VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:f6fed2ff3af27046c22e849f580480a8
file type:Nsis
Production company:Bandisoft
version:2.3.3.860---2.3.3.860
Shell or compiler information:
Subfile information:bdcap32.dll / big file / DLL
bdcap64.dll / big file / DLL
bdcam.exe / 5ad74b2bee9ef87e19d8ba848e1c6ea5 / EXE
D3DCompiler_43.dll / ada0c39d4eacdc81fd84163a95d62079 / DLL
bdfix.exe / 4a60d6ad805cedfb070d5016ed7aadd5 / EXE
BDMPEG1SETUP.EXE / 916bfd2422bca5b78d61a640f87c6295 / Nsis
bdcam64.bin / 229c81816de3fa1a68ff75eb8b378cce / EXE
bdcam64.dll / 0e4d2af42fddbcabf3ca6d5864050f47 / DLL
bdcam.dll / 7f8b0c5e74f4e335c1bf81171f0aa326 / DLL
amf-core-windesktop64.dll / 063c0a223054dba14b375ee49dc09d11 / DLL
amf-core-windesktop32.dll / 3042c4a93c54c99e77278dcd73a10814 / DLL
skin.dat / d5d945a1c1033ed1da2778228d6e7ec1 / zip
d3dx11_43.dll / 9d6429f410597750b2dc2579b2347303 / DLL
amf-component-vce-windesktop64.dll / e710a971e1d1bd5d648ffa25756b0055 / DLL
vcomp140.dll / 27dc5cf2ee66e6863af17cd915c7fe1c / DLL
amf-component-vce-windesktop32.dll / 6ef74574e1b3b95d4a76a7496531180b / DLL
modern-wizard.bmp / 81d5155830fdc8690c0f5d0676238f56 / Unknown
modern-wizard.bmp / c600296882d4d5f4c01aa8a7bb41a293 / Unknown
bdcamih.dll / b7a35c3375cf61b6d1d52621c0aae3e3 / DLL
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EKN..MKEJH
MSCTF.MarshalInterface.FileMap.EKN.B.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.C.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.D.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.E.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.F.MLEJH
MSCTF.MarshalInterface.FileMap.EKN.G.MLEJH
MSCTF.Shared.SFM.EKN
VIDEOMEMORY
MSCTF.MarshalInterface.FileMap.EKN.H.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.I.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.J.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.K.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.L.HNLNH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0005029e, Text = Bandicam 安装 , ClassName = #32770.
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Bandicam.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [Bandicam,Static]
[Window,Class] = [Bandicam ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Behavior description:向窗口发送DDE执行消息
details:Process = iexplore.exe, hWnd = 0x00030308, Window = , Class = DDEMLUnicodeServer.
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "regsvr32" /s "C:\Program Files\BandiMPEG1\bdfilters64.dll"
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BDMPEG1SETUP.EXE, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BDMPEG1SETUP.EXE /S
ImagePath = C:\Program Files\Bandicam\bdcam.exe, CmdLine = "C:\Program Files\Bandicam\bdcam.exe" /install
ImagePath = C:\Program Files\Bandicam\bdcam.exe, CmdLine = "C:\Program Files\Bandicam\bdcam.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\Bandicam\Bandicam.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Bandicam\BandiFix.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Bandicam\Uninstall.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Bandicam\Home page.url
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\UserInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\InstallOptions.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BDMPEG1SETUP.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bdfilters.dll
C:\Program Files\BandiMPEG1\bdfilters.dll
C:\Program Files\BandiMPEG1\bdfilters64.dll
C:\WINDOWS\system32\bdmjpeg.dll
C:\WINDOWS\system32\bdmpegv.dll
C:\WINDOWS\system32\bdmpega.acm
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn9.tmp\System.dll
C:\Program Files\BandiMPEG1\uninstall.exe
C:\Program Files\Bandicam\bdcam.exe
C:\Program Files\Bandicam\bdcam64.bin
C:\Program Files\Bandicam\bdfix.exe
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp
FileName = C:\Program Files\Bandicam
FileName = C:\Program Files
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\Program Files\BandiMPEG1\bdfilters.dll
FileName = C:\Program Files\BandiMPEG1
FileName = C:\Program Files\BandiMPEG1\bdfilters.dll.bak
FileName = C:\WINDOWS
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\Bandicam.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EKN..MKEJH
MSCTF.MarshalInterface.FileMap.EKN.B.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.C.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.D.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.E.MKEJH
MSCTF.MarshalInterface.FileMap.EKN.F.MLEJH
MSCTF.MarshalInterface.FileMap.EKN.G.MLEJH
MSCTF.Shared.SFM.EKN
VIDEOMEMORY
MSCTF.MarshalInterface.FileMap.EKN.H.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.I.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.J.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.K.HNLNH
MSCTF.MarshalInterface.FileMap.EKN.L.HNLNH
Behavior description:重命名文件
details:C:\WINDOWS\system32\d3d9caps.tmp ---> C:\WINDOWS\system32\d3d9caps.dat
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 74
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\modern-wizard.bmp---> Offset = 98304
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 250
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\modern-header.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 88
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 122
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 556
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 606
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 716
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 732
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 756
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 452
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 654
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\ioSpecial.ini---> Offset = 1048
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1C6833E-A3EC-4397-9FA9-151792F3408F}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F4F5C9E9-CFCC-4C65-A8BD-0423A338F188}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FriendlyName
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}\FilterData
Behavior description:修改注册表_进程预加载项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mjpg
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mpeg
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.bdmpeg
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:设置对象安全信息
details:C:\Documents and Settings\Administrator\My Documents\Bandicam
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EKN
AMResourceMutex2
VideoRenderer
SHIMLIB_LOG_MUTEX
DirectSound DllMain mutex (0x00000B20)
oleacc-msaa-loaded
DirectSound DllMain mutex (0x00000F2C)
_SHuassist.mtx
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [Bandicam,Static]
[Window,Class] = [Bandicam ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [Bandicam2.x,]
NtUserFindWindowEx: [Class,Window] = [Bandicam1.x,]
Behavior description:窗口信息
details:Pid = 3488, Hwnd=0x202a2, Text = 简化字, ClassName = ComboBox.
Pid = 3488, Hwnd=0x202a6, Text = OK, ClassName = Button.
Pid = 3488, Hwnd=0x202a8, Text = Cancel, ClassName = Button.
Pid = 3488, Hwnd=0x202cc, Text = Please select a language., ClassName = Static.
Pid = 3488, Hwnd=0x4029e, Text = Installer Language, ClassName = #32770.
Pid = 3488, Hwnd=0x302a2, Text = 下一步(&N) >, ClassName = Button.
Pid = 3488, Hwnd=0x302a4, Text = 取消(&C), ClassName = Button.
Pid = 3488, Hwnd=0x402bc, Text = Bandicam , ClassName = Static.
Pid = 3488, Hwnd=0x202d4, Text = Bandicam, ClassName = Static.
Pid = 3488, Hwnd=0x302da, Text = 欢迎使用“Bandicam”安装向导, ClassName = Static.
Pid = 3488, Hwnd=0x302b8, Text = 这个向导将指引你完成“Bandicam”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定的系统文件, ClassName = Static.
Pid = 3488, Hwnd=0x5029e, Text = Bandicam 安装, ClassName = #32770.
Pid = 3488, Hwnd=0x302a2, Text = 我接受(&I), ClassName = Button.
Pid = 3488, Hwnd=0x402b8, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 3488, Hwnd=0x402da, Text = END USER LICENSE AGREEMENT By installing or using the Bandisoft (the “Company”) product, Bandicam (the “Software”), you in, ClassName = RichEdit20W.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 529937, SleepMilliseconds = 250.
TickCount = 529968, SleepMilliseconds = 250.
TickCount = 530000, SleepMilliseconds = 250.
TickCount = 530062, SleepMilliseconds = 250.
TickCount = 530109, SleepMilliseconds = 250.
TickCount = 530125, SleepMilliseconds = 250.
TickCount = 530218, SleepMilliseconds = 250.
TickCount = 530265, SleepMilliseconds = 250.
TickCount = 531046, SleepMilliseconds = 250.
TickCount = 531078, SleepMilliseconds = 250.
TickCount = 531390, SleepMilliseconds = 250.
TickCount = 531406, SleepMilliseconds = 250.
TickCount = 533500, SleepMilliseconds = 250.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0005029e, Text = Bandicam 安装 , ClassName = #32770.
Behavior description:打开指定IE网页
details:http://www.bandicam.com/f.php?id=eng_app_complete_install&v=2
Behavior description:向窗口发送DDE执行消息
details:Process = iexplore.exe, hWnd = 0x00030308, Window = , Class = DDEMLUnicodeServer.
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nst5.tmp\modern-header.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号