VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:40
Behavior list
Basic Information
MD5:8cb727cea58a127ae955460ccc165a15
file type:7z
Production company:Google Inc.
version:2.7.25.128---2.7.25.128
Shell or compiler information:
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e70, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e88, Size = 195
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e84, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e74, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e78, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e7c, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e80, Size = 4
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [谷歌拼音输入法安装向导,#32770]
[Window,Class] = [,#32770]
[Window,Class] = [要完成谷歌拼音输入法的安装和设置,必须重新启动您的系统。现在就重新启动吗?,Static]
[Window,Class] = [是,现在就重新启动,Button]
[Window,Class] = [否,我稍后再自行重新启动,Button]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [已登录:,Static]
[Window,Class] = [logined_username,Static]
[Window,Class] = [,Static]
[Window,Class] = [同步词库已开启,Static]
[Window,Class] = [退出登录,Button]
Behavior description:修改注册表_安装输入法项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Pinyin 2 Autoupdater
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = c:\program files\google\google pinyin 2\googlepinyinset.exe, CmdLine = "c:\program files\google\google pinyin 2\googlepinyinset.exe" --action=install
ImagePath = c:\program files\google\google pinyin 2\googlepinyindaemon.exe, CmdLine = "c:\program files\google\google pinyin 2\googlepinyindaemon.exe"
Behavior description:跨进程写入数据
details:TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e70, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e88, Size = 195
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e84, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e74, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e78, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e7c, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e80, Size = 4
Behavior description:创建新文件进程
details:ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinSet.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinSet.exe" --action=install
ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe"
ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinSettingWizard.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinSettingWizard.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:Local\UrlZonesSM_Administrator
GPY2SETTINGS
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.binntrol.bin
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\control.binntrol.bin
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bak
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\userdict.00000ict.00000
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000dex.00000
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.binional.bin
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000del.00000
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000ict.00000
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\userdict.00000
\WINDOWS\system32\zh-cn\ieframe.dll.mui
c:_progra~1_google_google~1_go4069~1.exe_GPY_SANDBOX_IPC_SHAREDMEM
Behavior description:重命名文件
details:C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\customtoken.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\customtoken.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000.org ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin
C:\Program Files\Google\Google Pinyin 2\readme_cn.txt.new ---> C:\Program Files\Google\Google Pinyin 2\readme_cn.txt
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\customtoken.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin.new---> Offset = 0
C:\Program Files\Google\Google Pinyin 2\readme_cn.txt.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000.new---> Offset = 0
Behavior description:创建可执行文件
details:C:\Program Files\Google\Google Pinyin 2\GooglePinyinOptions.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDashboard.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinReporter.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinNetUtil.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinUninstaller.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinSet.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinSettingWizard.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDictionary.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe.new
C:\WINDOWS\system32\GooglePinyin2.ime.new
C:\Program Files\Google\Google Pinyin 2\gpy_dict_api.dll.new
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = tools.google.com, PORT = 80
Behavior description:下载文件
details:URLDownloadToFileW: https://clients2.google.com/ime/pinyin/dicts/dict_index.zip ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GPY1.tmp\dict_index.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GPY1.tmp\dict_index.zip
Behavior description:打开HTTP请求
details:HttpOpenRequestA: tools.google.com:80/pinyin/install.html?brand=ggpy&hl=0804&hps=1&id=5b65092b8ea349978f32dc9b6003a137_59a36a635a71516b0fd29ff13bbdf215&osver=5.1_x86&rlz=&version=2.7.25.128, hConnect = 0x000004c4
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}\LanguageProfile\0x00000804\{9EE1D8A6-6C8F-4104-BB8E-5563319247A8}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}\LanguageProfile\0x00000804
\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}\LanguageProfile
\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}
Behavior description:修改注册表_浏览器默认搜索引擎
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\URL
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF9994A8-1840-47B2-9B14-4EF7C51F183E}\AppName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF9994A8-1840-47B2-9B14-4EF7C51F183E}\AppPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF9994A8-1840-47B2-9B14-4EF7C51F183E}\Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AAEEAC6-B521-49C2-AC05-CEF715924F79}\AppName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AAEEAC6-B521-49C2-AC05-CEF715924F79}\AppPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AAEEAC6-B521-49C2-AC05-CEF715924F79}\Policy
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\GUID
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\OEM
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\BrandCode
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\InstallTime
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\PATH
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\DataPath
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\SystemSkinVersion
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\Autoupdate\InstalledVersion
Behavior description:修改注册表_安装输入法项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description:修改注册表_IE首页
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Pinyin 2 Autoupdater
Other behavior
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
GooglePinyinDaemon2Singleton
MUTEXC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/control.bin
MUTEXC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/control.bak
MUTEXC:/Documents and Settings/Administrator/Application Data/Google/Google Pinyin 2/control.bin
MUTEXC:/Documents and Settings/Administrator/Application Data/Google/Google Pinyin 2/control.bak
Behavior description:隐藏指定窗口
details:[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [谷歌拼音输入法安装向导,#32770]
[Window,Class] = [,#32770]
[Window,Class] = [要完成谷歌拼音输入法的安装和设置,必须重新启动您的系统。现在就重新启动吗?,Static]
[Window,Class] = [是,现在就重新启动,Button]
[Window,Class] = [否,我稍后再自行重新启动,Button]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [已登录:,Static]
[Window,Class] = [logined_username,Static]
[Window,Class] = [,Static]
[Window,Class] = [同步词库已开启,Static]
[Window,Class] = [退出登录,Button]
Behavior description:打开指定IE网页
details:http://www.google.com/ime/pinyin/install.html
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:窗口信息
details:Pid = 1268, Hwnd=0xb01aa, Text = 谷歌拼音输入法安装向导, ClassName = #32770.
Pid = 1268, Hwnd=0xb01b0, Text = 我接受《最终用户许可协议》中的条款(&A), ClassName = Button(CheckBox).
Pid = 1268, Hwnd=0xa018c, Text = 谷歌服务条款 谷歌欢迎您! 1. 您与谷歌的关系 1.1 您对谷歌产品、软件、服务及网站(本文件中合称“服务”,不包括在单独的书面, ClassName = Edit.
Pid = 1268, Hwnd=0xb01de, Text = < 上一步(&B), ClassName = Button.
Pid = 1268, Hwnd=0xc01d6, Text = 下一步(&N) >, ClassName = Button.
Pid = 1268, Hwnd=0xd01c8, Text = 完成, ClassName = Button.
Pid = 1268, Hwnd=0xc01c2, Text = 取消, ClassName = Button.
Pid = 1268, Hwnd=0xb01c6, Text = 帮助, ClassName = Button.
Pid = 1268, Hwnd=0xd0180, Text = 谷歌拼音输入法安装向导, ClassName = #32770.
Pid = 1268, Hwnd=0xa0198, Text = 推荐您使用 Google(谷歌) 提供的网页搜索和相关服务。将 Google 设置为 IE 浏览器默认的主页和搜索引擎可以加快你上网搜索和浏览的速度,, ClassName = Static.
Pid = 1268, Hwnd=0xd01a4, Text = 将 Google 设为 IE 浏览器的默认主页, ClassName = Button(CheckBox).
Pid = 1268, Hwnd=0xc01e8, Text = 将 Google 设置为 IE 浏览器的默认搜索引擎, ClassName = Button(CheckBox).
Pid = 1268, Hwnd=0xb0164, Text = 请稍候,安装向导正在安装谷歌拼音输入法, ClassName = Static.
Pid = 1268, Hwnd=0xb016c, Text = 正在复制文件:C:\Documents and Settings\All...\stock_shuangpin_dict.00000, ClassName = Static.
Pid = 1268, Hwnd=0xb01be, Text = 下列应用程序正在使用本安装向导需要更新的文件。请关闭这些应用程序后继续安装。如果您选择忽略,则本次安装在重新启动后才能生效。, ClassName = Static.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号