1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:74 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 31f0ed713406ab36303de5fc612af19a |
| file type: | zip |
| Production company: | |
| version: | |
| Shell or compiler information: | |
| Subfile information: | 布凡QQ批量自动加好友软件 1.0.exe / dac914468e22ce7bc9d3c233c70fc371 / EXE |
| upx_c_b5706527dumpFile / ce3daf1122894392c76f3eb9e2dcb361 / DLL | |
| qsmy.dll / d6e89f309a677fd1e5ba1e38cd5a686d / DLL | |
| UUWiseHelper.dll / afd14de763f7c540e686afdc55281039 / DLL | |
| upx30_e394534edumpFile / b89b48d5e7760ef5b5673727a1b86871 / DLL | |
| 1007dumpFile / c178ae9d1a45ac6e806cbbe612440e7c / DLL | |
| SkinH_EL.dll / 147127382e001f495d1842ee7a9e7912 / DLL | |
| yzm.bmp / 1e4334301769e6c4b436cec515b703ab / Unknown | |
| 目标QQ.txt / dceb74f68e6f80f1981d03663167020c / Unknown | |
| mmcw.bmp / 31f29c785e6fbe0ef512e8f489579ab5 / Unknown | |
| 3.bmp / a5944676e374d04e0d9b49ea3290283c / Unknown | |
| 2.bmp / 5f9d17d4a13ec548e6c0e2a63c66da96 / Unknown | |
| 4.bmp / f224025d222b374b0e03e7a042697793 / Unknown | |
| 1.bmp / 02ea2aa1e99d3b6e3860047147b86188 / Unknown | |
| zhbcz.bmp / 929ad742a9a0397947abfe9b5946f306 / Unknown | |
| 加好友特点.txt / d9a5e2685bfac0c921ba17d028e540e7 / Unknown | |
| QQ登录数据.txt / d41d8cd98f00b204e9800998ecf8427e / Unknown | |
| 优优云账户信息.txt / d41d8cd98f00b204e9800998ecf8427e / Unknown | |
| 加好友验证信息.txt / d41d8cd98f00b204e9800998ecf8427e / Unknown | |
| Key behavior | |
|---|---|
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [反馈事件,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [,Edit] | |
| [Window,Class] = [,Afx:400000:8:10011:1900015:0] | |
| [Window,Class] = [目标QQ和失效QQ账号列表,Button] | |
| [Window,Class] = [0,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [发送消息成功数:,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [加友总数:,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [,SysTabControl32] | |
| [Window,Class] = [筛选,Button] | |
| [Window,Class] = [格式如:182.149.172.150,Edit] | |
| [Window,Class] = [开始加好友,Button] | |
| [Window,Class] = [暂停(F2),Button] | |
| [Window,Class] = [停止(F4),Button] | |
| [Window,Class] = [设置每加一个好友间隔,Afx:400000:b:10011:1900015:0] | |
| Behavior description: | 设置消息钩子 |
| details: | C:\WINDOWS\system32\DINPUT8.dll |
| Behavior description: | 获取窗口截图信息 |
| details: | Foreground window Info: HWND = 0x0201053d, DC = 0x0201053d. |
| Foreground window Info: HWND = 0x24010301, DC = 0x24010301. | |
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| \WINDOWS\system32\zh-cn\ieframe.dll.mui | |
| Local\UrlZonesSM_Administrator | |
| Local\!PrivacIE!SharedMem!Counter | |
| \WINDOWS\system32\zh-cn\mshtml.dll.mui | |
| MSCTF.MarshalInterface.FileMap.ADM..FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.B.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.C.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.D.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.E.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.F.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.G.FPAIH | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 按名称获取主机地址 |
| details: | s1.uuwise.com |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| \WINDOWS\system32\zh-cn\ieframe.dll.mui | |
| Local\UrlZonesSM_Administrator | |
| Local\!PrivacIE!SharedMem!Counter | |
| \WINDOWS\system32\zh-cn\mshtml.dll.mui | |
| MSCTF.MarshalInterface.FileMap.ADM..FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.B.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.C.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.D.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.E.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.F.FPAIH | |
| MSCTF.MarshalInterface.FileMap.ADM.G.FPAIH | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 修改文件内容 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[2]---> Offset = 0 |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]---> Offset = 0 | |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]---> Offset = 0 | |
| C:\Program Files\Windows NF\001Time.txt---> Offset = 0 | |
| Behavior description: | 查找文件 |
| details: | FileName = C:\Documents and Settings |
| FileName = C:\Documents and Settings\Administrator | |
| FileName = C:\Documents and Settings\Administrator\Local Settings | |
| FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk | |
| FileName = C:\WINDOWS\system32\Ras\*.pbk | |
| FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk | |
| FileName = C:\WINDOWS | |
| FileName = C:\WINDOWS\system32 | |
| FileName = C:\WINDOWS\system32\ieframe.dll | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445704769.711430.exe_7zdump\布凡QQ批量自动加好友软件 1.0(试用版)\软件支持文件(不可丢失)\qsmy.dll | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445704769.714940.exe_7zdump\布凡QQ批量自动加好友软件 1.0(试用版)\UUWiseHelper.dll | |
| Network behavior | |
|---|---|
| Behavior description: | 发送一个已连接的套接字数据 |
| details: | SOCKET = 0x0000030c, TotalSize = 1, Offset = 0, ReadSize = 1. |
| Behavior description: | 连接指定站点 |
| details: | InternetConnectA: ServerName = bufansoft.com, PORT = 80 |
| InternetConnectA: ServerName = open.baidu.com, PORT = 80 | |
| Behavior description: | 建立到一个指定的套接字连接 |
| details: | 127.0.0.1:1031 |
| 127.0.0.1:1032 | |
| 127.0.0.1:1033 | |
| 127.0.0.1:1034 | |
| 127.0.0.1:1035 | |
| 127.0.0.1:1036 | |
| 127.0.0.1:1037 | |
| 127.0.0.1:1038 | |
| 127.0.0.1:1039 | |
| 127.0.0.1:1040 | |
| 127.0.0.1:1041 | |
| 127.0.0.1:1042 | |
| 127.0.0.1:1043 | |
| 127.0.0.1:1044 | |
| 127.0.0.1:1045 | |
| Behavior description: | 读取网络文件 |
| details: | hFile = 0x000003fc, BytesToRead =10240, BytesRead = 10240. |
| hFile = 0x000003cc, BytesToRead =10240, BytesRead = 10240. | |
| Behavior description: | 打开HTTP请求 |
| details: | HttpOpenRequestA: bufansoft.com:80/index/qq钀ラ攢绯诲垪, hConnect = 0x000004b0 |
| HttpOpenRequestA: open.baidu.com:80/special/time/, hConnect = 0x000003f0 | |
| HttpOpenRequestA: bufansoft.com:80/index/, hConnect = 0x00000434 | |
| Behavior description: | 按名称获取主机地址 |
| details: | s1.uuwise.com |
| Registry behavior | |
|---|---|
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings |
| \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0) | |
| \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\USBstor\QSMYTime001 | |
| \REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name | |
| Behavior description: | 删除注册表键值_IE连接设置 |
| details: | \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer |
| \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | RasPbFile |
| CTF.LBES.MutexDefaultS-* | |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| Local\ZonesCounterMutex | |
| Local\ZoneAttributeCacheCounterMutex | |
| Local\ZonesCacheCounterMutex | |
| Local\ZonesLockedCacheCounterMutex | |
| Local\!PrivacIE!SharedMemory!Mutex | |
| DDrawWindowListMutex | |
| __DDrawExclMode__ | |
| __DDrawCheckExclMode__ | |
| Behavior description: | 内联HOOK |
| details: | C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0 |
| C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0 | |
| C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0 | |
| Behavior description: | 设置消息钩子 |
| details: | C:\WINDOWS\system32\DINPUT8.dll |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,] |
| NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,] | |
| NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] | |
| NtUserFindWindowEx: [Class,Window] = [,] | |
| Behavior description: | 窗口信息 |
| details: | Pid = 468, Hwnd=0x3015a, Text = 确定, ClassName = Button. |
| Pid = 468, Hwnd=0x10380, Text = 运行时出错! 错误代码:1 错误信息:数组成员引用下标超出定义范围 , ClassName = Static. | |
| Pid = 468, Hwnd=0x140134, Text = 错误, ClassName = #32770. | |
| Pid = 468, Hwnd=0x10364, Text = 下载体验, ClassName = Afx:400000:b:1002b9:1900015:0. | |
| Pid = 468, Hwnd=0x10362, Text = 下载体验, ClassName = Afx:400000:b:1002b9:1900015:0. | |
| Pid = 468, Hwnd=0x10360, Text = 索取软件, ClassName = Afx:400000:b:1002b9:1900015:0. | |
| Pid = 468, Hwnd=0x1035e, Text = 消息, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 468, Hwnd=0x1035c, Text = 消息, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 468, Hwnd=0x1035a, Text = 消息, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 468, Hwnd=0x10358, Text = 错误提示, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 468, Hwnd=0x10356, Text = 试用期到:2015/10/28 结束, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 468, Hwnd=0x20372, Text = 改用浏览器打开此页, ClassName = Button. | |
| Pid = 468, Hwnd=0x10354, Text = 删除, ClassName = Button. | |
| Pid = 468, Hwnd=0x10312, Text = 秒, ClassName = Afx:400000:b:10011:1900015:0. | |
| Pid = 468, Hwnd=0x10310, Text = 10, ClassName = Edit. | |
| Behavior description: | 获取窗口截图信息 |
| details: | Foreground window Info: HWND = 0x0201053d, DC = 0x0201053d. |
| Foreground window Info: HWND = 0x24010301, DC = 0x24010301. | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [反馈事件,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [,Edit] | |
| [Window,Class] = [,Afx:400000:8:10011:1900015:0] | |
| [Window,Class] = [目标QQ和失效QQ账号列表,Button] | |
| [Window,Class] = [0,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [发送消息成功数:,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [加友总数:,Afx:400000:b:10011:1900015:0] | |
| [Window,Class] = [,SysTabControl32] | |
| [Window,Class] = [筛选,Button] | |
| [Window,Class] = [格式如:182.149.172.150,Edit] | |
| [Window,Class] = [开始加好友,Button] | |
| [Window,Class] = [暂停(F2),Button] | |
| [Window,Class] = [停止(F4),Button] | |
| [Window,Class] = [设置每加一个好友间隔,Afx:400000:b:10011:1900015:0] | |
| Run screenshot |
|---|
 |
HOME
