VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:39
Behavior list
Basic Information
MD5:82a21325866ca8f0490d74ed6e8c72a4
file type:Nsis
Production company:
version:
Shell or compiler information:
Subfile information:BaiduBar.dlldumpFile / f082a992f1de45e8fd0eb1365f07cc4d / DLL
szwb.mbdumpFile / fb24366e242efef8ce86e89376150818 / Unknown
SzwbReg.exedumpFile / aa8568091a0d1a82db97e6ef6ca825ec / EXE
szwbreg.exe / aa8568091a0d1a82db97e6ef6ca825ec / EXE
szwbgbk.mbdumpFile / 7ffc447650076bdaed6051d3382c3802 / Unknown
szwbc.exedumpFile / a2bfdae000f038db5d95cc795ffd43e4 / Nsis
panel-standard.bmpdumpFile / 0a45962cee421539c0a4ee5e53ff52bc / Unknown
1-1.bmpdumpFile / c3d0e4b179bd7f4a4b93890aa63554bd / Unknown
2-11.bmpdumpFile / 37749dfb36be5fde9a0d8995141e12dc / Unknown
$R0 / 075bf797b7ab91ce6cd02f15ec7f4e64 / DLL
$R0dumpFile / 075bf797b7ab91ce6cd02f15ec7f4e64 / DLL
modern-wizard.bmpdumpFile / b7f9858e430d012bfdbfd91f9c8ac295 / Unknown
modern-wizard.bmp / b7f9858e430d012bfdbfd91f9c8ac295 / Unknown
2-13.bmpdumpFile / 1f7a073e100af02666c6b3b31648edbf / Unknown
2-12.bmpdumpFile / 3081c88954edf610e3cef41f5198ad81 / Unknown
skin.bmpdumpFile / cd5ecf89652a4fb819904201498b5239 / Unknown
skin.bmpdumpFile / 3d5b7b5fbd9c94bd6a440a74bcb4a21e / Unknown
opration1.jpgdumpFile / 11fb6baaeb7ca249a1bf5b8abda5e6f3 / Unknown
skin.bmpdumpFile / aa33b279595674f635abdc237d4f6e01 / Unknown
Key behavior
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\system32\szwb.ime
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [数字五笔,Static]
[Window,Class] = [数字五笔 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [,#32770]
[Window,Class] = [,BaiduSearchBarParent]
[Window,Class] = [在线支付,Button]
[Window,Class] = [查看银行帐号,Button]
[Window,Class] = [  数字五笔正式软件,除含数字五笔全部软件功能(大词库、词组联想、输入记忆)外,还赠送六个月的会员服务。授权个人使用;单位欲购买数字五笔正式软件请直接与三讯公司
[Window,Class] = [,ComboLBox]
[Window,Class] = [,BaiduSearchBar]
[Window,Class] = [菜单栏,WorkerW]
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}\id
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Internet Explorer.lnk
C:\Documents and Settings\Administrator\桌面\数字五笔网站.lnk
C:\Documents and Settings\Administrator\桌面\数字五笔设置.lnk
Behavior description:修改注册表_安装输入法项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\WINDOWS\system32\szwb\oper\szwbc.exe, CmdLine = "C:\WINDOWS\system32\szwb\oper\szwbc.exe"
ImagePath = C:\WINDOWS\system32\szwbreg.exe, CmdLine = "C:\WINDOWS\system32\szwbreg.exe"
ImagePath = C:\WINDOWS\system32\SZWBConfig.exe, CmdLine = "C:\WINDOWS\system32\SZWBConfig.exe" st
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\数字五笔中文输入系统\输入法设置.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\数字五笔中文输入系统\数字五笔教程.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\数字五笔中文输入系统\帮助文件.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\屏蔽列表.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\伴侣导航.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\帮助指南.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\广告拦截.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\垃圾清理.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\系统加速.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\修复功能.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\隐私保护.url
C:\Documents and Settings\All Users\「开始」菜单\程序\百度超级搜霸\自定义按钮.url
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\InstallOptions.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\System.dll
C:\WINDOWS\system32\szwbConfig.exe
C:\WINDOWS\system32\szwb.ime
C:\WINDOWS\system32\szwbService.exe
C:\WINDOWS\system32\StrokeMBHandle.dll
C:\WINDOWS\system32\szwbreg.exe
C:\WINDOWS\system32\szwb\szwbunreg.exe
C:\WINDOWS\system32\szwb\oper\szwbc.exe
C:\WINDOWS\system32\szwb\uninst.exe
C:\Program Files\baidu\bar\BDBar_tmp\BaiduBar.dll
C:\PROGRA~1\baidu\bar\BaiduBar.dll
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\Internet Explorer.lnk
C:\Documents and Settings\Administrator\桌面\数字五笔网站.lnk
C:\Documents and Settings\Administrator\桌面\数字五笔设置.lnk
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\system32\szwb.ime
Behavior description:写权限映射文件
details:Local\UrlZonesSM_Administrator
\WINDOWS\system32\zh-cn\ieframe.dll.mui
szwb_map
szwb_simeg
szwb_config
szwb_pushcontent
szwb_record
szwb_zphrase
szwb_inputphrase
szwb_cpart
szwb_codeunit
szwb_gbkunit
szwb_phrase
SmartScreen_UrsCache_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-1-5-21-1482476501-1645522239-1417001333-500
Local\!PrivacIE!SharedMem!Settings
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\iotemp.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\modern-wizard.bmp---> Offset = 47395
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 111
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\modern-header.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 266
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 318
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 373
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 381
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\ioSpecial.ini---> Offset = 393
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = bar.baidu.com, PORT = 80
Behavior description:联网打开网址
details:InternetOpenUrlA: http://sobar.baidu.com/sobar/notice/notice_baiducb.txt?tn=szwbc_cb&ss=1413268578 hInternet = 0x00000720
InternetOpenUrlA: http://sobartop.baidu.com/sobar/sobar_top_total.html?t=1413268578&sr=BDBAREX_V_4CAFB392BDDC719A-E5A25A7A67321554&suc=0 hInternet = 0x00000714
InternetOpenUrlA: http://sobar.baidu.com/sobar/notice/notice_szwbc_cb.txt?tn=szwbc_cb&ss=1413268578 hInternet = 0x0000066c
Behavior description:下载文件
details:URLDownloadToFileW: http://bar.baidu.com/update/barcab/objlist.dat?t=1387453 ---> C:\WINDOWS\TEMP\temp_1387453
C:\WINDOWS\Temp\temp_1387453
C:\WINDOWS\Temp\bdb7.tmp
C:\WINDOWS\Temp\bdb8.tmp
C:\WINDOWS\Temp\bdb9.tmp
C:\PROGRA~1\baidu\bar\bang.ini
Behavior description:读取网络文件
details:hFile = 0x00000720, BytesToRead =4192, BytesRead = 4192.
hFile = 0x00000714, BytesToRead =4192, BytesRead = 4192.
hFile = 0x0000066c, BytesToRead =4192, BytesRead = 4192.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: bar.baidu.com:80/update/cab/loadmovie.swf, hConnect = 0x000006a8
HttpOpenRequestA: bar.baidu.com:80/sobar/notice.html?tn=szwbc_cb&id=bdbarex_v_4cafb392bddc719a-e5a25a7a67321554&version=131216, hConnect = 0x000006e8
HttpOpenRequestA: bar.baidu.com:80/update/barcab/rp?t=1413268578, hConnect = 0xffffffff
HttpOpenRequestA: bar.baidu.com:80/cgi-bin/sobarrecv.cgi, hConnect = 0xffffffff
HttpOpenRequestA: bar.baidu.com:80/update/barcab/ipinfo.txt?tn=szwbc_cb&id=bdbarex_v_4cafb392bddc719a-e5a25a7a67321554&version=131216, hConnect = 0x000006f0
HttpOpenRequestA: bar.baidu.com:80/update/barcab/control.txt?tn=szwbc_cb&id=bdbarex_v_4cafb392bddc719a-e5a25a7a67321554&version=131216&t=1413268578, hConnect = 0x0000042c
HttpOpenRequestA: bar.baidu.com:80/update/barcab/baidubar_versionex.txt?tn=szwbc_cb&id=bdbarex_v_4cafb392bddc719a-e5a25a7a67321554&version=131216&t=1413268578&showing=1&address=0&alert=1&top=1&gd=0&hp=www.3col.cn&ieprotect=0&w=602&bw=646&wp=26, hConnect = 0x0
Registry behavior
Behavior description:修改注册表_浏览器默认搜索引擎
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{A2E4E850-ABB6-4cb1-BC83-86DFAF0E7605}\URL
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表_BHO
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}\id
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\数字五笔中文输入系统\Components\SectionSZWB\Installed
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\szwb\oper\szwbc.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\szwbreg.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\数字五笔中文输入系统\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\数字五笔中文输入系统\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\数字五笔中文输入系统\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\数字五笔中文输入系统\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\数字五笔中文输入系统\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\数字五笔中文输入系统\Publisher
\REGISTRY\MACHINE\SOFTWARE\Baidu\BaiduBar\id
\REGISTRY\MACHINE\SOFTWARE\Baidu\BaiduBar\barname
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Baidu\BaiduBar\InstallPrompt
\REGISTRY\MACHINE\SOFTWARE\Classes\BaiduBar.Baidu.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\BaiduBar.Baidu.1\CLSID\
Behavior description:修改注册表_安装输入法项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description:修改注册表_浏览器工具条
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{89FDCC4B-8D91-49B0-81A6-18BCFF582735}
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Baidu\BaiduBar\idtmp
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url7
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url8
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url9
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url10
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url11
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url12
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url13
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url14
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url15
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url16
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url17
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url18
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url19
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\TypedURLs\url20
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Other behavior
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
oleacc-msaa-loaded
{E0D84F30-6EE7-4748-9E70-6DF9C3D9E38D}
SZWBUserConfigSetting
IESQMMUTEX_3628_27
{80E6229D-8B27-417d-97CF-1BDE77082671}
{B46EC611-C99C-4ae7-8A1D-459E0713E267}
{963B0535-25C0-455c-81ED-3C8BC72DE0F5}
KillProcess_pm14:36_June_7th_2006
{A10DB188-4B7A-4b28-B39F-70B34CE7147E}
{574F128C-2DA2-4865-9A59-66373B31A543}
{2D9CBA5B-9000-4c0a-8631-72945FC90B5B}
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [数字五笔,Static]
[Window,Class] = [数字五笔 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [,#32770]
[Window,Class] = [,BaiduSearchBarParent]
[Window,Class] = [在线支付,Button]
[Window,Class] = [查看银行帐号,Button]
[Window,Class] = [  数字五笔正式软件,除含数字五笔全部软件功能(大词库、词组联想、输入记忆)外,还赠送六个月的会员服务。授权个人使用;单位欲购买数字五笔正式软件请直接与三讯公司
[Window,Class] = [,ComboLBox]
[Window,Class] = [,BaiduSearchBar]
[Window,Class] = [菜单栏,WorkerW]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [IEFrame,]
NtUserFindWindowEx: [Class,Window] = [WorkerW,]
NtUserFindWindowEx: [Class,Window] = [ReBarWindow32,]
NtUserFindWindowEx: [Class,Window] = [Address Band Root,]
NtUserFindWindowEx: [Class,Window] = [ComboBoxEx32,]
Behavior description:窗口信息
details:Pid = 3376, Hwnd=0xb01de, Text = 下一步(&N) >, ClassName = Button.
Pid = 3376, Hwnd=0xc01d6, Text = 取消(&C), ClassName = Button.
Pid = 3376, Hwnd=0xb01b0, Text = 数字五笔 , ClassName = Static.
Pid = 3376, Hwnd=0xa018c, Text = 数字五笔, ClassName = Static.
Pid = 3376, Hwnd=0xb0170, Text = 欢迎使用“数字五笔中文输入系统 2013”安装向导, ClassName = Static.
Pid = 3376, Hwnd=0xb01ce, Text = 这个向导将指引你完成“数字五笔中文输入系统 2013”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”, ClassName = Static.
Pid = 3376, Hwnd=0xd0180, Text = 数字五笔中文输入系统 2013 安装, ClassName = #32770.
Pid = 3376, Hwnd=0xb016a, Text = < 上一步(&P), ClassName = Button.
Pid = 3376, Hwnd=0xb01de, Text = 我接受(&I), ClassName = Button.
Pid = 3376, Hwnd=0xa0198, Text = 许可证协议, ClassName = Static.
Pid = 3376, Hwnd=0xd01a4, Text = 在安装“数字五笔中文输入系统 2013”之前,请阅读授权协议。, ClassName = Static.
Pid = 3376, Hwnd=0xc01ce, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 3376, Hwnd=0xd01b4, Text = 如果你接受协议中的条款,单击 [我接受(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须接受协议才能安装“数字五笔中文输入, ClassName = Static.
Pid = 3376, Hwnd=0xb01de, Text = 安装(&I), ClassName = Button.
Pid = 3376, Hwnd=0xa0198, Text = 选择安装组件, ClassName = Static.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开指定IE网页
details:http://www.3x88.net/?install
Behavior description:内联HOOK
details:C:\WINDOWS\system32\IEFRAME.dll--->IEIsProtectedModeProcess Offset = 0x8333
C:\WINDOWS\system32\IEFRAME.dll--->IEIsProtectedModeProcess Offset = 0x7d23
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi5.tmp\modern-header.bmp
\WINDOWS\system32\szwb\guide\pic\bt11.jpg
\WINDOWS\system32\szwb\guide\pic\bt12.jpg
\WINDOWS\system32\szwb\guide\pic\bt21.jpg
\WINDOWS\system32\szwb\guide\pic\bt22.jpg
\WINDOWS\system32\szwb\guide\pic\bt31.jpg
\WINDOWS\system32\szwb\guide\pic\bt32.jpg
\WINDOWS\system32\szwb\guide\pic\bt41.jpg
\WINDOWS\system32\szwb\guide\pic\bt42.jpg
\WINDOWS\system32\szwb\guide\pic\bt51.jpg
\WINDOWS\system32\szwb\guide\pic\bt52.jpg
\WINDOWS\system32\szwb\guide\pic\button1.jpg
\WINDOWS\system32\szwb\guide\pic\button2.jpg
\WINDOWS\system32\szwb\guide\pic\button3.jpg
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号