VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:93
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:da5faab3847a1b0db05163def8cbc60d
file type:Nsis
Production company:
version:2008.3.11.0---2008.3.11
Shell or compiler information:
Subfile information:znabc5.23.exedumpFile / 2210712250d61b25a771771879c5ae40 / Nsis
znabc5.23.exe / 2210712250d61b25a771771879c5ae40 / Nsis
aspack212r_565781ecdumpFile / f5601dc914fef3b9c446faeae9b8f7f7 / EXE
aspack212r_09970ad9dumpFile / f5601dc914fef3b9c446faeae9b8f7f7 / EXE
aspack212r_c9ecb354dumpFile / f5601dc914fef3b9c446faeae9b8f7f7 / EXE
winabcx.ovl / 1e56964467c5d64d67e57c1652fad3e9 / Unknown
winabcx.ovldumpFile / 1e56964467c5d64d67e57c1652fad3e9 / Unknown
winabcx.ovldumpFile / 1e56964467c5d64d67e57c1652fad3e9 / Unknown
inst.exe / 389528df906c02b3815014ea30d711c9 / EXE
inst.exedumpFile / 389528df906c02b3815014ea30d711c9 / EXE
inst.exedumpFile / 389528df906c02b3815014ea30d711c9 / EXE
Winabc.hlp / 55438f5d88aeec636b5fd92cca6c519e / Unknown
Winabc.hlpdumpFile / 55438f5d88aeec636b5fd92cca6c519e / Unknown
Winabc.hlpdumpFile / 55438f5d88aeec636b5fd92cca6c519e / Unknown
Winabc.cwddumpFile / b1f24c7b48b5cc2f680b59b0e41b474d / Unknown
Winabc.cwddumpFile / b1f24c7b48b5cc2f680b59b0e41b474d / Unknown
Winabc.cwd / b1f24c7b48b5cc2f680b59b0e41b474d / Unknown
winabcnt.imedumpFile / 96d243c999a7054fd0a12aa51cb52e14 / DLL
winabcnt.imedumpFile / 96d243c999a7054fd0a12aa51cb52e14 / DLL
Key behavior
Behavior description:修改注册表_安装输入法项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\system32\winabcx.ime
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [多特软件站 安装 ,#32770]
[Window,Class] = [yoUlijie-2006-01-06,Static]
[Window,Class] = [yoUlijie-2006-01-06 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [详细信息(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装程序已成功运行完毕。,Static]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\znabc5.23.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\znabc5.23.exe
ImagePath = C:\Program Files\znabc\inst.exe, CmdLine = "C:\Program Files\znabc\inst.exe"
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\智能ABC\安装智能ABC.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\智能ABC\帮助.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\智能ABC\删除智能ABC.lnk
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\system32\winabcx.ime
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 314
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 369
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 377
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 389
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 338
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\ioSpecial.ini---> Offset = 615
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse5.tmp\znabc5.23.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\InstallOptions.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\StartMenu.dll
C:\Program Files\znabc\winabcnt.ime
C:\Program Files\znabc\winabc.ime
C:\Program Files\znabc\UninstallIME.dll
C:\Program Files\znabc\inst.exe
C:\Program Files\znabc\abcwin.exe
C:\Program Files\znabc\删除智能ABC.exe
C:\WINDOWS\system32\winabcx.ime
C:\WINDOWS\system32\abcwin.exe
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\Codepage
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\智能ABC\NSIS:StartMenuDir
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\inst.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\智能ABC\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\智能ABC\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\智能ABC\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\智能ABC\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\智能ABC\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\智能ABC\Publisher
Behavior description:修改注册表_安装输入法项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表_浏览器默认搜索引擎
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\URL
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [#32770,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [多特软件站 安装 ,#32770]
[Window,Class] = [yoUlijie-2006-01-06,Static]
[Window,Class] = [yoUlijie-2006-01-06 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [详细信息(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装程序已成功运行完毕。,Static]
Behavior description:窗口信息
details:Pid = 3396, Hwnd=0xe01b8, Text = 下一步(&N) >, ClassName = Button.
Pid = 3396, Hwnd=0xb01e0, Text = 取消(&C), ClassName = Button.
Pid = 3396, Hwnd=0xa01f0, Text = yoUlijie-2006-01-06 , ClassName = Static.
Pid = 3396, Hwnd=0xc01da, Text = yoUlijie-2006-01-06, ClassName = Static.
Pid = 3396, Hwnd=0xb0332, Text = 欢迎使用 智能ABC 5.23 安装向导, ClassName = Static.
Pid = 3396, Hwnd=0x9035c, Text = 这个向导将指引您完成 智能ABC 5.23 的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许安装程序更新指定的系统文件,, ClassName = Static.
Pid = 3396, Hwnd=0xb0174, Text = 智能ABC 5.23 特别版 By Ulijie(第二版), ClassName = #32770.
Pid = 3396, Hwnd=0xc01b6, Text = < 上一步(&P), ClassName = Button.
Pid = 3396, Hwnd=0xe01b8, Text = 我同意(&I), ClassName = Button.
Pid = 3396, Hwnd=0xb0200, Text = 许可协议, ClassName = Static.
Pid = 3396, Hwnd=0xd01f6, Text = 在安装 智能ABC 5.23 之前,请仔细阅读许可协议。, ClassName = Static.
Pid = 3396, Hwnd=0xa035c, Text = 要阅读许可协议的其余部分,请按 Page Down 往下翻页。, ClassName = Static.
Pid = 3396, Hwnd=0xe038e, Text = 如果您接受许可协议,点击“我同意”继续安装。如果您选择“取消”,安装程序将会关闭。您必须接受协议才能安装 智能ABC 5.23 。, ClassName = Static.
Pid = 3396, Hwnd=0xe01b8, Text = 安装(&I), ClassName = Button.
Pid = 3396, Hwnd=0xb0200, Text = 选择开始菜单文件夹, ClassName = Static.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq8.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号