VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:71
Behavior list
Basic Information
MD5:b9c9bf24b2faee9293ca7a106954bfef
file type:Nsis
Production company:百度在线网络技术(北京)有限公司
version:1.7.0.104---1.7.0.104
Shell or compiler information:
Subfile information:BaseDll.dll / 907822e9f18bea93a88e5b3648913d7d / DLL
bdrcdl.exe / 57fb171cc1de48296e1109abf9f47e95 / EXE
dl.dll / feb4a2aa5a6850585b0f5e0ea0f5cf5b / DLL
AppUpdater.exe / e277dda638a21783b46473c3b7cb69e4 / EXE
ActivityAssistant.exe / 4332b65ce1107d12955fd9e04e24b566 / EXE
bddlsvc.exe / d68b299fca1df3850f59adb1b29c6a64 / EXE
msvcr80.dll / 1169436ee42f860c7db37a4692b38f0e / DLL
msvcp80.dll / 8c53ccd787c381cd535d8dcca12584d8 / DLL
skin_engine.dll / 112cd8fe57c42e571b72ae292346a69d / DLL
haiyanui.rdb / 61bc91b487e4fb1048232ac083c51e63 / Unknown
msvcm80.dll / 75f2a9b695ef3ef22d731f059920f636 / DLL
ProtocolDll.dll / 7a865be0292810b0e9549aca82cde1aa / DLL
BDMNetGetInfo.dll / 581d31cb00e9c0eb2667c17441604975 / DLL
InstallHelper.dll / f951c36f0951a0204179a156031f132f / DLL
BugReport.exe / 03f3200b1401abab779c05c010447f69 / EXE
DriverManager.dll / 2e93f5d93bece63e5ba0a50f2c375ab0 / DLL
uninstaller.exe / 367cbb56ac768121b4dfede0171c0c64 / Nsis
BDArKit.sys / 162d402b5d188e7bb65730f258fa31a8 / SYS
ReportDll.dll / 4f19598b82f9474563dabc22d7ec3825 / DLL
Key behavior
Behavior description:常规加载驱动
details:system32\DRIVERS\bd0001.sys
system32\DRIVERS\bd0004.sys
system32\DRIVERS\BDArKit.sys
system32\DRIVERS\BDMWrench.sys
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\LRIEElevationPolicy_
DfSharedHeap6AD31
DfSharedHeap6D83B
DfSharedHeap6D83F
DfSharedHeap6D84A
DfSharedHeap6D84E
DfSharedHeap6D859
DfSharedHeap6D85D
\Documents and Settings\All Users\Application Data\Baidu\BaiduRJDownloader\Config\4402.dat
DfRoot00006D85D
DfSharedHeap6D8D3
DfRoot00006D8D3
DfSharedHeap6D8FB
Behavior description:创建系统服务
details:[服务创建成功]: bd0001, C:\WINDOWS\system32\DRIVERS\bd0001.sys
[服务创建成功]: bd0004, C:\WINDOWS\system32\DRIVERS\bd0004.sys
[服务创建成功]: BDArKit, C:\WINDOWS\system32\DRIVERS\BDArKit.sys
[服务创建成功]: BDMWrench, C:\WINDOWS\system32\DRIVERS\BDMWrench.sys
[服务创建成功]: bddlsvc, "C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe" -r
Behavior description:按名称获取主机地址
details:dr.hy.baidu.com
cfg.download.iyuntian.com
rc.download.iyuntian.com
dtrp.download.iyuntian.com
p2s.download.baidu.com
res2.download.iyuntian.com
res3.download.iyuntian.com
tk.download.iyuntian.com
utk.download.iyuntian.com
s.x.baidu.com
cr.hy.baidu.com
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bdrcdl.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bdrcdl.exe" c:\%temp%\1435158762.965727.exe
ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe" -i
ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe" -s
ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe" -r
ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BugReport.exe, CmdLine = bugreport /silence /buginfo:000002E8:000002E4:0247CDB8:1064
ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BugReport.exe, CmdLine = bugreport /silence /buginfo:000002DC:000002E0:0247CDB8:3912
ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BugReport.exe, CmdLine = bugreport /silence /buginfo:000002E8:000002E4:0247CDB8:3116
ImagePath = C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BugReport.exe, CmdLine = bugreport /silence /buginfo:000002E0:000002E4:0247CDB8:2284
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\LRIEElevationPolicy_
DfSharedHeap6AD31
DfSharedHeap6D83B
DfSharedHeap6D83F
DfSharedHeap6D84A
DfSharedHeap6D84E
DfSharedHeap6D859
DfSharedHeap6D85D
\Documents and Settings\All Users\Application Data\Baidu\BaiduRJDownloader\Config\4402.dat
DfRoot00006D85D
DfSharedHeap6D8D3
DfRoot00006D8D3
DfSharedHeap6D8FB
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsa6.tmp\InstallHelper.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\dl.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bdrcdl.exe
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\UtilsDll.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\ReportDll.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\ProtocolDll.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BaseDll.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\ReportRecordDll.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BugReport.exe
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\ActivityAssistant.exe
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\AppUpdater.exe
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\DriverManager.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BDKitUtils.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin_engine.dll
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\BDMNetGetInfo.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\config.xml---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\mindownload.ico---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\color_desc.clr---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\color_tips.clr---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\color_uninst.clr---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\font_desc.f---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\font_tips.f---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\font_uninst.f---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\haiyanui.rdb---> Offset = 49152
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\text_cn.str---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\text_tips.str---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\text_uninst.str---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\tipsui.rdb---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\skin\uninstui.rdb---> Offset = 32768
C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest---> Offset = 0
Network behavior
Behavior description:按名称获取主机地址
details:dr.hy.baidu.com
cfg.download.iyuntian.com
rc.download.iyuntian.com
dtrp.download.iyuntian.com
p2s.download.baidu.com
res2.download.iyuntian.com
res3.download.iyuntian.com
tk.download.iyuntian.com
utk.download.iyuntian.com
s.x.baidu.com
cr.hy.baidu.com
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{0031830A-A9D3-4f64-B6E8-3D55B68F4F9B}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ieCommonPlugin.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\ieBDSoftHelperPlug.Implement.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\ieBDSoftHelperPlug.Implement.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ieBDSoftHelperPlug.Implement\
\REGISTRY\MACHINE\SOFTWARE\Classes\ieBDSoftHelperPlug.Implement\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ieBDSoftHelperPlug.Implement\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3C9CF85-72D2-4d22-B16A-0B682403AB84}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FA67120-F0AC-4A6E-B806-AECC0D13D9EF}\1.0\FLAGS\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\bd0001\DeleteFlag
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\bd0004\DeleteFlag
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\BDArKit\DeleteFlag
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\BDMWrench\DeleteFlag
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
Other behavior
Behavior description:创建驱动文件镜像
details:C:\WINDOWS\system32\drivers\BDArKit.sys
C:\WINDOWS\system32\ntkrnlpa.exe
C:\WINDOWS\system32\ntdll.dll
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\LRIEElevationPolicyMutex
Global\BDMINISG_{B9DE9056-0EAB-456f-AF46-9C98D55D8EE9}
Global\{599D3D74-AA1A-4473-A004-B724A8018505}
Global\BDHYMutex{76D1E398-1B8E-40E6-B9A1-5AEE7A583396}
_p2pdownload_baidu_dr
monitor_object_{2B3B66CB-02E7-4977-BB08-874335430134}_baidudl2
Global\BDHYMutex{6B3B1285-8950-44C9-9B9B-02B30EAE7EC3}
Behavior description:常规加载驱动
details:system32\DRIVERS\bd0001.sys
system32\DRIVERS\bd0004.sys
system32\DRIVERS\BDArKit.sys
system32\DRIVERS\BDMWrench.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [abc,abc]
Behavior description:启动系统服务
details:[服务启动失败]: , bd0001, system32\DRIVERS\bd0001.sys
[服务启动失败]: , bd0004, system32\DRIVERS\bd0004.sys
[服务启动成功]: , BDArKit, system32\DRIVERS\BDArKit.sys
[服务启动失败]: , BDMWrench, system32\DRIVERS\BDMWrench.sys
[服务启动成功]: LocalSystem, BDHY Service, "C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe" -r
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:创建系统服务
details:[服务创建成功]: bd0001, C:\WINDOWS\system32\DRIVERS\bd0001.sys
[服务创建成功]: bd0004, C:\WINDOWS\system32\DRIVERS\bd0004.sys
[服务创建成功]: BDArKit, C:\WINDOWS\system32\DRIVERS\BDArKit.sys
[服务创建成功]: BDMWrench, C:\WINDOWS\system32\DRIVERS\BDMWrench.sys
[服务创建成功]: bddlsvc, "C:\Documents and Settings\Administrator\Application Data\baidu\BaiduRJDownloader\1.7.0.104\bddlsvc.exe" -r
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号