VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:ca5c34cc8d71250850c6bb0d03bd58e7
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:ThunderSpeed1.0.15.168.exedumpFile / big file / 7z
ThunderSpeed1.0.15.168.exe / big file / 7z
下载说明(Readme).htmdumpFile / 0af36e25b2440d351f9e1709679549ee / Unknown
下载说明(Readme).htm / 0af36e25b2440d351f9e1709679549ee / Unknown
驱动之家-驱动下载频道-全球最全最专业的驱动中文网站.urldumpFile / 77da23f759929a937d48d9710d3c98c0 / Unknown
驱动之家-驱动下载频道-全球最全最专业的驱动中文网站.url / 77da23f759929a937d48d9710d3c98c0 / Unknown
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000e031e, Text = 迅雷极速版安装向导, ClassName = #32770.
Behavior description:设置特殊文件夹属性
details:C:\Program Files\Thunder Network\Thunder-InstallInfo
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取TickCount值
details:TickCount = 1089081, SleepMilliseconds = 50.
TickCount = 1089128, SleepMilliseconds = 50.
TickCount = 1089143, SleepMilliseconds = 50.
TickCount = 1089159, SleepMilliseconds = 50.
TickCount = 1089175, SleepMilliseconds = 50.
TickCount = 1089190, SleepMilliseconds = 50.
TickCount = 1089206, SleepMilliseconds = 50.
TickCount = 1089221, SleepMilliseconds = 50.
TickCount = 1089425, SleepMilliseconds = 50.
TickCount = 1089440, SleepMilliseconds = 50.
TickCount = 1089471, SleepMilliseconds = 50.
TickCount = 1089487, SleepMilliseconds = 50.
TickCount = 1089565, SleepMilliseconds = 50.
TickCount = 1089581, SleepMilliseconds = 50.
TickCount = 1089596, SleepMilliseconds = 50.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2064, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2068, StartAddress = 0046DE42, Parameter = 0210F4E0
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2072, StartAddress = 0046DE42, Parameter = 02180B20
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2076, StartAddress = 0046DE42, Parameter = 02180D40
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2080, StartAddress = 0043CB32, Parameter = 004BB680
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2084, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2144, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2148, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: ThunderSpeed1.0.15.168.exe, InheritedFromPID = 1944, ProcessID = 120, ThreadID = 2172, StartAddress = 6302B849, Parameter = 001C2848
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\bkg.shadow.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\BtnExperiences.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\CheckButton.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\CloseBtn.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\ContinueInstall.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\CustomBtn.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\DownloadingWord.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\EditBorder.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\EditUnderLine.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\GoBackBtn.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MessageCommandBtn.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MessageDlgAlert.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MessageDlgBkg.png
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MinBtn.png
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\thundersetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\thundersetupex.exe
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\TDPRepair.exe
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderFW.exe
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderLiveUD.exe
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderPlatform.exe
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\upnp.exe
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\XLBugReport.exe
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\al.dll
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\asyn_download_interface.dll
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\asyn_frame.dll
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\atl71.dll
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\auto_update.dll
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\backend_agent.dll
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\bt_kernel.dll
Behavior description:复制文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\thunderErrorFile ---> C:\Program Files\Thunder Network\Thunder-InstallInfo\Thunder\Xar\ThunderApp\FlowMonitorDlgCom.xar
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\stat_download_xunlei_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\install_stat[1]
C:\Documents and Settings\Administrator\Local Settings\Temp\thunderErrorFile
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Thunder7Install\1.0.15.168\InstallResource\InstallConfig.xml
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Behavior description:设置特殊文件夹属性
details:C:\Program Files\Thunder Network\Thunder-InstallInfo
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource.zip ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\bkg.shadow.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\BtnExperiences.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\CheckButton.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\CloseBtn.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\ContinueInstall.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\CustomBtn.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\DownloadingWord.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\EditBorder.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\EditUnderLine.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\GoBackBtn.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MessageCommandBtn.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MessageDlgAlert.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MessageDlgBkg.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\InstallResource\MinBtn.png ---> Offset = 0
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://st****om:8080/?aid=1009&id=1&f=00000&peerid=7B****28AD9Q&version=7.10.15.168&filename=ThunderSpeed1.0.15.168.exe, hInternet = 0x00cc0004, Flags = 0x80000000
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0008, Flags = 0x00000010
InternetOpenUrlA: http://02****et/install_stat?appname=xl_thunder_pc&appversion=1.0.15.168&processid=120&peerid=7B****28AD9Q&channel=00000&filename=ThunderSpeed1.0.15.168.exe&osversion=5.1.3.0.1&slience=0&offline=1&new=1, hInternet = 0x00cc0004, Flags = 0x80000000
InternetOpenUrlA: http://st****om:8080/?aid=1032&id=605&val1=5&val2=C:%5CProgram%20Files%5CThunder%20Network%5CThunder-InstallInfo%5CThunder%5CXar%5CThunderApp%5CFlowMonitorDlgCom.xar-Open&val3=7B****28AD9Q&val4=7.10.15.168&val5=120&val6=RavMon.exe,360tray.exe,ksafetray.exe,&val7=5572&val8=5572, hInternet = 0x00cc0004, Flags = 0x80000000
Behavior description:连接指定站点
details:InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x00000010
InternetConnectA: ServerName = st****om, PORT = 8080, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000000
InternetConnectA: ServerName = 02****et, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: HTTP Downloader, hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0008
Behavior description:建立到一个指定的套接字连接
details:URL: wpad, IP: **.133.40.**:128, SOCKET = 0x00000660
URL: st****om, IP: **.133.40.**:8080, SOCKET = 0x00000668
URL: 02****et, IP: **.133.40.**:80, SOCKET = 0x00000420
URL: st****om, IP: **.133.40.**:8080, SOCKET = 0x000003e0
Behavior description:读取网络文件
details:hFile = 0x00cc0010, BytesToRead =4010, BytesRead = 4010.
Behavior description:发送HTTP包
details:GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET /?aid=1009&id=1&f=00000&peerid=7B****28AD9Q&version=7.10.15.168&filename=ThunderSpeed1.0.15.168.exe HTTP/1.1 User-Agent: HTTP Downloader Host: st****om:8080 Cache-Control: no-cache
GET /install_stat?appname=xl_thunder_pc&appversion=1.0.15.168&processid=120&peerid=7B****28AD9Q&channel=00000&filename=ThunderSpeed1.0.15.168.exe&osversion=5.1.3.0.1&slience=0&offline=1&new=1 HTTP/1.1 User-Agent: HTTP Downloader Host: 02****et Cache-Control: no-cache
GET /?aid=1032&id=605&val1=5&val2=C:%5CProgram%20Files%5CThunder%20Network%5CThunder-InstallInfo%5CThunder%5CXar%5CThunderApp%5CFlowMonitorDlgCom.xar-Open&val3=7B****28AD9Q&val4=7.10.15.168&val5=120&val6=RavMon.exe,360tray.exe,ksafetray.exe,&val7=5572&val8=5572 HTTP/1.1 User-Agent: HTTP Downloader Host: st****om:8080 Cache-Control: no-cache
Behavior description:打开HTTP请求
details:HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: st****om:8080/?aid=1009&id=1&f=00000&peerid=7B****28ad9q&version=7.10.15.168&filename=thunderspeed1.0.15.168.exe, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
HttpOpenRequestA: 02****et:80/install_stat?appname=xl_thunder_pc&appversion=1.0.15.168&processid=120&peerid=7B****28ad9q&channel=00000&filename=thunderspeed1.0.15.168.exe&osversion=5.1.3.0.1&slience=0&offline=1&new=1, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
HttpOpenRequestA: st****om:8080/?aid=1032&id=605&val1=5&val2=c:%5cprogram%20files%5cthunder%20network%5cthunder-installinfo%5cthunder%5cxar%5cthunderapp%5cflowmonitordlgcom.xar-open&val3=7B****28ad9q&val4=7.10.15.168&val5=120&val6=ravmon.exe,360tray.exe,ksa, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: st****om
GetAddrInfoW: 02****et
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\ThunderSpeed1.0.15.168\DEBUG\Trace Level
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\ThunderSpeed1.0.15.168\DEBUG\Trace Level
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ThunderInstallApplication{8CDCCCB8-83C8-4f06-8A79-205D5E2E6160}
RasPbFile
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.EAI
Behavior description:创建事件对象
details:EventName = Thunder8Install_UncompressResource_Begin_203
EventName = Thunder8Install_UncompressResource_Begin_202
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.EAI.IC
EventName = MSCTF.SendReceiveConection.Event.EAI.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取TickCount值
details:TickCount = 1089081, SleepMilliseconds = 50.
TickCount = 1089128, SleepMilliseconds = 50.
TickCount = 1089143, SleepMilliseconds = 50.
TickCount = 1089159, SleepMilliseconds = 50.
TickCount = 1089175, SleepMilliseconds = 50.
TickCount = 1089190, SleepMilliseconds = 50.
TickCount = 1089206, SleepMilliseconds = 50.
TickCount = 1089221, SleepMilliseconds = 50.
TickCount = 1089425, SleepMilliseconds = 50.
TickCount = 1089440, SleepMilliseconds = 50.
TickCount = 1089471, SleepMilliseconds = 50.
TickCount = 1089487, SleepMilliseconds = 50.
TickCount = 1089565, SleepMilliseconds = 50.
TickCount = 1089581, SleepMilliseconds = 50.
TickCount = 1089596, SleepMilliseconds = 50.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x000e031e, Text = 迅雷极速版安装向导, ClassName = #32770.
Behavior description:窗口信息
details:Pid = 120, Hwnd=0xe031e, Text = 迅雷极速版安装向导, ClassName = #32770.
Pid = 120, Hwnd=0x40368, Text = 迅雷软件协议, ClassName = Static.
Pid = 120, Hwnd=0x4036a, Text = 已同意, ClassName = Button(CheckBox).
Pid = 120, Hwnd=0x80324, Text = 检测到已安装迅雷, ClassName = Static.
Pid = 120, Hwnd=0x60362, Text = filename, ClassName = Static.
Pid = 120, Hwnd=0xb02b0, Text = filesize, ClassName = Static.
Pid = 120, Hwnd=0xa0322, Text = 任务, ClassName = Static.
Pid = 120, Hwnd=0x60352, Text = loading, ClassName = Static.
Pid = 120, Hwnd=0x60360, Text = C:\Program Files\Thunder Network\Thunder, ClassName = Edit.
Pid = 120, Hwnd=0x1002b6, Text = 桌面快捷方式, ClassName = Button(CheckBox).
Pid = 120, Hwnd=0x60356, Text = 多浏览器支持, ClassName = Button(CheckBox).
Pid = 120, Hwnd=0x7033a, Text = 开机启动, ClassName = Button(CheckBox).
Pid = 120, Hwnd=0xc030c, Text = 安装位置:, ClassName = Static.
Pid = 120, Hwnd=0xa0300, Text = 迅雷极速版安装向导, ClassName = #32770.
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\thundersetup.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\thundersetupex.exe(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\TDPRepair.exe(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderFW.exe(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderLiveUD.exe(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderPlatform.exe(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\upnp.exe(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\XLBugReport.exe(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\al.dll(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\asyn_download_interface.dll(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\asyn_frame.dll(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\atl71.dll(签名验证: 未通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\auto_update.dll(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\backend_agent.dll(签名验证: 通过)
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\bt_kernel.dll(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 200.
[3]: MilliSeconds = 400.
[4]: MilliSeconds = 800.
[5]: MilliSeconds = 1600.
[6]: MilliSeconds = 3200.
[7]: MilliSeconds = 6400.
[8]: MilliSeconds = 12800.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ATL:004B9CE0]
[Window,Class] = [检测到已安装迅雷,Static]
[Window,Class] = [,Button]
[Window,Class] = [filename,Static]
[Window,Class] = [filesize,Static]
[Window,Class] = [任务,Static]
[Window,Class] = [loading,Static]
[Window,Class] = [,#32770]
[Window,Class] = [开机启动,Button]
[Window,Class] = [,Static]
[Window,Class] = [迅雷极速版安装向导,#32770]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\thundersetup.exe ---> fd6a99f6323fbdcd992f5b51cdd285c7
C:\Documents and Settings\Administrator\Local Settings\Temp\Thunder7Install\1.0.15.168\thundersetupex.exe ---> 0f435a4015c541ba9215bae3c7181cc9
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\TDPRepair.exe ---> 4ab9826597de874fdec25b1d8e6a6fb2
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderFW.exe ---> 7fbfe23f6716eedabdf4281b2091adfa
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderLiveUD.exe ---> 31a6100d9387036af35b5920f0f6880d
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\ThunderPlatform.exe ---> ff7a11188f3699d178e979a476158cdc
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\upnp.exe ---> 221ba31a50aef8c9ee01a2801f152bf9
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\XLBugReport.exe ---> 5b4f1b82a7bcb2111f26abb6aca9e5c2
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\al.dll ---> e65284971deb50b9ca0f89c38c152e32
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\asyn_download_interface.dll ---> b31c18d704ef08d2a3bed312b885b579
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\asyn_frame.dll ---> 9e05f44f00385962e49261d05d4999df
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\atl71.dll ---> 4edd8d74ea48f58d3eca7e9297f19221
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\auto_update.dll ---> e8c11848f7ff6b9d799828877da8cc89
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\backend_agent.dll ---> 69c5cbe603d28a8521be1613dc68968c
C:\Program Files\Common Files\Thunder Network\TP\Ver1\tp-InstallInfo\tp\bt_kernel.dll ---> 66d9e003051341ca3e53c9c16ed14941
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号