VirSCAN VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.

Мова
Server load
Server Load

文件信息
安全评分 :82
基本信息
MD5:ffaeb0b4503d0ee83768998b03140732
文件类型:EXE
出品公司:太合
版本:11.1.6.0---11.1.6.0
壳或编译器信息:COMPILER:NSIS
子文件信息:logonbdext.dll / f7893e7250c614f15cbd61e1b97bf84f / DLL
logonbd.dll / 5511a0ab3907cfb3b905a1c5ab58f8d8 / DLL
skin.zip / 27ec2ce3789949adbe5311d55ad39b5b / zip
BaiduMusic.exe / b91cb07a072b308dbbd444760886eb12 / EXE
TTUI.dll / 944a31202c2d63c56d1a4f752d0c2478 / DLL
main_bg11.png / 023cebd95c0a4be09bc3bdfccd54376b / Unknown
MNet.dll / 40e5c5ee25f8eeee76e6ad777665e78d / DLL
BindDownload.exe / 2222bf80cc30876e32e21cf946e14c48 / EXE
SoundCore.dll / b5f29fff127c77fba7c25e623ef2fa4e / DLL
msvcr110.dll / 4ba25d2cbe1587a841dcfb8c8c4a6ea6 / DLL
main_bg10.png / 6e66c404e55cb9ce9b573489393243ca / Unknown
main_bg7.png / 50081782461148fe6ed6455d3e8d9035 / Unknown
Uninst.exe / 67ae7a2c5091b94e0e2d7dea467eb89c / EXE
main_bg8.png / 070b3b846c2e77e4bdffab000a4cab49 / Unknown
Settings.dll / 06a2e7f4089331c253ff7b961e0b9417 / DLL
main_bg12.png / dc88fce28c921ac1a485cc18ea48e0c4 / Unknown
mcupdate.exe / 6fc5a7cd7865123328f910dc2d7a92a6 / EXE
openssl.dll / ced8cc1a3baab44945ed78948dfafeb6 / DLL
RestUtils.dll / 63bd200ad4fcdc7783b8f868b61b2a5f / DLL
关键行为
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x0004034c, Text = 千千音乐(原百度音乐) 11.1.6.0 Setup, ClassName = #32770.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0004034c, DC = 0x0a010375.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 4036, ThreadID = 1568, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 4036, ThreadID = 1480, StartAddress = 4AEA7456, Parameter = 00000000
行为描述:枚举进程
详情信息:N/A
文件行为
行为描述:创建文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\Light.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\ProgressShallow.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\ProgressSolid.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\backgroud.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\bg_middle.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\blue_bg.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\bottom.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\btn_agree.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\btn_cancel2.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\btn_changedir.png
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\close.png
行为描述:创建可执行文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\BindDownload.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\nsTTHelper.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\nsSkinEngine.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\killer.dll
行为描述:覆盖已有文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行为描述:查找文件
详情信息:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj9.tmp
行为描述:删除文件
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nso7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu8.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\Light.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\ProgressShallow.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\ProgressSolid.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\backgroud.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\bg_middle.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\bg_middle.png ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\blue_bg.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\blue_bg.png ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\bottom.png ---> Offset = 0
其他行为
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
281420B1-B07B-4C0F-B123-9F2498EF7DB4
26D00A81-64E6-4735-87FA-B9DCC199BBF3
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IMP
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,Button]
[Window,Class] = [Cancel,Button]
[Window,Class] = [,Static]
[Window,Class] = [Nullsoft Install System (Unicode) v2.46.5-Unicode,Static]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\Event_{14A56E9F-F7DD-465B-92BD-D0CEA800A30A}
行为描述:调整进程token权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:hWnd = 0x0004034c, Text = 千千音乐(原百度音乐) 11.1.6.0 Setup, ClassName = #32770.
行为描述:窗口信息
详情信息:Pid = 4036, Hwnd=0x30342, Text = unpacking data: 88%, ClassName = Static.
Pid = 4036, Hwnd=0x10344, Text = unpacking data: 88%, ClassName = #32770.
Pid = 4036, Hwnd=0x1034e, Text = &Next >, ClassName = Button.
Pid = 4036, Hwnd=0x10350, Text = Cancel, ClassName = Button.
Pid = 4036, Hwnd=0x10356, Text = Nullsoft Install System (Unicode) v2.46.5-Unicode, ClassName = Static.
Pid = 4036, Hwnd=0x4034c, Text = 千千音乐(原百度音乐) 11.1.6.0 Setup, ClassName = #32770.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x0004034c, DC = 0x0a010375.
行为描述:可执行文件签名信息
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\BindDownload.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\nsTTHelper.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\nsSkinEngine.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\killer.dll(签名验证: 未通过)
行为描述:创建事件对象
详情信息:EventName = MSCTF.SendReceive.Event.IMP.IC
EventName = MSCTF.SendReceiveConection.Event.IMP.IC
行为描述:可执行文件MD5
详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\System.dll ---> bf712f32249029466fa86756f5546950
C:\Documents and Settings\Administrator\Local Settings\Application Data\BaiduMusic\BindDownload.exe ---> 2222bf80cc30876e32e21cf946e14c48
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\nsTTHelper.dll ---> 46e847ad3b52bf30ae6fea03b28c7b40
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\nsSkinEngine.dll ---> eab7fd287509faec84e23cbdc1a709a8
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj9.tmp\killer.dll ---> 90d4a02442dbf8cbe8acdd751c090e3a
行为描述:打开互斥体
详情信息:ShimCacheMutex
行为描述:加载新释放的文件
详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj9.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj9.tmp\nsTTHelper.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj9.tmp\nsSkinEngine.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj9.tmp\killer.dll.
运行截图
VirSCAN

Інформація про VirSCAN | Privacy policy | Зворотній зв'язок | 友情链接 | Співпраця з VirSCAN
Translated by Vit Rusych, Ukraine
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号