VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :85
基本信息
MD5:d62089b7420cbeeb46a6808deb22fcf5
文件类型:Nsis
出品公司:
版本:
壳或编译器信息:
关键行为
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ENJ..JKCGF
MSCTF.MarshalInterface.FileMap.ENJ.B.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.C.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.D.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.E.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.F.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.G.JLCGF
MSCTF.Shared.SFM.ENJ
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
DfSharedHeap7EE9B
DfRoot00007EE9B
BaiduHi_BugReport_3236
BaiduHiSharedMemory
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\Administrator\桌面\百度Hi.lnk
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015041620150417
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
[Window,Class] = [TimerWin,baidu_timer]
[Window,Class] = [,BaiduHiWndClassName]
[Window,Class] = [,ATL:103150B8]
[Window,Class] = [,BaseGui]
[Window,Class] = [,Shell Embedding]
行为描述:设置启动项
详情信息:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\百度Hi.lnk
进程行为
行为描述:隐藏窗口创建进程
详情信息:ImagePath = c:\windows\system32\cacls.exe, CmdLine = "c:\windows\system32\cacls.exe" "c:\program files\baidu\baidu hi" /t /e /c /p everyone:c
ImagePath = c:\program files\baidu\baidu hi\hiplatform.exe, CmdLine =
行为描述:创建进程
详情信息:ImagePath = C:\WINDOWS\system32\Cacls.exe, CmdLine = "C:\WINDOWS\system32\Cacls.exe" "C:\Program Files\baidu\Baidu Hi" /t /e /c /p everyone:c
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\baidu\Baidu Hi\npHiLoginPlugin.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\baidu\Baidu Hi\WebDetect3.dll"
行为描述:创建新文件进程
详情信息:ImagePath = C:\Program Files\baidu\Baidu Hi\BaiduHi.exe, CmdLine = "C:\Program Files\baidu\Baidu Hi\BaiduHi.exe" Install
ImagePath = C:\Program Files\baidu\Baidu Hi\BaiduHi.exe, CmdLine = "C:\Program Files\baidu\Baidu Hi\BaiduHi.exe"
ImagePath = C:\Program Files\baidu\Baidu Hi\HiPlatform.exe, CmdLine = "C:\Program Files\baidu\Baidu Hi\HiPlatform.exe"
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息:C:\Documents and Settings\Administrator\「开始」菜单\程序\百度Hi\百度Hi.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\百度Hi\百度Hi首页.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\百度Hi\卸载百度Hi.lnk
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\CloseRun2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\InstallOptions.dll
C:\Program Files\baidu\Baidu Hi\Basement.dll
C:\Program Files\baidu\Baidu Hi\PEngine.dll
C:\Program Files\baidu\Baidu Hi\ImEngine.dll
C:\Program Files\baidu\Baidu Hi\MediaEngine.dll
C:\Program Files\baidu\Baidu Hi\BVELib.dll
C:\Program Files\baidu\Baidu Hi\NetService.dll
C:\Program Files\baidu\Baidu Hi\RUDPLib.dll
C:\Program Files\baidu\Baidu Hi\ImStorage.dll
C:\Program Files\baidu\Baidu Hi\zlib1.dll
C:\Program Files\baidu\Baidu Hi\fmmgr.dll
C:\Program Files\baidu\Baidu Hi\SpeexCodec.dll
C:\Program Files\baidu\Baidu Hi\AppUtil.dll
C:\Program Files\baidu\Baidu Hi\SkinDLL.dll
行为描述:设置启动项
详情信息:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\百度Hi.lnk
行为描述:在桌面创建快捷方式
详情信息:C:\Documents and Settings\Administrator\桌面\百度Hi.lnk
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ENJ..JKCGF
MSCTF.MarshalInterface.FileMap.ENJ.B.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.C.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.D.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.E.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.F.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.G.JLCGF
MSCTF.Shared.SFM.ENJ
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
DfSharedHeap7EE9B
DfRoot00007EE9B
BaiduHi_BugReport_3236
BaiduHiSharedMemory
行为描述:重命名文件
详情信息:C:\Program Files\baidu\Baidu Hi\nsu5.tmp ---> C:\Program Files\baidu\Baidu Hi\WebDetect3.dll
行为描述:设置特殊文件夹属性
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015041620150417
行为描述:修改文件内容
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\InstOption.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\InstOption.ini---> Offset = 23
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 310
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 365
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 373
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 385
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 225
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\HelpLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Classes\.hif\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\Cacls.exe
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\Content Type\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\.baiduhi\
\REGISTRY\MACHINE\SOFTWARE\Classes\.baiduhi\Content Type
行为描述:修改注册表_URL协议关联
详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\URL Protocol
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.ENJ
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
SHIMLIB_LOG_MUTEX
54B55498-0BB1-4896-AC08-2595F474CBDE
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
[Window,Class] = [TimerWin,baidu_timer]
[Window,Class] = [,BaiduHiWndClassName]
[Window,Class] = [,ATL:103150B8]
[Window,Class] = [,BaseGui]
[Window,Class] = [,Shell Embedding]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CallbackPWnd3236,]
NtUserFindWindowEx: [Class,Window] = [Internet Explorer_Server,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 2512, Hwnd=0x10352, Text = unpacking data: 82%, ClassName = Static.
Pid = 2512, Hwnd=0x10356, Text = Please wait while Setup is loading..., ClassName = Static.
Pid = 2512, Hwnd=0x1034e, Text = unpacking data: 82%, ClassName = #32770.
Pid = 2512, Hwnd=0x20354, Text = 下一步(&N) >, ClassName = Button.
Pid = 2512, Hwnd=0x20352, Text = 取消(&C), ClassName = Button.
Pid = 2512, Hwnd=0x10364, Text = , ClassName = Static.
Pid = 2512, Hwnd=0x10366, Text = , ClassName = Static.
Pid = 2512, Hwnd=0x10376, Text = 欢迎使用“百度Hi”安装向导, ClassName = Static.
Pid = 2512, Hwnd=0x10378, Text = 即将在您的计算机上安装 百度Hi 4.7 Beta。 建议您关闭所有的运行程序后继续。 点击 下一步 继续,点击 取消 取消安装。, ClassName = Static.
Pid = 2512, Hwnd=0x8035c, Text = 百度Hi 安装, ClassName = #32770.
Pid = 2512, Hwnd=0x20356, Text = < 上一步(&P), ClassName = Button.
Pid = 2512, Hwnd=0x20354, Text = 我接受(&I), ClassName = Button.
Pid = 2512, Hwnd=0x1036a, Text = 许可证协议, ClassName = Static.
Pid = 2512, Hwnd=0x1036c, Text = 在安装“百度Hi”之前,请阅读授权协议。, ClassName = Static.
Pid = 2512, Hwnd=0x20378, Text = 请阅读版本许可。, ClassName = Static.
行为描述:内联HOOK
详情信息:C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
行为描述:打开图片文件
详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\modern-wizard.bmp
\Program Files\baidu\Baidu Hi\Script\first.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45_l.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45_m.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45_s.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8_l.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8_m.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8_s.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56_l.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56_m.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56_s.jpg
\Program Files\baidu\Baidu Hi\syshead\287e05adcc1689935fa03802ebbf3509.jpg
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号