VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Taal
Serverbelasting
Server Load

Bestandsinformatie
Veiligheidsclassificatie:89
Gedragslijst
Basis informatie
MD5:454ead8b4b3d8f95aace6c8ba6000780
Bestandstype:Rar
Productie bedrijf:
versie:
Shell- of compiler-informatie:COMPILER:NSIS
Subfile-informatie:CMSClient-27.exedumpFile / 2d510bf77fcb9ec2b97cfda064eb16d5 / EXE
CMSClient-27.exe / 2d510bf77fcb9ec2b97cfda064eb16d5 / EXE
消费类CMSlient使用手册1.1.pdf / ab50e1abdcd2eba2cfb7a73b7316ceb1 / Unknown
消费类CMSlient使用手册1.1.pdfdumpFile / ab50e1abdcd2eba2cfb7a73b7316ceb1 / Unknown
PDF-STREAM-12dumpFile / 2f1d9d42baed639b6399a97ee00800fa / Unknown
PDF-STREAM-9dumpFile / 9c92f16556ad23ad130e19766250feeb / Unknown
PDF-STREAM-36dumpFile / 8621389235efc0d00fb56cb9bd0a4f67 / Unknown
PDF-STREAM-31dumpFile / 78019464bec3957af2e9c1fcaea5ab4a / Unknown
PDF-STREAM-34dumpFile / b9e01c261eb24102e024c9afc91ea0f9 / Unknown
PDF-STREAM-14dumpFile / 9e4c039eef2714d441d7024abff0d141 / Unknown
PDF-STREAM-33dumpFile / ad4d8ce6594f9f7b28d5ab270bdce41d / Unknown
PDF-STREAM-38dumpFile / a0cd490a20ff1daae1017017762880a7 / Unknown
PDF-STREAM-24dumpFile / 273d190916e67dceac51e4fea080b015 / Unknown
PDF-STREAM-27dumpFile / 937d6a3a16ed8ec07e41c01d10c27733 / Unknown
PDF-STREAM-29dumpFile / 173ea4b4074fa438256bde4b682f1d0a / Unknown
PDF-STREAM-39dumpFile / 16becad5e1d625251b96632242962aff / Unknown
PDF-STREAM-26dumpFile / edc5ae34a8a4488a4eefc8d6e3ca459e / Unknown
PDF-STREAM-7dumpFile / a96819c45bb9441a4799851fc1cba501 / Unknown
PDF-STREAM-15dumpFile / 70677bc38bc862a6e5d7a190f8d3d6ea / Unknown
Sleutelgedrag
Gedrag beschrijving:在桌面创建快捷方式
Voor meer informatie:C:\Documents and Settings\All Users\桌面\CMSClient.lnk
Gedrag beschrijving:获取TickCount值
Voor meer informatie:TickCount = 5377959, SleepMilliseconds = 100.
TickCount = 5378318, SleepMilliseconds = 100.
TickCount = 5378350, SleepMilliseconds = 100.
TickCount = 5380146, SleepMilliseconds = 100.
TickCount = 5381475, SleepMilliseconds = 100.
TickCount = 5381521, SleepMilliseconds = 100.
TickCount = 5382334, SleepMilliseconds = 100.
TickCount = 5384521, SleepMilliseconds = 100.
TickCount = 5384693, SleepMilliseconds = 100.
TickCount = 5384709, SleepMilliseconds = 100.
TickCount = 5384756, SleepMilliseconds = 100.
TickCount = 5386709, SleepMilliseconds = 100.
TickCount = 5387881, SleepMilliseconds = 100.
TickCount = 5387896, SleepMilliseconds = 100.
TickCount = 5387912, SleepMilliseconds = 100.
Verwerk gedrag
Gedrag beschrijving:创建本地线程
Voor meer informatie:TargetProcess: CMSClient-27.exe, InheritedFromPID = 1944, ProcessID = 2228, ThreadID = 2312, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: CMSClient-27.exe, InheritedFromPID = 1944, ProcessID = 2228, ThreadID = 2316, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: CMSClient-27.exe, InheritedFromPID = 1944, ProcessID = 2228, ThreadID = 2424, StartAddress = 00404FD6, Parameter = 0005038C
TargetProcess: CMSClient.exe, InheritedFromPID = 2228, ProcessID = 2744, ThreadID = 2756, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: CMSClient.exe, InheritedFromPID = 2228, ProcessID = 2744, ThreadID = 2772, StartAddress = 00B31C10, Parameter = 00E16020
TargetProcess: CMSClient.exe, InheritedFromPID = 2228, ProcessID = 2744, ThreadID = 2776, StartAddress = 00B31B80, Parameter = 00E16020
TargetProcess: CMSClient.exe, InheritedFromPID = 2228, ProcessID = 2744, ThreadID = 2780, StartAddress = 00B31A10, Parameter = 00E16020
Gedrag beschrijving:创建新文件进程
Voor meer informatie:ImagePath = C:\Program Files\CMSClient\CMSClient.exe, CmdLine = "C:\Program Files\CMSClient\CMSClient.exe"
Bestand gedrag
Gedrag beschrijving:创建文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nso4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\StartMenu.dll
C:\Program Files\CMSClient\Language\English.xml
C:\Program Files\CMSClient\Language\Chinese Simplified.xml
C:\Program Files\CMSClient\Language\Chinese Traditional.xml
C:\Program Files\CMSClient\Language\Korean.xml
C:\Program Files\CMSClient\Buzzer\buzzer1.wav
C:\Program Files\CMSClient\Buzzer\buzzer2.wav
C:\Program Files\CMSClient\Buzzer\buzzer3.wav
Gedrag beschrijving:在系统敏感位置(如开始菜单等)释放链接或快捷方式
Voor meer informatie:C:\Documents and Settings\All Users\「开始」菜单\程序\CMSClient\CMSClient.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\CMSClient\Uninstall.lnk
Gedrag beschrijving:创建可执行文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\StartMenu.dll
C:\Program Files\CMSClient\Codejock.cjstyles
C:\Program Files\CMSClient\CMSClient.exe
C:\Program Files\CMSClient\sqlite3.dll
C:\Program Files\CMSClient\WebApi.dll
C:\Program Files\CMSClient\UDP_Interface.dll
C:\Program Files\CMSClient\libh264dec.dll
C:\Program Files\CMSClient\libfaac.dll
C:\Program Files\CMSClient\libmp4v2.dll
C:\Program Files\CMSClient\rtsp.dll
C:\Program Files\CMSClient\player.dll
C:\Program Files\CMSClient\EncryptGW.dll
C:\Program Files\CMSClient\LogInstance.dll
Gedrag beschrijving:覆盖已有文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp
Gedrag beschrijving:查找文件
Voor meer informatie:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CMSClient
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4E.tmp
FileName = C:\Program Files\CMSClient
FileName = C:\Program Files
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\*.*
FileName = C:\Documents and Settings\Administrator\「开始」菜单
Gedrag beschrijving:在桌面创建快捷方式
Voor meer informatie:C:\Documents and Settings\All Users\桌面\CMSClient.lnk
Gedrag beschrijving:删除文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nso4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\StartMenu.dll
C:\Program Files\CMSClient\data.db-journal
Gedrag beschrijving:修改文件内容
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp ---> Offset = 75953
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu4D.tmp ---> Offset = 108721
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\LangDLL.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini ---> Offset = 124
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini ---> Offset = 33
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini ---> Offset = 43
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini ---> Offset = 60
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\ioSpecial.ini ---> Offset = 278
Register gedrag
Gedrag beschrijving:修改注册表
Voor meer informatie:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMSClient\NSIS:StartMenuDir
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CMSClient.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMSClient\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMSClient\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMSClient\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMSClient\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CMSClient\NSIS:Language
Gedrag beschrijving:修改注册表_延迟重命名项
Voor meer informatie:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Ander gedrag
Gedrag beschrijving:创建互斥体
Voor meer informatie:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ILI
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
CMSCLIENT_IS_RUNNING
MSCTF.Shared.MUTEX.MLK
Gedrag beschrijving:隐藏指定窗口
Voor meer informatie:[Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v2.46,Static]
[Window,Class] = [Nullsoft Install System v2.46 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Show &details,Button]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [确定,Button]
[Window,Class] = [取消,Button]
Gedrag beschrijving:打开事件
Voor meer informatie:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
Gedrag beschrijving:查找指定窗口
Voor meer informatie:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Gedrag beschrijving:枚举窗口
Voor meer informatie:N/A
Gedrag beschrijving:获取TickCount值
Voor meer informatie:TickCount = 5377959, SleepMilliseconds = 100.
TickCount = 5378318, SleepMilliseconds = 100.
TickCount = 5378350, SleepMilliseconds = 100.
TickCount = 5380146, SleepMilliseconds = 100.
TickCount = 5381475, SleepMilliseconds = 100.
TickCount = 5381521, SleepMilliseconds = 100.
TickCount = 5382334, SleepMilliseconds = 100.
TickCount = 5384521, SleepMilliseconds = 100.
TickCount = 5384693, SleepMilliseconds = 100.
TickCount = 5384709, SleepMilliseconds = 100.
TickCount = 5384756, SleepMilliseconds = 100.
TickCount = 5386709, SleepMilliseconds = 100.
TickCount = 5387881, SleepMilliseconds = 100.
TickCount = 5387896, SleepMilliseconds = 100.
TickCount = 5387912, SleepMilliseconds = 100.
Gedrag beschrijving:调整进程token权限
Voor meer informatie:SE_LOAD_DRIVER_PRIVILEGE
Gedrag beschrijving:窗口信息
Voor meer informatie:Pid = 2228, Hwnd=0x1002c8, Text = &Next >, ClassName = Button.
Pid = 2228, Hwnd=0x1802fe, Text = Cancel, ClassName = Button.
Pid = 2228, Hwnd=0x1902ce, Text = Nullsoft Install System v2.46 , ClassName = Static.
Pid = 2228, Hwnd=0x7038a, Text = Nullsoft Install System v2.46, ClassName = Static.
Pid = 2228, Hwnd=0x10034c, Text = Welcome to the CMSClient 1.0.0.27 Setup Wizard, ClassName = Static.
Pid = 2228, Hwnd=0x13033a, Text = This wizard will guide you through the installation of CMSClient 1.0.0.27. It is recommended that you close all other applicat, ClassName = Static.
Pid = 2228, Hwnd=0x802da, Text = CMSClient 1.0.0.27 Setup, ClassName = #32770.
Pid = 2228, Hwnd=0xd035e, Text = < &Back, ClassName = Button.
Pid = 2228, Hwnd=0x1702d8, Text = Choose Install Location, ClassName = Static.
Pid = 2228, Hwnd=0x9039c, Text = Choose the folder in which to install CMSClient 1.0.0.27., ClassName = Static.
Pid = 2228, Hwnd=0x14033a, Text = C:\Program Files\CMSClient, ClassName = Edit.
Pid = 2228, Hwnd=0x11034c, Text = B&rowse..., ClassName = Button.
Pid = 2228, Hwnd=0x1402c4, Text = Space available: 5.4GB, ClassName = Static.
Pid = 2228, Hwnd=0x110342, Text = Space required: 6.3MB, ClassName = Static.
Pid = 2228, Hwnd=0x7038e, Text = Setup will install CMSClient 1.0.0.27 in the following folder. To install in a different folder, click Browse and select another , ClassName = Static.
Gedrag beschrijving:可执行文件签名信息
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\LangDLL.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\InstallOptions.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\StartMenu.dll(签名验证: 未通过)
C:\Program Files\CMSClient\Codejock.cjstyles(签名验证: 通过)
C:\Program Files\CMSClient\CMSClient.exe(签名验证: 未通过)
C:\Program Files\CMSClient\sqlite3.dll(签名验证: 未通过)
C:\Program Files\CMSClient\WebApi.dll(签名验证: 未通过)
C:\Program Files\CMSClient\UDP_Interface.dll(签名验证: 未通过)
C:\Program Files\CMSClient\libh264dec.dll(签名验证: 未通过)
C:\Program Files\CMSClient\libfaac.dll(签名验证: 未通过)
C:\Program Files\CMSClient\libmp4v2.dll(签名验证: 未通过)
C:\Program Files\CMSClient\rtsp.dll(签名验证: 未通过)
C:\Program Files\CMSClient\player.dll(签名验证: 未通过)
C:\Program Files\CMSClient\EncryptGW.dll(签名验证: 未通过)
C:\Program Files\CMSClient\LogInstance.dll(签名验证: 未通过)
Gedrag beschrijving:调用Sleep函数
Voor meer informatie:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
Gedrag beschrijving:创建事件对象
Voor meer informatie:EventName = MSCTF.SendReceive.Event.ILI.IC
EventName = MSCTF.SendReceiveConection.Event.ILI.IC
EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MLK.IC
EventName = MSCTF.SendReceiveConection.Event.MLK.IC
Gedrag beschrijving:可执行文件MD5
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\LangDLL.dll ---> 9384f4007c492d4fa040924f31c00166
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\InstallOptions.dll ---> 325b008aec81e5aaa57096f05d4212b5
C:\Documents and Settings\Administrator\Local Settings\Temp\nsz4E.tmp\StartMenu.dll ---> a4173b381625f9f12aadb4e1cdaefdb8
C:\Program Files\CMSClient\Codejock.cjstyles ---> c4c6234ee655b914eb5eaacc572b7b44
C:\Program Files\CMSClient\CMSClient.exe ---> 0293ee36dd118820f1c78e5110a4811b
C:\Program Files\CMSClient\sqlite3.dll ---> 5c73e64374d9ba37ac5569d1f7de5c9b
C:\Program Files\CMSClient\WebApi.dll ---> 2641aac124ffa8a9ad3469cc16cd9585
C:\Program Files\CMSClient\UDP_Interface.dll ---> 28243e2ec054b9f17af7c99e0380a617
C:\Program Files\CMSClient\libh264dec.dll ---> b4ca4cdade7e26c0f6262817d3f96de7
C:\Program Files\CMSClient\libfaac.dll ---> cf8c36686274d64ab9068132fadd58a1
C:\Program Files\CMSClient\libmp4v2.dll ---> 19b27bca2b16fb654b8901d70b92d028
C:\Program Files\CMSClient\rtsp.dll ---> 31e26ed364c988ffa53554a71c907545
C:\Program Files\CMSClient\player.dll ---> 54b7c1053e09675283896cf03052ece7
C:\Program Files\CMSClient\EncryptGW.dll ---> b73bd090422e02ec96ef571fe4fcfc4c
C:\Program Files\CMSClient\LogInstance.dll ---> a2370c51fa525e985b55ed1f3f173da9
Gedrag beschrijving:打开互斥体
Voor meer informatie:ShimCacheMutex
Gedrag beschrijving:加载新释放的文件
Voor meer informatie:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4E.tmp\LangDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4E.tmp\InstallOptions.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz4E.tmp\StartMenu.dll.
Image: C:\Program Files\CMSClient\sqlite3.dll.
Image: C:\Program Files\CMSClient\WebApi.dll.
Image: C:\Program Files\CMSClient\UDP_Interface.dll.
Image: C:\Program Files\CMSClient\rtsp.dll.
Image: C:\Program Files\CMSClient\EncryptGW.dll.
Image: C:\Program Files\CMSClient\player.dll.
Image: C:\Program Files\CMSClient\libh264dec.dll.
Image: C:\Program Files\CMSClient\libmp4v2.dll.
Image: C:\Program Files\CMSClient\libfaac.dll.
Image: C:\Program Files\CMSClient\Codejock.cjstyles.
Screenshot uitvoeren
VirSCAN

Over VirSCAN | Privacybeleid | Neem contact met ons op | Vriendelijke link | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号