VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:9af8dacd77492250ef985eed203c596b
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\360一键Root.lnk
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Button]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [北京奇虎科技有限公司,Static]
[Window,Class] = [北京奇虎科技有限公司 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [ ,AsynPluginManager]
[Window,Class] = [ ,MMUiManager]
[Window,Class] = [Welcome UiFeature,TipWnd]
[Window,Class] = [360一键Root,MR_MainWindow]
[Window,Class] = [ ,PluginMM]
[Window,Class] = [UiFeatureBrowser,UiFeatureWebBrowser]

Process behavior

Behavior description: 创建新文件进程
details: ImagePath = C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\360Root.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\360Root.exe"
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
details: C:\Documents and Settings\Administrator\「开始」菜单\程序\360安全中心\360一键Root\360一键Root.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\360安全中心\360一键Root\卸载360一键Root.lnk
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\Registry.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\KillProcDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\360Base.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\360Common.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\360net.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\360NetUL.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\360P2SP.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\360verify.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\LiveUpd360.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\PDown.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\adb.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\360RootUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\360RootCrashReport.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\360Root.exe
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\360一键Root.lnk
Behavior description: 写权限映射文件
details: \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ns6.tmp
UserConfigIniM{106ACE21-2A22-4993-92DE-77D1AC122BC2}
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 修改文件内容
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-wizard.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-header.bmp---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\Uninstall.ico---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\360RootSetting.xml---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\360RootSkin.ufd---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\UiFeature.xml---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\adb_usb.ini---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\bin\app.html---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\updatecfg.ini---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\updatecfg.ini---> Offset = 135
C:\Documents and Settings\Administrator\Local Settings\Application Data\360一键Root\updatecfg.ini---> Offset = 264
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\360一键Root.lnk---> Offset = 0

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\360一键Root\pid
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\360一键Root\JoinUserExperience
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\DisplayName
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\UninstallString
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\DisplayIcon
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\DisplayVersion
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\InstallDate
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\InstallLocation
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\URLInfoAbout
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\Publisher
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Uninstall\360一键Root\ProductChanel
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Root.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Root.exe\Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360Root.exe\PathSub
Behavior description: 删除注册表键值_删除启动项
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\360rootruninst
Behavior description: 修改注册表_延迟重命名项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations

Other behavior

Behavior description: 创建互斥体
details: 360RootInstaller
1830B7BD-F7A3-4c4d-989B-C004DE465EDE 2136
_360_M_M_ROOT_MUTEX_
UserConfigIniEvectM{93B70361-E06B-4343-AE6D-EA7A5817E029}
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Button]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [北京奇虎科技有限公司,Static]
[Window,Class] = [北京奇虎科技有限公司 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [ ,AsynPluginManager]
[Window,Class] = [ ,MMUiManager]
[Window,Class] = [Welcome UiFeature,TipWnd]
[Window,Class] = [360一键Root,MR_MainWindow]
[Window,Class] = [ ,PluginMM]
[Window,Class] = [UiFeatureBrowser,UiFeatureWebBrowser]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [MR_MainWindow,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [SysListView32,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 1836, Hwnd=0xc01d6, Text = 我接受(&I), ClassName = Button.
Pid = 1836, Hwnd=0xd01c8, Text = 取消(&C), ClassName = Button.
Pid = 1836, Hwnd=0xa018c, Text = 北京奇虎科技有限公司 , ClassName = Static.
Pid = 1836, Hwnd=0xe016e, Text = 北京奇虎科技有限公司, ClassName = Static.
Pid = 1836, Hwnd=0xd01a4, Text = 许可证协议, ClassName = Static.
Pid = 1836, Hwnd=0xc01e8, Text = 在安装“360一键Root”之前,请阅读授权协议。, ClassName = Static.
Pid = 1836, Hwnd=0xb0170, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 1836, Hwnd=0xd01ac, Text = 如果你接受协议中的条款,单击 [我同意(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须接受协议才能安装“360一键Root”。, ClassName = Static.
Pid = 1836, Hwnd=0xd0166, Text = 360一键Root 安装 , ClassName = #32770.
Pid = 1836, Hwnd=0xb01de, Text = < 上一步(&P), ClassName = Button.
Pid = 1836, Hwnd=0xc01d6, Text = 下一步(&N) >, ClassName = Button.
Pid = 1836, Hwnd=0xd01a4, Text = 正在安装, ClassName = Static.
Pid = 1836, Hwnd=0xc01e8, Text = “360一键Root”正在安装,请等候..., ClassName = Static.
Pid = 1836, Hwnd=0xe01ac, Text = 显示细节(&D), ClassName = Button.
Pid = 1836, Hwnd=0xc0170, Text = 抽取: 360Root.exe, ClassName = Static.
Behavior description: 直接操作物理设备
details: \??\PhysicalDrive0
Behavior description: 内联HOOK
details: C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
Behavior description: 打开图片文件
details: \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-wizard.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nss5.tmp\modern-header.bmp