VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:2a2a7a6ff08aa39e46bb2dac0807bbf6
file type:Rar
Production company:
version:
Shell or compiler information:
Subfile information:eBoostr.exe / 09feff5d132b2d954c5149fd2da66bd8 / Nsis
Kill.exe / f24da4dab829332fbf99ebba4569622c / EXE
Patch.exe / 86995ed5554cae36f3d313990e1c8bdb / EXE
安装说明.txt / 0752cf8851b5c8ee47c0a786d62c1b73 / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.EPJ..NNMFF
MSCTF.MarshalInterface.FileMap.EPJ.B.NNMFF
MSCTF.MarshalInterface.FileMap.EPJ.C.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.D.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.E.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.F.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.G.MOMFF
MSCTF.Shared.SFM.EPJ
Global\eBoostrControlChanel_mmf
\WINDOWS\Temp\Perflib_Perfdata_e58.dat
Behavior description:关机或重启
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Behavior description:创建系统服务
details:[服务创建成功]: EBOOSTRSVC, "C:\Program Files\eBoostr\EBstrSvc.exe"
[服务创建成功]: eBoost, C:\WINDOWS\system32\drivers\eBoost.sys
Behavior description:设置启动项
details:C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBoostr Control Panel.lnk
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\eBoostr\EBstrSvc.exe, CmdLine = "C:\Program Files\eBoostr\EBstrSvc.exe" -install -auto
ImagePath = C:\Program Files\eBoostr\EBstrSvc.exe, CmdLine = "C:\Program Files\eBoostr\EBstrSvc.exe" -start
ImagePath = C:\Program Files\eBoostr\eBoostrCP.exe, CmdLine = "C:\Program Files\eBoostr\eBoostrCP.exe" -installdriver
ImagePath = C:\Program Files\eBoostr\EBstrSvc.exe, CmdLine = "C:\Program Files\eBoostr\EBstrSvc.exe"
ImagePath = C:\Program Files\eBoostr\eBoostrCP.exe, CmdLine = "C:\Program Files\eBoostr\eBoostrCP.exe" -checkreboot
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.EPJ..NNMFF
MSCTF.MarshalInterface.FileMap.EPJ.B.NNMFF
MSCTF.MarshalInterface.FileMap.EPJ.C.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.D.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.E.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.F.MOMFF
MSCTF.MarshalInterface.FileMap.EPJ.G.MOMFF
MSCTF.Shared.SFM.EPJ
Global\eBoostrControlChanel_mmf
\WINDOWS\Temp\Perflib_Perfdata_e58.dat
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\eBoostr 控制版面.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\eBoostr 速度测试工具.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\eBoostr 缓存统计.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\帮助\许可证协议.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\帮助\在线帮助.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\帮助\技术支持.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\帮助\产品主页.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\购买 eBoostr 4.5.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\eBoostr\卸载 eBoostr.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\UserInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\LangDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\nsDialogs.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\StartMenu.dll
C:\Program Files\eBoostr\sqlite.dll
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\eBoostr\CacheViewer.exe
C:\Program Files\eBoostr\eBoostrMeasure.exe
C:\Program Files\eBoostr\memeat.exe
C:\Program Files\eBoostr\StatViewer.exe
C:\Program Files\eBoostr\eBoost.sys
C:\Program Files\eBoostr\lang\jpn\eBoostrRC.dll
C:\Program Files\eBoostr\lang\jpn\StatViewerRC.dll
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\summary.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\summary.ini---> Offset = 25
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\modern-wizard.bmp---> Offset = 16384
C:\Program Files\eBoostr\Readme.txt---> Offset = 0
C:\Program Files\eBoostr\EULA.rtf---> Offset = 32768
C:\Program Files\eBoostr\lang\jpn\info.ini---> Offset = 0
C:\Program Files\eBoostr\lang\jpn\EULA.rtf---> Offset = 0
C:\Program Files\eBoostr\lang\deu\info.ini---> Offset = 0
C:\Program Files\eBoostr\lang\deu\EULA.rtf---> Offset = 16384
C:\Program Files\eBoostr\lang\rus\info.ini---> Offset = 0
C:\Program Files\eBoostr\lang\fra\info.ini---> Offset = 0
C:\Program Files\eBoostr\lang\esn\info.ini---> Offset = 0
C:\Program Files\eBoostr\lang\ita\info.ini---> Offset = 0
C:\Program Files\eBoostr\lang\ptg\info.ini---> Offset = 0
C:\Program Files\eBoostr\lang\nld\info.ini---> Offset = 0
Behavior description:设置启动项
details:C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBoostr Control Panel.lnk
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr\Settings\InstallLang
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr\Settings\ServerURL
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr 1\
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr 1\Program Path
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr 1\MAJOR_VERSION
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr 1\MINOR_VERSION
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr 1\BUILD_NUMBER
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\eBoostr Service\EventMessageFile
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\eBoostr Service\TypesSupported
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\eboost\EventMessageFile
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\eboost\TypesSupported
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eBoostr 1\NSIS:StartMenuDir
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eBoostr 1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eBoostr 1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eBoostr 1\InstallLocation
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr\Settings\RegisterURL
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr\Settings\RegisterLang
\REGISTRY\MACHINE\SOFTWARE\eBoostr\eBoostr\Settings\ResellerCode
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\PerfOS\Performance\Error Count
Other behavior
Behavior description:设置对象安全信息
details:C:\Documents and Settings\All Users\Application Data\eboostr\
C:\Documents and Settings\All Users\Application Data\eboostr\application.ini
C:\Documents and Settings\All Users\Application Data\eboostr\badlnk.dat
C:\Documents and Settings\All Users\Application Data\eboostr\exclude.ini
C:\Documents and Settings\All Users\Application Data\eboostr\filestat.dat
C:\Documents and Settings\All Users\Application Data\eboostr\service.txt
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EPJ
__PDH_PLA_MUTEX__
Global\eBoostrControlChanel_mutex
STAT_EBOOSTR_MUTEX
.NET CLR Data_Perf_Library_Lock_PID_e58
.NET CLR Networking_Perf_Library_Lock_PID_e58
.NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_e58
.NET Data Provider for Oracle_Perf_Library_Lock_PID_e58
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [ ,Static]
[Window,Class] = [ ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, eBoostr Service, "C:\Program Files\eBoostr\EBstrSvc.exe"
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_TCB_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Behavior description:创建系统服务
details:[服务创建成功]: EBOOSTRSVC, "C:\Program Files\eBoostr\EBstrSvc.exe"
[服务创建成功]: eBoost, C:\WINDOWS\system32\drivers\eBoost.sys
Behavior description:窗口信息
details:Pid = 2544, Hwnd=0x20354, Text = 简体中文, ClassName = ComboBox.
Pid = 2544, Hwnd=0x20350, Text = OK, ClassName = Button.
Pid = 2544, Hwnd=0x20358, Text = Cancel, ClassName = Button.
Pid = 2544, Hwnd=0x1035c, Text = Please select a language., ClassName = Static.
Pid = 2544, Hwnd=0x2034e, Text = Installer Language, ClassName = #32770.
Pid = 2544, Hwnd=0x30358, Text = 下一步(&N) >, ClassName = Button.
Pid = 2544, Hwnd=0x30350, Text = 取消(&C), ClassName = Button.
Pid = 2544, Hwnd=0x10362, Text = , ClassName = Static.
Pid = 2544, Hwnd=0x10364, Text = , ClassName = Static.
Pid = 2544, Hwnd=0x10376, Text = 欢迎使用“eBoostr 4.5”安装向导, ClassName = Static.
Pid = 2544, Hwnd=0x10378, Text = 这个向导将指引你完成“eBoostr 4.5”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定的系统, ClassName = Static.
Pid = 2544, Hwnd=0x3034e, Text = eBoostr 4.5 安装, ClassName = #32770.
Pid = 2544, Hwnd=0x2035c, Text = < 上一步(&P), ClassName = Button.
Pid = 2544, Hwnd=0x30358, Text = 我接受(&I), ClassName = Button.
Pid = 2544, Hwnd=0x10368, Text = 许可证协议, ClassName = Static.
Behavior description:关机或重启
details:N/A
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号