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files\Zhizhi Reader\sqldrivers\qsqlite4.dll-newfile
\REGISTRY\USER\S-*\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files\Zhizhi Reader\sqldrivers\qsqlite4.dll.AmBackup26
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ILI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v3.0b1,Static]
[Window,Class] = [Nullsoft Install System v3.0b1 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Show &details,Button]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
[Window,Class] = [知之阅读,QWidget]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000402a8, Text = 知之阅读, ClassName = QWidget.
Behavior description:窗口信息
details:Pid = 2228, Hwnd=0x202a2, Text = Chinese (Simplified) / Hanyu (Jiantizi), ClassName = ComboBox.
Pid = 2228, Hwnd=0x202a6, Text = OK, ClassName = Button.
Pid = 2228, Hwnd=0x202a8, Text = Cancel, ClassName = Button.
Pid = 2228, Hwnd=0x202cc, Text = Please select a language., ClassName = Static.
Pid = 2228, Hwnd=0x2029e, Text = Installer Language, ClassName = #32770.
Pid = 2228, Hwnd=0x302a2, Text = &Next >, ClassName = Button.
Pid = 2228, Hwnd=0x302a4, Text = Cancel, ClassName = Button.
Pid = 2228, Hwnd=0x502bc, Text = Nullsoft Install System v3.0b1 , ClassName = Static.
Pid = 2228, Hwnd=0x202d4, Text = Nullsoft Install System v3.0b1, ClassName = Static.
Pid = 2228, Hwnd=0x302da, Text = Welcome to Zhizhi Reader 1.2.4 Setup, ClassName = Static.
Pid = 2228, Hwnd=0x302b8, Text = Setup will guide you through the installation of Zhizhi Reader 1.2.4. It is recommended that you close all other applications , ClassName = Static.
Pid = 2228, Hwnd=0x3029e, Text = Zhizhi Reader 1.2.4 Setup, ClassName = #32770.
Pid = 2228, Hwnd=0x302a2, Text = &Install, ClassName = Button.
Pid = 2228, Hwnd=0x402b8, Text = C:\Program Files\Zhizhi Reader, ClassName = Edit.
Pid = 2228, Hwnd=0x402da, Text = B&rowse..., ClassName = Button.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg5.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号