1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
| Safety rating:60 |
| Behavior list |
| Basic Information | |
|---|---|
| MD5: | b9996600a7b56190461a035627a6c3e6 |
| file type: | EXE |
| Production company: | |
| version: | 7.0.1.0---7.0.1.0 |
| Shell or compiler information: | COMPILER:Microsoft Visual C++ 6.0 [Overlay] |
| Key behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.MEF..FJJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.B.EKJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.C.EKJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.D.EKJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.E.AFKGH | |
| MSCTF.MarshalInterface.FileMap.MEF.F.AFKGH | |
| MSCTF.MarshalInterface.FileMap.MEF.G.AFKGH | |
| MSCTF.Shared.SFM.MEF | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,#32770] |
| [Window,Class] = [Debug,#32770] | |
| [Window,Class] = [您的产品 Setup,Afx:400000:3:10011:1900015:1b02b1] | |
| [Window,Class] = [&Help,Button] | |
| [Window,Class] = [您的产品 安装,Afx:400000:3:10011:6:1b02b1] | |
| Behavior description: | 创建系统服务 |
| details: | [服务创建成功]: Utility Mangserver , C:\WINDOWS\Utility Mang.exe |
| Behavior description: | 按名称获取主机地址 |
| details: | 192.168.183.136 |
| Process behavior | |
|---|---|
| Behavior description: | 隐藏窗口创建进程 |
| details: | ImagePath = , CmdLine = c:\windows\uer.bat |
| Behavior description: | 创建进程 |
| details: | ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c C:\WINDOWS\Uer.bat |
| Behavior description: | 创建新文件进程 |
| details: | ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.exe, CmdLine = __IRAOFF:520716 "__IRAFN:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445956146.891195.exe" |
| ImagePath = C:\Program Files\您的产品\vx_avi.exe, CmdLine = "C:\Program Files\您的产品\vx_avi.exe" | |
| ImagePath = C:\WINDOWS\Utility Mang.exe, CmdLine = "C:\WINDOWS\Utility Mang.exe" | |
| Behavior description: | 枚举进程 |
| details: | N/A |
| File behavior | |
|---|---|
| Behavior description: | 写权限映射文件 |
| details: | CiceroSharedMemDefaultS-* |
| MSCTF.MarshalInterface.FileMap.MEF..FJJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.B.EKJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.C.EKJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.D.EKJGH | |
| MSCTF.MarshalInterface.FileMap.MEF.E.AFKGH | |
| MSCTF.MarshalInterface.FileMap.MEF.F.AFKGH | |
| MSCTF.MarshalInterface.FileMap.MEF.G.AFKGH | |
| MSCTF.Shared.SFM.MEF | |
| Behavior description: | 在系统敏感位置(如开始菜单等)释放链接或快捷方式 |
| details: | C:\Documents and Settings\Administrator\「开始」菜单\程序\您的产品\vx_avi.lnk |
| C:\Documents and Settings\Administrator\「开始」菜单\程序\您的产品\卸载 您的产品.lnk | |
| Behavior description: | 创建可执行文件 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.exe |
| C:\WINDOWS\您的产品\uninstall.exe | |
| C:\Program Files\您的产品\vx_avi.exe | |
| C:\WINDOWS\Utility Mang.exe | |
| Behavior description: | 修改文件内容 |
| details: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.dat---> Offset = 0 |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.dat---> Offset = 12288 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG1.JPG---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG1.JPG---> Offset = 8192 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG2.JPG---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG2.JPG---> Offset = 12288 | |
| C:\WINDOWS\您的产品 Setup Log.txt---> Offset = 0 | |
| C:\Program Files\您的产品\Uninstall\uni3.tmp---> Offset = 12288 | |
| C:\Program Files\您的产品\Uninstall\uninstall.dat---> Offset = 0 | |
| C:\Program Files\您的产品\Uninstall\uninstall.dat---> Offset = 65536 | |
| C:\Program Files\您的产品\Uninstall\uninstall.xml---> Offset = 0 | |
| C:\Documents and Settings\Administrator\「开始」菜单\程序\您的产品\vx_avi.lnk---> Offset = 0 | |
| C:\Program Files\您的产品\Uninstall\IRIMG1.JPG---> Offset = 0 | |
| C:\Program Files\您的产品\Uninstall\IRIMG2.JPG---> Offset = 0 | |
| C:\Documents and Settings\Administrator\「开始」菜单\程序\您的产品\卸载 您的产品.lnk---> Offset = 0 | |
| Behavior description: | 查找文件 |
| details: | FileName = C:\DOCUME~1 |
| FileName = C:\DOCUME~1\ADMINI~1 | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1 | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp | |
| FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\irsetup.exe | |
| FileName = C:\Documents and Settings | |
| FileName = C:\Documents and Settings\Administrator | |
| FileName = C:\Documents and Settings\Administrator\Application Data | |
| FileName = C:\Program Files | |
| FileName = C:\Program Files\Common Files | |
| FileName = C:\Documents and Settings\Administrator\桌面 | |
| FileName = C:\Documents and Settings\All Users | |
| FileName = C:\Documents and Settings\All Users\桌面 | |
| FileName = C:\WINDOWS | |
| FileName = C:\WINDOWS\Fonts | |
| Network behavior | |
|---|---|
| Behavior description: | 建立到一个指定的套接字连接 |
| details: | 219.133.40.1:8000 |
| Behavior description: | 按名称获取主机地址 |
| details: | 192.168.183.136 |
| Registry behavior | |
|---|---|
| Behavior description: | 修改注册表 |
| details: | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\DisplayName |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\NoModify | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\NoRepair | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\UninstallString | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\Publisher | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\URLInfoAbout | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\HelpLink | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\Contact | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\DisplayVersion | |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\您的产品1.0\DisplayIcon | |
| Other behavior | |
|---|---|
| Behavior description: | 创建互斥体 |
| details: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.MEF | |
| xERONETWO20071悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙悙 | |
| Behavior description: | 隐藏指定窗口 |
| details: | [Window,Class] = [,#32770] |
| [Window,Class] = [Debug,#32770] | |
| [Window,Class] = [您的产品 Setup,Afx:400000:3:10011:1900015:1b02b1] | |
| [Window,Class] = [&Help,Button] | |
| [Window,Class] = [您的产品 安装,Afx:400000:3:10011:6:1b02b1] | |
| Behavior description: | 查找指定窗口 |
| details: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| NtUserFindWindowEx: [Class,Window] = [MS_WINHELP,] | |
| Behavior description: | 启动系统服务 |
| details: | [服务启动成功]: LocalSystem, Utility Mangserver , C:\WINDOWS\Utility Mang.exe |
| Behavior description: | 获取系统权限 |
| details: | SE_LOAD_DRIVER_PRIVILEGE |
| Behavior description: | 创建系统服务 |
| details: | [服务创建成功]: Utility Mangserver , C:\WINDOWS\Utility Mang.exe |
| Behavior description: | 窗口信息 |
| details: | Pid = 888, Hwnd=0x202d4, Text = &Finish, ClassName = Button. |
| Pid = 888, Hwnd=0x302dc, Text = &Cancel, ClassName = Button. | |
| Pid = 888, Hwnd=0x202d6, Text = &Help, ClassName = Button. | |
| Pid = 888, Hwnd=0x202d8, Text = < &Back, ClassName = Button. | |
| Pid = 888, Hwnd=0x402bc, Text = 您的产品 Setup, ClassName = Afx:400000:3:10011:1900015:1b02b1. | |
| Behavior description: | 打开图片文件 |
| details: | \DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG1.JPG |
| \DOCUME~1\ADMINI~1\LOCALS~1\Temp\_ir_sf7_temp_0\IRIMG2.JPG | |
| \Program Files\您的产品\Uninstall\IRIMG1.JPG | |
| \Program Files\您的产品\Uninstall\IRIMG2.JPG | |
| Run screenshot |
|---|
 |
HOME
