VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:87
Behavior list
Basic Information
MD5:2379d8f0df0cd56ba268db294ae043d1
file type:EXE
Production company:
version:1.2.0.2
Shell or compiler information:COMPILER:Wise Installer stub [Overlay]
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AKB..BJHGH
MSCTF.MarshalInterface.FileMap.AKB.B.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.C.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.D.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.E.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.F.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.G.BKHGH
MSCTF.Shared.SFM.AKB
MSCTF.MarshalInterface.FileMap.AKB.H.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.I.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.J.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.K.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.L.KJBLH
MSCTF.MarshalInterface.FileMap.AKB.M.KJBLH
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\红蜻蜓抓图精灵2005.lnk
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [正在安装,#32770]
[Window,Class] = [,AnimateWindow]
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ4.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ4.tmp" C:\Program Files\SuperSoft\RdfSnap2005\bmp2gif.ocx
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ4.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ4.tmp" C:\WINDOWS\system32\msstdfmt.dll
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ4.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ4.tmp" C:\WINDOWS\system32\msvbvm60.dll
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\卸载 红蜻蜓抓图精灵2005.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\最终用户软件许可协议.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\非常软件(北京)工作室.lnk
C:\Documents and Settings\Administrator\「开始」菜单\红蜻蜓抓图精灵2005.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\红蜻蜓抓图精灵2005.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\红蜻蜓抓图精灵2005帮助.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\WhatsNew.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLJ4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLK5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0002.TMP
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0005.TMP
C:\PROGRA~1\SUPERS~1\RDFSNA~1\temp.000
C:\Program Files\SuperSoft\RdfSnap2005\~GLH000a.TMP
C:\Program Files\SuperSoft\RdfSnap2005\~GLH000c.TMP
C:\WINDOWS\system32\~GLH000e.TMP
C:\WINDOWS\system32\temp.000
C:\WINDOWS\system32\~GLH0010.TMP
C:\Program Files\SuperSoft\RdfSnap2005\BACKUP\msvbvm60.dll
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\GLF8.tmp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\license.txt
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\*.*
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\*.*
FileName = C:\Program Files
FileName = C:\Program Files\SuperSoft
FileName = C:\Program Files\SuperSoft\RdfSnap2005
FileName = C:\Program Files\SuperSoft\RdfSnap2005\UNWISE.EXE
FileName = C:\PROGRA~1\SuperSoft
FileName = C:\PROGRA~1\SUPERS~1\RdfSnap2005
FileName = C:\PROGRA~1\SUPERS~1\RDFSNA~1\UNWISE.EXE
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\红蜻蜓抓图精灵2005.lnk
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AKB..BJHGH
MSCTF.MarshalInterface.FileMap.AKB.B.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.C.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.D.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.E.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.F.BJHGH
MSCTF.MarshalInterface.FileMap.AKB.G.BKHGH
MSCTF.Shared.SFM.AKB
MSCTF.MarshalInterface.FileMap.AKB.H.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.I.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.J.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.K.LIBLH
MSCTF.MarshalInterface.FileMap.AKB.L.KJBLH
MSCTF.MarshalInterface.FileMap.AKB.M.KJBLH
Behavior description:重命名文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0000.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLF8.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0001.TMP ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\license.txt
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0002.TMP ---> C:\Program Files\SuperSoft\RdfSnap2005\UNWISE.EXE
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0003.TMP ---> C:\Program Files\SuperSoft\RdfSnap2005\license.txt
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0004.TMP ---> C:\Program Files\SuperSoft\RdfSnap2005\www.supersoft.com.cn.url
C:\PROGRA~1\SUPERS~1\RDFSNA~1\temp.000 ---> C:\PROGRA~1\SUPERS~1\RDFSNA~1\~GLH0006.TMP
C:\PROGRA~1\SUPERS~1\RDFSNA~1\~GLH0006.TMP ---> C:\PROGRA~1\SUPERS~1\RDFSNA~1\RdfSnap2005.exe
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0007.TMP ---> C:\Program Files\SuperSoft\RdfSnap2005\sound.wav
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0008.TMP ---> C:\Program Files\SuperSoft\RdfSnap2005\whatsnew.txt
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0009.TMP ---> C:\Program Files\SuperSoft\RdfSnap2005\RdfSnap2005.chm
C:\PROGRA~1\SUPERS~1\RDFSNA~1\temp.000 ---> C:\PROGRA~1\SUPERS~1\RDFSNA~1\~GLH000b.TMP
C:\PROGRA~1\SUPERS~1\RDFSNA~1\~GLH000b.TMP ---> C:\PROGRA~1\SUPERS~1\RDFSNA~1\IJL11.DLL
C:\PROGRA~1\SUPERS~1\RDFSNA~1\temp.000 ---> C:\PROGRA~1\SUPERS~1\RDFSNA~1\~GLH000d.TMP
C:\PROGRA~1\SUPERS~1\RDFSNA~1\~GLH000d.TMP ---> C:\PROGRA~1\SUPERS~1\RDFSNA~1\bmp2gif.ocx
C:\WINDOWS\system32\temp.000 ---> C:\WINDOWS\system32\~GLH000f.TMP
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLC3.tmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~GLH0001.TMP---> Offset = 0
C:\WINDOWS\system32\GLBSINST.%$D---> Offset = 0
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0003.TMP---> Offset = 0
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0004.TMP---> Offset = 0
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0007.TMP---> Offset = 0
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0008.TMP---> Offset = 0
C:\Program Files\SuperSoft\RdfSnap2005\~GLH0009.TMP---> Offset = 32768
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\卸载 红蜻蜓抓图精灵2005.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\最终用户软件许可协议.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\非常软件(北京)工作室.lnk---> Offset = 0
C:\Documents and Settings\Administrator\桌面\红蜻蜓抓图精灵2005.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\红蜻蜓抓图精灵2005.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\红蜻蜓抓图精灵2005.lnk---> Offset = 0
C:\Documents and Settings\Administrator\「开始」菜单\程序\红蜻蜓抓图精灵2005\红蜻蜓抓图精灵2005帮助.lnk---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\红蜻蜓抓图精灵2005 v1.22 build 0226\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\红蜻蜓抓图精灵2005 v1.22 build 0226\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\msstdfmt.dll
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\msvbvm60.dll
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{000204EF-0000-0000-C000-000000000046}\6.0\9\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B263850-900B-11D0-9484-00A0C91110ED}\1.0\0\win32\
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 1344, Hwnd=0x202a8, Text = 红蜻蜓抓图精灵2005 v1.22 build 0226 安装, ClassName = GLBSInstall.
Pid = 1344, Hwnd=0x202ae, Text = 下一步(&N) >, ClassName = Button.
Pid = 1344, Hwnd=0x202aa, Text = 取消, ClassName = Button.
Pid = 1344, Hwnd=0x702c0, Text = 欢迎使用 红蜻蜓抓图精灵2005 v1.22 build 0226 安装程序,此程序将在你的计算机上安装 红蜻蜓抓图精灵2005 v1.22 build 0226。, ClassName = Static.
Pid = 1344, Hwnd=0x502ce, Text = 强烈推荐你在运行此安装程序前,退出所有 Windows 程序。 点击“取消”按钮退出安装并关闭已经运行的任何程序。点击“下一步”继续安装, ClassName = Static.
Pid = 1344, Hwnd=0x302b8, Text = 欢迎安装 红蜻蜓抓图精灵2005, ClassName = GLBSWizard.
Pid = 1344, Hwnd=0x602ce, Text =    请仔细阅读下面的许可协议。使用 PAGE DOWN 键查看协议的其余内容。, ClassName = Static.
Pid = 1344, Hwnd=0x802c0, Text =           最终用户软件许可协议 许可:   非常软件(北京)工作室将红蜻蜓抓图精灵2005 v1.22 build 0226 软件程序, ClassName = Edit.
Pid = 1344, Hwnd=0x302ac, Text = 是否完全接受上述许可协议的全部条款?如果选择“否”,安装程序将自动关闭。 要安装 红蜻蜓抓图精灵2005 ,您必须接受本协议。, ClassName = Static.
Pid = 1344, Hwnd=0x302aa, Text = < 上一步(&B), ClassName = Button.
Pid = 1344, Hwnd=0x302ae, Text = 是(&Y), ClassName = Button.
Pid = 1344, Hwnd=0x202d0, Text = 否(&N), ClassName = Button.
Pid = 1344, Hwnd=0x302b8, Text = 最终用户软件许可协议, ClassName = GLBSWizard.
Pid = 1344, Hwnd=0x160142, Text = 下一步(&N) >, ClassName = Button.
Pid = 1344, Hwnd=0x3015a, Text = < 上一步(&B), ClassName = Button.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [正在安装,#32770]
[Window,Class] = [,AnimateWindow]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AKB
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号