VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:1915f5e73d0b40b10a9f6c3e6ea46ddf
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 隐藏指定窗口
details: [Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_CU,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_LM,Static]
[Window,Class] = [冠龙行情分析系统 安装,MsiDialogCloseClass]
[Window,Class] = [取消,Button]
[Window,Class] = [,Button]
[Window,Class] = [查看自述文件,Static]
[Window,Class] = [启动 冠龙行情分析系统,Static]

Process behavior

Behavior description: 创建进程
details: ImagePath = C:\WINDOWS\system32\msiexec.exe, CmdLine = /i "C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\glgjs.msi" AI_SETUPEXEPATH="c:\%temp%\1427648239.810104.exe" SETUPEXED

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.EEP..LAPHF
MSCTF.MarshalInterface.FileMap.EEP.B.LAPHF
MSCTF.MarshalInterface.FileMap.EEP.C.LAPHF
MSCTF.MarshalInterface.FileMap.EEP.D.LAPHF
MSCTF.MarshalInterface.FileMap.EEP.E.LAPHF
MSCTF.MarshalInterface.FileMap.EEP.F.LAPHF
MSCTF.MarshalInterface.FileMap.EEP.G.LAPHF
MSCTF.Shared.SFM.EEP
MSCTF.MarshalInterface.FileMap.EEP.H.ECAIF
MSCTF.MarshalInterface.FileMap.EEP.I.ECAIF
MSCTF.MarshalInterface.FileMap.EEP.J.ECAIF
MSCTF.MarshalInterface.FileMap.EEP.K.ECAIF
MSCTF.MarshalInterface.FileMap.EEP.L.ECAIF
MSCTF.MarshalInterface.FileMap.EEP.M.ECAIF
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\decoder.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\AutoUpdate.exe
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\glgjs.exe
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\MainApp.exe
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\Update_Up.exe
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\AuthoPlugin.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\botan.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\commengine.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\dataengine.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\dbghelp.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\fileengine.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\ForexSocket.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\gdiplus.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\libcurl.dll
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\libeay32.dll
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\logo.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\一箭三雕.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\中线操盘.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\动态选股.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\大单统计.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\大盘抄底.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\大盘逃顶.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\热点掘金.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\牛熊分界.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\短线操盘.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\私募强龙.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\资金流向.png---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\alarm.bmp---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\main.ico---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\Microsoft.VC80.CRT.manifest---> Offset = 0

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Advinst_a133549de70d4e3bbb0cda428e1e5220
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EEP
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.EEK
Global\_MSIExecute
Behavior description: 隐藏指定窗口
details: [Window,Class] = [Windows Installer,#32770]
[Window,Class] = [,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_CU,Static]
[Window,Class] = [属性: AI_SETUPEXEPATH,签名: AI_EXE_PATH_LM,Static]
[Window,Class] = [冠龙行情分析系统 安装,MsiDialogCloseClass]
[Window,Class] = [取消,Button]
[Window,Class] = [,Button]
[Window,Class] = [查看自述文件,Static]
[Window,Class] = [启动 冠龙行情分析系统,Static]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 3904, Hwnd=0x20354, Text = 取消, ClassName = Button.
Pid = 3904, Hwnd=0x10358, Text = 正在提取主应用程序文件..., ClassName = Static.
Pid = 3904, Hwnd=0x2034e, Text = 冠龙行情分析系统 安装, ClassName = #32770.
Pid = 2600, Hwnd=0x1038c, Text = 下一步(&N) >, ClassName = Button.
Pid = 2600, Hwnd=0x10386, Text = 取消, ClassName = Button.
Pid = 2600, Hwnd=0x1038e, Text = dialog_image.jpg, ClassName = Static.
Pid = 2600, Hwnd=0x10388, Text = < 上一步(&B), ClassName = Button.
Pid = 2600, Hwnd=0x10382, Text = 欢迎使用 冠龙行情分析系统 安装向导, ClassName = Static.
Pid = 2600, Hwnd=0x10384, Text = 安装向导将在您的计算机上安装 冠龙行情分析系统。单击 "下一步" 继续,或单击 "取消" 退出安装向导。, ClassName = Static.
Pid = 2600, Hwnd=0x1037e, Text = 冠龙行情分析系统 安装, ClassName = MsiDialogCloseClass.
Pid = 2600, Hwnd=0x2036e, Text = 下一步(&N) >, ClassName = Button.
Pid = 2600, Hwnd=0x10394, Text = 文件夹(&F):, ClassName = Static.
Pid = 2600, Hwnd=0x10392, Text = C:\冠龙行情分析系统\, ClassName = RichEdit20W.
Pid = 2600, Hwnd=0x10396, Text = 浏览(&O)..., ClassName = Button.
Pid = 2600, Hwnd=0x10390, Text = Advanced Installer, ClassName = Static.
Behavior description: 打开图片文件
details: \Documents and Settings\Administrator\Application Data\天津冠龙贵金属经营有限公司\冠龙行情分析系统\install\A433F03\image\alarm.bmp