1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
| Veiligheidsclassificatie:87 |
| Gedragslijst |
| Gedragsanalyse rapport: Threatbook file behaviour analysis report |
| Basis informatie | |
|---|---|
| MD5: | 1e02d6aa4a199448719113ae3926afb2 |
| Bestandstype: | Nsis |
| Productie bedrijf: | |
| versie: | |
| Shell- of compiler-informatie: | |
| Subfile-informatie: | DeltaTB.exedumpFile / eb2764885565b6c01cb32e5f51f213b3 / EXE |
| DeltaTB.exe / eb2764885565b6c01cb32e5f51f213b3 / EXE | |
| Unlocker.exedumpFile / 0ed06220bc07ec9a5d8807f9d5c0d9f0 / EXE | |
| Unlocker.exe / 0ed06220bc07ec9a5d8807f9d5c0d9f0 / EXE | |
| modern-wizard.bmpdumpFile / cbe40fd2b1ec96daedc65da172d90022 / Unknown | |
| modern-wizard.bmp / cbe40fd2b1ec96daedc65da172d90022 / Unknown | |
| UnlockerAssistant.exedumpFile / 255e405d801cf01247390f38f92d8042 / EXE | |
| UnlockerAssistant.exe / 255e405d801cf01247390f38f92d8042 / EXE | |
| [NSIS].nsidumpFile / 56b3a4a1eacb184ef2f155a00bef57b0 / Unknown | |
| [NSIS].nsi / 2f3d27e5bc3f12e2dba4ed4854692c54 / Unknown | |
| InstallOptions.dlldumpFile / 325b008aec81e5aaa57096f05d4212b5 / DLL | |
| InstallOptions.dll / 325b008aec81e5aaa57096f05d4212b5 / DLL | |
| UnlockerInject32.exedumpFile / 5b964dbcc99edee45a6f235417713a93 / EXE | |
| UnlockerInject32.exe / 5b964dbcc99edee45a6f235417713a93 / EXE | |
| System.dlldumpFile / c17103ae9072a06da581dec998343fc1 / DLL | |
| System.dll / c17103ae9072a06da581dec998343fc1 / DLL | |
| UnlockerCOM.dlldumpFile / 49b6af547ed4ba1fb07bf6f384fda841 / DLL | |
| UnlockerCOM.dll / 49b6af547ed4ba1fb07bf6f384fda841 / DLL | |
| delta_logo_small.bmpdumpFile / a65d47e65c637df50385873a205739b9 / Unknown | |
| Sleutelgedrag | |
|---|---|
| Gedrag beschrijving: | 隐藏指定窗口 |
| Voor meer informatie: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [,Button] | |
| [Window,Class] = [Nullsoft Install System v2.46,Static] | |
| [Window,Class] = [Nullsoft Install System v2.46 ,Static] | |
| [Window,Class] = [,Static] | |
| Bestand gedrag | |
|---|---|
| Gedrag beschrijving: | 创建可执行文件 |
| Voor meer informatie: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\System.dll |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\LangDLL.dll | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\InstallOptions.dll | |
| Gedrag beschrijving: | 修改文件内容 |
| Voor meer informatie: | C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\Delta.ini---> Offset = 0 |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\Delta.ini---> Offset = 26 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\delta_logo_small.bmp---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\delta_logo_small.bmp---> Offset = 9254 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 36 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\modern-wizard.bmp---> Offset = 0 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 124 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 33 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 43 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 60 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 277 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 326 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 381 | |
| C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\ioSpecial.ini---> Offset = 389 | |
| Register gedrag | |
|---|---|
| Gedrag beschrijving: | 修改注册表 |
| Voor meer informatie: | \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass |
| \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Unlocker\Language | |
| Ander gedrag | |
|---|---|
| Gedrag beschrijving: | 窗口信息 |
| Voor meer informatie: | Pid = 164, Hwnd=0xb016a, Text = Chinese (Simplified), ClassName = ComboBox. |
| Pid = 164, Hwnd=0xc01d6, Text = OK, ClassName = Button. | |
| Pid = 164, Hwnd=0xd01c8, Text = Cancel, ClassName = Button. | |
| Pid = 164, Hwnd=0xc01c2, Text = Please select a language., ClassName = Static. | |
| Pid = 164, Hwnd=0xd0180, Text = Installer Language, ClassName = #32770. | |
| Pid = 164, Hwnd=0xe01c8, Text = &Next >, ClassName = Button. | |
| Pid = 164, Hwnd=0xd01d6, Text = Cancel, ClassName = Button. | |
| Pid = 164, Hwnd=0xb01b0, Text = Nullsoft Install System v2.46 , ClassName = Static. | |
| Pid = 164, Hwnd=0xa018c, Text = Nullsoft Install System v2.46, ClassName = Static. | |
| Pid = 164, Hwnd=0xb0170, Text = Welcome to the Unlocker 1.9.2 Setup Wizard, ClassName = Static. | |
| Pid = 164, Hwnd=0xb01ce, Text = This wizard will guide you through the installation of Unlocker 1.9.2. It is recommended that you close all other applications, ClassName = Static. | |
| Pid = 164, Hwnd=0xe0180, Text = Unlocker 1.9.2 Setup, ClassName = #32770. | |
| Gedrag beschrijving: | 隐藏指定窗口 |
| Voor meer informatie: | [Window,Class] = [,ComboLBox] |
| [Window,Class] = [,Button] | |
| [Window,Class] = [Nullsoft Install System v2.46,Static] | |
| [Window,Class] = [Nullsoft Install System v2.46 ,Static] | |
| [Window,Class] = [,Static] | |
| Gedrag beschrijving: | 打开图片文件 |
| Voor meer informatie: | \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\delta_logo_small.bmp |
| \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp4.tmp\modern-wizard.bmp | |
| Gedrag beschrijving: | 获取系统权限 |
| Voor meer informatie: | SE_LOAD_DRIVER_PRIVILEGE |
| Screenshot uitvoeren |
|---|
 |
huis
