VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:70a86529257060e065ecd577132cf0cf
file type:Nsis
Production company:酷我科技
version:8.1.2.0---8.1.2.0
Shell or compiler information:
Subfile information:KwMusicDLL.dll / 7b7e9b24fc2f93c8c348cb3e4ae6194e / DLL
in_ffaudio.dll / 42f63377d0fec524734538399f5a86ae / DLL
CWmpPlayer.dll / 4af46dadf77f7235e140464a2141bcee / DLL
MediaInfo.dll / 3d46020112ea56d4fc6f8f444dfe988d / DLL
netsong.zip / cc75a95bba1c310a704599279eea2742 / zip
skin.dat / 30d270bb31f22b475a4d8fb4f4820b75 / Unknown
msvcr120.dll / 034ccadc1c073e4216e9466b720f9849 / DLL
msvcr120.dll / 1b736fb2528668b24efc376aa444bb8f / DLL
msvcr120.dll / 1b736fb2528668b24efc376aa444bb8f / DLL
msvcr120.dll / 1b736fb2528668b24efc376aa444bb8f / DLL
DuiLib.dll / 32b25b3d5e24f393d2cd59b47ce423d9 / DLL
MpaDecFilter.ax / 8b0c464c5a0c2d8065955f7e0db6b904 / DLL
KWUpdate.exe / 893d04b7e3b34f7d47a93d9130f4017e / EXE
KwTagLib.dll / b043a906e6b06448102ca14a90b3c6f7 / DLL
tyyykw.wav / 2cd17c20c0623e6274360fcec34e2d6a / Unknown
kwAdb.exe / 3ad134b85d06916a8ae9709b6f0df38a / EXE
KwBindApp.exe / 2c237bf3c21000e2970f67efefc9c15d / EXE
Uninstall.exe / 3f5529b1bf724cdf54e43ce7c6f9b44b / Nsis
KwMusic.exe / 734e87de4a26036c0c8a3ae0f0fcc140 / EXE
Key behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.exe
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000402a0, Text = 欢迎使用酷我音乐, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:获取TickCount值
details:TickCount = 501846, SleepMilliseconds = 50.
TickCount = 501878, SleepMilliseconds = 50.
TickCount = 501893, SleepMilliseconds = 50.
TickCount = 502003, SleepMilliseconds = 50.
TickCount = 502018, SleepMilliseconds = 50.
TickCount = 502034, SleepMilliseconds = 50.
TickCount = 502050, SleepMilliseconds = 50.
TickCount = 502065, SleepMilliseconds = 50.
TickCount = 502081, SleepMilliseconds = 50.
TickCount = 502096, SleepMilliseconds = 50.
TickCount = 502128, SleepMilliseconds = 50.
TickCount = 502159, SleepMilliseconds = 50.
TickCount = 502175, SleepMilliseconds = 50.
TickCount = 502206, SleepMilliseconds = 50.
TickCount = 502221, SleepMilliseconds = 50.
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = c:\docume~1\admini~1\locals~1\temp\kwmusic\downloadupdate.exe, CmdLine = "c:\docume~1\admini~1\locals~1\temp\kwmusic\downloadupdate.exe"
Behavior description:进程退出
details:N/A
Behavior description:创建本地线程
details:N/A
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.exe" /DownCfg /Ver=MUSIC_8.1.2.0_W4 /Src=%temp%\1456382253.599797.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KuWoNsis_new.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\Base64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\inetc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kuwomsglog.txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\music[1].yl
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwMusicNsis.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\nsisSlideshowx.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\NSISArray.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.ini
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KuWoNsis_new.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\Base64.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\inetc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwMusicNsis.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\nsisSlideshowx.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\NSISArray.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\InstLancher.dll
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\KwMusic.exe
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\AdbWinApi.dll
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\AdbWinUsbApi.dll
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\CKuwoPlayer.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\KuWoNsis_new.dll
Behavior description:覆盖已有文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\BindConfig_tmp.ini
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\msvcr120.dll
Behavior description:复制文件
details:C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\serverskin\1\bk.jpg ---> C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\localskin\1\bk.jpg
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\serverskin\1\bk.jpg-newfile ---> C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\localskin\1\bk.jpg-newfile
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\serverskin\1\conf.ini ---> C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\localskin\1\conf.ini
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\serverskin\1\conf.ini-newfile ---> C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\localskin\1\conf.ini-newfile
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\serverskin\1\small.jpg ---> C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\localskin\1\small.jpg
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\serverskin\1\small.jpg-newfile ---> C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\skin\localskin\1\small.jpg-newfile
Behavior description:删除文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\music[1].yl
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kuwomsglog.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp8.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\s[1]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\inetc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\inetc.dll-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\KuWoNsis_new.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\KuWoNsis_new.dll-newfile
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp
FileName = C:\kw_install.log
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kuwomsglog.txt
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\license.html---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\bot.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\close.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\face.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\foot_bq.gif---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\logo.jpg---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.ini---> Offset = 32
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\logo2.jpg---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\logo222.jpg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\logo2x.jpg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\mRe.jpg---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\license\img\tjBtn.png---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\instAD\ad01.jpg---> Offset = 16384
Behavior description:修改新生成的可执行文件
details:C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\msvcr120.dll---> Offset = 49152
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://110.110.110.110:80/wpad.dat hInternet = 0x00cc0010
Behavior description:下载文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kuwomsglog.txt
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\BindConfig_tmp.ini
Behavior description:连接指定站点
details:InternetConnectA: ServerName = log.kuwo.cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008
InternetConnectA: ServerName = 110.110.110.110, PORT = 80, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014
InternetConnectA: ServerName = config.kuwo.cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: NSIS_Inetc (Mozilla), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
Behavior description:建立到一个指定的套接字连接
details:110.110.110.110:80, SOCKET = 0x000004cc
110.110.110.110:80, SOCKET = 0x000004c8
110.110.110.110:80, SOCKET = 0x000002cc
110.110.110.110:80, SOCKET = 0x0000037c
110.110.110.110:80, SOCKET = 0x000002fc
110.110.110.110:80, SOCKET = 0x00000300
Behavior description:读取网络文件
details:hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =8192, BytesRead = 8192.
hFile = 0x00cc000c, BytesToRead =10240, BytesRead = 10240.
Behavior description:发送HTTP包
details:GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: 110.110.110.110
POST /music.yl HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: NSIS_Inetc (Mozilla) Host: log.kuwo.cn Content-Length: 140 Connection: Keep-Alive Cache-Control: no-cache MiUwOTxTUkM6TVVTSUNfOC4xLjIuMF9XNHxBQ1Q6SU5TVEFMTF9JTkZPfFRZUEU6U3RhcnRTZXR1cHxUQ291bnQ6NTAwNTkzfHs5OTZFLmV4ZX18VTp8TUFDOjA4MDAyNzdBMEREMz4=
POST /music.yl HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded Host: log.kuwo.cn Content-Length: 180 Cache-Control: no-cache MiUwOTxTUkM6TVVTSUNfOC4xLjIuMF9XNHxBQ1Q6TlNJU19CSU5EQVBQfFQ6SU5JVHxEOjF8TUFDOjA4MDAyNzdBMEREM3xTOjk5NkUuZXhlfFBST0Q6TVVTSUN8UExBVDpXSU4zMnxGUk9NOjk5NkUuZXhlfHs5OTZFLmV4ZX18VTo+AA==
POST /music.yl HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded Host: log.kuwo.cn Content-Length: 212 Cache-Control: no-cache MiUwOTxTUkM6TVVTSUNfOC4xLjIuMF9XNHxBQ1Q6TlNJU19CSU5EQVBQfFQ6RVhJVHxEOjF8dXNlOjIzOTB8SGFzU3RhcnRNdXNpYzowfE1BQzowODAwMjc3QTBERDN8Uzo5OTZFLmV4ZXxQUk9EOk1VU0lDfFBMQVQ6V0lOMzJ8RlJPTTo5OTZFLmV4ZXx7OTk2RS5leGV9fFU6PgA=
POST /uc/s?m=36;SV4oOTomLX9BS1RCW0Fefy5RSVVQWSsOHB0AQAsGAEQKCgMY HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: NSIS_Inetc (Mozilla) Host: config.kuwo.cn Content-Length: 1 Connection: Keep-Alive Cache-Control: no-cache
Behavior description:打开HTTP请求
details:HttpOpenRequestA: log.kuwo.cn:80/music.yl, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer:
HttpOpenRequestA: 110.110.110.110:80/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer:
HttpOpenRequestA: config.kuwo.cn:80/uc/s?m=36;sv4ootomlx9bs1rcw0fefy5rsvvqwssohb0aqasgaeqkcgmy, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer:
Behavior description:按名称获取主机地址
details:computer
wpad
110.110.110.110
log.kuwo.cn
config.kuwo.cn
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.exe
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Behavior description:删除注册表键值_IE连接设置
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\c:!documents and settings!administrator!ietldcache!
KOOWO_MBOX_INSTALL_MUTEX_2012
kwboxLancher20151111
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = ShellCopyEngineRunning
EventName = ShellCopyEngineFinished
EventName = MSCTF.SendReceive.Event.IBE.IC
EventName = MSCTF.SendReceiveConection.Event.IBE.IC
Behavior description:修改后的可执行文件MD5
details:C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\msvcr120.dll ---> 1b736fb2528668b24efc376aa444bb8f
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 501846, SleepMilliseconds = 50.
TickCount = 501878, SleepMilliseconds = 50.
TickCount = 501893, SleepMilliseconds = 50.
TickCount = 502003, SleepMilliseconds = 50.
TickCount = 502018, SleepMilliseconds = 50.
TickCount = 502034, SleepMilliseconds = 50.
TickCount = 502050, SleepMilliseconds = 50.
TickCount = 502065, SleepMilliseconds = 50.
TickCount = 502081, SleepMilliseconds = 50.
TickCount = 502096, SleepMilliseconds = 50.
TickCount = 502128, SleepMilliseconds = 50.
TickCount = 502159, SleepMilliseconds = 50.
TickCount = 502175, SleepMilliseconds = 50.
TickCount = 502206, SleepMilliseconds = 50.
TickCount = 502221, SleepMilliseconds = 50.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000402a0, Text = 欢迎使用酷我音乐, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 2468, Hwnd=0x202ae, Text = 正在安装, ClassName = Static.
Pid = 2468, Hwnd=0x302b6, Text = 开机自动运行酷我音乐, ClassName = Static.
Pid = 2468, Hwnd=0x202d2, Text = 《授权许可协议》, ClassName = Static.
Pid = 2468, Hwnd=0x302b2, Text = 我已经阅读并接受酷我音乐, ClassName = Static.
Pid = 2468, Hwnd=0x202c6, Text = 目标文件夹:, ClassName = Static.
Pid = 2468, Hwnd=0x702c0, Text = 125.4GB, ClassName = Static.
Pid = 2468, Hwnd=0x302b8, Text = 可用空间:, ClassName = Static.
Pid = 2468, Hwnd=0x402be, Text = 42.2MB, ClassName = Static.
Pid = 2468, Hwnd=0x302da, Text = 所需空间:, ClassName = Static.
Pid = 2468, Hwnd=0x202ca, Text = 请选择安装目录 :, ClassName = Static.
Pid = 2468, Hwnd=0x302c2, Text = 酷我音乐, ClassName = Static.
Pid = 2468, Hwnd=0x402a0, Text = 欢迎使用酷我音乐, ClassName = #32770.
Pid = 2468, Hwnd=0x302b4, Text = 123456, ClassName = Edit.
Behavior description:修改后的可执行文件签名信息
details:C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\msvcr120.dll(签名验证: 通过)
Behavior description:可执行文件签名信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\System.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KuWoNsis_new.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\Base64.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\inetc.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwMusicNsis.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\nsisSlideshowx.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\NSISArray.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.exe(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\InstLancher.dll(签名验证: 通过)
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\KwMusic.exe(签名验证: 通过)
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\AdbWinApi.dll(签名验证: 通过)
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\AdbWinUsbApi.dll(签名验证: 通过)
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\CKuwoPlayer.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\KuWoNsis_new.dll(签名验证: 通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [,Edit]
[Window,Class] = [请选择安装目录 :,Static]
[Window,Class] = [目标文件夹:,Static]
[Window,Class] = [所需空间:,Static]
[Window,Class] = [可用空间:,Static]
[Window,Class] = [酷我音乐,Static]
[Window,Class] = [42.2MB,Static]
[Window,Class] = [125.4GB,Static]
[Window,Class] = [,Static]
[Window,Class] = [开机自动运行酷我音乐,Static]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [正在安装,Static]
Behavior description:可执行文件MD5
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\System.dll ---> c17103ae9072a06da581dec998343fc1
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KuWoNsis_new.dll ---> 21765eda0429625e02ad4a29ad78edfe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\Base64.dll ---> fb6ffa30b708e9413d71a2c95558d0f1
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\inetc.dll ---> 006e66ff4d9795108c63ba510878ec01
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwMusicNsis.dll ---> 0b31856326d4335b6897298a7aa8f910
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\nsisSlideshowx.dll ---> fc0087465e87fd6635c7fd91b4c9fd3e
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\NSISArray.dll ---> 7e63014772e6a50bab56dbdd8116c46d
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwBindApp.exe ---> 2c237bf3c21000e2970f67efefc9c15d
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KWMUSIC\DownloadUpdate.exe ---> 32db45f842b824c88585ccd0c48174e8
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\InstLancher.dll ---> f4080e81e283aca78da02c492c4807b8
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\KwMusic.exe ---> 734e87de4a26036c0c8a3ae0f0fcc140
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\AdbWinApi.dll ---> e4c3c93c3df0df84f10e499c8e89145b
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\AdbWinUsbApi.dll ---> cc43a2f16bb9c4fe16df3cf239198c8a
C:\Program Files\kuwo\kuwomusic\8.1.2.0_W4\bin\CKuwoPlayer.dll ---> 61feeda31deeb544a53d3665c60a4268
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\KuWoNsis_new.dll ---> b91585b2c854c8f327520a79eecc0690
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KuWoNsis_new.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\Base64.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\inetc.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\KwMusicNsis.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\nsisSlideshowx.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\NSISArray.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse7.tmp\InstLancher.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\KuWoNsis_new.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nskA.tmp\inetc.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号