VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:bc22fab5b48bc4987129adf1a51160c9
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\按键精灵9.lnk
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - 按键精灵9,TWizardForm]
[Window,Class] = [软件升级,#32770]
[Window,Class] = [,#32770]
Behavior description: 设置消息钩子
details: C:\WINDOWS\system32\DINPUT8.dll

Process behavior

Behavior description: 隐藏窗口创建进程
details: ImagePath = c:\program files\按键精灵9\help.exe, CmdLine = "c:\program files\按键精灵9\help.exe"
Behavior description: 创建新文件进程
details: ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-BV950.tmp\sample.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-BV950.tmp\sample.tmp" /SL5="$A0186,11697836,64512,c:\%temp%\1414178175.105669.exe"
ImagePath = C:\Program Files\按键精灵9\按键精灵9.exe, CmdLine = "C:\Program Files\按键精灵9\按键精灵9.exe"
ImagePath = C:\Program Files\按键精灵9\Help.exe, CmdLine = "C:\Program Files\按键精灵9\Help.exe"

File behavior

Behavior description: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
details: C:\Documents and Settings\All Users\「开始」菜单\程序\按键精灵9\按键精灵9.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\按键精灵9\网页按键精灵.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\按键精灵9\官方网站.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\按键精灵9\卸载.lnk
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-BV950.tmp\sample.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-2PDQP.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-2PDQP.tmp\_isetup\_shfoldr.dll
C:\Program Files\按键精灵9\is-6QUMR.tmp
C:\Program Files\按键精灵9\is-Q2TFE.tmp
C:\Program Files\按键精灵9\is-G0J7J.tmp
C:\Program Files\按键精灵9\is-N7JIM.tmp
C:\Program Files\按键精灵9\is-51V5B.tmp
C:\Program Files\按键精灵9\is-JTIAS.tmp
C:\Program Files\按键精灵9\is-KEOFP.tmp
C:\Program Files\按键精灵9\is-9PUMJ.tmp
C:\Program Files\按键精灵9\is-BIAVT.tmp
C:\Program Files\按键精灵9\is-FTIIM.tmp
C:\Program Files\按键精灵9\is-1OJ5T.tmp
C:\Program Files\按键精灵9\is-8IVN9.tmp
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\按键精灵9.lnk
Behavior description: 写权限映射文件
details: Local\UrlZonesSM_Administrator
422014QMRunning
DfSharedHeapCA7BD
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA7C1.tmp
DfRoot0000CA7BD
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Behavior description: 重命名文件
details: C:\Program Files\按键精灵9\is-6QUMR.tmp ---> C:\Program Files\按键精灵9\unins000.exe
C:\Program Files\按键精灵9\is-Q2TFE.tmp ---> C:\Program Files\按键精灵9\按键精灵9.exe
C:\Program Files\按键精灵9\is-G0J7J.tmp ---> C:\Program Files\按键精灵9\wqm.exe
C:\Program Files\按键精灵9\is-N7JIM.tmp ---> C:\Program Files\按键精灵9\picker.exe
C:\Program Files\按键精灵9\is-51V5B.tmp ---> C:\Program Files\按键精灵9\Importer.exe
C:\Program Files\按键精灵9\is-JTIAS.tmp ---> C:\Program Files\按键精灵9\update.exe
C:\Program Files\按键精灵9\is-KEOFP.tmp ---> C:\Program Files\按键精灵9\picker.dll
C:\Program Files\按键精灵9\is-9PUMJ.tmp ---> C:\Program Files\按键精灵9\refs.dll
C:\Program Files\按键精灵9\is-BIAVT.tmp ---> C:\Program Files\按键精灵9\Syntconv.dll
C:\Program Files\按键精灵9\is-FTIIM.tmp ---> C:\Program Files\按键精灵9\Recorder.exe
C:\Program Files\按键精灵9\is-1OJ5T.tmp ---> C:\Program Files\按键精灵9\refs64.dll
C:\Program Files\按键精灵9\is-BB3G9.tmp ---> C:\Program Files\按键精灵9\annotation.xml
C:\Program Files\按键精灵9\is-8IVN9.tmp ---> C:\Program Files\按键精灵9\QMColorActionCtl.ocx
C:\Program Files\按键精灵9\is-FE9QL.tmp ---> C:\Program Files\按键精灵9\TABCTL32.OCX
C:\Program Files\按键精灵9\is-Q2LCO.tmp ---> C:\Program Files\按键精灵9\Help.exe
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 修改文件内容
details: C:\Program Files\按键精灵9\is-BB3G9.tmp---> Offset = 0
C:\Program Files\按键精灵9\doc\is-7CKDF.tmp---> Offset = 0
C:\Program Files\按键精灵9\doc\is-I1HG9.tmp---> Offset = 0
C:\Program Files\按键精灵9\doc\is-50KQH.tmp---> Offset = 0
C:\Program Files\按键精灵9\doc\is-AH6R2.tmp---> Offset = 0
C:\Program Files\按键精灵9\doc\is-A2FVU.tmp---> Offset = 0
C:\Program Files\按键精灵9\doc\is-GRH3I.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-IOVE1.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-1DQRH.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-4VETD.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-7CHTU.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-GM2KT.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-BA6D0.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-MIHVL.tmp---> Offset = 0
C:\Program Files\按键精灵9\lib\is-4HG05.tmp---> Offset = 0

Network behavior

Behavior description: 下载文件
details: URLDownloadToFileW: http://down.vrbrothers.com/qmacro/upgrade/ver10.xml ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\tmpPatchVersion-down.xml
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpPatchVersion-down.xml
URLDownloadToFileW: http://ad.vrbrothers.com/qmacro/v9/ad-qmacro.xml ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-qmacro9.xml.tmp
URLDownloadToFileW: http://down.vrbrothers.com/qmacro/up_qmacro/liveupdate9.dat ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\qm\liveupdate9.dat.tmp
URLDownloadToFileW: http://down.vrbrothers.com/qmacro/upgrade/ver8.xml ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\tmpver-down.xml
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-qmacro9.xml.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\qm\liveupdate9.dat.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpver-down.xml

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: Setup Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: App Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: Icon Group
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: User
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: Setup Type
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: Selected Components
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: Deselected Components
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Inno Setup: Language
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\QuietUninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\按键精灵9_is1\URLInfoAbout
Behavior description: 删除注册表键
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\MacroMgr\按键精灵9\Settings

Other behavior

Behavior description: 创建互斥体
details: Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
422014QMNERunning
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - 按键精灵9,TWizardForm]
[Window,Class] = [软件升级,#32770]
[Window,Class] = [,#32770]
Behavior description: 设置消息钩子
details: C:\WINDOWS\system32\DINPUT8.dll
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description: 枚举窗口
details: N/A
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 772, Hwnd=0xb0164, Text = 欢迎使用 按键精灵9 安装向导 , ClassName = TNewStaticText.
Pid = 772, Hwnd=0xd01ac, Text = 安装向导将在你的电脑上安装 按键精灵9.60.12177版。 建议你在继续之前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消”, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb01aa, Text = 完全安装, ClassName = TNewComboBox.
Pid = 772, Hwnd=0xb0170, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 772, Hwnd=0xc01b4, Text = 取消, ClassName = TNewButton.
Pid = 772, Hwnd=0xd01c2, Text = 安装向导 - 按键精灵9, ClassName = TWizardForm.
Pid = 772, Hwnd=0xe01b8, Text = 许可协议, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xc01b6, Text = 请在继续之前阅读以下重要信息。, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb0174, Text = 请阅读以下许可协议。在继续安装之前,你必须接受此协议的条款。, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb016c, Text = 我接受协议(&A), ClassName = TNewRadioButton.
Pid = 772, Hwnd=0xb0192, Text = 我不接受协议(&D), ClassName = TNewRadioButton.
Pid = 772, Hwnd=0xb01e0, Text = < 上一步(&B), ClassName = TNewButton.
Pid = 772, Hwnd=0xe01b8, Text = 选择目标位置, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xc01b6, Text = 将 按键精灵9 安装到哪里?, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xa01f0, Text = 安装向导将把 按键精灵9 安装到以下文件夹中。, ClassName = TNewStaticText.
Behavior description: 打开图片文件
details: \Program Files\按键精灵9\QMScript\winmine.bmp
\Program Files\按键精灵9\mmt\mymacro.bmp

Abnormal crash

Behavior description: 创建互斥体
details: Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
422014QMNERunning
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - 按键精灵9,TWizardForm]
[Window,Class] = [软件升级,#32770]
[Window,Class] = [,#32770]
Behavior description: 设置消息钩子
details: C:\WINDOWS\system32\DINPUT8.dll
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description: 枚举窗口
details: N/A
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 窗口信息
details: Pid = 772, Hwnd=0xb0164, Text = 欢迎使用 按键精灵9 安装向导 , ClassName = TNewStaticText.
Pid = 772, Hwnd=0xd01ac, Text = 安装向导将在你的电脑上安装 按键精灵9.60.12177版。 建议你在继续之前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消”, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb01aa, Text = 完全安装, ClassName = TNewComboBox.
Pid = 772, Hwnd=0xb0170, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 772, Hwnd=0xc01b4, Text = 取消, ClassName = TNewButton.
Pid = 772, Hwnd=0xd01c2, Text = 安装向导 - 按键精灵9, ClassName = TWizardForm.
Pid = 772, Hwnd=0xe01b8, Text = 许可协议, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xc01b6, Text = 请在继续之前阅读以下重要信息。, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb0174, Text = 请阅读以下许可协议。在继续安装之前,你必须接受此协议的条款。, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xb016c, Text = 我接受协议(&A), ClassName = TNewRadioButton.
Pid = 772, Hwnd=0xb0192, Text = 我不接受协议(&D), ClassName = TNewRadioButton.
Pid = 772, Hwnd=0xb01e0, Text = < 上一步(&B), ClassName = TNewButton.
Pid = 772, Hwnd=0xe01b8, Text = 选择目标位置, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xc01b6, Text = 将 按键精灵9 安装到哪里?, ClassName = TNewStaticText.
Pid = 772, Hwnd=0xa01f0, Text = 安装向导将把 按键精灵9 安装到以下文件夹中。, ClassName = TNewStaticText.
Behavior description: 打开图片文件
details: \Program Files\按键精灵9\QMScript\winmine.bmp
\Program Files\按键精灵9\mmt\mymacro.bmp