VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:94386d2ff8c5177d102d9bcd221aa1a4
file type:7z
Production company:
version:2.8.5.10---2.8.5.10
Shell or compiler information:
Subfile information:Uninst.exe / ebed035abbcffcea26969aca6d02edd6 / EXE
7z.dll / c0eaea29ed843950d685fd349d530876 / DLL
KuaiZip.exe / 9c59e80a84c13e9f474704fa0cced408 / zip
upx30_d5e90dd4dumpFile / 999321677ab7ef5a2c8797897b2de82f / EXE
KZModule.dll / 4336b27d25938694145e814047af909f / DLL
7z.dll / 5d15ecb88b83d76b0ecfa0780a1b7c0a / DLL
KZModule.dll / e893c04ad7fd04e65f5449b998e17649 / DLL
KZTui.exe / 07f3c6ec3032697c2ce60f577ee39ec3 / EXE
BSCoreNew.dll / 0e683ecd2ef8aeb64457a36046788a6f / DLL
KZReport.exe / b3835057e268d66f90ccf3eb98ab001a / EXE
DiskOpt.exe / 82dbe8ba7f9a1c8212aaaa72f39e3e30 / EXE
DuiLib.dll / f376838dfaa106b74b06876dd0c1482f / DLL
Update.exe / db967369f99674195d825b9fb736ebd3 / zip
KZFormat.dll / eee3477f018bdfc82ece9d1c681328f2 / DLL
kzSetup_chs.sfx / 14757fb0abc92b96f00e20d663c553c5 / EXE
KZFormat.dll / 3d1c626ab7937a07003374155e6e9653 / DLL
KZMount.exe / 5a885e85577fa10269705d84b85cc930 / EXE
EmergencyUpdate.exe / 1c54b2687fc6446079b87006e8b7aaf2 / EXE
KZMount.exe / 31bd8916e24b98c4c9ee9ee2b45014dc / EXE
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MIN..GFMIH
MSCTF.MarshalInterface.FileMap.MIN.B.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.C.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.D.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.E.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.F.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.G.FHMIH
MSCTF.Shared.SFM.MIN
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [快压 - 安装程序,Install]
[Window,Class] = [,PerryShadowWnd]
Behavior description:杀掉进程
details:TargetProcess = UPDATE.EXE
TargetProcess = KZREPORT.EXE
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = c:\windows\system32\taskkill.exe, CmdLine = "c:\windows\system32\taskkill.exe" /f /im update.exe
ImagePath = c:\windows\system32\taskkill.exe, CmdLine = "c:\windows\system32\taskkill.exe" /f /im kzreport.exe
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\taskkill.exe, CmdLine = "C:\WINDOWS\system32\taskkill.exe" /f /im Update.exe
ImagePath = C:\WINDOWS\system32\taskkill.exe, CmdLine = "C:\WINDOWS\system32\taskkill.exe" /f /im KZReport.exe
Behavior description:枚举进程
details:N/A
Behavior description:杀掉进程
details:TargetProcess = UPDATE.EXE
TargetProcess = KZREPORT.EXE
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MIN..GFMIH
MSCTF.MarshalInterface.FileMap.MIN.B.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.C.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.D.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.E.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.F.FHMIH
MSCTF.MarshalInterface.FileMap.MIN.G.FHMIH
MSCTF.Shared.SFM.MIN
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\taskkill.exe
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = stat.kpzip.com, PORT = 80
Behavior description:联网打开网址
details:InternetOpenUrlA: http://i.kpzip.com/n/install/show2/show.txt hInternet = 0x000006a4
Behavior description:打开HTTP请求
details:HttpOpenRequestA: stat.kpzip.com:80/stat/index.php?pcid=e04bfc3525e4e5a26112623407e5b404&app=kuaizip&ver=2.8.5.10&channel=guanwang&category=%temp%\1445223254.593984.exe&act=app%5finstall%5fstart&p1=&p2=&key=57fede9638e23fb000f3e1cc95fa33f3, hConnect = 0x00000668
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\SNDA\PCID
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\taskkill.exe
Other behavior
Behavior description:创建互斥体
details:Install_renmingbao_19900126
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
Global\{84DDE91F-5045-411e-9D77-4AE3AADD679C}
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MIN
Behavior description:隐藏指定窗口
details:[Window,Class] = [快压 - 安装程序,Install]
[Window,Class] = [,PerryShadowWnd]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 3464, Hwnd=0x202a4, Text = 快压 - 安装程序, ClassName = Install.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 493093, SleepMilliseconds = 250.
TickCount = 493109, SleepMilliseconds = 250.
TickCount = 493125, SleepMilliseconds = 250.
TickCount = 493453, SleepMilliseconds = 250.
TickCount = 493468, SleepMilliseconds = 250.
TickCount = 493531, SleepMilliseconds = 250.
TickCount = 493546, SleepMilliseconds = 250.
TickCount = 493562, SleepMilliseconds = 250.
TickCount = 493578, SleepMilliseconds = 250.
TickCount = 493671, SleepMilliseconds = 250.
TickCount = 493718, SleepMilliseconds = 250.
TickCount = 493734, SleepMilliseconds = 250.
TickCount = 493796, SleepMilliseconds = 250.
TickCount = 493812, SleepMilliseconds = 250.
TickCount = 493859, SleepMilliseconds = 250.
Behavior description:枚举窗口
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号