VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:88
Behavior list
Basic Information
MD5:f24dd4b6377c23ee7432c2f0b9b68131
file type:EXE
Production company:WinNTSetup
version:3.8.7.0---3.8.7.0
Shell or compiler information:COMPILER:NSIS
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup
Process behavior
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinNTSetup-repaik\WinNTSetup_x86.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinNTSetup-repaik\WinNTSetup_x86.exe
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsb13.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\WinNTSetup_iso.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\WimBootCompress.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdedit.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\BOOTICEx64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bootsect.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MinHook.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MSSTMake.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\offreg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.old
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdedit.exe
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdedit.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\BOOTICEx64.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bootsect.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MinHook.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MSSTMake.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\offreg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.old
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdboot.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdedit.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\BOOTICEx86.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bootsect.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\MinHook.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\MSSTMake.exe
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsf15.tmp
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\WinNTSetup_iso.cmd
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Lang\Language.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Lang\2052.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\wimlib\libwim-*.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\\Bootice.exe
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsb13.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsf15.tmp
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\WinNTSetup_iso.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\WimBootCompress.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp ---> Offset = 68200
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr14.tmp ---> Offset = 100094
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdedit.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdedit.exe ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdedit.exe ---> Offset = 32768
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AKK
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,ComboBox]
[Window,Class] = [,ComboBoxEx32]
[Window,Class] = [模式,Button]
[Window,Class] = [MBR,Static]
[Window,Class] = [NTLDR PBR,Static]
[Window,Class] = [BOOT FLAG,Static]
[Window,Class] = [,Edit]
[Window,Class] = [选择...,Button]
[Window,Class] = [,Button]
[Window,Class] = [预分配驱动器盘符,Button]
[Window,Class] = [破解uxtheme.dll以支持使用第三方未签名主题,Button]
[Window,Class] = [无人值守,Button]
[Window,Class] = [添加驱动,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SYSTEM_ENVIRONMENT_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_SECURITY_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_TAKE_OWNERSHIP_PRIVILEGE
SE_MANAGE_VOLUME_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2716, Hwnd=0x6034a, Text = MBR, ClassName = Static.
Pid = 2716, Hwnd=0x90354, Text = NTLDR PBR, ClassName = Static.
Pid = 2716, Hwnd=0x80324, Text = BOOT FLAG, ClassName = Static.
Pid = 2716, Hwnd=0x90320, Text = MBR, ClassName = Static.
Pid = 2716, Hwnd=0x60362, Text = BOOTMGR PBR, ClassName = Static.
Pid = 2716, Hwnd=0xb02b0, Text = BOOT PART, ClassName = Static.
Pid = 2716, Hwnd=0xa0322, Text = F, ClassName = Button.
Pid = 2716, Hwnd=0x60352, Text = F, ClassName = Button.
Pid = 2716, Hwnd=0xe02fe, Text = C:, ClassName = Edit.
Pid = 2716, Hwnd=0x1002b6, Text = C:, ClassName = Edit.
Pid = 2716, Hwnd=0x60348, Text = 选项, ClassName = Button(GroupBox).
Pid = 2716, Hwnd=0x60336, Text = 选择包含Windows安装文件的文件夹, ClassName = Static.
Pid = 2716, Hwnd=0x902fc, Text = 选择..., ClassName = Button.
Pid = 2716, Hwnd=0x40366, Text = 选择..., ClassName = Button.
Pid = 2716, Hwnd=0x90310, Text = 5 GB free NTFS Space Align 63 S, ClassName = Static.
Behavior description:直接操作物理设备
details:\??\PHYSICALDRIVE0
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdedit.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\BOOTICEx64.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bootsect.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MinHook.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MSSTMake.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\offreg.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.old(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdboot.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdedit.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\BOOTICEx86.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bootsect.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\MinHook.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\MSSTMake.exe(签名验证: 未通过)
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.AKK.IC
EventName = MSCTF.SendReceiveConection.Event.AKK.IC
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdboot.exe ---> 6fc4e47506182128712da4e5e7d3455a
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bcdedit.exe ---> 9535e3809322a2a34aacb9ba6461c416
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\BOOTICEx64.exe ---> c8dd28f1135c11861eb7d93b7a931433
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\bootsect.exe ---> bbcd51279be0b3e8705853ae2a0a62ce
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MinHook.dll ---> 997ec2601a0dcd44a0ee17be828650c5
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\MSSTMake.exe ---> 64d41e1e1a0410bf669c1d0820ed4c1f
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\offreg.dll ---> b2b03261a0d03cc674713477a1249cc9
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.dll ---> f9bb4a709903d28d6b7436ea7aa7d546
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x64\wimgapi.old ---> 248d35235912b3ab90754be74d406aa5
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdboot.exe ---> fd1a2e75be2661cb15e20b121f8d82d4
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bcdedit.exe ---> c4d5b7b0cc017c7f5b906252a3f42c11
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\BOOTICEx86.exe ---> 0e72509b2d5c55093e2c9ad141067644
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\bootsect.exe ---> 6f0bd53e86c953428bfd085f2e1ad99b
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\MinHook.dll ---> 1eef2e23fde055cdd85a59778c59a2c8
C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\MSSTMake.exe ---> 2e9af9e65e109eb9d79f495b4a573e3c
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsf15.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinNTSetup-repaik\Tools\x86\offreg.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinNTSetup-repaik\Tools\x86\MinHook.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\wimgapi.old.
Image: C:\Documents and Settings\Administrator\Local Settings\Temp\WinNTSetup-repaik\Tools\x86\wimlib\libwim-15.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号