VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:d4bd95002c71bceb2f76144c8c33773c
file type:Cab
Production company:Baidu
version:5.2.7.2---5.2.7.2
Shell or compiler information:
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Baohe_BugReport_1308
DfSharedHeap69143
DfRoot000069143
AtlDebugAllocator_FileMappingNameStatic3_51c
YunBrowserSharedMemory_1308
baiduyun_peer_dload_2013_1202
baiduyun_peer_upload_2013_1202
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
Behavior description:按名称获取主机地址
details:pan.baidu.com
nj.h.bcsp2p.baidu.com
nj.t.bcsp2p.baidu.com
bj.t.bcsp2p.baidu.com
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s /s C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\YunShellExt.dll"
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\BaiduYunGuanjia.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\BaiduYunGuanjia.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Baohe_BugReport_1308
DfSharedHeap69143
DfRoot000069143
AtlDebugAllocator_FileMappingNameStatic3_51c
YunBrowserSharedMemory_1308
baiduyun_peer_dload_2013_1202
baiduyun_peer_upload_2013_1202
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\AppUtil.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\BaiduYunGuanjia.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\Basement.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\Bull120U.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\YunDb.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\YunLogic.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\YunShellExt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\YunShellExt64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\channelpcsdk.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\kernel.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\msvcp120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\msvcr120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\npYunWebDetect.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\xImage.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\AppProperty.xml---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\AppSettingApp.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\VersionInfo---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\YunTorrentFile.ico---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\autobackup.ico---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\resource.db---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\skin\default.db---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\skin\duiengineskin.zip---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\sounds\1.wav---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\sounds\2.wav---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\sounds\3.wav---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanJia\sounds\4.wav---> Offset = 49152
C:\Documents and Settings\Administrator\Application Data\BaiduYunKernel\Data\BaiduKernel_20150630211401_347_1.log---> Offset = 0
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Network behavior
Behavior description:按名称获取主机地址
details:pan.baidu.com
nj.h.bcsp2p.baidu.com
nj.t.bcsp2p.baidu.com
bj.t.bcsp2p.baidu.com
Registry behavior
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\YunShellExt\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Control
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Programmable
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ToolboxBitmap32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ToolboxBitmap32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Description
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Path
Behavior description:修改注册表_文件关联
details:\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\BaiduYunGuanjia\DEBUG\Trace Level
Other behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
B
SHIMLIB_LOG_MUTEX
RasPbFile
{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagEDFCHGEAMBFAAAAA
{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagICFCHGEAMBFAAAAA
{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagAPIAHGEAMBFAAAAA
{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagIIGCHGEAMBFAAAAA
{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagAFCCHGEAMBFAAAAA
{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagMNDCHGEAMBFAAAAA
Behavior description:内联HOOK
details:C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号