VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:16ab2864e8cf144fc75233a875bdf207
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000e02ae, Text = NSIS 3.01 Setup , ClassName = #32770.
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x530105f4.
Foreground window Info: HWND = 0x00000000, DC = 0x42010568.
Foreground window Info: HWND = 0x00000000, DC = 0xc10102cf.
Foreground window Info: HWND = 0x00000000, DC = 0xe0010485.
Foreground window Info: HWND = 0x00000000, DC = 0xe1010485.
Foreground window Info: HWND = 0x00000000, DC = 0xe2010485.
Foreground window Info: HWND = 0x00000000, DC = 0xd90104e0.
Foreground window Info: HWND = 0x00000000, DC = 0x61010677.
Foreground window Info: HWND = 0x00000000, DC = 0x4101069f.
Foreground window Info: HWND = 0x00000000, DC = 0x3a010476.
Behavior description: 在桌面创建文件
details: C:\Documents and Settings\Administrator\桌面\NSIS.lnk

Process behavior

Behavior description: 创建进程
details: ImagePath = C:\WINDOWS\hh.exe, CmdLine = "C:\WINDOWS\hh.exe" mk:@MSITStore:C:\Program Files\NSIS\NSIS.chm::/SectionF.1.html
Behavior description: 创建新文件进程
details: ImagePath = C:\Program Files\NSIS\NSIS.exe, CmdLine = "C:\Program Files\NSIS\NSIS.exe"
Behavior description: 创建本地线程
details: TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2512, ThreadID = 2948, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2512, ThreadID = 2524, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2512, ThreadID = 2756, StartAddress = 00405444, Parameter = 000903B2
TargetProcess: hh.exe, InheritedFromPID = 2512, ProcessID = 3676, ThreadID = 3684, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: hh.exe, InheritedFromPID = 2512, ProcessID = 3676, ThreadID = 3652, StartAddress = 6359727B, Parameter = 001BBA20
TargetProcess: hh.exe, InheritedFromPID = 2512, ProcessID = 3676, ThreadID = 3732, StartAddress = 77E56C7D, Parameter = 041E09F0
TargetProcess: hh.exe, InheritedFromPID = 2512, ProcessID = 3676, ThreadID = 3736, StartAddress = 769AE43B, Parameter = 04360C20

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsm51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\System.dll
C:\Program Files\NSIS\nsisconf.nsh
C:\Program Files\NSIS\makensis.exe
C:\Program Files\NSIS\makensisw.exe
C:\Program Files\NSIS\COPYING
C:\Program Files\NSIS\NSIS.chm
C:\Program Files\NSIS\NSIS.exe
C:\Program Files\NSIS\Bin\makensis.exe
C:\Program Files\NSIS\Bin\zlib1.dll
Behavior description: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
details: C:\Documents and Settings\Administrator\「开始」菜单\程序\NSIS.lnk
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\System.dll
C:\Program Files\NSIS\makensis.exe
C:\Program Files\NSIS\makensisw.exe
C:\Program Files\NSIS\NSIS.exe
C:\Program Files\NSIS\Bin\makensis.exe
C:\Program Files\NSIS\Bin\zlib1.dll
C:\Program Files\NSIS\Stubs\bzip2-x86-ansi
C:\Program Files\NSIS\Stubs\bzip2-x86-unicode
C:\Program Files\NSIS\Stubs\bzip2_solid-x86-ansi
C:\Program Files\NSIS\Stubs\bzip2_solid-x86-unicode
C:\Program Files\NSIS\Stubs\lzma-x86-ansi
C:\Program Files\NSIS\Stubs\lzma-x86-unicode
C:\Program Files\NSIS\Stubs\lzma_solid-x86-ansi
C:\Program Files\NSIS\Stubs\lzma_solid-x86-unicode
Behavior description: 覆盖已有文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp
C:\Program Files\NSIS\Contrib\Language files\English.nlf
C:\Program Files\NSIS\Contrib\Language files\English.nsh
C:\Program Files\NSIS\Contrib\Graphics\Checks\modern.bmp
C:\Program Files\NSIS\Contrib\Graphics\Icons\modern-install.ico
C:\Program Files\NSIS\Contrib\Graphics\Icons\modern-uninstall.ico
C:\Program Files\NSIS\Contrib\Graphics\Header\nsis.bmp
C:\Program Files\NSIS\Contrib\Graphics\Wizard\win.bmp
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb53.tmp
FileName = C:\Program Files\NSIS
FileName = C:\Program Files
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\NSIS
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\NSIS\*.*
FileName = C:\Program Files\NSIS\nsisconf.nsi
FileName = C:\Program Files\NSIS\makensis.htm
FileName = C:\Program Files\NSIS\Docs\.html
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsm51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\IMT54.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF90AE.tmp
Behavior description: 在桌面创建文件
details: C:\Documents and Settings\Administrator\桌面\NSIS.lnk
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb52.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-header.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\modern-wizard.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\nsDialogs.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\System.dll ---> Offset = 0
C:\Program Files\NSIS\nsisconf.nsh ---> Offset = 0

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\Classes\.nsi\
\REGISTRY\MACHINE\SOFTWARE\Classes\.nsi\PerceivedType
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\shell\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\shell\open\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\shell\compile\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\shell\compile\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\shell\compile-compressor\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Script\shell\compile-compressor\command\
\REGISTRY\MACHINE\SOFTWARE\Classes\.nsh\
\REGISTRY\MACHINE\SOFTWARE\Classes\.nsh\PerceivedType
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Header\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Header\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\NSIS.Header\shell\
Behavior description: 修改注册表_延迟重命名项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Other behavior

Behavior description: 创建互斥体
details: oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.INJ
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
Behavior description: 创建事件对象
details: EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.INJ.IC
EventName = MSCTF.SendReceiveConection.Event.INJ.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description: 窗口信息
details: Pid = 2512, Hwnd=0xf033c, Text = &Next >, ClassName = Button.
Pid = 2512, Hwnd=0x60380, Text = Cancel, ClassName = Button.
Pid = 2512, Hwnd=0x100320, Text = Nullsoft Install System v3.01 , ClassName = Static.
Pid = 2512, Hwnd=0xf034a, Text = Nullsoft Install System v3.01, ClassName = Static.
Pid = 2512, Hwnd=0x40382, Text = Welcome to the NSIS 3.01 Setup Wizard, ClassName = Static.
Pid = 2512, Hwnd=0x503b2, Text = This wizard will guide you through the installation of NSIS (Nullsoft Scriptable Install System) 3.01, the next generation of the Windows installer and uninstaller system that doesn"t suck and isn"t huge. NSIS includes a Modern User Interface, LZMA compres, ClassName = Static.
Pid = 2512, Hwnd=0xe02ae, Text = NSIS 3.01 Setup, ClassName = #32770.
Pid = 2512, Hwnd=0x1b02b6, Text = < &Back, ClassName = Button.
Pid = 2512, Hwnd=0xf033c, Text = I &Agree, ClassName = Button.
Pid = 2512, Hwnd=0xc038a, Text = License Agreement, ClassName = Static.
Pid = 2512, Hwnd=0x15030c, Text = Please review the license terms before installing NSIS., ClassName = Static.
Pid = 2512, Hwnd=0x603b2, Text = Press Page Down to see the rest of the agreement., ClassName = Static.
Pid = 2512, Hwnd=0x50382, Text = COPYRIGHT --------- Copyright (C) 1999-2016 Contributors More detailed copyright information can be found in the individua, ClassName = RichEdit20W.
Pid = 2512, Hwnd=0xc03ba, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install NSIS., ClassName = Static.
Pid = 2512, Hwnd=0xc038a, Text = Choose Components, ClassName = Static.
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000e02ae, Text = NSIS 3.01 Setup , ClassName = #32770.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000051
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000051
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
CTF.ThreadMIConnectionEvent.000007B4.00000001.00000054
CTF.ThreadMarshalInterfaceEvent.000007B4.00000001.00000054
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000056
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000056
MSFT.VSA.COM.DISABLE.3676
MSFT.VSA.IEC.STATUS.6c736db0
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x530105f4.
Foreground window Info: HWND = 0x00000000, DC = 0x42010568.
Foreground window Info: HWND = 0x00000000, DC = 0xc10102cf.
Foreground window Info: HWND = 0x00000000, DC = 0xe0010485.
Foreground window Info: HWND = 0x00000000, DC = 0xe1010485.
Foreground window Info: HWND = 0x00000000, DC = 0xe2010485.
Foreground window Info: HWND = 0x00000000, DC = 0xd90104e0.
Foreground window Info: HWND = 0x00000000, DC = 0x61010677.
Foreground window Info: HWND = 0x00000000, DC = 0x4101069f.
Foreground window Info: HWND = 0x00000000, DC = 0x3a010476.
Behavior description: 可执行文件签名信息
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\System.dll(签名验证: 未通过)
C:\Program Files\NSIS\makensis.exe(签名验证: 未通过)
C:\Program Files\NSIS\makensisw.exe(签名验证: 未通过)
C:\Program Files\NSIS\NSIS.exe(签名验证: 未通过)
C:\Program Files\NSIS\Bin\makensis.exe(签名验证: 未通过)
C:\Program Files\NSIS\Bin\zlib1.dll(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\bzip2-x86-ansi(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\bzip2-x86-unicode(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\bzip2_solid-x86-ansi(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\bzip2_solid-x86-unicode(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\lzma-x86-ansi(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\lzma-x86-unicode(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\lzma_solid-x86-ansi(签名验证: 未通过)
C:\Program Files\NSIS\Stubs\lzma_solid-x86-unicode(签名验证: 未通过)
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v3.01,Static]
[Window,Class] = [Nullsoft Install System v3.01 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Show &details,Button]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
Behavior description: 可执行文件MD5
details: C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\nsDialogs.dll ---> 42b064366f780c1f298fa3cb3aeae260
C:\Documents and Settings\Administrator\Local Settings\Temp\nsb53.tmp\System.dll ---> 17ed1c86bd67e78ade4712be48a7d2bd
C:\Program Files\NSIS\makensis.exe ---> ceb24e21efaea69cc8abfd710afb7947
C:\Program Files\NSIS\makensisw.exe ---> ff63054fa2624f9b6a5f3a0d9c2d66a4
C:\Program Files\NSIS\NSIS.exe ---> d0cd39386d4d8247c10703485fef3ba4
C:\Program Files\NSIS\Bin\makensis.exe ---> c8a22740444ed95280f9037605f8cefe
C:\Program Files\NSIS\Bin\zlib1.dll ---> 9a96baab5658196a84eae814a3a0156d
C:\Program Files\NSIS\Stubs\bzip2-x86-ansi ---> 37ede5cef22b32fd6ea2a9c79892ecea
C:\Program Files\NSIS\Stubs\bzip2-x86-unicode ---> 26f104d02f2121a4b03508b69f70af7d
C:\Program Files\NSIS\Stubs\bzip2_solid-x86-ansi ---> 0f1ca7593999e6315e52d5d55cae1a69
C:\Program Files\NSIS\Stubs\bzip2_solid-x86-unicode ---> 3cabf0a78d5b1998d6a0b331fca179b7
C:\Program Files\NSIS\Stubs\lzma-x86-ansi ---> f59264e63c9fdfc8dd4a520e7bb170d9
C:\Program Files\NSIS\Stubs\lzma-x86-unicode ---> 9f79f110a2f5514f09be7831bfa8a5f9
C:\Program Files\NSIS\Stubs\lzma_solid-x86-ansi ---> 3f97ee0c7f9fca58de1a9f4e3fcb5816
C:\Program Files\NSIS\Stubs\lzma_solid-x86-unicode ---> 4e233f4508443add587bc1efaf5ef719
Behavior description: 打开互斥体
details: ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
Behavior description: 加载新释放的文件
details: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb53.tmp\nsDialogs.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsb53.tmp\System.dll.