VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Basic Information
MD5:e299ad42aac65b0dfa84f272888a0038
file type:Cab
Production company:Microsoft Corporation
version:1.0.0.0---1
Shell or compiler information:
Subfile information:shell32.dll / big file / DLL
spru0804.dll / 1648b1105e6597bee8b1a85081ffcfdd / DLL
_sfx_0002._p / cfad510a53c77fa46065ca2588373c33 / Unknown
_sfx_0001._p / e0e32373dbff001de64b423a2946f569 / Unknown
_sfx_0005._p / aeda8f2a2323b64b3270ce0f23c33fad / Unknown
_sfx_0010._p / f4700bbd3731301fe121b5fdee357d32 / Unknown
_sfx_0006._p / 8f48682811134fe4c5e2e36fa05af27b / Unknown
_sfx_0013._p / 63f5ef7c7aa07226cac777488afd7c66 / Unknown
_sfx_0017._p / 06267e3932e53c5a160acdd8fa3a8f5c / Unknown
_sfx_.dll / ee207e35aea4d5df41d90221e1b66efa / DLL
_sfx_0004._p / 712cc041967c964e4182578f3697a2d5 / Unknown
_sfx_0000._p / aea70c8881de429d3ba92de78a53d0e6 / Unknown
_sfx_0008._p / a79857045712a99660746c01954aa099 / Unknown
_sfx_0021._p / 445c6a9333d557dbcb491b7e60343fa6 / Unknown
_sfx_0035._p / 9ce87933c0b179965f1fe5316bf17dfe / Unknown
_sfx_0025._p / cd81bc89f9b4db50895658a69c063f60 / Unknown
_sfx_0003._p / b20dc40d73f5751453154c5b6826286c / Unknown
_sfx_0038._p / 948848526021d866f57788b619d19e26 / Unknown
_sfx_0012._p / bcca3e7deced3935e5f9e32012082c4d / Unknown
Key behavior
Behavior description:关机或重启
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\WINDOWS\$hf_mig$
C:\WINDOWS\$hf_mig$\KB955704
C:\WINDOWS\$NtUninstallKB955704$
Behavior description:隐藏指定窗口
details:[Window,Class] = [正在提取文件,#32770]
[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,Static]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [,#32770]
[Window,Class] = [下一步(&N) >,Button]
Behavior description:关闭系统文件保护
details:C:\WINDOWS\system32\DRIVERS\fs_rec.sys
C:\WINDOWS\system32\ulib.dll
C:\WINDOWS\system32\ifsutil.dll
C:\WINDOWS\system32\format.com
C:\WINDOWS\system32\fmifs.dll
C:\WINDOWS\system32\DRIVERS\exfat.sys
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\uexfat.dll
C:\WINDOWS\system32\DllCache\ulib.dll
C:\WINDOWS\system32\DllCache\uexfat.dll
C:\WINDOWS\system32\DllCache\shell32.dll
C:\WINDOWS\system32\DllCache\ifsutil.dll
C:\WINDOWS\system32\DllCache\fs_rec.sys
C:\WINDOWS\system32\DllCache\fmifs.dll
C:\WINDOWS\system32\DllCache\exfat.sys
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\$NtUninstallKB955704$\format.com
Process behavior
Behavior description:创建新文件进程
details:ImagePath = c:\51010ed4e9196b7cc89d\update\update.exe, CmdLine = c:\51010ed4e9196b7cc89d\update\update.exe
File behavior
Behavior description:创建可执行文件
details:C:\51010ed4e9196b7cc89d\SP2QFE\shell32.dll
C:\51010ed4e9196b7cc89d\SP2QFE\spru0804.dll
C:\51010ed4e9196b7cc89d\_sfx_.dll
C:\51010ed4e9196b7cc89d\SP3QFE\shell32.dll
C:\51010ed4e9196b7cc89d\update\updspapi.dll
C:\51010ed4e9196b7cc89d\update\update.exe
C:\51010ed4e9196b7cc89d\SP2GDR\shell32.dll
C:\51010ed4e9196b7cc89d\SP2GDR\ulib.dll
C:\51010ed4e9196b7cc89d\spuninst.exe
C:\51010ed4e9196b7cc89d\spmsg.dll
C:\51010ed4e9196b7cc89d\SP3GDR\shell32.dll
C:\51010ed4e9196b7cc89d\SP2GDR\exfat.sys
C:\51010ed4e9196b7cc89d\SP2QFE\exfat.sys
C:\51010ed4e9196b7cc89d\SP2QFE\fs_rec.sys
C:\51010ed4e9196b7cc89d\SP2GDR\ifsutil.dll
Behavior description:在系统目录释放敏感文件
details:C:\WINDOWS\$NtUninstallKB955704$\format.com
Behavior description:写权限映射文件
details:\51010ed4e9196b7cc89d\_sfx_0000._p
\51010ed4e9196b7cc89d\SP2QFE\shell32.dll
\51010ed4e9196b7cc89d\SP3QFE\shell32.dll
\51010ed4e9196b7cc89d\_sfx_0001._p
\51010ed4e9196b7cc89d\update\updspapi.dll
\51010ed4e9196b7cc89d\_sfx_0002._p
\51010ed4e9196b7cc89d\update\update.exe
\51010ed4e9196b7cc89d\_sfx_0003._p
\51010ed4e9196b7cc89d\update\update_SP3QFE.inf
\51010ed4e9196b7cc89d\_sfx_0004._p
\51010ed4e9196b7cc89d\SP2GDR\shell32.dll
\51010ed4e9196b7cc89d\_sfx_0005._p
\51010ed4e9196b7cc89d\SP2GDR\ulib.dll
\51010ed4e9196b7cc89d\_sfx_0006._p
\51010ed4e9196b7cc89d\spuninst.exe
Behavior description:重命名文件
details:C:\WINDOWS\LastGood\TMP3.tmp ---> C:\WINDOWS\LastGood\INF\oem9.inf
C:\WINDOWS\LastGood\TMP4.tmp ---> C:\WINDOWS\LastGood\INF\oem9.PNF
C:\WINDOWS\inf\branches.inf ---> C:\WINDOWS\inf\_000000_.tmp.dll
C:\WINDOWS\inf\HFX5.tmp ---> C:\WINDOWS\inf\branches.inf
C:\WINDOWS\KB955704.cat ---> C:\WINDOWS\_000009_.tmp.dll
C:\WINDOWS\system32\drivers\fs_rec.sys ---> C:\WINDOWS\system32\drivers\_000010_.tmp.dll
C:\WINDOWS\system32\drivers\HFX6.tmp ---> C:\WINDOWS\system32\drivers\fs_rec.sys
C:\WINDOWS\system32\ulib.dll ---> C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\HFX7.tmp ---> C:\WINDOWS\system32\ulib.dll
C:\WINDOWS\system32\ifsutil.dll ---> C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\HFX8.tmp ---> C:\WINDOWS\system32\ifsutil.dll
C:\WINDOWS\system32\format.com ---> C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\HFX9.tmp ---> C:\WINDOWS\system32\format.com
C:\WINDOWS\system32\fmifs.dll ---> C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\HFXA.tmp ---> C:\WINDOWS\system32\fmifs.dll
Behavior description:设置特殊文件夹属性
details:C:\WINDOWS\$hf_mig$
C:\WINDOWS\$hf_mig$\KB955704
C:\WINDOWS\$NtUninstallKB955704$
Behavior description:修改文件内容
details:C:\51010ed4e9196b7cc89d\update\update.ver---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0010._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0032._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0021._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0020._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0013._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0004._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0022._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0005._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0011._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0029._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0024._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0012._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0014._p---> Offset = 0
C:\51010ed4e9196b7cc89d\_sfx_0041._p---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel
\REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem9.inf
\REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem9.PNF
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\TSAware
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\NoModify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\InstallDate
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\NoRepair
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\HelpLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955704\DisplayVersion
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AllowProtectedRenames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB955704\Filelist\0\FileName
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表_服务项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\exFat\Start
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\878:148a4c8
Other behavior
Behavior description:创建互斥体
details:Global\ServicePackOrHotfix
WBEMPROVIDERSTATICMUTEX
SetuplogMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [正在提取文件,#32770]
[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,Static]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [,#32770]
[Window,Class] = [下一步(&N) >,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [STUFF-BOOT,]
Behavior description:窗口信息
details:Pid = 584, Hwnd=0xd0166, Text = 正在提取文件:, ClassName = Static.
Pid = 584, Hwnd=0xb016a, Text = 目标目录:, ClassName = Static.
Pid = 584, Hwnd=0xb01de, Text = SP3QFE\shell32.dll, ClassName = Static.
Pid = 584, Hwnd=0xc01d6, Text = c:\51010ed4e9196b7cc89d, ClassName = Static.
Pid = 584, Hwnd=0xa0186, Text = 正在提取文件, ClassName = #32770.
Pid = 584, Hwnd=0xb01de, Text = SP2QFE\fs_rec.sys, ClassName = Static.
Pid = 2168, Hwnd=0xb0164, Text = 使用此向导安装下列软件更新:, ClassName = Static.
Pid = 2168, Hwnd=0xb0192, Text = Windows XP 更新 (KB955704), ClassName = Static.
Pid = 2168, Hwnd=0xb016c, Text = 在安装此更新之前,建议您: - 备份您的系统 - 关闭所有打开的程序 完成此更新后,您可能需要重新启动计算机。要继续,请单击“下一步, ClassName = Static.
Pid = 2168, Hwnd=0xb0174, Text = 自述文件(&R), ClassName = Button.
Pid = 2168, Hwnd=0xd01a4, Text = < 上一步(&B), ClassName = Button.
Pid = 2168, Hwnd=0xc01e8, Text = 下一步(&N) >, ClassName = Button.
Pid = 2168, Hwnd=0xa0196, Text = 完成, ClassName = Button.
Pid = 2168, Hwnd=0xb01be, Text = 取消, ClassName = Button.
Pid = 2168, Hwnd=0xc01b4, Text = 帮助, ClassName = Button.
Behavior description:获取系统权限
details:SE_BACKUP_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_SECURITY_PRIVILEGE
SE_TAKE_OWNERSHIP_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:关闭系统文件保护
details:C:\WINDOWS\system32\DRIVERS\fs_rec.sys
C:\WINDOWS\system32\ulib.dll
C:\WINDOWS\system32\ifsutil.dll
C:\WINDOWS\system32\format.com
C:\WINDOWS\system32\fmifs.dll
C:\WINDOWS\system32\DRIVERS\exfat.sys
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\uexfat.dll
C:\WINDOWS\system32\DllCache\ulib.dll
C:\WINDOWS\system32\DllCache\uexfat.dll
C:\WINDOWS\system32\DllCache\shell32.dll
C:\WINDOWS\system32\DllCache\ifsutil.dll
C:\WINDOWS\system32\DllCache\fs_rec.sys
C:\WINDOWS\system32\DllCache\fmifs.dll
C:\WINDOWS\system32\DllCache\exfat.sys
Behavior description:关机或重启
details:N/A
Abnormal crash
Behavior description:创建互斥体
details:Global\ServicePackOrHotfix
WBEMPROVIDERSTATICMUTEX
SetuplogMutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [正在提取文件,#32770]
[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,Static]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [,#32770]
[Window,Class] = [下一步(&N) >,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [STUFF-BOOT,]
Behavior description:窗口信息
details:Pid = 584, Hwnd=0xd0166, Text = 正在提取文件:, ClassName = Static.
Pid = 584, Hwnd=0xb016a, Text = 目标目录:, ClassName = Static.
Pid = 584, Hwnd=0xb01de, Text = SP3QFE\shell32.dll, ClassName = Static.
Pid = 584, Hwnd=0xc01d6, Text = c:\51010ed4e9196b7cc89d, ClassName = Static.
Pid = 584, Hwnd=0xa0186, Text = 正在提取文件, ClassName = #32770.
Pid = 584, Hwnd=0xb01de, Text = SP2QFE\fs_rec.sys, ClassName = Static.
Pid = 2168, Hwnd=0xb0164, Text = 使用此向导安装下列软件更新:, ClassName = Static.
Pid = 2168, Hwnd=0xb0192, Text = Windows XP 更新 (KB955704), ClassName = Static.
Pid = 2168, Hwnd=0xb016c, Text = 在安装此更新之前,建议您: - 备份您的系统 - 关闭所有打开的程序 完成此更新后,您可能需要重新启动计算机。要继续,请单击“下一步, ClassName = Static.
Pid = 2168, Hwnd=0xb0174, Text = 自述文件(&R), ClassName = Button.
Pid = 2168, Hwnd=0xd01a4, Text = < 上一步(&B), ClassName = Button.
Pid = 2168, Hwnd=0xc01e8, Text = 下一步(&N) >, ClassName = Button.
Pid = 2168, Hwnd=0xa0196, Text = 完成, ClassName = Button.
Pid = 2168, Hwnd=0xb01be, Text = 取消, ClassName = Button.
Pid = 2168, Hwnd=0xc01b4, Text = 帮助, ClassName = Button.
Behavior description:获取系统权限
details:SE_BACKUP_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_SECURITY_PRIVILEGE
SE_TAKE_OWNERSHIP_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:关闭系统文件保护
details:C:\WINDOWS\system32\DRIVERS\fs_rec.sys
C:\WINDOWS\system32\ulib.dll
C:\WINDOWS\system32\ifsutil.dll
C:\WINDOWS\system32\format.com
C:\WINDOWS\system32\fmifs.dll
C:\WINDOWS\system32\DRIVERS\exfat.sys
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\uexfat.dll
C:\WINDOWS\system32\DllCache\ulib.dll
C:\WINDOWS\system32\DllCache\uexfat.dll
C:\WINDOWS\system32\DllCache\shell32.dll
C:\WINDOWS\system32\DllCache\ifsutil.dll
C:\WINDOWS\system32\DllCache\fs_rec.sys
C:\WINDOWS\system32\DllCache\fmifs.dll
C:\WINDOWS\system32\DllCache\exfat.sys
Behavior description:关机或重启
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号