VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:8cb727cea58a127ae955460ccc165a15
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 跨进程写入数据
details: TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e70, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e88, Size = 195
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e84, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e74, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e78, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e7c, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e80, Size = 4
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 隐藏指定窗口
details: [Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [谷歌拼音输入法安装向导,#32770]
[Window,Class] = [,#32770]
[Window,Class] = [要完成谷歌拼音输入法的安装和设置,必须重新启动您的系统。现在就重新启动吗?,Static]
[Window,Class] = [是,现在就重新启动,Button]
[Window,Class] = [否,我稍后再自行重新启动,Button]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [已登录:,Static]
[Window,Class] = [logined_username,Static]
[Window,Class] = [,Static]
[Window,Class] = [同步词库已开启,Static]
[Window,Class] = [退出登录,Button]
Behavior description: 修改注册表_安装输入法项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description: 修改注册表_IE首页
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description: 修改注册表_启动项
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Pinyin 2 Autoupdater

Process behavior

Behavior description: 隐藏窗口创建进程
details: ImagePath = c:\program files\google\google pinyin 2\googlepinyinset.exe, CmdLine = "c:\program files\google\google pinyin 2\googlepinyinset.exe" --action=install
ImagePath = c:\program files\google\google pinyin 2\googlepinyindaemon.exe, CmdLine = "c:\program files\google\google pinyin 2\googlepinyindaemon.exe"
Behavior description: 跨进程写入数据
details: TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e70, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e88, Size = 195
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e84, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e74, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e78, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e7c, Size = 4
TargetProcess = GooglePinyinService.exe, WriteAddress = 0x004d5e80, Size = 4
Behavior description: 创建新文件进程
details: ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinSet.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinSet.exe" --action=install
ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe"
ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe"
ImagePath = C:\Program Files\Google\Google Pinyin 2\GooglePinyinSettingWizard.exe, CmdLine = "C:\Program Files\Google\Google Pinyin 2\GooglePinyinSettingWizard.exe"
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: Local\UrlZonesSM_Administrator
GPY2SETTINGS
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.binntrol.bin
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\control.binntrol.bin
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bak
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\userdict.00000ict.00000
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000dex.00000
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.binional.bin
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000del.00000
\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000ict.00000
\Documents and Settings\Administrator\Application Data\Google\Google Pinyin 2\userdict.00000
\WINDOWS\system32\zh-cn\ieframe.dll.mui
c:_progra~1_google_google~1_go4069~1.exe_GPY_SANDBOX_IPC_SHAREDMEM
Behavior description: 重命名文件
details: C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\customtoken.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\customtoken.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000.org ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin
C:\Program Files\Google\Google Pinyin 2\readme_cn.txt.new ---> C:\Program Files\Google\Google Pinyin 2\readme_cn.txt
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000.new ---> C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 修改文件内容
details: C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\customtoken.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin.new---> Offset = 0
C:\Program Files\Google\Google Pinyin 2\readme_cn.txt.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000.new---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000.new---> Offset = 0
Behavior description: 创建可执行文件
details: C:\Program Files\Google\Google Pinyin 2\GooglePinyinOptions.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDashboard.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinReporter.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinNetUtil.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinUninstaller.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinSet.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinSettingWizard.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinDictionary.exe.new
C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe.new
C:\WINDOWS\system32\GooglePinyin2.ime.new
C:\Program Files\Google\Google Pinyin 2\gpy_dict_api.dll.new

Network behavior

Behavior description: 连接指定站点
details: InternetConnectA: ServerName = tools.google.com, PORT = 80
Behavior description: 下载文件
details: URLDownloadToFileW: https://clients2.google.com/ime/pinyin/dicts/dict_index.zip ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GPY1.tmp\dict_index.zip
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GPY1.tmp\dict_index.zip
Behavior description: 打开HTTP请求
details: HttpOpenRequestA: tools.google.com:80/pinyin/install.html?brand=ggpy&hl=0804&hps=1&id=5b65092b8ea349978f32dc9b6003a137_59a36a635a71516b0fd29ff13bbdf215&osver=5.1_x86&rlz=&version=2.7.25.128, hConnect = 0x000004c4

Registry behavior

Behavior description: 删除注册表键
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}\LanguageProfile\0x00000804\{9EE1D8A6-6C8F-4104-BB8E-5563319247A8}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}\LanguageProfile\0x00000804
\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}\LanguageProfile
\REGISTRY\MACHINE\SOFTWARE\Microsoft\CTF\TIP\{4966A555-1B67-45C0-B82F-627FD19AAD22}
Behavior description: 修改注册表_浏览器默认搜索引擎
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\URL
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF9994A8-1840-47B2-9B14-4EF7C51F183E}\AppName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF9994A8-1840-47B2-9B14-4EF7C51F183E}\AppPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF9994A8-1840-47B2-9B14-4EF7C51F183E}\Policy
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AAEEAC6-B521-49C2-AC05-CEF715924F79}\AppName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AAEEAC6-B521-49C2-AC05-CEF715924F79}\AppPath
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AAEEAC6-B521-49C2-AC05-CEF715924F79}\Policy
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\GUID
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\OEM
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\BrandCode
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\InstallTime
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\PATH
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\DataPath
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\SystemSkinVersion
\REGISTRY\MACHINE\SOFTWARE\Google\Google Pinyin 2\Autoupdate\InstalledVersion
Behavior description: 修改注册表_安装输入法项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Keyboard Layout\Preload\2
Behavior description: 修改注册表_IE首页
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
Behavior description: 修改注册表_启动项
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google Pinyin 2 Autoupdater

Other behavior

Behavior description: 创建互斥体
details: Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
GooglePinyinDaemon2Singleton
MUTEXC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/control.bin
MUTEXC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/control.bak
MUTEXC:/Documents and Settings/Administrator/Application Data/Google/Google Pinyin 2/control.bin
MUTEXC:/Documents and Settings/Administrator/Application Data/Google/Google Pinyin 2/control.bak
Behavior description: 隐藏指定窗口
details: [Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [谷歌拼音输入法安装向导,#32770]
[Window,Class] = [,#32770]
[Window,Class] = [要完成谷歌拼音输入法的安装和设置,必须重新启动您的系统。现在就重新启动吗?,Static]
[Window,Class] = [是,现在就重新启动,Button]
[Window,Class] = [否,我稍后再自行重新启动,Button]
[Window,Class] = [下一步(&N) >,Button]
[Window,Class] = [已登录:,Static]
[Window,Class] = [logined_username,Static]
[Window,Class] = [,Static]
[Window,Class] = [同步词库已开启,Static]
[Window,Class] = [退出登录,Button]
Behavior description: 打开指定IE网页
details: http://www.google.com/ime/pinyin/install.html
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Behavior description: 枚举窗口
details: N/A
Behavior description: 窗口信息
details: Pid = 1268, Hwnd=0xb01aa, Text = 谷歌拼音输入法安装向导, ClassName = #32770.
Pid = 1268, Hwnd=0xb01b0, Text = 我接受《最终用户许可协议》中的条款(&A), ClassName = Button(CheckBox).
Pid = 1268, Hwnd=0xa018c, Text = 谷歌服务条款 谷歌欢迎您! 1. 您与谷歌的关系 1.1 您对谷歌产品、软件、服务及网站(本文件中合称“服务”,不包括在单独的书面, ClassName = Edit.
Pid = 1268, Hwnd=0xb01de, Text = < 上一步(&B), ClassName = Button.
Pid = 1268, Hwnd=0xc01d6, Text = 下一步(&N) >, ClassName = Button.
Pid = 1268, Hwnd=0xd01c8, Text = 完成, ClassName = Button.
Pid = 1268, Hwnd=0xc01c2, Text = 取消, ClassName = Button.
Pid = 1268, Hwnd=0xb01c6, Text = 帮助, ClassName = Button.
Pid = 1268, Hwnd=0xd0180, Text = 谷歌拼音输入法安装向导, ClassName = #32770.
Pid = 1268, Hwnd=0xa0198, Text = 推荐您使用 Google(谷歌) 提供的网页搜索和相关服务。将 Google 设置为 IE 浏览器默认的主页和搜索引擎可以加快你上网搜索和浏览的速度,, ClassName = Static.
Pid = 1268, Hwnd=0xd01a4, Text = 将 Google 设为 IE 浏览器的默认主页, ClassName = Button(CheckBox).
Pid = 1268, Hwnd=0xc01e8, Text = 将 Google 设置为 IE 浏览器的默认搜索引擎, ClassName = Button(CheckBox).
Pid = 1268, Hwnd=0xb0164, Text = 请稍候,安装向导正在安装谷歌拼音输入法, ClassName = Static.
Pid = 1268, Hwnd=0xb016c, Text = 正在复制文件:C:\Documents and Settings\All...\stock_shuangpin_dict.00000, ClassName = Static.
Pid = 1268, Hwnd=0xb01be, Text = 下列应用程序正在使用本安装向导需要更新的文件。请关闭这些应用程序后继续安装。如果您选择忽略,则本次安装在重新启动后才能生效。, ClassName = Static.