1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:75 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | b6da356e6f78107d9690f34e485bd66e |
| file type: | Cab |
| Production company: | 百度云管家 |
| version: | 4.6.1.0---4.6.1.0 |
| Shell or compiler information: | |
| Subfile information: | BaiduYunGuanjia.exedumpFile / b0872902ad764f524617bfdb1e2bde06 / EXE |
| default.dbdumpFile / 967f78355bc5027fde701e2c60a261f8 / Compound | |
| Basement.dlldumpFile / 0316c9997c2e1de786ea31e7c89e9701 / DLL | |
| YunLogic.dlldumpFile / 68aeb37f0578c63df292b7782a23ce9c / DLL | |
| Bull80U.dlldumpFile / 4ee6a2058f786f0f7402c5fd37f19680 / DLL | |
| xImage.dlldumpFile / c1b83f9db053d763b7ff676bddb40c12 / DLL | |
| AppUtil.dlldumpFile / c4baa27c792aa68b2be2e6a1bc2bc798 / DLL | |
| YunDb.dlldumpFile / 6c75768ec7f41b2ef53db983946c2faf / DLL | |
| msvcr80.dlldumpFile / 1169436ee42f860c7db37a4692b38f0e / DLL | |
| msvcp80.dlldumpFile / 8c53ccd787c381cd535d8dcca12584d8 / DLL | |
| autobackup.icodumpFile / cea33e92dd2e8f1b4dbed22c25ac7570 / Unknown | |
| 2.wavdumpFile / 4408f456a35c301ee1b951e20ffa71bb / Unknown | |
| channelpcsdk.dlldumpFile / 451d06ace4baec9abb7524bc28fa2ca8 / DLL | |
| YunShellExt64.dlldumpFile / 31becef7eac5577a6fa9350fdf0e4168 / DLL | |
| YunShellExt.dlldumpFile / 1e112eeb618d5c7a817cb946aa6cd746 / DLL | |
| npYunWebDetect.dlldumpFile / 59b6770a545012a859f83ca1ff7bbdf8 / DLL | |
| resource.dbdumpFile / 7b77a6373832371265087655ae59f23d / Compound | |
| 3.wavdumpFile / 9ca4aec9ef66806361f3e0ae86792c86 / Unknown | |
| 4.wavdumpFile / 0616ba6aa33fcc59c46f7edaea9b3e9e / Unknown | |
| Key behavior | |
|---|---|
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [TimerWin,LOG_MSG_WINDOW] |
| [Window,Class] = [,BaseGui] | |
| [Window,Class] = [,ATL:00BD1138] | |
| Behavior description: | 按名称获取主机地址 |
| details: | pan.baidu.com |
| Process behavior | |
|---|---|
| Behavior description: | 创建进程 |
| details: | ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunShellExt.dll" |
| ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll" | |
| Behavior description: | 创建新文件进程 |
| details: | ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe |
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500 |
| bdlog_timing_info_V3 | |
| Baohe_BugReport_556 | |
| DfSharedHeap6F324 | |
| DfRoot00006F324 | |
| YunBrowserSharedMemory_556 | |
| MSCTF.MarshalInterface.FileMap.MDH..HCINF | |
| MSCTF.MarshalInterface.FileMap.MDH.B.CAJNF | |
| MSCTF.MarshalInterface.FileMap.MDH.C.CAJNF | |
| MSCTF.MarshalInterface.FileMap.MDH.D.CAJNF | |
| MSCTF.MarshalInterface.FileMap.MDH.E.CAJNF | |
| MSCTF.MarshalInterface.FileMap.MDH.F.CAJNF | |
| MSCTF.MarshalInterface.FileMap.MDH.G.CAJNF | |
| MSCTF.Shared.SFM.MDH | |
| Behavior description: | 创建可执行文件 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull80U.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunDb.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunLogic.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunShellExt.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunShellExt64.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\channelpcsdk.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcp80.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcr80.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\xImage.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsa7.tmp\System.dll | |
| Behavior description: | 修改文件内容 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppProperty.xml---> Offset = 0 |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Microsoft.VC80.CRT.manifest---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunTorrentFile.ico---> Offset = 16384 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\autobackup.ico---> Offset = 49152 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\resource.db---> Offset = 49152 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\skin\default.db---> Offset = 49152 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\1.wav---> Offset = 32768 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\2.wav---> Offset = 49152 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\3.wav---> Offset = 49152 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\4.wav---> Offset = 49152 | |
| Behavior description: | 设置特殊文件夹属性 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files |
| C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 | |
| C:\Documents and Settings\Administrator\Local Settings\History | |
| C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 | |
| C:\Documents and Settings\Administrator\Cookies | |
| Network behavior | |
|---|---|
| Behavior description: | 连接指定站点 |
| details: | InternetConnectA: ServerName = pan.baidu.com, PORT = 80 |
| InternetConnectA: ServerName = update.pan.baidu.com, PORT = 80 | |
| Behavior description: | 打开HTTP请求 |
| details: | HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804206, hConnect = 0x00000338 |
| HttpOpenRequestA: update.pan.baidu.com:80/statistics?clienttype=8&devuid=bdimxv2%2do%5ff025928675d3418c94e1df12ae41070b%2dc%5f0%2dd%5f42563737623232333732322d3039343862622033%2dm%5f0800277a0dd3%2dv%5ff44048e7&channel=00000000000000000000000000000000&version=4 | |
| HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804211, hConnect = 0x00000360 | |
| HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804216, hConnect = 0x00000360 | |
| HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804221, hConnect = 0x00000360 | |
| HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804226, hConnect = 0x00000360 | |
| HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1422804231, hConnect = 0x00000360 | |
| Behavior description: | 按名称获取主机地址 |
| details: | pan.baidu.com |
| Registry behavior | |
|---|---|
| Behavior description: | 删除注册表键 |
| details: | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Control |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32 | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ProgID | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Programmable | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ToolboxBitmap32 | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\TypeLib | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\VersionIndependentProgID | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06} | |
| \REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid\* | |
| \REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid | |
| \REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl\* | |
| \REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl | |
| \REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid\* | |
| \REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid | |
| \REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin | |
| Behavior description: | 修改注册表_文件关联 |
| details: | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\YunShellExt\ |
| Behavior description: | 修改注册表_系统右键菜单 |
| details: | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\YunShellExt\ |
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{B9480AFD-C7B1-4452-BE14-BB8A9540A05D}\ |
| \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\YunShellExt.DLL\AppID | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu.1\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu.1\CLSID\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu\CLSID\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\YunShellExt.YunShellExtContextMenu\CurVer\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\ProgID\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\VersionIndependentProgID\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\InprocServer32\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\InprocServer32\ThreadingModel | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\AppID | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6D85624F-305A-491d-8848-C1927AA0D790}\TypeLib\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\YunShellExt\ | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 |
| CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500 | |
| SHIMLIB_LOG_MUTEX | |
| locker_bdlog_timing_info_V3 | |
| YunBrowserSharedMemoryLock_556 | |
| 54B55498-0BB1-4896-AC08-2595F474CBDE | |
| MSCTF.Shared.MUTEX.AEH | |
| MSCTF.Shared.MUTEX.MDH | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [TimerWin,LOG_MSG_WINDOW] |
| [Window,Class] = [,BaseGui] | |
| [Window,Class] = [,ATL:00BD1138] | |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| Behavior description: | 获取系统权限 |
| details: | SE_LOAD_DRIVER_PRIVILEGE |
| Behavior description: | 窗口信息 |
| details: | Pid = 556, Hwnd=0x10380, Text = 欢迎使用百度云管家, ClassName = BaseGui. |
| Behavior description: | 内联HOOK |
| details: | C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0 |
| Run screenshot |
|---|
 |
HOME
