1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Language
Server load
1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
| Safety rating:74 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | f24a932b68c8db2783834d31ac0350f1 |
| file type: | zip |
| Production company: | |
| version: | |
| Shell or compiler information: | |
| Subfile information: | krnln.fnr / dde0681ba7a02bbb1c9b756af7e53fd2 / DLL |
| iext2.fne / a26c8b99e1519f4367893b3d3cd8e089 / DLL | |
| iext3.fne / dae847d63ae70ae4fef4e06ae804a5be / DLL | |
| 115 DiscRobot.exe / 46c7570a8c36b65c97814c0ba6518436 / EXE | |
| eAPI.fne / f3bdb078e722c34956b370a74b518e8c / DLL | |
| upx30_66ce0c23dumpFile / 7f4bd7a757c15581b0e3f3e4643b374e / DLL | |
| HtmlView.fne / 4242b8a1ddf4eaff4c18f9ef11e7b365 / DLL | |
| iext.fnr / b666d864234e2586680de95a13259829 / DLL | |
| Interface.skin / 479a29c26f621710fd626dd230335577 / Unknown | |
| SkinH_EL.dll / d50806059843fe81be1cdc9953969fa9 / DLL | |
| Error.txt / cef13c8a9e7a3a6371a401bd86b8055a / Unknown | |
| Configuration.ini / 0c18541be97004a2c44bef39ebc016a0 / Unknown | |
| Cookies.ini / 64985903eebbd2910e1911a5719f03e8 / Unknown | |
| 2012-09-03_174139.txt / 35cae11fe7e25bd36223c7f07d787c31 / Unknown | |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| \WINDOWS\system32\zh-cn\ieframe.dll.mui | |
| Local\UrlZonesSM_Administrator | |
| Local\!PrivacIE!SharedMem!Counter | |
| MSCTF.MarshalInterface.FileMap.EBD..KALHH | |
| \WINDOWS\system32\zh-cn\mshtml.dll.mui | |
| MSCTF.MarshalInterface.FileMap.EBD.B.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.C.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.D.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.E.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.F.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.G.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.H.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.I.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.J.IONHH | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [,tooltips_class32] | |
| [Window,Class] = [<,AfxWnd42s] | |
| [Window,Class] = [>,AfxWnd42s] | |
| [Window,Class] = [执行全部账号,Button] | |
| [Window,Class] = [执行选中账号,Button] | |
| [Window,Class] = [,Edit] | |
| [Window,Class] = [获取文件列表,Button] | |
| [Window,Class] = [列表生成文档,Button] | |
| [Window,Class] = [列表搜索文件,Button] | |
| [Window,Class] = [按文件名倒序,ComboBox] | |
| [Window,Class] = [,SysListView32] | |
| [Window,Class] = [,Afx:10000000:8:10011:1900015:0] | |
| [Window,Class] = [常用功能,Button] | |
| [Window,Class] = [扩展功能,Button] | |
| Behavior description: | 获取窗口截图信息 |
| details: | Foreground window Info: HWND = 0x06010563, DC = 0x06010563. |
| Foreground window Info: HWND = 0x06010564, DC = 0x06010564. | |
| Foreground window Info: HWND = 0x2a0105d3, DC = 0x2a0105d3. | |
| Foreground window Info: HWND = 0x300105cb, DC = 0x300105cb. | |
| Foreground window Info: HWND = 0x0901060a, DC = 0x0901060a. | |
| Foreground window Info: HWND = 0x02010617, DC = 0x02010617. | |
| Foreground window Info: HWND = 0xd101060b, DC = 0xd101060b. | |
| Foreground window Info: HWND = 0x01010618, DC = 0x01010618. | |
| Foreground window Info: HWND = 0x02010630, DC = 0x02010630. | |
| Foreground window Info: HWND = 0x61010619, DC = 0x61010619. | |
| Foreground window Info: HWND = 0x1f0102f2, DC = 0x1f0102f2. | |
| Foreground window Info: HWND = 0x02010652, DC = 0x02010652. | |
| Foreground window Info: HWND = 0xd90105da, DC = 0xd90105da. | |
| Foreground window Info: HWND = 0x020107bb, DC = 0x020107bb. | |
| Foreground window Info: HWND = 0x010107bd, DC = 0x010107bd. | |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| \WINDOWS\system32\zh-cn\ieframe.dll.mui | |
| Local\UrlZonesSM_Administrator | |
| Local\!PrivacIE!SharedMem!Counter | |
| MSCTF.MarshalInterface.FileMap.EBD..KALHH | |
| \WINDOWS\system32\zh-cn\mshtml.dll.mui | |
| MSCTF.MarshalInterface.FileMap.EBD.B.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.C.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.D.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.E.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.F.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.G.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.H.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.I.IONHH | |
| MSCTF.MarshalInterface.FileMap.EBD.J.IONHH | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 修改文件内容 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.337099.exe_7zdump\115 DiscRobot提取工具\Control.skin---> Offset = 0 |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.365689.exe_7zdump\115 DiscRobot提取工具\Error.txt---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.369211.exe_7zdump\115 DiscRobot提取工具\Configuration.ini---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.372767.exe_7zdump\115 DiscRobot提取工具\Configuration.ini---> Offset = 60 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.376299.exe_7zdump\115 DiscRobot提取工具\Configuration.ini---> Offset = 72 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.379836.exe_7zdump\115 DiscRobot提取工具\Configuration.ini---> Offset = 84 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.383362.exe_7zdump\115 DiscRobot提取工具\Configuration.ini---> Offset = 96 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930383.386901.exe_7zdump\115 DiscRobot提取工具\Configuration.ini---> Offset = 108 | |
| Behavior description: | 查找文件 |
| details: | FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930384.426589.exe_7zdump\115 DiscRobot提取工具\SkinH_EL.dll |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445930384.430163.exe_7zdump\115 DiscRobot提取工具\Interface.skin | |
| FileName = C:\Documents and Settings | |
| FileName = C:\Documents and Settings\Administrator | |
| FileName = C:\Documents and Settings\Administrator\Local Settings | |
| FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk | |
| FileName = C:\WINDOWS\system32\Ras\*.pbk | |
| FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk | |
| FileName = C:\WINDOWS | |
| FileName = C:\WINDOWS\system32 | |
| FileName = C:\WINDOWS\system32\ieframe.dll | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\*.* | |
| Network behavior | |
|---|---|
| Behavior description: | 连接指定站点 |
| details: | InternetConnectA: ServerName = blog.rozence.com, PORT = 80 |
| InternetConnectA: ServerName = passport.115.com, PORT = 80 | |
| Behavior description: | 建立到一个指定的套接字连接 |
| details: | 127.0.0.1:1031 |
| Behavior description: | 读取网络文件 |
| details: | hFile = 0x000005c4, BytesToRead =2048, BytesRead = 2048. |
| hFile = 0x00000398, BytesToRead =2048, BytesRead = 2048. | |
| hFile = 0x00000370, BytesToRead =2048, BytesRead = 2048. | |
| hFile = 0x00000374, BytesToRead =2048, BytesRead = 2048. | |
| hFile = 0x0000037c, BytesToRead =2048, BytesRead = 2048. | |
| hFile = 0x00000380, BytesToRead =2048, BytesRead = 2048. | |
| hFile = 0x00000394, BytesToRead =2048, BytesRead = 2048. | |
| hFile = 0x00000384, BytesToRead =2048, BytesRead = 2048. | |
| Behavior description: | 打开HTTP请求 |
| details: | HttpOpenRequestA: blog.rozence.com:80/software/discrobot/advertisement.hh, hConnect = 0x000005b0 |
| HttpOpenRequestA: blog.rozence.com:80/software/discrobot/nonice.php, hConnect = 0x00000498 | |
| HttpOpenRequestA: blog.rozence.com:80/software/discrobot/news.hh, hConnect = 0x00000374 | |
| HttpOpenRequestA: blog.rozence.com:80/software/discrobot/version.hh, hConnect = 0x0000037c | |
| HttpOpenRequestA: passport.115.com:80/?ac=logout&goto=http%3a%2f%2f115.com, hConnect = 0x0000037c | |
| HttpOpenRequestA: passport.115.com:80/?ac=login, hConnect = 0x00000374 | |
| HttpOpenRequestA: passport.115.com:80/?ac=logout&goto=http%3a%2f%2f115.com, hConnect = 0x00000374 | |
| HttpOpenRequestA: passport.115.com:80/?ac=login, hConnect = 0x00000380 | |
| HttpOpenRequestA: passport.115.com:80/?ac=logout&goto=http%3a%2f%2f115.com, hConnect = 0x00000380 | |
| HttpOpenRequestA: passport.115.com:80/?ac=login, hConnect = 0x00000394 | |
| HttpOpenRequestA: passport.115.com:80/?ac=logout&goto=http%3a%2f%2f115.com, hConnect = 0x00000394 | |
| HttpOpenRequestA: passport.115.com:80/?ac=login, hConnect = 0x00000384 | |
| Registry behavior | |
|---|---|
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0) |
| \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings | |
| Behavior description: | 删除注册表键值_IE连接设置 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer |
| \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| Local\ZonesCounterMutex | |
| Local\ZoneAttributeCacheCounterMutex | |
| Local\ZonesCacheCounterMutex | |
| Local\ZonesLockedCacheCounterMutex | |
| RasPbFile | |
| Local\!PrivacIE!SharedMemory!Mutex | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.EBD | |
| Behavior description: | 内联HOOK |
| details: | C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0 |
| C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0 | |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,] | |
| NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,] | |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,] | |
| NtUserFindWindowEx: [Class,Window] = [,] | |
| Behavior description: | 窗口信息 |
| details: | Pid = 968, Hwnd=0x1031a, Text = 暂停当前操作, ClassName = Button. |
| Pid = 968, Hwnd=0x102e8, Text = Ver:121112, ClassName = Afx:1180000:b:10011:1900015:0. | |
| Pid = 968, Hwnd=0x102e6, Text = 欢迎使用115 DiscRobot - Turtle, ClassName = Afx:1180000:b:10011:1900015:0. | |
| Pid = 968, Hwnd=0x103a2, Text = 文件管理设置, ClassName = Button(GroupBox). | |
| Pid = 968, Hwnd=0x103a4, Text = 生成格式, ClassName = Button(GroupBox). | |
| Pid = 968, Hwnd=0x103aa, Text = 网页格式, ClassName = Button(RadioButton). | |
| Pid = 968, Hwnd=0x103a8, Text = 文本竖排, ClassName = Button(RadioButton). | |
| Pid = 968, Hwnd=0x103a6, Text = 文本横排, ClassName = Button(RadioButton). | |
| Pid = 968, Hwnd=0x10398, Text = 生成标准提取式, ClassName = Button(CheckBox). | |
| Pid = 968, Hwnd=0x10394, Text = 文件转存至指定文件夹:, ClassName = Button(CheckBox). | |
| Pid = 968, Hwnd=0x10392, Text = 标准提取式转存, ClassName = Button(CheckBox). | |
| Pid = 968, Hwnd=0x10390, Text = 添加地址, ClassName = Button. | |
| Pid = 968, Hwnd=0x1038e, Text = 清空地址, ClassName = Button. | |
| Pid = 968, Hwnd=0x1038c, Text = 开始转存, ClassName = Button. | |
| Pid = 968, Hwnd=0x1037c, Text = 提取码地址筛选, ClassName = Button(GroupBox). | |
| Behavior description: | 获取窗口截图信息 |
| details: | Foreground window Info: HWND = 0x06010563, DC = 0x06010563. |
| Foreground window Info: HWND = 0x06010564, DC = 0x06010564. | |
| Foreground window Info: HWND = 0x2a0105d3, DC = 0x2a0105d3. | |
| Foreground window Info: HWND = 0x300105cb, DC = 0x300105cb. | |
| Foreground window Info: HWND = 0x0901060a, DC = 0x0901060a. | |
| Foreground window Info: HWND = 0x02010617, DC = 0x02010617. | |
| Foreground window Info: HWND = 0xd101060b, DC = 0xd101060b. | |
| Foreground window Info: HWND = 0x01010618, DC = 0x01010618. | |
| Foreground window Info: HWND = 0x02010630, DC = 0x02010630. | |
| Foreground window Info: HWND = 0x61010619, DC = 0x61010619. | |
| Foreground window Info: HWND = 0x1f0102f2, DC = 0x1f0102f2. | |
| Foreground window Info: HWND = 0x02010652, DC = 0x02010652. | |
| Foreground window Info: HWND = 0xd90105da, DC = 0xd90105da. | |
| Foreground window Info: HWND = 0x020107bb, DC = 0x020107bb. | |
| Foreground window Info: HWND = 0x010107bd, DC = 0x010107bd. | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [,tooltips_class32] | |
| [Window,Class] = [<,AfxWnd42s] | |
| [Window,Class] = [>,AfxWnd42s] | |
| [Window,Class] = [执行全部账号,Button] | |
| [Window,Class] = [执行选中账号,Button] | |
| [Window,Class] = [,Edit] | |
| [Window,Class] = [获取文件列表,Button] | |
| [Window,Class] = [列表生成文档,Button] | |
| [Window,Class] = [列表搜索文件,Button] | |
| [Window,Class] = [按文件名倒序,ComboBox] | |
| [Window,Class] = [,SysListView32] | |
| [Window,Class] = [,Afx:10000000:8:10011:1900015:0] | |
| [Window,Class] = [常用功能,Button] | |
| [Window,Class] = [扩展功能,Button] | |
| Run screenshot |
|---|
 |
HOME
