VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.
4, Si votre navigateur ne peut pas télécharger le fichier, téléchargez virscan uploader pour télécharger.

La langue
Charge du serveur
Server Load

VirSCAN
VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

   Informations sur les fichiers

Rapport d'analyse multi-moteur Virscan.org
Rapport d'analyse du comportement:         Analyse de fichier Habo

Informations de base

MD5:bd2119a696a1cf9adcb44743be0e82bb
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Nom du paquet:
Environnement d'exploitation minimum:
Droit d'auteur:

Comportement clé

Description du comportement: 隐藏指定窗口
Détails: [Window,Class] = [,ComboLBox]

Comportement du processus

Description du comportement: 隐藏窗口创建进程
Détails: ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\is-7cr2d.tmp\setuphelper.exe" /exit_thunder4
ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\is-7cr2d.tmp\setuphelper.exe" /exit_thunder5
ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\is-7cr2d.tmp\setuphelper.exe" /delete_testversion
Description du comportement: 创建新文件进程
Détails: ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-J2257.tmp\is-BNTEF.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-J2257.tmp\is-BNTEF.tmp" /SL4 $A0186 "c:\%temp%\1414430480.398836.exe" 9849275 52224
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\SetupHelper.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\SetupHelper.exe" /exit_thunder4
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\SetupHelper.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\SetupHelper.exe" /exit_thunder5
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\SetupHelper.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\SetupHelper.exe" /delete_testversion

Comportement du fichier

Description du comportement: 重命名文件
Détails: C:\Program Files\Thunder Network\Thunder\is-KG6ET.tmp ---> C:\Program Files\Thunder Network\Thunder\unins000.exe
C:\Program Files\Thunder Network\Thunder\Program\is-7401N.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\BaiduToolbar.exe
C:\Program Files\Thunder Network\Thunder\Program\is-IIB50.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\id.dat
C:\Program Files\Thunder Network\Thunder\Program\is-O02FO.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll
C:\Program Files\Thunder Network\Thunder\Program\is-E4U8O.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\bootstrap.dat
C:\Program Files\Thunder Network\Thunder\Program\is-29KLS.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\BugReport.dll
C:\Program Files\Thunder Network\Thunder\Program\is-1N68P.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\BugReport.exe
C:\Program Files\Thunder Network\Thunder\Program\is-B2DTL.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\checkfilemd5.ini
C:\Program Files\Thunder Network\Thunder\Program\is-0UAL5.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\CrackFW.exe
C:\Program Files\Thunder Network\Thunder\Program\is-BJIMT.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\dhtnodes.dat
C:\Program Files\Thunder Network\Thunder\Program\is-S2ST1.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\download-complete.wav
C:\Program Files\Thunder Network\Thunder\Program\is-9E1DP.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\download.cfg
C:\Program Files\Thunder Network\Thunder\Program\is-QONSS.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\DSConvert.dll
C:\Program Files\Thunder Network\Thunder\Program\is-9GFGJ.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll
C:\Program Files\Thunder Network\Thunder\Program\is-V2HSE.tmp ---> C:\Program Files\Thunder Network\Thunder\Program\FtpExplorer.exe
Description du comportement: 创建可执行文件
Détails: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-J2257.tmp\is-BNTEF.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\_isetup\_shfoldr.dll
C:\Program Files\Thunder Network\Thunder\is-KG6ET.tmp
C:\Program Files\Thunder Network\Thunder\Program\is-7401N.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\HistoryInfoTransfer.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\HistoryInfo_manage.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\SetupHelper.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\Thunder.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Thunder Network\Thunder\Program\is-O02FO.tmp
C:\Program Files\Thunder Network\Thunder\Program\is-29KLS.tmp
C:\Program Files\Thunder Network\Thunder\Program\is-1N68P.tmp
C:\Program Files\Thunder Network\Thunder\Program\is-0UAL5.tmp
C:\Program Files\Thunder Network\Thunder\Program\is-QONSS.tmp
Description du comportement: 修改文件内容
Détails: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\BaiduSobar.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\id.dat---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-IIB50.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-E4U8O.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-B2DTL.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-BJIMT.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-S2ST1.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-FN35U.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-IMSSM.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-5115B.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-4T8BU.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-4TNLF.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-011K1.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-63SO4.tmp---> Offset = 0
C:\Program Files\Thunder Network\Thunder\Program\is-60R4O.tmp---> Offset = 0

Comportement du registre

Description du comportement: 修改注册表
Détails: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment\Path

Autre comportement

Description du comportement: 设置对象安全信息
Détails: C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll
C:\Program Files\Thunder Network\Thunder\Program\bootstrap.dat
C:\Program Files\Thunder Network\Thunder\Program\BugReport.dll
C:\Program Files\Thunder Network\Thunder\Program\BugReport.exe
C:\Program Files\Thunder Network\Thunder\Program\checkfilemd5.ini
C:\Program Files\Thunder Network\Thunder\Program\CrackFW.exe
C:\Program Files\Thunder Network\Thunder\Program\dhtnodes.dat
C:\Program Files\Thunder Network\Thunder\Program\download-complete.wav
C:\Program Files\Thunder Network\Thunder\Program\download.cfg
C:\Program Files\Thunder Network\Thunder\Program\DSConvert.dll
C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll
C:\Program Files\Thunder Network\Thunder\Program\FtpExplorer.exe
C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm
C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
C:\Program Files\Thunder Network\Thunder\Program\historyinfoTransfer.dll
Description du comportement: 隐藏指定窗口
Détails: [Window,Class] = [,ComboLBox]
Description du comportement: 查找指定窗口
Détails: NtUserFindWindowEx: [Class,Window] = [,迅雷4]
NtUserFindWindowEx: [Class,Window] = [,thunder_backwnd]
NtUserFindWindowEx: [Class,Window] = [TfrmMain,迅雷]
NtUserFindWindowEx: [Class,Window] = [TfrmMain,ǔ筽]
NtUserFindWindowEx: [Class,Window] = [TfrmMain,Thunder]
Description du comportement: 获取系统权限
Détails: SE_LOAD_DRIVER_PRIVILEGE
Description du comportement: 窗口信息
Détails: Pid = 1928, Hwnd=0xb01ce, Text = 欢迎使用 迅雷5 安装向导 , ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb0170, Text = 现在将安装 迅雷5 到您的电脑中。 推荐您在继续安装前关闭所有其它应用程序。 单击“下一步”继续,或单击“取消”退出安装程序。, ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb01be, Text = 下一步(&N) >, ClassName = TButton.
Pid = 1928, Hwnd=0xa0196, Text = 取消, ClassName = TButton.
Pid = 1928, Hwnd=0xd01c2, Text = 安装 - 迅雷5, ClassName = TWizardForm.
Pid = 1928, Hwnd=0xd0190, Text = 许可协议, ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb0174, Text = 继续安装前请阅读下列重要信息。, ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb0192, Text = 请仔细阅读下列许可协议。您在继续安装前必须同意这些协议条款。, ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb0164, Text = 我同意此协议(&A), ClassName = TRadioButton.
Pid = 1928, Hwnd=0xd01ac, Text = 我不同意此协议(&D), ClassName = TRadioButton.
Pid = 1928, Hwnd=0xc01b6, Text = < 上一步(&B), ClassName = TButton.
Pid = 1928, Hwnd=0xd0190, Text = 选择附加任务, ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb0174, Text = 您想要安装程序执行哪些附加任务?, ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb019c, Text = 选择要安装的附加组件:, ClassName = TNewStaticText.
Pid = 1928, Hwnd=0xb01e0, Text = 桌面和快捷栏上创建一个图标(&D), ClassName = TCheckBox.
Description du comportement: 打开图片文件
Détails: \DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7CR2D.tmp\BaiduSobar.bmp
\Program Files\Thunder Network\Thunder\Languages\zh_cn\FloatBar1.bmp
\Program Files\Thunder Network\Thunder\Languages\zh_cn\FloatBar2.bmp
\Program Files\Thunder Network\Thunder\Languages\zh_cn\FloatBar3.bmp
\Program Files\Thunder Network\Thunder\Languages\zh_tw\FloatBar1.bmp
\Program Files\Thunder Network\Thunder\Languages\zh_tw\FloatBar2.bmp
\Program Files\Thunder Network\Thunder\Languages\zh_tw\FloatBar3.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\bottom_border_left.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\bottom_border_right.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\bottom_broder_mid.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\CfgBig.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\CloseBox.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\ConnectInfo.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\GlideCtrl.bmp
\Program Files\Thunder Network\Thunder\Skins\ChinesePainting\GlideHint.bmp