VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:fb86837b4be3a10bba86f966f91ab546
file type:EXE
Production company:Genius
version:5.0.1.6---5.0.1.0006
Shell or compiler information:COMPILER:Borland Delphi 2.0 [Overlay]
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\ACDSee 5.0.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "c:\windows\system32\cmd.exe" /c ""c:\program files\acdsee 5.0\注册.cmd""
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /C ""C:\Program Files\ACDSee 5.0\注册.cmd""
ImagePath = C:\WINDOWS\system32\rundll32.exe, CmdLine = rundll32 advpack.dll LaunchINFSection reg.inf,DefaultInstall,1,N
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "XnViewShellExt.dll"
ImagePath = C:\WINDOWS\regedit.exe, CmdLine = regedit /s Xnview.reg
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "idbsvrps.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "HHActiveX.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCCBase.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_AddNoise.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_BathroomWindow.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_Blinds.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_Bulge.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_ColoredEdges.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_Contours.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_Dauber.dll
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s EITCC_FurryEdges.dll
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-HQ0H4.tmp\sample.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-HQ0H4.tmp\sample.tmp" /SL5="$A0186,4969425,68608,c:\%temp%\1414145915.519533.exe"
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\ACDSee 5.0\ACDSee 5.0.1.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\ACDSee 5.0\卸载 ACDSee 5.0.1.lnk
Behavior description:重命名文件
details:C:\Program Files\ACDSee 5.0\is-KDPUB.tmp ---> C:\Program Files\ACDSee 5.0\unins000.exe
C:\Program Files\ACDSee 5.0\is-7I50K.tmp ---> C:\Program Files\ACDSee 5.0\MyProg.exe
C:\Program Files\ACDSee 5.0\is-A5DOA.tmp ---> C:\Program Files\ACDSee 5.0\ACDAppInfo.dll
C:\Program Files\ACDSee 5.0\is-7DOBU.tmp ---> C:\Program Files\ACDSee 5.0\ACDCLClient.dll
C:\Program Files\ACDSee 5.0\is-R4G0C.tmp ---> C:\Program Files\ACDSee 5.0\acdcp.dll
C:\Program Files\ACDSee 5.0\is-THR1O.tmp ---> C:\Program Files\ACDSee 5.0\ACDFullLicense.dll
C:\Program Files\ACDSee 5.0\is-D22GS.tmp ---> C:\Program Files\ACDSee 5.0\ACDInTouch.dll
C:\Program Files\ACDSee 5.0\is-8715O.tmp ---> C:\Program Files\ACDSee 5.0\ACDSee.sip
C:\Program Files\ACDSee 5.0\is-AK0SD.tmp ---> C:\Program Files\ACDSee 5.0\ACDSee5.exe
C:\Program Files\ACDSee 5.0\is-KG7KU.tmp ---> C:\Program Files\ACDSee 5.0\AX_RAR.apl
C:\Program Files\ACDSee 5.0\is-UKQJQ.tmp ---> C:\Program Files\ACDSee 5.0\CX_Archive.apl
C:\Program Files\ACDSee 5.0\is-6DN3G.tmp ---> C:\Program Files\ACDSee 5.0\CX_ContactSheet.apl
C:\Program Files\ACDSee 5.0\is-TH1S6.tmp ---> C:\Program Files\ACDSee 5.0\CX_DFinder.apl
C:\Program Files\ACDSee 5.0\is-CMDAU.tmp ---> C:\Program Files\ACDSee 5.0\CX_HTML.apl
C:\Program Files\ACDSee 5.0\is-VJQKT.tmp ---> C:\Program Files\ACDSee 5.0\DC_Digita.apl
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\All Users\桌面\ACDSee 5.0.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-HQ0H4.tmp\sample.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-ABT7B.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-ABT7B.tmp\_isetup\_shfoldr.dll
C:\Program Files\ACDSee 5.0\is-KDPUB.tmp
C:\Program Files\ACDSee 5.0\is-7I50K.tmp
C:\Program Files\ACDSee 5.0\is-A5DOA.tmp
C:\Program Files\ACDSee 5.0\is-7DOBU.tmp
C:\Program Files\ACDSee 5.0\is-R4G0C.tmp
C:\Program Files\ACDSee 5.0\is-THR1O.tmp
C:\Program Files\ACDSee 5.0\is-D22GS.tmp
C:\Program Files\ACDSee 5.0\is-AK0SD.tmp
C:\Program Files\ACDSee 5.0\is-KG7KU.tmp
C:\Program Files\ACDSee 5.0\is-UKQJQ.tmp
C:\Program Files\ACDSee 5.0\is-6DN3G.tmp
C:\Program Files\ACDSee 5.0\is-TH1S6.tmp
Behavior description:修改文件内容
details:C:\Program Files\ACDSee 5.0\is-8715O.tmp---> Offset = 0
C:\Program Files\ACDSee 5.0\is-R0245.tmp---> Offset = 0
C:\Program Files\ACDSee 5.0\is-VSCQ9.tmp---> Offset = 0
C:\Program Files\ACDSee 5.0\is-O3ET6.tmp---> Offset = 0
C:\Program Files\ACDSee 5.0\is-FATVS.tmp---> Offset = 0
C:\Program Files\ACDSee 5.0\is-14RDG.tmp---> Offset = 0
C:\Program Files\ACDSee 5.0\is-4LGJ0.tmp---> Offset = 0
C:\Program Files\ACDSee 5.0\is-1TCKO.tmp---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\ACDSee 5.0\ACDSee 5.0.1.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\ACDSee 5.0\卸载 ACDSee 5.0.1.lnk---> Offset = 0
C:\Documents and Settings\All Users\桌面\ACDSee 5.0.lnk---> Offset = 0
C:\Program Files\ACDSee 5.0\unins000.dat---> Offset = 460
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: Setup Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: App Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: Icon Group
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: User
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: Setup Type
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: Selected Components
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: Deselected Components
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: Selected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Inno Setup: Deselected Tasks
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\QuietUninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80221340-D56E-4CA9-9D42-490BC07DBEF7}_is1\Publisher
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\MiscStatus\1
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\MiscStatus
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\ToolboxBitmap32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{234DF485-3133-4e2e-9E23-284918D9A406}\CanTransform
Other behavior
Behavior description:创建互斥体
details:SHIMLIB_LOG_MUTEX
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [RegEdit_RegEdit,]
Behavior description:窗口信息
details:Pid = 772, Hwnd=0xb0164, Text = 欢迎使用 ACDSee 5.0.1 集成美化版 安装向导 , ClassName = TNewStaticText.
Pid = 772, Hwnd=0xd01ac, Text = 现在将安装 ACDSee 5.0.1 集成美化版。 建议你在继续之前关闭其他应用程序。 单击"下一步"继续,或单击"取消"退出, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xc01e8, Text = x86 (32位操作系统), ClassName = TNewComboBox.
Pid = 772, Hwnd=0xb0170, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 772, Hwnd=0xc01b4, Text = 取消, ClassName = TNewButton.
Pid = 772, Hwnd=0xd01c2, Text = 安装 - ACDSee 5.0.1 集成美化版, ClassName = TWizardForm.
Pid = 772, Hwnd=0xb01e0, Text = ACDSee 5.0.1 集成美化版 Genius制作 http://hi.baidu.com/MagicGenius , ClassName = TNewStaticText.
Pid = 772, Hwnd=0xe01b8, Text = 许可协议, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xc01b6, Text = 请在继续之前阅读以下重要信息!, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb0174, Text = 请阅读以下许可协议。你必须接受此协议中的条款,才能继续安装。, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb016c, Text = 我接受(&A), ClassName = TNewRadioButton.
Pid = 772, Hwnd=0xb0192, Text = 我不接受(&D), ClassName = TNewRadioButton.
Pid = 772, Hwnd=0xb01a2, Text = < 上一步(&B), ClassName = TNewButton.
Pid = 772, Hwnd=0xe01b8, Text = 信息, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb019c, Text = 当你准备继续安装时,请点击“下一步”。, ClassName = TNewStaticText.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号