VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:f53fa5b1140cc1f1180c3042346ec785
file type:Nsis
Production company:百度云管家
version:5.3.6.0---5.3.6.0
Shell or compiler information:
Subfile information:BaiduYunGuanjia.exe / big file / EXE
YunLogic.dll / 129b4fb1ae5befbc7798388d9d6dc6b6 / DLL
default.db / 631b557ee1413878a703c02288696f1f / Compound
Basement.dll / c6ab59f8f1f2eb8a11152d0040375355 / DLL
exiv2.dll / b71a33087be2815d09ab7a45a8a43d93 / DLL
Bull120U.dll / d0dac3f47e950df89082c0ee53f799b2 / DLL
xImage.dll / d6614abc7a96d1832760f93809283ea7 / DLL
YunDb.dll / 256c05d7ec993c34773b51434b8d0b0f / DLL
msvcr120.dll / 034ccadc1c073e4216e9466b720f9849 / DLL
AppUtil.dll / 87743f38efd5786371d0df899e1d6303 / DLL
duiengineskin.zip / 62779038ae2d675c409928ead4658d26 / zip
autobackup.ico / cea33e92dd2e8f1b4dbed22c25ac7570 / Unknown
guanjia_logo.ico / 149c33bec92465a5d62109fefee817ab / Unknown
msvcp120.dll / fd5cabbe52272bd76007b68186ebaf00 / DLL
2.wav / 4408f456a35c301ee1b951e20ffa71bb / Unknown
channelpcsdk.dll / 38e8d5dc206bd2d3aeb9566e567ca4d1 / DLL
npYunWebDetect.dll / d6491682a9d7246b16c4e93af0b5842a / DLL
resource.db / 190c123d02802fc97da81587dedf4acd / Compound
3.wav / 9ca4aec9ef66806361f3e0ae86792c86 / Unknown
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll"
ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s /u "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll"
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe
Behavior description:进程退出
details:N/A
Behavior description:枚举进程
details:N/A
Behavior description:创建本地线程
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppProperty.xml
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull120U.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo2
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunDb.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunLogic.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunTorrentFile.ico
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\autobackup.ico
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\channelpcsdk.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\exiv2.dll
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull120U.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunDb.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunLogic.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\channelpcsdk.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\exiv2.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\libexpat.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcp120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcr120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\xImage.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse6.tmp\System.dll
Behavior description:覆盖已有文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsq5.tmp
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse6.tmp
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\regsvr32.exe
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\logs\*.
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\\log_*.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo
Behavior description:删除文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\autobackup.ico
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\channelpcsdk.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\resource.db
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo2
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\xImage.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcp120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcr120.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull120U.dll
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppProperty.xml---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\VersionInfo2---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunTorrentFile.ico---> Offset = 16384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\autobackup.ico---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\guanjia_logo.ico---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\resource.db---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\skin\default.db---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\skin\duiengineskin.zip---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\1.wav---> Offset = 32768
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\2.wav---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\3.wav---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\sounds\4.wav---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\users\14498356209A4AC6F18D.dat---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\users\localdata.dat---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = pan.baidu.com, PORT = 80
InternetConnectA: ServerName = update.pan.baidu.com, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:110.110.110.110:80
180.149.132.40:80
Behavior description:打开HTTP请求
details:HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1449835619, hConnect = 0x000003ec
HttpOpenRequestA: update.pan.baidu.com:80/statistics?clienttype=8&devuid=bdimxv2%2do%5fb5172d5799984955beea058a7d93b4a1%2dc%5f0%2dd%5f42563737623232333732322d3039343862622033%2dm%5f000000000000%2dv%5ff44048e7&channel=00000000000000000000000000000000&version=5
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1449835625, hConnect = 0x0000042c
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1449835630, hConnect = 0x0000042c
HttpOpenRequestA: pan.baidu.com:80/res/static/thirdparty/connect.jpg?t=1449835635, hConnect = 0x0000042c
Behavior description:按名称获取主机地址
details:pan.baidu.com
Registry behavior
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Control
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\Programmable
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ToolboxBitmap32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\TypeLib
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\VersionIndependentProgID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\YunWebDetect.YunWebDetect\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\ToolboxBitmap32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Description
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Path
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\BaiduYunGuanjia\DEBUG\Trace Level
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DCE7B6C-C3B9-4efd-9CC6-2D9F938B4A06}\AppID
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Description
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Path
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\ProductName
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Vendor
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\Version
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\Dummy
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\clsid\*\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\codeBaseUrl\*\*
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@baidu.com/YunWebDetectPlugin\MimeTypes\application/bd-npYunWebDetect-plugin\progid\*\*
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
BaiduYunGuanjia
SHIMLIB_LOG_MUTEX
RasPbFile
YunBrowserSharedMemoryLock_3296
54B55498-0BB1-4896-AC08-2595F474CBDE
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EOM
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = BAIDU-8A1-5581-4005-8389-1603C4D312E7
EventName = {DAF9CDB4-1826-4ba0-A6B6-52ABD4C8DE1A}
EventName = MSCTF.SendReceiveConection.Event.EOM.IC
EventName = MSCTF.SendReceive.Event.EOM.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:窗口信息
details:Pid = 3296, Hwnd=0x102de, Text = dummyLayeredWnd, ClassName = DuiHostWnd.
Pid = 3296, Hwnd=0x202d0, Text = 欢迎使用百度云管家, ClassName = DuiHostWnd.
Behavior description:可执行文件签名信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull120U.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunDb.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunLogic.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\channelpcsdk.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\exiv2.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\libexpat.dll(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcp120.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcr120.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\xImage.dll(签名验证: 通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse6.tmp\System.dll(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [TimerWin,LOG_MSG_WINDOW]
[Window,Class] = [,BaseGui]
[Window,Class] = [欢迎使用百度云管家,DuiHostWnd]
Behavior description:可执行文件MD5
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll ---> 87743f38efd5786371d0df899e1d6303
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\BaiduYunGuanjia.exe ---> 文件过大!
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll ---> c6ab59f8f1f2eb8a11152d0040375355
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull120U.dll ---> d0dac3f47e950df89082c0ee53f799b2
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunDb.dll ---> 256c05d7ec993c34773b51434b8d0b0f
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunLogic.dll ---> 129b4fb1ae5befbc7798388d9d6dc6b6
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\channelpcsdk.dll ---> 38e8d5dc206bd2d3aeb9566e567ca4d1
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\exiv2.dll ---> b71a33087be2815d09ab7a45a8a43d93
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\libexpat.dll ---> 02bf3ace442fd31a243f26123833d43c
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcp120.dll ---> fd5cabbe52272bd76007b68186ebaf00
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcr120.dll ---> 034ccadc1c073e4216e9466b720f9849
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll ---> d6491682a9d7246b16c4e93af0b5842a
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\xImage.dll ---> d6614abc7a96d1832760f93809283ea7
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse6.tmp\System.dll ---> 883eff06ac96966270731e4e22817e11
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse6.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\npYunWebDetect.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcp120.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\msvcr120.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Bull120U.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\xImage.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\AppUtil.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\Basement.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunLogic.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\exiv2.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\libexpat.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BaiduYunGuanjia\YunDb.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号