VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:75
Behavior list
Basic Information
MD5:556d1a5068669751059f73f229ca05dd
file type:7z
Production company:福州博远无线网络科技有限公司
version:2.2.6.107---2.2.6.107
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Subfile information:sciter32.dll / 030f040cc2f2c453333aa5ca07944091 / DLL
setup.exe / 8b0b3ad6c2e41ba7ebb5dea7235c75b5 / EXE
msvcr120.dll / 034ccadc1c073e4216e9466b720f9849 / DLL
msvcr120.dll / 034ccadc1c073e4216e9466b720f9849 / DLL
sqlite3.dll / b73abcceee5ef7569cdf9608815639bc / DLL
msvcp120.dll / fd5cabbe52272bd76007b68186ebaf00 / DLL
msvcp120.dll / fd5cabbe52272bd76007b68186ebaf00 / DLL
setup.ini / aa0aa6723e27d6a64f0fd97b24db2bf2 / Unknown
uninst.ini / 9e83439867ba8749a649acd138d31cde / Unknown
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\en-US\UIAutomationCore.dll.mui
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.EKN..DHGIH
MSCTF.MarshalInterface.FileMap.EKN.B.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.C.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.D.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.E.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.F.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.G.DHGIH
MSCTF.Shared.SFM.EKN
MSCTF.MarshalInterface.FileMap.EKN..POKMH
MSCTF.MarshalInterface.FileMap.EKN.B.POKMH
MSCTF.MarshalInterface.FileMap.EKN.C.POKMH
MSCTF.MarshalInterface.FileMap.EKN.D.POKMH
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00140134, Text = EasyGame Setup, ClassName = DeskTopInstall.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,BAIDU_CLASS_49979B14-DA6A-4E80-A1DA-7F4E8E9FAF88]
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = c:\docume~1\admini~1\locals~1\temp\setup\baidueasygame\488500\head.exe
ImagePath = , CmdLine = c:\docume~1\admini~1\locals~1\temp\setup\baidueasygame\488500\\setup\body.exe
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\head.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\head.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\setup.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup/setup.exe -install -language=zh_CN -channelid=RUCnL44tXobLK7Zaf/62NZ1dZWZLvPAdqviLUTT4lqU=
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\body.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\\Setup\body.exe
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\en-US\UIAutomationCore.dll.mui
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.EKN..DHGIH
MSCTF.MarshalInterface.FileMap.EKN.B.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.C.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.D.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.E.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.F.DHGIH
MSCTF.MarshalInterface.FileMap.EKN.G.DHGIH
MSCTF.Shared.SFM.EKN
MSCTF.MarshalInterface.FileMap.EKN..POKMH
MSCTF.MarshalInterface.FileMap.EKN.B.POKMH
MSCTF.MarshalInterface.FileMap.EKN.C.POKMH
MSCTF.MarshalInterface.FileMap.EKN.D.POKMH
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\head.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\setup.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Microsoft.VC120.CRT\msvcp120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\msvcp120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Microsoft.VC120.CRT\msvcr120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\msvcr120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\sciter32.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\sqlite3.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\body.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\BaiduEasyGame.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\EasyGameNotice.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\EasyGameProxy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\EasyGameService.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\EasyGameWrap.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\fsdu.exe
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\splash.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\setup.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\uninst.ini---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baiduservice\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\feedback.html---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\propaganda.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\qrcode_data\qrv10_3.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\qrcode_data\qrvfr10.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\qrcode_data\rsc20.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\qrcode_data\rsc24.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\Assembly\baidueasygame\SimulatorRcmdIns.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\Setup\finish.bin---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Setup\BaiduEasyGame\488500\head.exe
FileName = Setup\setup.ini
FileName = Setup\uninst.ini
FileName = Setup\setup.exe
FileName = Setup\Microsoft.VC120.CRT\msvcp120.dll
FileName = Setup\msvcp120.dll
FileName = Setup\Microsoft.VC120.CRT\msvcr120.dll
FileName = Setup\msvcr120.dll
FileName = Setup\sciter32.dll
Other behavior
Behavior description:创建互斥体
details:EasyGameSetup-{B8EA9F43-B8F5-C616-FB4D-1C4272F31A5C}
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
SHIMLIB_LOG_MUTEX
EasyGameInstall-{F062DC53-4A45-46f0-83F4-E24376952F94}
oleacc-msaa-loaded
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EKN
Behavior description:隐藏指定窗口
details:[Window,Class] = [,BAIDU_CLASS_49979B14-DA6A-4E80-A1DA-7F4E8E9FAF88]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 488541, SleepMilliseconds = 10.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00140134, Text = EasyGame Setup, ClassName = DeskTopInstall.
Behavior description:窗口信息
details:Pid = 3488, Hwnd=0x140134, Text = EasyGame Setup, ClassName = DeskTopInstall.
Pid = 3488, Hwnd=0x402a4, Text = MoboMarket Setup, ClassName = DeskTopInstall.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号