VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:d62089b7420cbeeb46a6808deb22fcf5
file type:Nsis
Production company:
version:
Shell or compiler information:
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ENJ..JKCGF
MSCTF.MarshalInterface.FileMap.ENJ.B.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.C.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.D.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.E.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.F.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.G.JLCGF
MSCTF.Shared.SFM.ENJ
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
DfSharedHeap7EE9B
DfRoot00007EE9B
BaiduHi_BugReport_3236
BaiduHiSharedMemory
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\百度Hi.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015041620150417
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
[Window,Class] = [TimerWin,baidu_timer]
[Window,Class] = [,BaiduHiWndClassName]
[Window,Class] = [,ATL:103150B8]
[Window,Class] = [,BaseGui]
[Window,Class] = [,Shell Embedding]
Behavior description:设置启动项
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\百度Hi.lnk
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = c:\windows\system32\cacls.exe, CmdLine = "c:\windows\system32\cacls.exe" "c:\program files\baidu\baidu hi" /t /e /c /p everyone:c
ImagePath = c:\program files\baidu\baidu hi\hiplatform.exe, CmdLine =
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\Cacls.exe, CmdLine = "C:\WINDOWS\system32\Cacls.exe" "C:\Program Files\baidu\Baidu Hi" /t /e /c /p everyone:c
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\baidu\Baidu Hi\npHiLoginPlugin.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\baidu\Baidu Hi\WebDetect3.dll"
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\baidu\Baidu Hi\BaiduHi.exe, CmdLine = "C:\Program Files\baidu\Baidu Hi\BaiduHi.exe" Install
ImagePath = C:\Program Files\baidu\Baidu Hi\BaiduHi.exe, CmdLine = "C:\Program Files\baidu\Baidu Hi\BaiduHi.exe"
ImagePath = C:\Program Files\baidu\Baidu Hi\HiPlatform.exe, CmdLine = "C:\Program Files\baidu\Baidu Hi\HiPlatform.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\百度Hi\百度Hi.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\百度Hi\百度Hi首页.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\百度Hi\卸载百度Hi.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\CloseRun2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\InstallOptions.dll
C:\Program Files\baidu\Baidu Hi\Basement.dll
C:\Program Files\baidu\Baidu Hi\PEngine.dll
C:\Program Files\baidu\Baidu Hi\ImEngine.dll
C:\Program Files\baidu\Baidu Hi\MediaEngine.dll
C:\Program Files\baidu\Baidu Hi\BVELib.dll
C:\Program Files\baidu\Baidu Hi\NetService.dll
C:\Program Files\baidu\Baidu Hi\RUDPLib.dll
C:\Program Files\baidu\Baidu Hi\ImStorage.dll
C:\Program Files\baidu\Baidu Hi\zlib1.dll
C:\Program Files\baidu\Baidu Hi\fmmgr.dll
C:\Program Files\baidu\Baidu Hi\SpeexCodec.dll
C:\Program Files\baidu\Baidu Hi\AppUtil.dll
C:\Program Files\baidu\Baidu Hi\SkinDLL.dll
Behavior description:设置启动项
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\百度Hi.lnk
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\百度Hi.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ENJ..JKCGF
MSCTF.MarshalInterface.FileMap.ENJ.B.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.C.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.D.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.E.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.F.JLCGF
MSCTF.MarshalInterface.FileMap.ENJ.G.JLCGF
MSCTF.Shared.SFM.ENJ
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
DfSharedHeap7EE9B
DfRoot00007EE9B
BaiduHi_BugReport_3236
BaiduHiSharedMemory
Behavior description:重命名文件
details:C:\Program Files\baidu\Baidu Hi\nsu5.tmp ---> C:\Program Files\baidu\Baidu Hi\WebDetect3.dll
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015041620150417
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\InstOption.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\InstOption.ini---> Offset = 23
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 310
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 365
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 373
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 385
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\ioSpecial.ini---> Offset = 225
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\HelpLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BaiduHi\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Classes\.hif\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu.FacePack\DefaultIcon\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\Cacls.exe
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\Content Type\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\.baiduhi\
\REGISTRY\MACHINE\SOFTWARE\Classes\.baiduhi\Content Type
Behavior description:修改注册表_URL协议关联
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Baidu\URL Protocol
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.ENJ
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
SHIMLIB_LOG_MUTEX
54B55498-0BB1-4896-AC08-2595F474CBDE
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
[Window,Class] = [TimerWin,baidu_timer]
[Window,Class] = [,BaiduHiWndClassName]
[Window,Class] = [,ATL:103150B8]
[Window,Class] = [,BaseGui]
[Window,Class] = [,Shell Embedding]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CallbackPWnd3236,]
NtUserFindWindowEx: [Class,Window] = [Internet Explorer_Server,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2512, Hwnd=0x10352, Text = unpacking data: 82%, ClassName = Static.
Pid = 2512, Hwnd=0x10356, Text = Please wait while Setup is loading..., ClassName = Static.
Pid = 2512, Hwnd=0x1034e, Text = unpacking data: 82%, ClassName = #32770.
Pid = 2512, Hwnd=0x20354, Text = 下一步(&N) >, ClassName = Button.
Pid = 2512, Hwnd=0x20352, Text = 取消(&C), ClassName = Button.
Pid = 2512, Hwnd=0x10364, Text = , ClassName = Static.
Pid = 2512, Hwnd=0x10366, Text = , ClassName = Static.
Pid = 2512, Hwnd=0x10376, Text = 欢迎使用“百度Hi”安装向导, ClassName = Static.
Pid = 2512, Hwnd=0x10378, Text = 即将在您的计算机上安装 百度Hi 4.7 Beta。 建议您关闭所有的运行程序后继续。 点击 下一步 继续,点击 取消 取消安装。, ClassName = Static.
Pid = 2512, Hwnd=0x8035c, Text = 百度Hi 安装, ClassName = #32770.
Pid = 2512, Hwnd=0x20356, Text = < 上一步(&P), ClassName = Button.
Pid = 2512, Hwnd=0x20354, Text = 我接受(&I), ClassName = Button.
Pid = 2512, Hwnd=0x1036a, Text = 许可证协议, ClassName = Static.
Pid = 2512, Hwnd=0x1036c, Text = 在安装“百度Hi”之前,请阅读授权协议。, ClassName = Static.
Pid = 2512, Hwnd=0x20378, Text = 请阅读版本许可。, ClassName = Static.
Behavior description:内联HOOK
details:C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp\modern-wizard.bmp
\Program Files\baidu\Baidu Hi\Script\first.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45_l.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45_m.jpg
\Program Files\baidu\Baidu Hi\syshead\adc4bfd8a414ab86fa9fe1b75bfd4c45_s.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8_l.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8_m.jpg
\Program Files\baidu\Baidu Hi\syshead\260284208a905b499d98d69622a4c7e8_s.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56_l.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56_m.jpg
\Program Files\baidu\Baidu Hi\syshead\cf5432e824bc9a61db9e146c9e0a8a56_s.jpg
\Program Files\baidu\Baidu Hi\syshead\287e05adcc1689935fa03802ebbf3509.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号