1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:83 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | 90372796edc76dcb0d3f893f3ff98851 |
| file type: | zip |
| Production company: | |
| version: | |
| Shell or compiler information: | COMPILER:Borland Delphi 2.0 [Overlay] |
| Subfile information: | KMSpico_setup.exe / a89c072c83a54cb5aa2c570f3d910a56 / EXE |
| Setup_oemtongyi3.exe / ed6ff687fee915e03b263e47b72de974 / EXE | |
| ReadMe KMSpico Install.txt / 7cd3b648933e345e5945e74c0a15a877 / Unknown | |
| XP510下载须知.txt / 996fcedd03f33601691e182fe1bc16d3 / Unknown | |
| 636网址导航.url / 3688d42285b5e6a8a3c9f5658483ddba / Unknown | |
| 软件使用说明.html / d9ca7d1f89782cd376a0eef1e487335f / Unknown | |
| UnInstall_Service.cmd / d228137b7b77d7ef3fcdc06ddabebeef / Unknown | |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.ADH..GNDHH | |
| MSCTF.MarshalInterface.FileMap.ADH.B.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.C.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.D.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.E.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.F.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.G.FODHH | |
| MSCTF.Shared.SFM.ADH | |
| MSCTF.MarshalInterface.FileMap.ADH.H.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.I.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.J.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.K.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.L.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.M.EJCLH | |
| Behavior description: | 屏蔽窗口关闭消息 |
| details: | hWnd = 0x000202cc, Text = 360安全中心, ClassName = #32770. |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 按名称获取主机地址 |
| details: | st.p.360.cn |
| stun01.sipphone.com | |
| agt.p.360.cn | |
| tr.p.360.cn | |
| Process behavior | |
|---|---|
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.ADH..GNDHH | |
| MSCTF.MarshalInterface.FileMap.ADH.B.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.C.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.D.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.E.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.F.FODHH | |
| MSCTF.MarshalInterface.FileMap.ADH.G.FODHH | |
| MSCTF.Shared.SFM.ADH | |
| MSCTF.MarshalInterface.FileMap.ADH.H.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.I.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.J.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.K.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.L.EJCLH | |
| MSCTF.MarshalInterface.FileMap.ADH.M.EJCLH | |
| Behavior description: | 创建可执行文件 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3605.tmpsafe505.dll |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\3604.tmp360net.dll | |
| Behavior description: | 修改文件内容 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\!@t234.tmp---> Offset = 0 |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 查找文件 |
| details: | FileName = C:\Documents and Settings\Administrator\Application Data\Tencent |
| FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ | |
| FileName = C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1443555733.023508.exe_7zdump\LiveUpdateLog\P2SP_setup_oemtongyi3.log | |
| Network behavior | |
|---|---|
| Behavior description: | 连接指定站点 |
| details: | InternetConnectA: ServerName = s.360.cn, PORT = 80 |
| InternetConnectA: ServerName = pinst.360.cn, PORT = 80 | |
| Behavior description: | 建立到一个指定的套接字连接 |
| details: | 127.0.0.1:1034 |
| Behavior description: | 打开HTTP请求 |
| details: | HttpOpenRequestA: s.360.cn:80/safe/instcomp.htm?soft=80&status=1&mid=5dbfe99d33d8e56e1169c3ae5d7c9c97&pid=oemtongyi3&ver=2.2.1.1001, hConnect = 0x00000638 |
| HttpOpenRequestA: pinst.360.cn:80/360safe/bd_oemtongyi3.cab?value=17227, hConnect = 0x000004b4 | |
| Behavior description: | 按名称获取主机地址 |
| details: | st.p.360.cn |
| stun01.sipphone.com | |
| agt.p.360.cn | |
| tr.p.360.cn | |
| Registry behavior | |
|---|---|
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\MACHINE\SOFTWARE\360Safe\Liveup\mid |
| \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\%temp%\1443555732.757056.exe_7zdump\Setup_oemtongyi3.exe | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | 1830B7BD-F7A3-4c4d-989B-C004DE465EDE 564 |
| CTF.LBES.MutexDefaultS-* | |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.ADH | |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 获取系统权限 |
| details: | SE_MANAGE_VOLUME_PRIVILEGE |
| Behavior description: | 屏蔽窗口关闭消息 |
| details: | hWnd = 0x000202cc, Text = 360安全中心, ClassName = #32770. |
| Behavior description: | 窗口信息 |
| details: | Pid = 564, Hwnd=0x202b2, Text = 安装程序正在加载配置文件,请稍候..., ClassName = Static. |
| Pid = 564, Hwnd=0x302ba, Text = Progress1, ClassName = msctls_progress32. | |
| Pid = 564, Hwnd=0x202cc, Text = 360安全中心, ClassName = #32770. | |
| Pid = 564, Hwnd=0x302b2, Text = 确定, ClassName = Button. | |
| Pid = 564, Hwnd=0x402bc, Text = 配置文件加载超时,请检查您的网络连接!, ClassName = Static. | |
| Behavior description: | 直接操作物理设备 |
| details: | \??\PhysicalDrive0 |
| Behavior description: | 样本控制台输出内容 |
| details: | N/A |
| Run screenshot |
|---|
 |
HOME
