VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:70
Behavior list
Basic Information
MD5:d090e4a72d4f119e11ea3fbd556aef7a
file type:EXE
Production company:福建创意嘉和软件有限公司(C)2001-2015
version:2014.0.2.63702---2014.0.2.63702
Shell or compiler information:
Key behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\DINPUT8.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cfgdll.dll
Behavior description:检测自身是否被调试
details:N/A
Behavior description:获取TickCount值
details:TickCount = 488690, SleepMilliseconds = 50.
TickCount = 488721, SleepMilliseconds = 50.
TickCount = 488737, SleepMilliseconds = 50.
TickCount = 488925, SleepMilliseconds = 50.
TickCount = 488956, SleepMilliseconds = 50.
TickCount = 488971, SleepMilliseconds = 50.
TickCount = 488987, SleepMilliseconds = 50.
TickCount = 489003, SleepMilliseconds = 50.
TickCount = 489018, SleepMilliseconds = 50.
TickCount = 489065, SleepMilliseconds = 50.
TickCount = 489128, SleepMilliseconds = 50.
TickCount = 489253, SleepMilliseconds = 50.
TickCount = 489268, SleepMilliseconds = 50.
TickCount = 489284, SleepMilliseconds = 50.
TickCount = 489300, SleepMilliseconds = 50.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" atl.dll /s
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" "C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\EyLogin.dll" /s
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\tmpad.xml
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cfgdll.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ShieldModule.dat
C:\Documents and Settings\Administrator\Application Data\mymacro\qdisp.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac4.tmp.Qtmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugin.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\REGDLL.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\PIAO_SOFT.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\WINDOW.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\GETSYSINFO.DLL
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cfgdll.dll
C:\Documents and Settings\Administrator\Application Data\mymacro\qdisp.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\REGDLL.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\PIAO_SOFT.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\WINDOW.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\GETSYSINFO.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.DLL
C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD001.dat
C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD002.dat
Behavior description:覆盖已有文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9025.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:复制文件
details:C:\WINDOWS\system32\mynotepad.exe ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp
C:\WINDOWS\system32\mynotepad.exe ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp
Behavior description:删除文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\tmpad.xml
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugin.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mymacro.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ShieldModule.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\188background.bmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac4.tmp.Qtmp
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\*.dll
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\GETSYSINFO.DLL
FileName = regsvr32.*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\regsvr32.*
FileName = C:\WINDOWS\system32\regsvr32.*
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\regsvr32.exe
FileName = KERNEL32.DLL
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BackGround.bmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\188background.bmp
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\tmpad.xml---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\ShieldModule.dat---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac3.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac4.tmp.Qtmp---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugin.zip---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mymacro.zip---> Offset = 12288
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BackGround.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.ini---> Offset = 35
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.ini---> Offset = 154
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.ini---> Offset = 241
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.ini---> Offset = 362
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.ini---> Offset = 453
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.ini---> Offset = 514
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://hi.vrbrothers.com/xjl/mmcount.aspx?mm=00012C50D762F410B1FDFA1D914B29D71B5350D1DF1192721BEF5F8BF21346928B0B4F38DBE204390C987583&randcode=0001C6A4C59E5A1650B7F8BC811DD19F5FBB73DB9BA451A72ECF311B40D1544660702CE46C9DC2557A54FE904E4DD24DFF
Behavior description:下载文件
details:URLDownloadToFileW: http://soft.anjian.com/V2014V2/Config/ad-mymacro.xml ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp
URLDownloadToFileW: http://down.vrbrothers.com/qmacro/up_mymacro/liveupdate8.dat ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp
Behavior description:连接指定站点
details:InternetConnectA: ServerName = hm.baidu.com, PORT = 80
Behavior description:打开HTTP连接
details:Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Behavior description:建立到一个指定的套接字连接
details:110.110.110.110:88
110.110.110.110:80
Behavior description:读取网络文件
details:hFile = 0x0000031c, BytesToRead =4096, BytesRead = 4096.
hFile = 0x00000324, BytesToRead =4096, BytesRead = 4096.
hFile = 0x0000045c, BytesToRead =4096, BytesRead = 4096.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: hm.baidu.com:80/hm.js?82d5c049236934007371777578c30be1, hConnect = 0x0000032c
Behavior description:按名称获取主机地址
details:yx.whlpz.com
hi.vrbrothers.com
plsys.plyz.net
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMVBSRoutine\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMVBSRoutine\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMLibrary\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\
\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMLibrary\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InProcServer32\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
Other behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = B8566
EventName = B624
EventName = B8497
EventName = Global\userenv: User Profile setup event
EventName = CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000011
EventName = CTF.ThreadMIConnectionEvent.000007B4.00000000.00000011
EventName = KERNEL32.DLL
EventName = MSCTF.SendReceiveConection.Event.MJH.IC
EventName = MSCTF.SendReceive.Event.ELH.IC
EventName = MSCTF.SendReceiveConection.Event.ELH.IC
EventName = CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000012
EventName = CTF.ThreadMIConnectionEvent.000007B4.00000000.00000012
EventName = MSCTF.SendReceiveConection.Event.ELH.IM
EventName = MSCTF.SendReceive.Event.ELH.IM
Behavior description:检测自身是否被调试
details:N/A
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 392, Hwnd=0x902d4, Text = 本次更新自动输入验证码 由于时间关系赶着尽快更新给大家使用,本次的验证可能有些无法识别 出现无法识别的验证时辅助会自动载图保存到C, ClassName = Edit.
Pid = 392, Hwnd=0x302dc, Text = 开始使用>>, ClassName = Button.
Pid = 392, Hwnd=0x202c2, Text = 设置, ClassName = Button.
Pid = 392, Hwnd=0x202c4, Text = 声明, ClassName = Button.
Pid = 392, Hwnd=0x102f6, Text = 窗体1, ClassName = #32770.
Pid = 392, Hwnd=0x105a0, Text = QQ交谈, ClassName = Button.
Pid = 392, Hwnd=0x1054c, Text = 主将死强退, ClassName = Button.
Pid = 392, Hwnd=0x1058a, Text = 扫荡设置, ClassName = Static.
Pid = 392, Hwnd=0x10594, Text = 扫荡关卡, ClassName = ComboBox.
Pid = 392, Hwnd=0x10590, Text = 吐蕃, ClassName = ComboBox.
Pid = 392, Hwnd=0x1057a, Text = 宋江技能, ClassName = Static.
Pid = 392, Hwnd=0x1057c, Text = 宋江出生有, ClassName = Button.
Pid = 392, Hwnd=0x10588, Text = 宋江出锦囊, ClassName = Button.
Pid = 392, Hwnd=0x1057e, Text = 宋江出杀, ClassName = Button.
Pid = 392, Hwnd=0x10580, Text = 宋江上装备, ClassName = Button.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 488690, SleepMilliseconds = 50.
TickCount = 488721, SleepMilliseconds = 50.
TickCount = 488737, SleepMilliseconds = 50.
TickCount = 488925, SleepMilliseconds = 50.
TickCount = 488956, SleepMilliseconds = 50.
TickCount = 488971, SleepMilliseconds = 50.
TickCount = 488987, SleepMilliseconds = 50.
TickCount = 489003, SleepMilliseconds = 50.
TickCount = 489018, SleepMilliseconds = 50.
TickCount = 489065, SleepMilliseconds = 50.
TickCount = 489128, SleepMilliseconds = 50.
TickCount = 489253, SleepMilliseconds = 50.
TickCount = 489268, SleepMilliseconds = 50.
TickCount = 489284, SleepMilliseconds = 50.
TickCount = 489300, SleepMilliseconds = 50.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 50.
CursorPos = (6399,26500), SleepMilliseconds = 50.
CursorPos = (19234,15724), SleepMilliseconds = 50.
CursorPos = (11543,29358), SleepMilliseconds = 50.
CursorPos = (27027,24464), SleepMilliseconds = 50.
CursorPos = (5770,28145), SleepMilliseconds = 50.
CursorPos = (23346,16827), SleepMilliseconds = 50.
CursorPos = (10026,491), SleepMilliseconds = 50.
CursorPos = (3060,11942), SleepMilliseconds = 50.
CursorPos = (4892,5436), SleepMilliseconds = 50.
CursorPos = (32456,14604), SleepMilliseconds = 50.
CursorPos = (3967,153), SleepMilliseconds = 50.
CursorPos = (357,12382), SleepMilliseconds = 50.
CursorPos = (17486,18716), SleepMilliseconds = 50.
CursorPos = (19783,19895), SleepMilliseconds = 50.
Behavior description:枚举窗口
details:N/A
Behavior description:可执行文件签名信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cfgdll.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\mymacro\qdisp.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\REGDLL.DLL(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\PIAO_SOFT.DLL(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\WINDOW.DLL(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\GETSYSINFO.DLL(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD001.dat(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD002.dat(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1817357.
[2]: MilliSeconds = 10000.
[3]: MilliSeconds = 900000.
[4]: MilliSeconds = 900000.
[5]: MilliSeconds = 900000.
[6]: MilliSeconds = 900000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [HtmlWebFrame,AfxWnd100s]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [主将,Static]
[Window,Class] = [副将1,Static]
[Window,Class] = [副将2,Static]
[Window,Class] = [副将3,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Static]
[Window,Class] = [虞姬技能,Static]
[Window,Class] = [宋江技能,Static]
[Window,Class] = [扫荡设置,Static]
[Window,Class] = [复仇不扔牌,Button]
[Window,Class] = [血不出闪,Static]
[Window,Class] = [主将出万箭,Button]
Behavior description:可执行文件MD5
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cfgdll.dll ---> 929f56b46242fa68a616374a5403689b
C:\Documents and Settings\Administrator\Application Data\mymacro\qdisp.dll ---> d15b727adfc4d5621b8e3ecba7ffa242
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\REGDLL.DLL ---> e29d9a912204844df5306ca3935b1f1c
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\PIAO_SOFT.DLL ---> b7ff60652b8825f92ab14842f711d152
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\WINDOW.DLL ---> 4c462a5ff18e333b767ea44c318c05c2
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\GETSYSINFO.DLL ---> 86fac926e4317612393f677b42bb10d1
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.DLL ---> 3114e21f1a7fb572d21ed3b388048f37
C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD001.dat ---> a178063c77d5138d95b19e6930760886
C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD002.dat ---> da9ee08d671fd560971c0128d2191598
Behavior description:加载新释放的文件
details:Image: C:\Documents and Settings\Administrator\Application Data\mymacro\qdisp.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cfgdll.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\FILE.DLL.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\GETSYSINFO.DLL.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\PIAO_SOFT.DLL.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\REGDLL.DLL.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\plugin\WINDOW.DLL.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号