VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:86
Behavior list
Basic Information
MD5:584fbea16e57798309aadffe73893f9a
file type:EXE
Production company:foobar2000.org
version:1.3.15.0---1.3.15
Shell or compiler information:COMPILER:NSIS
Subfile information:foobar2000.exe / 9da53a894fe7ffc9f39be3467031c193 / EXE
foo_input_std.dll / e2762f8ceab8c6ebe20adcba89d54cb8 / DLL
foo_ui_std.dll / 8df9371ee2ff8cd16cb1c28b0da8f68f / DLL
avcodec-fb2k-57.dll / eca1f3caec93b40f56dd9fe22a4fef0e / DLL
foo_converter.dll / 4a116ee87f82ba9eb7fa1e65d24596f3 / DLL
avutil-fb2k-55.dll / 89d2f8f23d906ca4ba27448ee661d86f / DLL
foo_rgscan.dll / 066a3d658da91249d2f92376307316ea / DLL
foo_albumlist.dll / bbbdfc895cc1b225ba0961021c24e170 / DLL
foo_cdda.dll / d6836bcdf89f14f3ca5e0a8c059bb220 / DLL
foo_freedb2.dll / 7722268a8d4fb70de8b57e3d38d1476f / DLL
foo_fileops.dll / 4cca7d5cccaf263421530f326103290f / DLL
foo_unpack.dll / b81f7ef6895b7a425431c122c1f7fad8 / DLL
foo_dsp_std.dll / 606b84452062fb862714015a799bdd08 / DLL
foo_dsp_eq.dll / 704a53c76a29ddabc60fb3ee6a21202d / DLL
shared.dll / 656d34ffb4a38fb28207ccd5c020a25c / DLL
modern-wizard.bmp / 4e50c5083442a80ccad90b7249517327 / Unknown
uninstall.exe / 18e3a09dd4403538a8b9d5df1d81a191 / EXE
__ / 5143fca22397c5f4fb9d8a9bb7e531a7 / DLL
fth.ico / a89ee9d2c1ed107e6eb977601104001e / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x001b02b6, Text = foobar2000 v1.3.15 Setup , ClassName = #32770.
Behavior description:直接获取CPU时钟
details:EAX = 0x8338f973, EDX = 0x000011aa
EAX = 0x8338f9bf, EDX = 0x000011aa
EAX = 0x8338fa0b, EDX = 0x000011aa
EAX = 0x8338fa57, EDX = 0x000011aa
EAX = 0x8338faa3, EDX = 0x000011aa
EAX = 0x8338faef, EDX = 0x000011aa
EAX = 0x8338fb3b, EDX = 0x000011aa
EAX = 0x8338fb87, EDX = 0x000011aa
EAX = 0x8338fbd3, EDX = 0x000011aa
EAX = 0x8338fc1f, EDX = 0x000011aa
EAX = 0xc30609d8, EDX = 0x000011b0
EAX = 0xc3060a24, EDX = 0x000011b0
EAX = 0xc3060a70, EDX = 0x000011b0
EAX = 0xc3060abc, EDX = 0x000011b0
EAX = 0xc3060b08, EDX = 0x000011b0
Behavior description:在桌面创建文件
details:C:\Documents and Settings\All Users\桌面\foobar2000.lnk
Behavior description:获取TickCount值
details:TickCount = 5460031, SleepMilliseconds = 250.
TickCount = 5460046, SleepMilliseconds = 250.
TickCount = 5460109, SleepMilliseconds = 250.
TickCount = 5460125, SleepMilliseconds = 250.
TickCount = 5460156, SleepMilliseconds = 250.
TickCount = 5462156, SleepMilliseconds = 250.
TickCount = 5526218, SleepMilliseconds = 60000.
TickCount = 5526375, SleepMilliseconds = 60000.
TickCount = 5526421, SleepMilliseconds = 60000.
TickCount = 5526437, SleepMilliseconds = 60000.
TickCount = 5526453, SleepMilliseconds = 60000.
TickCount = 5526500, SleepMilliseconds = 60000.
TickCount = 5526515, SleepMilliseconds = 60000.
TickCount = 5526625, SleepMilliseconds = 60000.
TickCount = 5526875, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建进程
details:[0x00000448]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\foobar2000\ShellExt32.dll"
[0x00000120]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\foobar2000\ShellExt64.dll"
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3544, ThreadID = 3568, StartAddress = 10002234, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3544, ThreadID = 3664, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3544, ThreadID = 3668, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3544, ThreadID = 3868, StartAddress = 00405444, Parameter = 000703AE
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2028, ThreadID = 1884, StartAddress = 00519A69, Parameter = 00FD2C50
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2028, ThreadID = 1668, StartAddress = 00519A69, Parameter = 00FD2E70
TargetProcess: foobar2000 Shell Associations Updater.exe, InheritedFromPID = 3544, ProcessID = 1592, ThreadID = 1160, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3544, ThreadID = 556, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2012, ThreadID = 1624, StartAddress = 00519A69, Parameter = 00FD2C50
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2012, ThreadID = 940, StartAddress = 00519A69, Parameter = 00FD2E70
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2012, ThreadID = 1656, StartAddress = 00519A69, Parameter = 012075C8
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2012, ThreadID = 1088, StartAddress = 00519A69, Parameter = 012075C8
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2012, ThreadID = 2056, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2012, ThreadID = 2052, StartAddress = 77E56C7D, Parameter = 001B4A78
TargetProcess: foobar2000.exe, InheritedFromPID = 3544, ProcessID = 2012, ThreadID = 1872, StartAddress = 769AE43B, Parameter = 001B77B0
Behavior description:创建新文件进程
details:[0x000007ec]ImagePath = C:\Program Files\foobar2000\foobar2000.exe, CmdLine = "C:\Program Files\foobar2000\foobar2000.exe" /install /quiet /exportshelldata "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fb2kshelldata.tmp"
[0x00000638]ImagePath = C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe, CmdLine = "C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe" "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fb2kshelldata.tmp"
[0x000007dc]ImagePath = C:\Program Files\foobar2000\foobar2000.exe, CmdLine = "C:\Program Files\foobar2000\foobar2000.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nse51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\UAC.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\nsDialogs.dll
C:\Program Files\foobar2000\user_profiles_enabled
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\foobar2000\avcodec-fb2k-57.dll
C:\Program Files\foobar2000\avutil-fb2k-55.dll
C:\Program Files\foobar2000\shared.dll
C:\Program Files\foobar2000\zlib1.dll
C:\Program Files\foobar2000\titleformat_help.html
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\foobar2000.lnk
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\UAC.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\nsDialogs.dll
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\foobar2000\avcodec-fb2k-57.dll
C:\Program Files\foobar2000\avutil-fb2k-55.dll
C:\Program Files\foobar2000\shared.dll
C:\Program Files\foobar2000\zlib1.dll
C:\Program Files\foobar2000\ShellExt32.dll
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe
C:\Program Files\foobar2000\components\foo_input_std.dll
C:\Program Files\foobar2000\components\foo_ui_std.dll
C:\Program Files\foobar2000\components\foo_cdda.dll
C:\Program Files\foobar2000\components\foo_albumlist.dll
C:\Program Files\foobar2000\components\foo_dsp_std.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse53.tmp
FileName = C:\Program Files\foobar2000\portable_mode_enabled
FileName = C:\Program Files\foobar2000\installer.ini
FileName = C:\Program Files\foobar2000\components\*
FileName = C:\Program Files\foobar2000\foobar2000.exe
FileName = C:\Program Files\foobar2000\*
FileName = C:\Program Files\foobar2000\ShellExt32.dll
FileName = C:\Program Files\foobar2000\icons\aac.ico
FileName = C:\Program Files\foobar2000\icons\ape.ico
FileName = C:\Program Files\foobar2000\icons\apl.ico
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nse51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp
C:\Documents and Settings\Administrator\Application Data\foobar2000\running
C:\Documents and Settings\Administrator\Local Settings\Temp\fb2kshelldata.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\foover.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\UAC.dll
Behavior description:在桌面创建文件
details:C:\Documents and Settings\All Users\桌面\foobar2000.lnk
Behavior description:重命名文件
details:C:\Program Files\foobar2000\foobar2000.exe ---> C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\foobar2000\avcodec-fb2k-57.dll ---> C:\Program Files\foobar2000\avcodec-fb2k-57.dll
C:\Program Files\foobar2000\avutil-fb2k-55.dll ---> C:\Program Files\foobar2000\avutil-fb2k-55.dll
C:\Program Files\foobar2000\shared.dll ---> C:\Program Files\foobar2000\shared.dll
C:\Program Files\foobar2000\zlib1.dll ---> C:\Program Files\foobar2000\zlib1.dll
C:\Program Files\foobar2000\titleformat_help.html ---> C:\Program Files\foobar2000\titleformat_help.html
C:\Program Files\foobar2000\titleformat_help.css ---> C:\Program Files\foobar2000\titleformat_help.css
C:\Program Files\foobar2000\Query Syntax Help.html ---> C:\Program Files\foobar2000\Query Syntax Help.html
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe ---> C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe
C:\Program Files\foobar2000\components\foo_input_std.dll ---> C:\Program Files\foobar2000\components\foo_input_std.dll
C:\Program Files\foobar2000\components\foo_ui_std.dll ---> C:\Program Files\foobar2000\components\foo_ui_std.dll
C:\Program Files\foobar2000\components\foo_cdda.dll ---> C:\Program Files\foobar2000\components\foo_cdda.dll
C:\Program Files\foobar2000\components\foo_albumlist.dll ---> C:\Program Files\foobar2000\components\foo_albumlist.dll
C:\Program Files\foobar2000\components\foo_dsp_std.dll ---> C:\Program Files\foobar2000\components\foo_dsp_std.dll
C:\Program Files\foobar2000\components\foo_dsp_eq.dll ---> C:\Program Files\foobar2000\components\foo_dsp_eq.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsp52.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\UAC.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-header.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-wizard.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-wizard.bmp ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\modern-wizard.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\nsDialogs.dll ---> Offset = 0
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\Programmable\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\MayChangeDefaultMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3B3052C5-E430-4A00-84C9-BFD43336940B}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Fb2kShellExt.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\Fb2kShellExt.Fb2kContextMenu\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\shellex\MayChangeDefaultMenu\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}\TypeLib\
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MNN
DirectSound DllMain mutex (0x000007EC)
FOOBAR2000_3E661025
_SHuassist.mtx
DirectSound DllMain mutex (0x000007DC)
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MNN.IC
EventName = MSCTF.SendReceiveConection.Event.MNN.IC
EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
Behavior description:打开互斥体
details:ShimCacheMutex
DBWinMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 3544, Hwnd=0x60380, Text = < &Back, ClassName = Button.
Pid = 3544, Hwnd=0x140306, Text = &Next >, ClassName = Button.
Pid = 3544, Hwnd=0xa03b0, Text = Cancel, ClassName = Button.
Pid = 3544, Hwnd=0x603c6, Text = NSIS v3 , ClassName = Static.
Pid = 3544, Hwnd=0xc038a, Text = NSIS v3, ClassName = Static.
Pid = 3544, Hwnd=0x1f02fe, Text = Welcome to the foobar2000 Setup, ClassName = Static.
Pid = 3544, Hwnd=0xa03ac, Text = This wizard will guide you through the installation of foobar2000 audio player. Click Next to continue., ClassName = Static.
Pid = 3544, Hwnd=0x1b02b6, Text = foobar2000 v1.3.15 Setup, ClassName = #32770.
Pid = 3544, Hwnd=0x140306, Text = I &Agree, ClassName = Button.
Pid = 3544, Hwnd=0x403ca, Text = License Agreement, ClassName = Static.
Pid = 3544, Hwnd=0x6037e, Text = Please review the license terms before installing foobar2000., ClassName = Static.
Pid = 3544, Hwnd=0xb03ac, Text = Press Page Down to see the rest of the agreement., ClassName = Static.
Pid = 3544, Hwnd=0x2002fe, Text = foobar2000 audio player Copyright © 2001-2015 Peter Pawlowski Portions copyright © 2005-2006 Holger Stenger Portions copyright, ClassName = RichEdit20W.
Pid = 3544, Hwnd=0x603b2, Text = If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install foobar2000., ClassName = Static.
Pid = 3544, Hwnd=0x403ca, Text = Choose Install Type, ClassName = Static.
Behavior description:获取TickCount值
details:TickCount = 5460031, SleepMilliseconds = 250.
TickCount = 5460046, SleepMilliseconds = 250.
TickCount = 5460109, SleepMilliseconds = 250.
TickCount = 5460125, SleepMilliseconds = 250.
TickCount = 5460156, SleepMilliseconds = 250.
TickCount = 5462156, SleepMilliseconds = 250.
TickCount = 5526218, SleepMilliseconds = 60000.
TickCount = 5526375, SleepMilliseconds = 60000.
TickCount = 5526421, SleepMilliseconds = 60000.
TickCount = 5526437, SleepMilliseconds = 60000.
TickCount = 5526453, SleepMilliseconds = 60000.
TickCount = 5526500, SleepMilliseconds = 60000.
TickCount = 5526515, SleepMilliseconds = 60000.
TickCount = 5526625, SleepMilliseconds = 60000.
TickCount = 5526875, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x001b02b6, Text = foobar2000 v1.3.15 Setup , ClassName = #32770.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Global\crypt32LogoffEvent
MSFT.VSA.COM.DISABLE.2012
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000055
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000055
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\UAC.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Program Files\foobar2000\foobar2000.exe(签名验证: 未通过)
C:\Program Files\foobar2000\avcodec-fb2k-57.dll(签名验证: 未通过)
C:\Program Files\foobar2000\avutil-fb2k-55.dll(签名验证: 未通过)
C:\Program Files\foobar2000\shared.dll(签名验证: 未通过)
C:\Program Files\foobar2000\zlib1.dll(签名验证: 未通过)
C:\Program Files\foobar2000\ShellExt32.dll(签名验证: 未通过)
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_input_std.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_ui_std.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_cdda.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_albumlist.dll(签名验证: 未通过)
C:\Program Files\foobar2000\components\foo_dsp_std.dll(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
[1]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [< &Back,Button]
[Window,Class] = [NSIS v3,Static]
[Window,Class] = [NSIS v3 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Show &details,Button]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\UAC.dll ---> 3fa5491c158c30082b42569cf4f54381
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\System.dll ---> 17ed1c86bd67e78ade4712be48a7d2bd
C:\Documents and Settings\Administrator\Local Settings\Temp\nse53.tmp\nsDialogs.dll ---> 42b064366f780c1f298fa3cb3aeae260
C:\Program Files\foobar2000\foobar2000.exe ---> 9da53a894fe7ffc9f39be3467031c193
C:\Program Files\foobar2000\avcodec-fb2k-57.dll ---> eca1f3caec93b40f56dd9fe22a4fef0e
C:\Program Files\foobar2000\avutil-fb2k-55.dll ---> 89d2f8f23d906ca4ba27448ee661d86f
C:\Program Files\foobar2000\shared.dll ---> 656d34ffb4a38fb28207ccd5c020a25c
C:\Program Files\foobar2000\zlib1.dll ---> ba235af458435f95bd21f861b82de874
C:\Program Files\foobar2000\ShellExt32.dll ---> 96033c1016cf10b70b34cd79788af67b
C:\Program Files\foobar2000\foobar2000 Shell Associations Updater.exe ---> e78f6c54a53e198ea66711b476b616c4
C:\Program Files\foobar2000\components\foo_input_std.dll ---> e2762f8ceab8c6ebe20adcba89d54cb8
C:\Program Files\foobar2000\components\foo_ui_std.dll ---> 8df9371ee2ff8cd16cb1c28b0da8f68f
C:\Program Files\foobar2000\components\foo_cdda.dll ---> d6836bcdf89f14f3ca5e0a8c059bb220
C:\Program Files\foobar2000\components\foo_albumlist.dll ---> bbbdfc895cc1b225ba0961021c24e170
C:\Program Files\foobar2000\components\foo_dsp_std.dll ---> 606b84452062fb862714015a799bdd08
Behavior description:直接获取CPU时钟
details:EAX = 0x8338f973, EDX = 0x000011aa
EAX = 0x8338f9bf, EDX = 0x000011aa
EAX = 0x8338fa0b, EDX = 0x000011aa
EAX = 0x8338fa57, EDX = 0x000011aa
EAX = 0x8338faa3, EDX = 0x000011aa
EAX = 0x8338faef, EDX = 0x000011aa
EAX = 0x8338fb3b, EDX = 0x000011aa
EAX = 0x8338fb87, EDX = 0x000011aa
EAX = 0x8338fbd3, EDX = 0x000011aa
EAX = 0x8338fc1f, EDX = 0x000011aa
EAX = 0xc30609d8, EDX = 0x000011b0
EAX = 0xc3060a24, EDX = 0x000011b0
EAX = 0xc3060a70, EDX = 0x000011b0
EAX = 0xc3060abc, EDX = 0x000011b0
EAX = 0xc3060b08, EDX = 0x000011b0
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse53.tmp\UAC.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse53.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse53.tmp\nsDialogs.dll.
Image: C:\Program Files\foobar2000\ShellExt32.dll.
Image: C:\Program Files\foobar2000\zlib1.dll.
Image: C:\Program Files\foobar2000\shared.dll.
Image: C:\Program Files\foobar2000\components\foo_dsp_eq.dll.
Image: C:\Program Files\foobar2000\components\foo_freedb2.dll.
Image: C:\Program Files\foobar2000\components\foo_input_std.dll.
Image: C:\Program Files\foobar2000\avcodec-fb2k-57.dll.
Image: C:\Program Files\foobar2000\avutil-fb2k-55.dll.
Image: C:\Program Files\foobar2000\components\foo_fileops.dll.
Image: C:\Program Files\foobar2000\components\foo_albumlist.dll.
Image: C:\Program Files\foobar2000\components\foo_rgscan.dll.
Image: C:\Program Files\foobar2000\components\foo_ui_std.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号