VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:89
Behavior list
Basic Information
MD5:261e8f5e6a59681d18bd9942bb0b819c
file type:EXE
Production company:foobar2000.org
version:1.3.16.0---1.3.16
Shell or compiler information:COMPILER:NSIS
Subfile information:foobar2000.exe / e9553c0f46820511cc4f79fd089bf9ef / EXE
foo_input_std.dll / d71d098476f166b3b9ca067cbcbdc869 / DLL
foo_ui_std.dll / 140796874e6140288ba16113ed7f0d89 / DLL
avcodec-fb2k-57.dll / eca1f3caec93b40f56dd9fe22a4fef0e / DLL
foo_converter.dll / 6cb12b0ce8615732c801913ff5c9e91b / DLL
avutil-fb2k-55.dll / 89d2f8f23d906ca4ba27448ee661d86f / DLL
foo_rgscan.dll / 066a3d658da91249d2f92376307316ea / DLL
foo_albumlist.dll / 3f247dbfd03212f5c2073fab133db77f / DLL
foo_cdda.dll / ed5a1f3992c0c20a3d39df21ebab4776 / DLL
foo_freedb2.dll / 7722268a8d4fb70de8b57e3d38d1476f / DLL
foo_fileops.dll / 293af6ae7618b775e554a232e3a6f3ce / DLL
foo_unpack.dll / 58f49569f0992be0945bf6f089fd70ea / DLL
foo_dsp_std.dll / b905d638d0c4feea9e4bb6da13eb3163 / DLL
foo_dsp_eq.dll / 35ad97a255635944aa6b7da8bd99b531 / DLL
shared.dll / d9d2c3d307ac3be2bb4bec9c9d9d3326 / DLL
modern-wizard.bmp / 4e50c5083442a80ccad90b7249517327 / Unknown
uninstall.exe / e723e4c49bd6a34aabed324fe705cc98 / EXE
__ / 5143fca22397c5f4fb9d8a9bb7e531a7 / DLL
fth.ico / a89ee9d2c1ed107e6eb977601104001e / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010348, Text = foobar2000 v1.3.16 Setup , ClassName = #32770.
Behavior description:直接获取CPU时钟
details:EAX = 0xce905fea, EDX = 0x000000c6
EAX = 0xce906036, EDX = 0x000000c6
EAX = 0xce906082, EDX = 0x000000c6
EAX = 0xce9060ce, EDX = 0x000000c6
EAX = 0xce90611a, EDX = 0x000000c6
EAX = 0xce906166, EDX = 0x000000c6
EAX = 0xce9061b2, EDX = 0x000000c6
EAX = 0xce9061fe, EDX = 0x000000c6
EAX = 0xce90624a, EDX = 0x000000c6
EAX = 0xce906296, EDX = 0x000000c6
EAX = 0x2750cd3d, EDX = 0x000000cb
EAX = 0x2750cd89, EDX = 0x000000cb
EAX = 0x2750cdd5, EDX = 0x000000cb
EAX = 0x2750ce21, EDX = 0x000000cb
EAX = 0x2750ce6d, EDX = 0x000000cb
Behavior description:在桌面创建文件
details:C:\Documents and Settings\All Users\桌面\foobar2000.lnk
Behavior description:获取TickCount值
details:TickCount = 240640, SleepMilliseconds = 250.
TickCount = 240656, SleepMilliseconds = 250.
TickCount = 240718, SleepMilliseconds = 250.
TickCount = 240781, SleepMilliseconds = 250.
TickCount = 242078, SleepMilliseconds = 250.
TickCount = 304828, SleepMilliseconds = 60000.
TickCount = 304843, SleepMilliseconds = 60000.
TickCount = 304953, SleepMilliseconds = 60000.
TickCount = 304968, SleepMilliseconds = 60000.
TickCount = 304984, SleepMilliseconds = 60000.
TickCount = 305000, SleepMilliseconds = 60000.
TickCount = 305031, SleepMilliseconds = 60000.
TickCount = 305234, SleepMilliseconds = 60000.
TickCount = 305484, SleepMilliseconds = 60000.
TickCount = 305734, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建进程
details:[0x00000a90]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\foobar2000\ShellExt32.dll"
[0x000009e0]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\foobar2000\ShellExt64.dll"
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3836, ThreadID = 3908, StartAddress = 10002234, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3836, ThreadID = 4048, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3836, ThreadID = 4052, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3836, ThreadID = 192, StartAddress = 00405444, Parameter = 00060368
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 2648, ThreadID = 2684, StartAddress = 00519AA9, Parameter = 00FD2C50
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 2648, ThreadID = 2692, StartAddress = 00519AA9, Parameter = 00FD2E70
TargetProcess: foobar2000 Shell Associations Updater.exe, InheritedFromPID = 3836, ProcessID = 2708, ThreadID = 2676, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 3008, ThreadID = 2116, StartAddress = 00519AA9, Parameter = 00FD2C50
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 3008, ThreadID = 2120, StartAddress = 00519AA9, Parameter = 00FD2E70
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3836, ThreadID = 2100, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 3008, ThreadID = 2104, StartAddress = 00519AA9, Parameter = 012075E0
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 3008, ThreadID = 2108, StartAddress = 00519AA9, Parameter = 012075E0
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 3008, ThreadID = 2096, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 3008, ThreadID = 2092, StartAddress = 77E56C7D, Parameter = 001B4A80
TargetProcess: foobar2000.exe, InheritedFromPID = 3836, ProcessID = 3008, ThreadID = 2744, StartAddress = 769AE43B, Parameter = 001B77B8
Behavior description:创建新文件进程
details:[0x00000a58]ImagePath = C:\Program Files\foobar2000\foobar2000.exe, CmdLine = "C:\Program Files\foobar2000\foobar2000.exe" /install /quiet /exportshelldata "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fb2kshelldata.tmp"
[0x00000a94]ImagePath = C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe, CmdLine = "C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fb2kshelldata.tmp"
[0x00000bc0]ImagePath = C:\Program Files\foobar2000\foobar2000.exe, CmdLine = "C:\Program Files\foobar2000\foobar2000.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsw3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\UAC.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\nsDialogs.dll
C:\Program Files\foobar2000\user_profiles_enabled
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\foobar2000\avcodec-fb2k-57.dll
C:\Program Files\foobar2000\avutil-fb2k-55.dll
C:\Program Files\foobar2000\shared.dll
C:\Program Files\foobar2000\zlib1.dll
C:\Program Files\foobar2000\titleformat_help.html
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\foobar2000.lnk
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\UAC.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\nsDialogs.dll
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\foobar2000\avcodec-fb2k-57.dll
C:\Program Files\foobar2000\avutil-fb2k-55.dll
C:\Program Files\foobar2000\shared.dll
C:\Program Files\foobar2000\zlib1.dll
C:\Program Files\foobar2000\ShellExt32.dll
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe
C:\Program Files\foobar2000\components\foo_input_std.dll
C:\Program Files\foobar2000\components\foo_ui_std.dll
C:\Program Files\foobar2000\components\foo_cdda.dll
C:\Program Files\foobar2000\components\foo_albumlist.dll
C:\Program Files\foobar2000\components\foo_dsp_std.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw5.tmp
FileName = C:\Program Files\foobar2000\portable_mode_enabled
FileName = C:\Program Files\foobar2000\installer.ini
FileName = C:\Program Files\foobar2000\components\*
FileName = C:\Program Files\foobar2000\foobar2000.exe
FileName = C:\Program Files\foobar2000\*
FileName = C:\Program Files\foobar2000\ShellExt32.dll
FileName = C:\Program Files\foobar2000\icons\aac.ico
FileName = C:\Program Files\foobar2000\icons\ape.ico
FileName = C:\Program Files\foobar2000\icons\apl.ico
FileName = C:\Program Files\foobar2000\icons\cda.ico
FileName = C:\Program Files\foobar2000\icons\cue.ico
FileName = C:\Program Files\foobar2000\icons\flac.ico
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsw3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp
C:\Documents and Settings\Administrator\Application Data\foobar2000\running
C:\Documents and Settings\Administrator\Local Settings\Temp\fb2kshelldata.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\foover.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\UAC.dll
Behavior description:在桌面创建文件
details:C:\Documents and Settings\All Users\桌面\foobar2000.lnk
Behavior description:重命名文件
details:C:\Program Files\foobar2000\foobar2000.exe ---> C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\foobar2000\avcodec-fb2k-57.dll ---> C:\Program Files\foobar2000\avcodec-fb2k-57.dll
C:\Program Files\foobar2000\avutil-fb2k-55.dll ---> C:\Program Files\foobar2000\avutil-fb2k-55.dll
C:\Program Files\foobar2000\shared.dll ---> C:\Program Files\foobar2000\shared.dll
C:\Program Files\foobar2000\zlib1.dll ---> C:\Program Files\foobar2000\zlib1.dll
C:\Program Files\foobar2000\titleformat_help.html ---> C:\Program Files\foobar2000\titleformat_help.html
C:\Program Files\foobar2000\titleformat_help.css ---> C:\Program Files\foobar2000\titleformat_help.css
C:\Program Files\foobar2000\Query Syntax Help.html ---> C:\Program Files\foobar2000\Query Syntax Help.html
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe ---> C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe
C:\Program Files\foobar2000\components\foo_input_std.dll ---> C:\Program Files\foobar2000\components\foo_input_std.dll
C:\Program Files\foobar2000\components\foo_ui_std.dll ---> C:\Program Files\foobar2000\components\foo_ui_std.dll
C:\Program Files\foobar2000\components\foo_cdda.dll ---> C:\Program Files\foobar2000\components\foo_cdda.dll
C:\Program Files\foobar2000\components\foo_albumlist.dll ---> C:\Program Files\foobar2000\components\foo_albumlist.dll
C:\Program Files\foobar2000\components\foo_dsp_std.dll ---> C:\Program Files\foobar2000\components\foo_dsp_std.dll
C:\Program Files\foobar2000\components\foo_dsp_eq.dll ---> C:\Program Files\foobar2000\components\foo_dsp_eq.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsc4.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\UAC.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-header.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-wizard.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-wizard.bmp ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\modern-wizard.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\nsDialogs.dll ---> Offset = 0
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\Programmable\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\MayChangeDefaultMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3B3052C5-E430-4A00-84C9-BFD43336940B}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Fb2kShellExt.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\MayChangeDefaultMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\TypeLib\
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AAP
DirectSound DllMain mutex (0x00000A58)
FOOBAR2000_3E661025
_SHuassist.mtx
DirectSound DllMain mutex (0x00000BC0)
MSCTF.Shared.MUTEX.AEI
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.AAP.IC
EventName = MSCTF.SendReceiveConection.Event.AAP.IC
EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.AEI.IC
EventName = MSCTF.SendReceiveConection.Event.AEI.IC
Behavior description:打开互斥体
details:ShimCacheMutex
DBWinMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 3836, Hwnd=0x1034c, Text = < &Back, ClassName = Button.
Pid = 3836, Hwnd=0x1034e, Text = &Next >, ClassName = Button.
Pid = 3836, Hwnd=0x10350, Text = Cancel, ClassName = Button.
Pid = 3836, Hwnd=0x1035c, Text = NSIS v3 , ClassName = Static.
Pid = 3836, Hwnd=0x1035e, Text = NSIS v3, ClassName = Static.
Pid = 3836, Hwnd=0x1036c, Text = Welcome to the foobar2000 Setup, ClassName = Static.
Pid = 3836, Hwnd=0x1036e, Text = This wizard will guide you through the installation of foobar2000 audio player. Click Next to continue., ClassName = Static.
Pid = 3836, Hwnd=0x10348, Text = foobar2000 v1.3.16 Setup, ClassName = #32770.
Pid = 3836, Hwnd=0x1034e, Text = I &Agree, ClassName = Button.
Pid = 3836, Hwnd=0x10362, Text = License Agreement, ClassName = Static.
Pid = 3836, Hwnd=0x10364, Text = Please review the license terms before installing foobar2000., ClassName = Static.
Pid = 3836, Hwnd=0x2036e, Text = Press Page Down to see the rest of the agreement., ClassName = Static.
Pid = 3836, Hwnd=0x2036c, Text = foobar2000 audio player Copyright © 2001-2015 Peter Pawlowski Portions copyright © 2005-2006 Holger Stenger Portions copyright, ClassName = RichEdit20W.
Pid = 3836, Hwnd=0x2036a, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install foobar2000., ClassName = Static.
Pid = 3836, Hwnd=0x10362, Text = Choose Install Type, ClassName = Static.
Behavior description:获取TickCount值
details:TickCount = 240640, SleepMilliseconds = 250.
TickCount = 240656, SleepMilliseconds = 250.
TickCount = 240718, SleepMilliseconds = 250.
TickCount = 240781, SleepMilliseconds = 250.
TickCount = 242078, SleepMilliseconds = 250.
TickCount = 304828, SleepMilliseconds = 60000.
TickCount = 304843, SleepMilliseconds = 60000.
TickCount = 304953, SleepMilliseconds = 60000.
TickCount = 304968, SleepMilliseconds = 60000.
TickCount = 304984, SleepMilliseconds = 60000.
TickCount = 305000, SleepMilliseconds = 60000.
TickCount = 305031, SleepMilliseconds = 60000.
TickCount = 305234, SleepMilliseconds = 60000.
TickCount = 305484, SleepMilliseconds = 60000.
TickCount = 305734, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010348, Text = foobar2000 v1.3.16 Setup , ClassName = #32770.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\crypt32LogoffEvent
MSFT.VSA.COM.DISABLE.3008
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\UAC.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Program Files\foobar2000\foobar2000.exe(签名验证: 未通过)
C:\Program Files\foobar2000\avcodec-fb2k-57.dll(签名验证: 未通过)
C:\Program Files\foobar2000\avutil-fb2k-55.dll(签名验证: 未通过)
C:\Program Files\foobar2000\shared.dll(签名验证: 未通过)
C:\Program Files\foobar2000\zlib1.dll(签名验证: 未通过)
C:\Program Files\foobar2000\ShellExt32.dll(签名验证: 未通过)
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_input_std.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_ui_std.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_cdda.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_albumlist.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_dsp_std.dll(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[1]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [< &Back,Button]
[Window,Class] = [NSIS v3,Static]
[Window,Class] = [NSIS v3 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Show &details,Button]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\UAC.dll ---> 3fa5491c158c30082b42569cf4f54381
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\System.dll ---> 17ed1c86bd67e78ade4712be48a7d2bd
C:\Documents and Settings\Administrator\Local Settings\Temp\nsw5.tmp\nsDialogs.dll ---> 42b064366f780c1f298fa3cb3aeae260
C:\Program Files\foobar2000\foobar2000.exe ---> e9553c0f46820511cc4f79fd089bf9ef
C:\Program Files\foobar2000\avcodec-fb2k-57.dll ---> eca1f3caec93b40f56dd9fe22a4fef0e
C:\Program Files\foobar2000\avutil-fb2k-55.dll ---> 89d2f8f23d906ca4ba27448ee661d86f
C:\Program Files\foobar2000\shared.dll ---> d9d2c3d307ac3be2bb4bec9c9d9d3326
C:\Program Files\foobar2000\zlib1.dll ---> ba235af458435f95bd21f861b82de874
C:\Program Files\foobar2000\ShellExt32.dll ---> 96033c1016cf10b70b34cd79788af67b
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe ---> e78f6c54a53e198ea66711b476b616c4
C:\Program Files\foobar2000\components\foo_input_std.dll ---> d71d098476f166b3b9ca067cbcbdc869
C:\Program Files\foobar2000\components\foo_ui_std.dll ---> 140796874e6140288ba16113ed7f0d89
C:\Program Files\foobar2000\components\foo_cdda.dll ---> ed5a1f3992c0c20a3d39df21ebab4776
C:\Program Files\foobar2000\components\foo_albumlist.dll ---> 3f247dbfd03212f5c2073fab133db77f
C:\Program Files\foobar2000\components\foo_dsp_std.dll ---> b905d638d0c4feea9e4bb6da13eb3163
Behavior description:直接获取CPU时钟
details:EAX = 0xce905fea, EDX = 0x000000c6
EAX = 0xce906036, EDX = 0x000000c6
EAX = 0xce906082, EDX = 0x000000c6
EAX = 0xce9060ce, EDX = 0x000000c6
EAX = 0xce90611a, EDX = 0x000000c6
EAX = 0xce906166, EDX = 0x000000c6
EAX = 0xce9061b2, EDX = 0x000000c6
EAX = 0xce9061fe, EDX = 0x000000c6
EAX = 0xce90624a, EDX = 0x000000c6
EAX = 0xce906296, EDX = 0x000000c6
EAX = 0x2750cd3d, EDX = 0x000000cb
EAX = 0x2750cd89, EDX = 0x000000cb
EAX = 0x2750cdd5, EDX = 0x000000cb
EAX = 0x2750ce21, EDX = 0x000000cb
EAX = 0x2750ce6d, EDX = 0x000000cb
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw5.tmp\UAC.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw5.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsw5.tmp\nsDialogs.dll.
Image: C:\Program Files\foobar2000\ShellExt32.dll.
Image: C:\Program Files\foobar2000\zlib1.dll.
Image: C:\Program Files\foobar2000\shared.dll.
Image: C:\Program Files\foobar2000\components\foo_fileops.dll.
Image: C:\Program Files\foobar2000\components\foo_converter.dll.
Image: C:\Program Files\foobar2000\components\foo_input_std.dll.
Image: C:\Program Files\foobar2000\avcodec-fb2k-57.dll.
Image: C:\Program Files\foobar2000\avutil-fb2k-55.dll.
Image: C:\Program Files\foobar2000\components\foo_freedb2.dll.
Image: C:\Program Files\foobar2000\components\foo_dsp_std.dll.
Image: C:\Program Files\foobar2000\components\foo_cdda.dll.
Image: C:\Program Files\foobar2000\components\foo_rgscan.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号