VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:8aa469d96d50b04b876b1b7714efcef9
file type:EXE
Production company:
version:
Shell or compiler information:COMPILER:NSIS
Subfile information:ChromePass.exe / 4dda28b9ecc6a45d50a092141136963a / EXE
mailpv.exe / 782dd6152ab52361eba2bafd67771fa0 / EXE
WirelessKeyView.exe / fd91b1ef68da0b0cc61ed0e409eaaf11 / EXE
PasswordFox.exe / ef4b628369985a3913c1afa0fb2468d0 / EXE
Dialupass.exe / d1b3272d7f46efc845fc9f56eac8929b / EXE
SniffPass.exe / 001deb2e5567ce7b887bbb83323d8857 / EXE
mspass.exe / df218168bf83d26386dfd4ece7aef2d0 / EXE
iepv.exe / 57bfa0c7fa2394d106915af7c9a4a0a7 / EXE
VNCPassView.exe / d28f0cfae377553fcb85918c29f4889b / EXE
netpass.exe / b24af675f5f9ca9daa154b8a537a695f / EXE
PstPassword.exe / 886526e9c5c2dc7287d7f169d8c1a243 / EXE
rdpv.exe / f3ca95a762a4101a2cd5789190681a78 / EXE
modern-wizard.bmp / cbe40fd2b1ec96daedc65da172d90022 / Unknown
astlog.exe / ccee2e1a4672697747d199fb7e0caa37 / EXE
WirelessKeyView.chm / 135c10695a92868bcded7d5685bebb22 / Chm
netpass.chm / 2877088389c5dfada1cfbcf3eb4cf2b5 / Chm
iepv.chm / 28e10fb42e5913636e3afe7be5231972 / Chm
PasswordFox.chm / 4169ec3e7e9894a11d22487222f1171b / Chm
Dialupass.chm / 9124d2eae3ed3612dca090ed4ea79038 / Chm
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000b02b2, Text = NirSoft Password Recovery Package Setup , ClassName = #32770.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3412, ThreadID = 3556, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3412, ThreadID = 3560, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 3412, ThreadID = 3684, StartAddress = 00404EB3, Parameter = 0005038C
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nss4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\StartMenu.dll
C:\Program Files\NirSoft\Password Recovery Package\mspass.exe
C:\Program Files\NirSoft\Password Recovery Package\mspass.chm
C:\Program Files\NirSoft\Password Recovery Package\Dialupass.exe
C:\Program Files\NirSoft\Password Recovery Package\Dialupass.chm
C:\Program Files\NirSoft\Password Recovery Package\mailpv.exe
C:\Program Files\NirSoft\Password Recovery Package\mailpv.chm
C:\Program Files\NirSoft\Password Recovery Package\SniffPass.exe
C:\Program Files\NirSoft\Password Recovery Package\SniffPass.chm
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\MessenPass.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\MessenPass Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Mail PassView.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Mail PassView Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Dialupass.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Dialupass Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Network Password Recovery.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Network Password Recovery Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Asterisk Logger.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\Asterisk Logger Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\IE PassView.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\IE PassView Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\WirelessKeyView.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\WirelessKeyView Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NirSoft Password Recovery Package\PasswordFox.lnk
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\StartMenu.dll
C:\Program Files\NirSoft\Password Recovery Package\mspass.exe
C:\Program Files\NirSoft\Password Recovery Package\Dialupass.exe
C:\Program Files\NirSoft\Password Recovery Package\mailpv.exe
C:\Program Files\NirSoft\Password Recovery Package\SniffPass.exe
C:\Program Files\NirSoft\Password Recovery Package\netpass.exe
C:\Program Files\NirSoft\Password Recovery Package\astlog.exe
C:\Program Files\NirSoft\Password Recovery Package\rdpv.exe
C:\Program Files\NirSoft\Password Recovery Package\iepv.exe
C:\Program Files\NirSoft\Password Recovery Package\PstPassword.exe
C:\Program Files\NirSoft\Password Recovery Package\PasswordFox.exe
C:\Program Files\NirSoft\Password Recovery Package\ChromePass.exe
C:\Program Files\NirSoft\Password Recovery Package\WirelessKeyView.exe
C:\Program Files\NirSoft\Password Recovery Package\VNCPassView.exe
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nss4D.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4E.tmp
FileName = C:\Program Files\NirSoft\Password Recovery Package
FileName = C:\Program Files\NirSoft
FileName = C:\Program Files
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\*.*
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nss4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nss4D.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nss4D.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 124
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 33
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 43
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 60
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 278
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 346
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 401
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 409
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\ioSpecial.ini ---> Offset = 421
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NirSoft Password Recovery\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NirSoft Password Recovery\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NirSoft Password Recovery\DisplayName
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IFN
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.37,Static]
[Window,Class] = [Nullsoft Install System v2.37 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Show &details,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000b02b2, Text = NirSoft Password Recovery Package Setup , ClassName = #32770.
Behavior description:窗口信息
details:Pid = 3412, Hwnd=0xe035e, Text = &Next >, ClassName = Button.
Pid = 3412, Hwnd=0x1802fe, Text = Cancel, ClassName = Button.
Pid = 3412, Hwnd=0x1902ce, Text = Nullsoft Install System v2.37 , ClassName = Static.
Pid = 3412, Hwnd=0x7038a, Text = Nullsoft Install System v2.37, ClassName = Static.
Pid = 3412, Hwnd=0x13033a, Text = Welcome to the NirSoft Password Recovery Package Setup Wizard, ClassName = Static.
Pid = 3412, Hwnd=0xe039e, Text = This wizard will guide you through the installation of NirSoft Password Recovery Package. It is recommended that you close all, ClassName = Static.
Pid = 3412, Hwnd=0xb02b2, Text = NirSoft Password Recovery Package Setup, ClassName = #32770.
Pid = 3412, Hwnd=0x1002c8, Text = < &Back, ClassName = Button.
Pid = 3412, Hwnd=0x1702d8, Text = Choose Install Location, ClassName = Static.
Pid = 3412, Hwnd=0x9039c, Text = Choose the folder in which to install NirSoft Password Recovery Package., ClassName = Static.
Pid = 3412, Hwnd=0xf039e, Text = C:\Program Files\NirSoft\Password Recovery Package, ClassName = Edit.
Pid = 3412, Hwnd=0x14033a, Text = B&rowse..., ClassName = Button.
Pid = 3412, Hwnd=0x11034c, Text = Space available: 5.4GB, ClassName = Static.
Pid = 3412, Hwnd=0x110342, Text = Space required: 1.2MB, ClassName = Static.
Pid = 3412, Hwnd=0x7038e, Text = Setup will install NirSoft Password Recovery Package in the following folder. To install in a different folder, click Browse and , ClassName = Static.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\InstallOptions.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\StartMenu.dll(签名验证: 未通过)
C:\Program Files\NirSoft\Password Recovery Package\mspass.exe(签名验证: 未通过)
C:\Program Files\NirSoft\Password Recovery Package\Dialupass.exe(签名验证: 通过)
C:\Program Files\NirSoft\Password Recovery Package\mailpv.exe(签名验证: 通过)
C:\Program Files\NirSoft\Password Recovery Package\SniffPass.exe(签名验证: 未通过)
C:\Program Files\NirSoft\Password Recovery Package\netpass.exe(签名验证: 通过)
C:\Program Files\NirSoft\Password Recovery Package\astlog.exe(签名验证: 未通过)
C:\Program Files\NirSoft\Password Recovery Package\rdpv.exe(签名验证: 未通过)
C:\Program Files\NirSoft\Password Recovery Package\iepv.exe(签名验证: 通过)
C:\Program Files\NirSoft\Password Recovery Package\PstPassword.exe(签名验证: 未通过)
C:\Program Files\NirSoft\Password Recovery Package\PasswordFox.exe(签名验证: 通过)
C:\Program Files\NirSoft\Password Recovery Package\ChromePass.exe(签名验证: 通过)
C:\Program Files\NirSoft\Password Recovery Package\WirelessKeyView.exe(签名验证: 通过)
C:\Program Files\NirSoft\Password Recovery Package\VNCPassView.exe(签名验证: 未通过)
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.IFN.IC
EventName = MSCTF.SendReceiveConection.Event.IFN.IC
EventName = Global\userenv: User Profile setup event
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\InstallOptions.dll ---> 3809b1424d53ccb427c88cabab8b5f94
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi4E.tmp\StartMenu.dll ---> 8262fbc2a172ff04146e7587649d7091
C:\Program Files\NirSoft\Password Recovery Package\mspass.exe ---> df218168bf83d26386dfd4ece7aef2d0
C:\Program Files\NirSoft\Password Recovery Package\Dialupass.exe ---> d1b3272d7f46efc845fc9f56eac8929b
C:\Program Files\NirSoft\Password Recovery Package\mailpv.exe ---> 782dd6152ab52361eba2bafd67771fa0
C:\Program Files\NirSoft\Password Recovery Package\SniffPass.exe ---> 001deb2e5567ce7b887bbb83323d8857
C:\Program Files\NirSoft\Password Recovery Package\netpass.exe ---> b24af675f5f9ca9daa154b8a537a695f
C:\Program Files\NirSoft\Password Recovery Package\astlog.exe ---> ccee2e1a4672697747d199fb7e0caa37
C:\Program Files\NirSoft\Password Recovery Package\rdpv.exe ---> f3ca95a762a4101a2cd5789190681a78
C:\Program Files\NirSoft\Password Recovery Package\iepv.exe ---> 57bfa0c7fa2394d106915af7c9a4a0a7
C:\Program Files\NirSoft\Password Recovery Package\PstPassword.exe ---> 886526e9c5c2dc7287d7f169d8c1a243
C:\Program Files\NirSoft\Password Recovery Package\PasswordFox.exe ---> ef4b628369985a3913c1afa0fb2468d0
C:\Program Files\NirSoft\Password Recovery Package\ChromePass.exe ---> 4dda28b9ecc6a45d50a092141136963a
C:\Program Files\NirSoft\Password Recovery Package\WirelessKeyView.exe ---> fd91b1ef68da0b0cc61ed0e409eaaf11
C:\Program Files\NirSoft\Password Recovery Package\VNCPassView.exe ---> d28f0cfae377553fcb85918c29f4889b
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4E.tmp\InstallOptions.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi4E.tmp\StartMenu.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号