VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:74
Behavior list
Basic Information
MD5:c87bea43a8c1f640f39add60d8927111
file type:EXE
Production company:www.liuliangbao.cn
version:2.3.1313.781---2.3
Shell or compiler information:
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,CMainInfoBoard]
[Window,Class] = [,CHyperLinkCtrl]
[Window,Class] = [,AtlAxWin100]
[Window,Class] = [流量宝-免费专业的流量提升工具,#32770]
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\DINPUT8.dll
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\流量宝
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = 流量宝-免费专业的流量提升工具, ClassName = #32770.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Local\C:_Documents and Settings_Administrator_Application Data_LiuliangbaoEx__Temporary Internet Files_Content.IE5_index.dat_16384
Local\C:_Documents and Settings_Administrator_Application Data_LiuliangbaoEx__Temporary Internet Files_Content.IE5_index.dat_32768
MSCTF.MarshalInterface.FileMap.MJB..CLDJH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MJB.B.FODHH
MSCTF.MarshalInterface.FileMap.MJB.C.FODHH
MSCTF.MarshalInterface.FileMap.MJB.D.FODHH
MSCTF.MarshalInterface.FileMap.MJB.E.POEHH
MSCTF.MarshalInterface.FileMap.MJB.F.POEHH
MSCTF.MarshalInterface.FileMap.MJB.G.POEHH
MSCTF.MarshalInterface.FileMap.MJB.H.MGFHH
MSCTF.MarshalInterface.FileMap.MJB.I.MGFHH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\Y5GU3XKC
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\G30QWO4K
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\TS467NCV
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\CLLAFC61
C:\Documents and Settings\Administrator\Cookies
Behavior description:按名称获取主机地址
details:computer
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Local\C:_Documents and Settings_Administrator_Application Data_LiuliangbaoEx__Temporary Internet Files_Content.IE5_index.dat_16384
Local\C:_Documents and Settings_Administrator_Application Data_LiuliangbaoEx__Temporary Internet Files_Content.IE5_index.dat_32768
MSCTF.MarshalInterface.FileMap.MJB..CLDJH
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.MJB.B.FODHH
MSCTF.MarshalInterface.FileMap.MJB.C.FODHH
MSCTF.MarshalInterface.FileMap.MJB.D.FODHH
MSCTF.MarshalInterface.FileMap.MJB.E.POEHH
MSCTF.MarshalInterface.FileMap.MJB.F.POEHH
MSCTF.MarshalInterface.FileMap.MJB.G.POEHH
MSCTF.MarshalInterface.FileMap.MJB.H.MGFHH
MSCTF.MarshalInterface.FileMap.MJB.I.MGFHH
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\Y5GU3XKC
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\G30QWO4K
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\TS467NCV
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\CLLAFC61
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini---> Offset = 70
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\desktop.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\desktop.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\Y5GU3XKC\desktop.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\G30QWO4K\desktop.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\TS467NCV\desktop.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\CLLAFC61\desktop.ini---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\index.dat---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini---> Offset = 105
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini---> Offset = 129
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\log.txt---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\log.txt---> Offset = 176
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\log.txt---> Offset = 374
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini---> Offset = 121
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\Temporary Files\*
FileName = C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\*
FileName = C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cookies\*
FileName = C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\\Temporary Internet Files\Content.IE5\*.*
FileName = \\?\C:\WINDOWS\system32\Macromed\Flash\ss.sgn
FileName = \\?\C:\WINDOWS\system32\Macromed\Flash\ss.cfg
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ADOBE
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\NativeCache
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\*
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = ap3.liuliangbao.cn, PORT = 80
InternetConnectA: ServerName = ap.liuliangbao.cn, PORT = 80
InternetConnectA: ServerName = ap2.liuliangbao.cn, PORT = 80
InternetConnectA: ServerName = ap5.sap1000.com, PORT = 8011
Behavior description:打开HTTP请求
details:HttpOpenRequestA: ap3.liuliangbao.cn:80/as/c/f8/, hConnect = 0x000005dc
HttpOpenRequestA: ap3.liuliangbao.cn:80/as/c/f8/, hConnect = 0x000005d0
HttpOpenRequestA: ap3.liuliangbao.cn:80/redirect/cfgupdate?number=2.3&checksum=&cid=856a290cf1a447a89c5768ffd32ce4fe&rd=13276, hConnect = 0x000005e4
HttpOpenRequestA: ap3.liuliangbao.cn:80/as/2/h1/, hConnect = 0x000005d0
HttpOpenRequestA: ap3.liuliangbao.cn:80/as/c/f8/, hConnect = 0x000005d4
HttpOpenRequestA: ap3.liuliangbao.cn:80/as/c/f8/, hConnect = 0x000005c8
HttpOpenRequestA: ap3.liuliangbao.cn:80/as/c/f8/, hConnect = 0x000004ec
HttpOpenRequestA: ap3.liuliangbao.cn:80/ts/f2.2/, hConnect = 0x00000500
HttpOpenRequestA: ap.liuliangbao.cn:80/redirect/clthang2?preventcache=487593&cid=856a290cf1a447a89c5768ffd32ce4fe&v=2.3.1313, hConnect = 0x00000408
HttpOpenRequestA: ap2.liuliangbao.cn:80/as/2/h1/, hConnect = 0x000003c4
HttpOpenRequestA: ap5.sap1000.com:8011/as/2/h1/, hConnect = 0x000003d4
Behavior description:按名称获取主机地址
details:computer
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\CHtmlDialog\International\AutoDetect
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\流量宝
Other behavior
Behavior description:创建互斥体
details:RasPbFile
DirectSound DllMain mutex (0x00000574)
__PDH_PLA_MUTEX__
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Global\GPKEEPER_Instance_Mutex
Global\TFKEEPER_Instance_Mutex
Local\c:!documents and settings!administrator!application data!liuliangbaoex!!temporary internet files!content.ie5!
{1B655094-FE2A-433c-A877-FF9793445069}
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Behavior description:内联HOOK
details:C:\WINDOWS\system32\WINTRUST.dll--->WinVerifyTrust Offset = 0x76768880
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635e11
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635b81
C:\WINDOWS\system32\WININET.dll--->CommitUrlCacheEntryA Offset = 0x62b68bb8
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635b19
C:\WINDOWS\system32\WININET.dll--->CommitUrlCacheEntryA Offset = 0x62b68bc4
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635db1
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635ad1
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635a91
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635db9
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635b55
C:\WINDOWS\system32\WININET.dll--->CommitUrlCacheEntryA Offset = 0x62b68c30
C:\WINDOWS\system32\DSOUND.dll--->DirectSoundCreate Offset = 0x739d8968
C:\WINDOWS\system32\USER32.dll--->SetFocus Offset = 0x77877db4
C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5634eb1
Behavior description:设置消息钩子
details:C:\WINDOWS\system32\DINPUT8.dll
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 495828, SleepMilliseconds = 10000.
TickCount = 495843, SleepMilliseconds = 10000.
TickCount = 495859, SleepMilliseconds = 10000.
TickCount = 495875, SleepMilliseconds = 10000.
TickCount = 495921, SleepMilliseconds = 10000.
TickCount = 496000, SleepMilliseconds = 10000.
TickCount = 496015, SleepMilliseconds = 10000.
TickCount = 496031, SleepMilliseconds = 10000.
TickCount = 496046, SleepMilliseconds = 10000.
TickCount = 496062, SleepMilliseconds = 10000.
TickCount = 496078, SleepMilliseconds = 10000.
TickCount = 496093, SleepMilliseconds = 10000.
TickCount = 496109, SleepMilliseconds = 10000.
TickCount = 496125, SleepMilliseconds = 10000.
TickCount = 496140, SleepMilliseconds = 10000.
Behavior description:获取光标位置
details:CursorPos = (106,18467), SleepMilliseconds = 250.
CursorPos = (6399,26500), SleepMilliseconds = 250.
CursorPos = (19234,15724), SleepMilliseconds = 250.
CursorPos = (11543,29358), SleepMilliseconds = 250.
CursorPos = (27027,24464), SleepMilliseconds = 250.
CursorPos = (5770,28145), SleepMilliseconds = 250.
CursorPos = (23346,16827), SleepMilliseconds = 250.
CursorPos = (10026,491), SleepMilliseconds = 250.
CursorPos = (3060,11942), SleepMilliseconds = 250.
CursorPos = (4892,5436), SleepMilliseconds = 250.
CursorPos = (32456,14604), SleepMilliseconds = 250.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000202a4, Text = 流量宝-免费专业的流量提升工具, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 1396, Hwnd=0x202cc, Text = 刷流量, ClassName = Button.
Pid = 1396, Hwnd=0x202b4, Text = 提升人气, ClassName = Button.
Pid = 1396, Hwnd=0x202b2, Text = 广告优化, ClassName = Button.
Pid = 1396, Hwnd=0x302ba, Text = 关键字排名, ClassName = Button.
Pid = 1396, Hwnd=0x302bc, Text = 刷Alexa, ClassName = Button.
Pid = 1396, Hwnd=0x202d4, Text = 刷电商人气, ClassName = Button.
Pid = 1396, Hwnd=0x202c2, Text = 优化列表, ClassName = Button(GroupBox).
Pid = 1396, Hwnd=0x202c4, Text = 客户端信息, ClassName = Button(GroupBox).
Pid = 1396, Hwnd=0x202ca, Text = 今日在线:, ClassName = Static.
Pid = 1396, Hwnd=0x202c6, Text = 今日优化累计:, ClassName = Static.
Pid = 1396, Hwnd=0x302da, Text = 可建任务数:, ClassName = Static.
Pid = 1396, Hwnd=0x302b8, Text = 当前任务数:, ClassName = Static.
Pid = 1396, Hwnd=0x202b0, Text = 优化速度选择:, ClassName = Static.
Pid = 1396, Hwnd=0x202ae, Text = 启用优化加速功能, ClassName = Button(CheckBox).
Pid = 1396, Hwnd=0x202aa, Text = 隐藏挂机, ClassName = Button.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 10000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,CMainInfoBoard]
[Window,Class] = [,CHyperLinkCtrl]
[Window,Class] = [,AtlAxWin100]
[Window,Class] = [流量宝-免费专业的流量提升工具,#32770]
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号