VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:84
Behavior list
Basic Information
MD5:ff297e482117d440094f9b1f01777c54
file type:zip
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [RAR SFX] *
Subfile information:TianTian1.3.1046.exedumpFile / 7ce9318ef4f7fd6e0987e441800bdf6a / EXE
TianTian1.3.1046.exe / 7ce9318ef4f7fd6e0987e441800bdf6a / EXE
Key behavior
Behavior description:获取硬件属性检测虚拟机
details:检测Vmware: 调用WMI接口获取硬件信息
Behavior description:获取TickCount值
details:TickCount = 5433125, SleepMilliseconds = 60000.
TickCount = 5433265, SleepMilliseconds = 60000.
TickCount = 5433281, SleepMilliseconds = 60000.
TickCount = 5433296, SleepMilliseconds = 60000.
TickCount = 5433312, SleepMilliseconds = 60000.
TickCount = 5433406, SleepMilliseconds = 60000.
TickCount = 5433421, SleepMilliseconds = 60000.
TickCount = 5433515, SleepMilliseconds = 60000.
TickCount = 5433578, SleepMilliseconds = 60000.
TickCount = 5433734, SleepMilliseconds = 60000.
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\WebStatistics.exe" 3
Behavior description:创建本地线程
details:TargetProcess: TianTian1.3.1046.exe, InheritedFromPID = 1944, ProcessID = 2080, ThreadID = 2436, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: TianTianDownloader.exe, InheritedFromPID = 2080, ProcessID = 2416, ThreadID = 2508, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: TianTianDownloader.exe, InheritedFromPID = 2080, ProcessID = 2416, ThreadID = 2512, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2568, StartAddress = 765E964D, Parameter = 0018CC40
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2588, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2604, StartAddress = 015DE660, Parameter = 009FBC38
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2608, StartAddress = 015DE660, Parameter = 009F6870
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2612, StartAddress = 015DE660, Parameter = 009F4EB8
TargetProcess: TianTianDownloader.exe, InheritedFromPID = 2080, ProcessID = 2416, ThreadID = 2616, StartAddress = 1001368D, Parameter = 01FA23B0
TargetProcess: TianTianDownloader.exe, InheritedFromPID = 2080, ProcessID = 2416, ThreadID = 2620, StartAddress = 1001368D, Parameter = 01FA4698
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2628, StartAddress = 015194D0, Parameter = 0BDB05A8
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2636, StartAddress = 015DE660, Parameter = 009F9840
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2640, StartAddress = 015DE660, Parameter = 0BDB4788
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2644, StartAddress = 0143B6E0, Parameter = 009F94F8
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 2416, ProcessID = 2528, ThreadID = 2648, StartAddress = 0143B6E0, Parameter = 009F94F8
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\TianTianDownloader.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\TianTianDownloader.exe"
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\MiniThunderPlatform.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\MiniThunderPlatform.exe" -StartTP
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\WebStatistics.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\WebStatistics.exe" 3
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_5353484
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\Configuration.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\id.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\MiniThunderPlatform.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\minizip.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcp71.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcr71.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugHandler.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugReport.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\zlib1.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\Download.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\generalModular.dll
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\MiniThunderPlatform.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\minizip.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcp71.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcr71.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugHandler.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugReport.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\zlib1.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\Download.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\generalModular.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\mfc100u.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\msvcp100.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\msvcr100.dll
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TianTian1.3.1046.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\MiniThunderPlatform.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_5353484
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\Configuration.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll ---> Offset = 57856
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll ---> Offset = 60672
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll ---> Offset = 83968
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll ---> Offset = 71424
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll ---> Offset = 73984
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll ---> Offset = 77824
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll ---> Offset = 196608
Behavior description:修改新生成的可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\mfc100u.dll
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: hu****et, IP: **.133.40.**:80, SOCKET = 0x000002e4
URL: pm****et, IP: **.133.40.**:80, SOCKET = 0x00000300
URL: hu****et, IP: **.133.40.**:80, SOCKET = 0x00000304
URL: im****et, IP: **.133.40.**:80, SOCKET = 0x000002ec
URL: sc****et, IP: **.133.40.**:80, SOCKET = 0x00000324
Behavior description:发送HTTP包
details:POST / HTTP/1.1 Host: hu****et:80 Content-type: application/octet-stream Content-Length: 204 Connection: Keep-Alive =
POST / HTTP/1.1 Host: pm****et:80 Content-type: application/octet-stream Content-Length: 92 Connection: Keep-Alive @
POST / HTTP/1.1 Host: hu****et:80 Content-type: application/octet-stream Content-Length: 44 Connection: Keep-Alive A
POST / HTTP/1.1 Host: im****et:80 Content-type: application/octet-stream Content-Length: 44 Connection: Keep-Alive A
POST / HTTP/1.1 Host: sc****et:80 Content-type: application/octet-stream Content-Length: 92 Connection: Keep-Alive <
Behavior description:按名称获取主机地址
details:gethostbyname: hu****et
gethostbyname: re****et
gethostbyname: computer
gethostbyname: pm****et
gethostbyname: im****et
gethostbyname: sc****et
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\TianTianDownloader.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
Behavior description:获取硬件属性检测虚拟机
details:检测Vmware: 调用WMI接口获取硬件信息
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [浏览(&W)...,Button]
[Window,Class] = [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0,ComboBox]
[Window,Class] = [,Button]
[Window,Class] = [Static,Static]
[Window,Class] = [下载暂停,Static]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [EDIT,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2416, Hwnd=0x10456, Text = 检测CPU类型是否符合, ClassName = Static.
Pid = 2416, Hwnd=0x10458, Text = 检测显卡是否支持OPENGL2.0, ClassName = Static.
Pid = 2416, Hwnd=0x1045a, Text = 检测Windows Installer服务是否开启, ClassName = Static.
Pid = 2416, Hwnd=0x1045c, Text = 检测内存是否大于2.8G, ClassName = Static.
Pid = 2416, Hwnd=0x10460, Text = Static, ClassName = Static.
Pid = 2416, Hwnd=0x10462, Text = 系统颜色深度是否符合, ClassName = Static.
Pid = 2416, Hwnd=0x10450, Text = 正在下载, ClassName = Static.
Pid = 2416, Hwnd=0x10452, Text = 下载暂停, ClassName = Static.
Pid = 2416, Hwnd=0x10430, Text = SORRY !, ClassName = Static.
Pid = 2416, Hwnd=0x10432, Text = 不支持原因:, ClassName = Static.
Pid = 2416, Hwnd=0x10434, Text = 解决方案:, ClassName = Static.
Pid = 2416, Hwnd=0x1043a, Text = 您的电脑不能支持模拟器的安装, ClassName = Static.
Pid = 2416, Hwnd=0x1043c, Text = Static, ClassName = Static.
Pid = 2416, Hwnd=0x1043e, Text = 解决方案:, ClassName = Static.
Pid = 2416, Hwnd=0x10422, Text = C:\Program Files\, ClassName = Edit.
Behavior description:获取TickCount值
details:TickCount = 5433125, SleepMilliseconds = 60000.
TickCount = 5433265, SleepMilliseconds = 60000.
TickCount = 5433281, SleepMilliseconds = 60000.
TickCount = 5433296, SleepMilliseconds = 60000.
TickCount = 5433312, SleepMilliseconds = 60000.
TickCount = 5433406, SleepMilliseconds = 60000.
TickCount = 5433421, SleepMilliseconds = 60000.
TickCount = 5433515, SleepMilliseconds = 60000.
TickCount = 5433578, SleepMilliseconds = 60000.
TickCount = 5433734, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tpstart_up_e_20130515_360_a
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSFT.VSA.COM.DISABLE.2652
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\mfc100u.dll(签名验证: 通过)
Behavior description:直接操作物理设备
details:\??\PhysicalDrive0
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\MiniThunderPlatform.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\minizip.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcp71.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcr71.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugHandler.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugReport.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\zlib1.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\Download.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\generalModular.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\mfc100u.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\msvcp100.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\msvcr100.dll(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tpstart_up_e_20130515_360_a
EventName = c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tpstart_up_failed_e_20130515_360_a
EventName = DINPUTWINMM
EventName = c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tpr_e_2013515_360_a
EventName = c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tpw_e_2013515_360_a
EventName = c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tp_alive_check_e_2013515_360_a
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EHJ.IC
EventName = MSCTF.SendReceiveConection.Event.EHJ.IC
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\atl71.dll ---> 04443a3c7af47045805586b41a654ddf
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll ---> dba9a19752b52943a0850a7e19ac600a
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll ---> e323543ef7bed84219b0d474c6e5615c
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\MiniThunderPlatform.exe ---> 9a84c47e6d6c90a2563d738bd59047e4
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\minizip.dll ---> a06480dee7970eaf8744f7360278748e
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcp71.dll ---> c8e820c372edc2f4a7577bc0bd289708
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\msvcr71.dll ---> 91e5b64683ca26c3db6b04d8354e45df
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugHandler.dll ---> 92154e720998acb6fa0f7bad63309470
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\XLBugReport.exe ---> 67c767470d0893c4a2e46be84c9afcbb
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\download\zlib1.dll ---> 47df1af2ade4e2c6de6cc2aa93aff5cb
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\Download.dll ---> 23ac0fe4066167ce5a55287a36d34667
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\generalModular.dll ---> ddf548b9bb1603ffdf2fe5f19c48627c
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\mfc100u.dll ---> f841f32ad816dbf130f10d86fab99b1a
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\msvcp100.dll ---> bc83108b18756547013ed443b8cdb31b
C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\msvcr100.dll ---> 0e37fbfa79d349d672456923ec5fbbe3
Behavior description:打开互斥体
details:ShimCacheMutex
Local\!IETld!Mutex
DBWinMutex
c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tpka_m_2013515_360_a
RasPbFile
c:/docume~1/admini~1/locals~1/temp/rarsfx0/tiantiandownloader/download/minithunderplatform.exe_mini_tp_connector_tpka_m_2013515_360_a
websta_exist
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\TianTianDownloader\mfc100u.dll ---> f841f32ad816dbf130f10d86fab99b1a
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\mfc100u.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\msvcr100.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\msvcp100.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\xldl.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\msvcp71.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\msvcr71.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\dl_peer_id.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\XLBugHandler.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\download_engine.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\atl71.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\TianTianDownloader\download\zlib1.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号