VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:76
Behavior list
Basic Information
MD5:ced00c03f30ecb10be9b19ab24e3d1d6
file type:EXE
Production company:
version:1.0.0.0
Shell or compiler information:
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Process behavior
Behavior description:创建进程
details:ImagePath = C:\Program Files\tlxsoft\屏幕录像专家 共享版 V2012\屏录专家.exe, CmdLine = "C:\Program Files\tlxsoft\屏幕录像专家 共享版 V2012\屏录专家.exe"
ImagePath = C:\Program Files\tlxsoft\屏幕录像专家 共享版 V2012\ly.exe, CmdLine = "C:\Program Files\tlxsoft\屏幕录像专家 共享版 V2012\ly.exe" /Automation -Embedding
File behavior
Behavior description:写权限映射文件
details:\%temp%\1417075507.653233.exe
Local\UrlZonesSM_Administrator
Behavior description:重命名文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\xsandbox.bin.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\xsandbox.bin
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\temp\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\屏录专家.exe ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\屏录专家.exe.__meta__.__tmp__ ---> C:\Documents and Settings\Administrator\Local Setting
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\stubexe\0x354C1C4FFF84C29B\屏录专家.exe.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\stu
C:\Documents and Settings\Administrator\Local Settings\Temp\SPOON\CACHE\0xBB3C74940DB6B0AC\sxs\Manifests\ylw.exe_0x311e9643399894a9c9860864504e9558.1.manifest.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Temp\SPOON\CACHE\0xBB3C74940DB6B0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\temp\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\ly.exe ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sand
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\ly.exe.__meta__.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Applicatio
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\stubexe\0xA60114D0AF9D92DA\ly.exe.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\stubexe\0xA60
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\temp\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\HOOK.DLL ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sa
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\HOOK.DLL.__meta__.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Applicat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\temp\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\HOOK1.DLL ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\S
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\HOOK1.DLL.__meta__.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Applica
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\temp\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\setc.dat ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sa
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\setc.dat.__meta__.__tmp__ ---> C:\Documents and Settings\Administrator\Local Settings\Applic
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\temp\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\nowlx.bmp ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\S
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\xsandbox.bin---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\屏录专家.exe.__meta__---> Offset = 16
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\ly.exe.__meta__---> Offset = 16
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\HOOK.DLL.__meta__---> Offset = 16
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\HOOK1.DLL.__meta__---> Offset = 16
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\setc.dat.__meta__---> Offset = 16
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\modified\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\setc.dat---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\meta\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\nowlx.bmp.__meta__---> Offset = 16
C:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\modified\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\nowlx.bmp---> Offset = 66
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = start.spoon.net, PORT = 443
Behavior description:打开HTTP请求
details:HttpOpenRequestA: start.spoon.net:443/services/1.0/activity/vm-10.4.2491.0/run, hConnect = 0x00000528
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\msacm.imaadpcm\MaxRTEncodeSetting
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\msacm.imaadpcm\MaxRTDecodeSetting
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\msacm.msgsm610\MaxRTEncodeSetting
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\msacm.msgsm610\MaxRTDecodeSetting
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\Wow6432Node\CLSID\{A8B0ADB7-ECB6-4D8F-829A-F050181A6510}\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\Wow6432Node\CLSID\{A8B0ADB7-ECB6-4D8F-829A-F050181A6510}\lyv2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\Wow6432Node\CLSID\{A8B0ADB7-ECB6-4D8F-829A-F050181A6510}\LocalServer32\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\Wow6432Node\CLSID\{A8B0ADB7-ECB6-4D8F-829A-F050181A6510}\LocalServer32\ThreadingModel
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\TypeLib\{8B1437DD-2F74-4C1A-AC2A-BD3CF699B0A9}\1.0\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\TypeLib\{8B1437DD-2F74-4C1A-AC2A-BD3CF699B0A9}\1.0\0\win32\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\TypeLib\{8B1437DD-2F74-4C1A-AC2A-BD3CF699B0A9}\1.0\HELPDIR\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Spoon\SandboxCache\BB3C74940DB6B0AC\roaming\modified\@HKCR@\Wow6432Node\Interface\{735613C5-3961-41EE-9EFB-6901D693600C}\
\REGISTRY\MACHINE\SOFTWARE\TLXSOFT\TLXSOFT
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
Other behavior
Behavior description:创建互斥体
details:Local\__VMX_0x001494DC
Global\__VMX_0x001494DC
_xvm_mtx_sandbox_info_0xBB3C74940DB6B0AC
_xvm_mtx_sentinel_0xBB3C74940DB6B0AC
_xvm_mtx_servicesentinel_0xBB3C74940DB6B0AC
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\__VMX_0x001497E9
Global\__VMX_0x001497E9
PMLXZJ
_xvm_mtx_A8B0ADB7-ECB6-4D8F-829A-F050181A6510
Local\__VMX_0x00149BA2
Global\__VMX_0x00149BA2
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,PMLXZJRECORDER{A8B0ADB7-ECB6-4D8F-829A-F050181A6510}]
Behavior description:获取系统权限
details:SE_INC_BASE_PRIORITY_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 1868, Hwnd=0xb0164, Text = 生成模式 , ClassName = TTabSheet.
Pid = 1868, Hwnd=0xc01d6, Text = 录像模式 , ClassName = TTabSheet.
Pid = 1868, Hwnd=0xb0170, Text = 定时录制, ClassName = TTabSheet.
Pid = 1868, Hwnd=0xd01ac, Text = 2014-11-27, ClassName = TDateTimePicker.
Pid = 1868, Hwnd=0xd01ce, Text = 2014-11-27, ClassName = TDateTimePicker.
Pid = 1868, Hwnd=0xc01c2, Text = 快捷键, ClassName = TTabSheet.
Pid = 1868, Hwnd=0xa0196, Text = F11, ClassName = TComboBox.
Pid = 1868, Hwnd=0xc01b4, Text = F11, ClassName = Edit.
Pid = 1868, Hwnd=0xa0198, Text = F4, ClassName = TComboBox.
Pid = 1868, Hwnd=0xc01e8, Text = F4, ClassName = Edit.
Pid = 1868, Hwnd=0xb01b0, Text = F3, ClassName = TComboBox.
Pid = 1868, Hwnd=0xe016e, Text = F3, ClassName = Edit.
Pid = 1868, Hwnd=0xb01c6, Text = F2, ClassName = TComboBox.
Pid = 1868, Hwnd=0xa01aa, Text = F2, ClassName = Edit.
Pid = 1868, Hwnd=0xb0380, Text = 基本设置, ClassName = TTabSheet.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:内联HOOK
details:C:\WINDOWS\system32\ntdll.dll--->NtClose Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtDuplicateObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtMakeTemporaryObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtQueryObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->ZwSetInformationObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->ZwSignalAndWaitForSingleObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtWaitForMultipleObjects Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->ZwWaitForSingleObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtQuerySecurityObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtSetSecurityObject Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->ZwCreateMutant Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->ZwOpenMutant Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtCreateEvent Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtOpenEvent Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->ZwCreateSemaphore Offset = 0x0
Behavior description:打开图片文件
details:\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\temp\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\nowlx.bmp
\Documents and Settings\Administrator\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\roaming\modified\@PROGRAMFILESX86@\tlxsoft\屏幕录像专家 共享版 V2012\nowlx.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号