VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:10bd000cff1ea2958adbecaeaaaba349
file type:7z
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [调试]
Subfile information:IDMan.exedumpFile / 3e2cc111f25677990de737d8683b11f8 / EXE
IDMan.exe / error / EXE
idmcchandler7_64.dlldumpFile / 2a2e72b3d4df2bad31721f1eb3017617 / DLL
idmcchandler7_64.dll / 2a2e72b3d4df2bad31721f1eb3017617 / DLL
idmvconv.dlldumpFile / 8c317c051ce2b577005f5823baa26dfa / DLL
idmvconv.dll / 8c317c051ce2b577005f5823baa26dfa / DLL
IDMGrHlp.exedumpFile / 543de05b00c450d8ce5251c2db616c56 / EXE
IDMIECC64.dlldumpFile / aea826265655c31e0c8c53f424e26ceb / DLL
IDMIECC64.dll / aea826265655c31e0c8c53f424e26ceb / DLL
idmcchandler2_64.dlldumpFile / 5012ea14f13dd58ffeb14553824d8ebb / DLL
idmcchandler2_64.dlldumpFile / 5012ea14f13dd58ffeb14553824d8ebb / DLL
idmcchandler2_64.dll / 5012ea14f13dd58ffeb14553824d8ebb / DLL
idmindex.dlldumpFile / 09959ee223c5d34c82f1efb8bc8233cb / DLL
idmindex.dll / 09959ee223c5d34c82f1efb8bc8233cb / DLL
IDMIECC.dlldumpFile / baa612398d09e6e0248ec81d733370f6 / DLL
IDMIECC.dll / baa612398d09e6e0248ec81d733370f6 / DLL
idmmzcc.xpidumpFile / ebb1a6c8389fcf9ef1a15e33dac0f1ef / zip
idmcchandler7.dlldumpFile / 73e1307494c62f34a01d70c5bbf5f16a / DLL
idmcchandler7.dll / 73e1307494c62f34a01d70c5bbf5f16a / DLL
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMGetAll.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\downlWithIDM.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\idmfsa.dll
Behavior description:设置消息钩子
details:idHook : d
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMNetMon.DLL
idHook : e
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer
Behavior description:获取TickCount值
details:TickCount = 5427265, SleepMilliseconds = 60000.
TickCount = 5427953, SleepMilliseconds = 60000.
TickCount = 5431250, SleepMilliseconds = 60000.
TickCount = 5431265, SleepMilliseconds = 60000.
TickCount = 5432359, SleepMilliseconds = 60000.
TickCount = 5433265, SleepMilliseconds = 60000.
TickCount = 5433281, SleepMilliseconds = 60000.
TickCount = 5433296, SleepMilliseconds = 60000.
TickCount = 5433312, SleepMilliseconds = 60000.
TickCount = 5433328, SleepMilliseconds = 60000.
TickCount = 5433343, SleepMilliseconds = 60000.
TickCount = 5433359, SleepMilliseconds = 60000.
TickCount = 5433375, SleepMilliseconds = 60000.
TickCount = 5433390, SleepMilliseconds = 60000.
TickCount = 5433406, SleepMilliseconds = 60000.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ IDM Shell Extension\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\IDMan
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = "C:\WINDOWS\system32\net.exe" start idmtdi
ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.internetdownloadmanager.com/welcome.html?v=625b17
Behavior description:创建本地线程
details:TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 2544, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 2880, StartAddress = 77E56C7D, Parameter = 000C5730
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 3108, StartAddress = 769AE43B, Parameter = 000D0B90
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 3324, StartAddress = 005D4A4B, Parameter = 015A2260
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 3572, StartAddress = 005D4A4B, Parameter = 015A2420
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 3528, StartAddress = 005D4A4B, Parameter = 015A3F10
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 2660, StartAddress = 005D4A4B, Parameter = 015A3D00
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 3068, StartAddress = 005D4A4B, Parameter = 015A3DB0
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 2524, StartAddress = 042B4E40, Parameter = 02D4004C
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 3580, StartAddress = 10001860, Parameter = 00000000
TargetProcess: IDMan.exe, InheritedFromPID = 1944, ProcessID = 2548, ThreadID = 2152, StartAddress = 005D4A4B, Parameter = 015A4BD0
TargetProcess: iexplore.exe, InheritedFromPID = 2548, ProcessID = 2824, ThreadID = 3032, StartAddress = 77DC845A, Parameter = 00000000
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6E37.tmp
C:\Documents and Settings\Administrator\Application Data\IDM\Scheduler\s_1.dt
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMGetAll.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\downlWithIDM.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\idmfsa.dll
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMGetAll.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\downlWithIDM.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\downlWithIDM.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\idmfsa.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\idmfsa.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Application Data\IDM\Scheduler\s_1.dt ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMan.exe
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Languages\idm_*.lng
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Toolbar\*.tbi
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\net.exe
Network behavior
Behavior description:打开指定IE网页
details:http://ww****om/welcome.html?v=625b17
Registry behavior
Behavior description:修改注册表_浏览器右键菜单
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\contexts
Behavior description:修改注册表_浏览器默认下载工具
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\DownloadUI
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\IEXPLORE\name
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\IEXPLORE\int
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\Firefox\name
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\Firefox\int
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\chrome\name
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\chrome\int
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\OPERA\name
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\OPERA\int
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\Safari\name
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\Safari\int
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\Mozilla\name
\REGISTRY\USER\S-*\Software\DownloadManager\IDMBI\Mozilla\int
\REGISTRY\USER\S-*\Software\DownloadManager\SpecialKeys\UseKeyToPrevent
\REGISTRY\USER\S-*\Software\DownloadManager\SpecialKeys\UseKeyToForce
\REGISTRY\USER\S-*\Software\DownloadManager\SpecialKeys\AltP
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ IDM Shell Extension\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\IDMan
Other behavior
Behavior description:获取光标位置
details:CursorPos = (71,18468), SleepMilliseconds = 60000.
CursorPos = (6364,26501), SleepMilliseconds = 60000.
CursorPos = (19199,15725), SleepMilliseconds = 60000.
CursorPos = (11508,29359), SleepMilliseconds = 60000.
CursorPos = (26992,24465), SleepMilliseconds = 60000.
CursorPos = (5735,28146), SleepMilliseconds = 60000.
CursorPos = (23311,16828), SleepMilliseconds = 60000.
CursorPos = (9991,492), SleepMilliseconds = 60000.
CursorPos = (3025,11943), SleepMilliseconds = 60000.
CursorPos = (4857,5437), SleepMilliseconds = 60000.
CursorPos = (32421,14605), SleepMilliseconds = 60000.
CursorPos = (3932,154), SleepMilliseconds = 60000.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
Tonec_Internet_Download_Manager_MTX
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MMK
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\IDMEventMonitor
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MMK.IC
EventName = MSCTF.SendReceiveConection.Event.MMK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2548, Hwnd=0xb032a, Text = 确定, ClassName = Button.
Pid = 2548, Hwnd=0x703ba, Text = IDM has been successfully integrated into Internet Explorer. You need to restart IE to apply changes., ClassName = Static.
Pid = 2548, Hwnd=0x1a02fe, Text = IDM browser integration, ClassName = #32770.
Pid = 2548, Hwnd=0xb0398, Text = Close, ClassName = Button.
Pid = 2548, Hwnd=0x7038e, Text = 1. Please RESTART Google Chrome and press on Chrome menu (arrow 1 on the image) 2. Select "Settings" menu item (arrow 2 on the i, ClassName = Static.
Pid = 2548, Hwnd=0x10032e, Text = IDM extension has been successfully installed into (or updated in) Google Chrome browser. You must enable "IDM Integration modul, ClassName = Static.
Pid = 2548, Hwnd=0xe039e, Text = Google Chrome Integration, ClassName = #32770.
Pid = 2548, Hwnd=0x1046c, Text = 确定, ClassName = Button.
Pid = 2548, Hwnd=0x10470, Text = IDM cannot find 6 file(s) that are necessary for browser and system integration. Please reinstall IDM, ClassName = Static.
Pid = 2548, Hwnd=0x1046a, Text = Internet Download Manager, ClassName = #32770.
Pid = 2548, Hwnd=0xd0338, Text = List2, ClassName = SysListView32.
Pid = 2548, Hwnd=0x500a0, Text = Tree1, ClassName = SysTreeView32.
Pid = 2548, Hwnd=0x110318, Text = x, ClassName = Button.
Pid = 2548, Hwnd=0x120344, Text = Categories, ClassName = Static.
Pid = 2548, Hwnd=0x30414, Text = Internet Download Manager 6.25, ClassName = #32770.
Behavior description:获取TickCount值
details:TickCount = 5427265, SleepMilliseconds = 60000.
TickCount = 5427953, SleepMilliseconds = 60000.
TickCount = 5431250, SleepMilliseconds = 60000.
TickCount = 5431265, SleepMilliseconds = 60000.
TickCount = 5432359, SleepMilliseconds = 60000.
TickCount = 5433265, SleepMilliseconds = 60000.
TickCount = 5433281, SleepMilliseconds = 60000.
TickCount = 5433296, SleepMilliseconds = 60000.
TickCount = 5433312, SleepMilliseconds = 60000.
TickCount = 5433328, SleepMilliseconds = 60000.
TickCount = 5433343, SleepMilliseconds = 60000.
TickCount = 5433359, SleepMilliseconds = 60000.
TickCount = 5433375, SleepMilliseconds = 60000.
TickCount = 5433390, SleepMilliseconds = 60000.
TickCount = 5433406, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_RESTORE_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\INSTALLATION_SECURITY_HOLD
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2548
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMGetAll.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\downlWithIDM.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\idmfsa.dll(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [IDM drop target. Drop web-links for downloading here,#32770]
[Window,Class] = [,tooltips_class32]
[Window,Class] = [,Button]
[Window,Class] = [Categories,Static]
[Window,Class] = [x,Button]
[Window,Class] = [Tree1,SysTreeView32]
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMGetAll.dll ---> 8c6af35602856595601f3cffc70317d8
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\IDMIECC.dll ---> baa612398d09e6e0248ec81d733370f6
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\downlWithIDM.dll ---> 50c2e62660c7c1d26c60d320cc61f8a6
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\idmfsa.dll ---> 8733245b8d7a0038f46f65f945584e6f
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号