VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:86
Behavior list
Basic Information
MD5:7002364f51de791590018a5a93abc4b1
file type:EXE
Production company:
version:7.0.1.0---7.0.1.0
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 [Overlay]
Key behavior
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\小贝鼠标连点器.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /c tasklist.exe>list.tmp
ImagePath = C:\WINDOWS\system32\tasklist.exe, CmdLine = tasklist.exe
ImagePath = C:\Program Files\Internet Explorer\IEXPLORE.EXE, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://tongji.5200u.com/tj/tj1.htm
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.exe, CmdLine = __IRAOFF:520716 "__IRAFN:C:\Documents and Settings\Administrator\Local Settings\%temp%\1459242734.458269.exe"
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$DR02.526\setup.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$DR02.526\setup.exe
Behavior description:创建本地线程
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1459242734.421576.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1459242734.421896.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\tasklist.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$DR02.526\setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG1.JPG
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG2.JPG
C:\WINDOWS\system32\list.tmp
C:\Program Files\小贝鼠标连点器\Uninstall\uni3.tmp
C:\Program Files\小贝鼠标连点器\Uninstall\uninstall.dat
C:\WINDOWS\小贝鼠标连点器\uninstall.exe
C:\Program Files\小贝鼠标连点器\Uninstall\uninstall.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR02.526\setup.exe
C:\Program Files\小贝鼠标连点器\小贝鼠标连点器.exe
C:\Program Files\小贝鼠标连点器\Uninstall\IRIMG1.JPG
C:\Program Files\小贝鼠标连点器\Uninstall\IRIMG2.JPG
C:\Documents and Settings\Administrator\BBd.ds
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\小贝鼠标连点器\小贝鼠标连点器.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\小贝鼠标连点器\卸载 小贝鼠标连点器.lnk
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe
C:\WINDOWS\小贝鼠标连点器\uninstall.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR02.526\setup.exe
C:\Program Files\小贝鼠标连点器\小贝鼠标连点器.exe
Behavior description:覆盖已有文件
details:C:\Program Files\小贝鼠标连点器\Uninstall\uninstall.dat
C:\Program Files\小贝鼠标连点器\Uninstall\uninstall.xml
Behavior description:复制文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG1.JPG ---> C:\Program Files\小贝鼠标连点器\Uninstall\IRIMG1.JPG
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG2.JPG ---> C:\Program Files\小贝鼠标连点器\Uninstall\IRIMG2.JPG
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\小贝鼠标连点器.lnk
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.dat
C:\WINDOWS\system32\list.tmp
C:\Program Files\小贝鼠标连点器\Uninstall\uni3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG1.JPG
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG2.JPG
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Program Files
FileName = C:\Program Files\Common Files
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\WINDOWS
FileName = C:\WINDOWS\Fonts
Behavior description:重命名文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR02.526\setup.exe ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$DR02.526\NODGS.DAT
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.dat ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.dat ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.dat ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.dat ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG1.JPG ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG1.JPG ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG1.JPG ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG2.JPG ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG2.JPG ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG2.JPG ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG2.JPG ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\IRIMG2.JPG ---> Offset = 16384
C:\WINDOWS\system32\list.tmp ---> Offset = 0
Network behavior
Behavior description:打开指定IE网页
details:http://to************om/tj/tj1.htm
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小贝鼠标连点器\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小贝鼠标连点器\NoModify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小贝鼠标连点器\NoRepair
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小贝鼠标连点器\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小贝鼠标连点器\Contact
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\小贝鼠标连点器\DisplayIcon
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.AII
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.AII.IC
EventName = MSCTF.SendReceiveConection.Event.AII.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2172, Hwnd=0x202d4, Text = 帮助(&H), ClassName = Button.
Pid = 2172, Hwnd=0x202d6, Text = < 返回(&B), ClassName = Button.
Pid = 2172, Hwnd=0x202d8, Text = 下一步(&N) >, ClassName = Button.
Pid = 2172, Hwnd=0x202c2, Text = 取消(&C), ClassName = Button.
Pid = 2172, Hwnd=0x302bc, Text = 小贝鼠标连点器 安装程序, ClassName = Afx:400000:3:10011:1900015:c02b3.
Pid = 2172, Hwnd=0x302c2, Text = 下一步(&N) >, ClassName = Button.
Pid = 2172, Hwnd=0x302d8, Text = 取消(&C), ClassName = Button.
Pid = 2172, Hwnd=0x302d6, Text = C:\Program Files\小贝鼠标连点器, ClassName = Edit.
Pid = 2172, Hwnd=0x302d4, Text = 更改(&H)..., ClassName = Button.
Pid = 2172, Hwnd=0x402dc, Text = 帮助(&H), ClassName = Button.
Pid = 2172, Hwnd=0x302c4, Text = < 返回(&B), ClassName = Button.
Pid = 2172, Hwnd=0x402c4, Text = 下一步(&N) >, ClassName = Button.
Pid = 2172, Hwnd=0x502dc, Text = 取消(&C), ClassName = Button.
Pid = 2172, Hwnd=0x402d4, Text = 帮助(&H), ClassName = Button.
Pid = 2172, Hwnd=0x402d6, Text = < 返回(&B), ClassName = Button.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe(签名验证: 未通过)
C:\WINDOWS\小贝鼠标连点器\uninstall.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR02.526\setup.exe(签名验证: 未通过)
C:\Program Files\小贝鼠标连点器\小贝鼠标连点器.exe(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [Debug,#32770]
[Window,Class] = [帮助(&H),Button]
[Window,Class] = [< 返回(&B),Button]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [取消(&C),Button]
[Window,Class] = [C:\Program Files\小贝鼠标连点器,Edit]
[Window,Class] = [更改(&H)...,Button]
[Window,Class] = [小贝鼠标连点器 安装程序,Afx:400000:3:10011:1900015:c02b3]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [小贝鼠标连点器 安装,Afx:400000:3:10011:6:c02b3]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\_ir_sf7_temp_0\irsetup.exe ---> 75ca7ff96bf5a316c3af2de6a412bd54
C:\WINDOWS\小贝鼠标连点器\uninstall.exe ---> 75ca7ff96bf5a316c3af2de6a412bd54
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$DR02.526\setup.exe ---> 178109c1d97345412f5dcb92bdd46b90
C:\Program Files\小贝鼠标连点器\小贝鼠标连点器.exe ---> dacf09683ed1f45067c73cdc9d6847e8
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号