VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Taal
Serverbelasting
Server Load

Bestandsinformatie
Veiligheidsclassificatie:84
Gedragslijst
Gedragsanalyse rapport:         Threatbook file behaviour analysis report
Basis informatie
MD5:a8c4aa3ca06aff90c177820293bdfc87
Bestandstype:EXE
Productie bedrijf:diakov.net
versie:6.33.2.0---6.33.2.0
Shell- of compiler-informatie:COMPILER:NSIS
Subfile-informatie:IDMan.exe / ee19f9bbca25fdd004d27b4d9b412b65 / EXE
idmcchandler7_64.dll / 953460f75827aa4dc2ec85b101e2f93d / DLL
IDMIECC64.dll / 1527b4bf1dbb369d2976f63d7ab1497e / DLL
idmvconv.dll / 340b9ee52433a277a9b3157a4d91add6 / DLL
IDMGrHlp.exe / 1eb9022809337d1db0733a7ade47fc25 / EXE
IDMIECC.dll / 2427cba5c861187290e57a199e80e54e / DLL
idmcchandler2_64.dll / 5012ea14f13dd58ffeb14553824d8ebb / DLL
idmcchandler5_64.dll / 89a9ee74d8ff4d22f6a148fbf195f128 / DLL
idmcchandler3_64.dll / 89a9ee74d8ff4d22f6a148fbf195f128 / DLL
idmindex.dll / 09959ee223c5d34c82f1efb8bc8233cb / DLL
idmmzcc.xpi / ebb1a6c8389fcf9ef1a15e33dac0f1ef / zip
idmcchandler7.dll / 680c1feb4c36e73d8753b6746bcadfca / DLL
IDMNetMon64.dll / a6d2d817bee94807a6e99bc8807761e7 / DLL
idmcchandler2.dll / 36b618f848d6dda620bf0b151eacf02d / DLL
idmcchandler3.dll / 3e0c42000b09277fa4d885c0a0b70d05 / DLL
idmcchandler5.dll / 051af1dec37da40e92ce2d20b69df6cd / DLL
idman.chm / d7cc241b7761965af371d57baa94a2ba / Chm
IDMNetMon.dll / 734a452e602a6b0e6481fc6dbabbc18e / DLL
Larg-Preview.bmp / b7fa8307e0ec7960e58126ff5d99f434 / Unknown
Sleutelgedrag
Gedrag beschrijving:屏蔽窗口关闭消息
Voor meer informatie:hWnd = 0x0001033e, Text = Installation IDM 6.33.2 , ClassName = #32770.
Verwerk gedrag
Gedrag beschrijving:创建本地线程
Voor meer informatie:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 4080, ThreadID = 1452, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 4080, ThreadID = 2120, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 4080, ThreadID = 2104, StartAddress = 00404FD6, Parameter = 0002036C
Gedrag beschrijving:枚举进程
Voor meer informatie:N/A
Bestand gedrag
Gedrag beschrijving:创建文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsa7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\Aero.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\BrandingURL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll
C:\Program Files\Internet Download Manager\IDMShellExt.dll
C:\Program Files\Internet Download Manager\IDMShellExt64.dll
C:\Program Files\Internet Download Manager\IDMNetMon.dll
C:\Program Files\Internet Download Manager\IDMNetMon64.dll
C:\Program Files\Internet Download Manager\idmbrbtn.dll
Gedrag beschrijving:创建可执行文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\Aero.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\BrandingURL.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll
C:\Program Files\Internet Download Manager\IDMShellExt.dll
C:\Program Files\Internet Download Manager\IDMShellExt64.dll
C:\Program Files\Internet Download Manager\IDMNetMon.dll
C:\Program Files\Internet Download Manager\IDMNetMon64.dll
C:\Program Files\Internet Download Manager\idmbrbtn.dll
C:\Program Files\Internet Download Manager\idmbrbtn64.dll
C:\Program Files\Internet Download Manager\idmcchandler2.dll
C:\Program Files\Internet Download Manager\idmcchandler2_64.dll
C:\Program Files\Internet Download Manager\idmftype.dll
C:\Program Files\Internet Download Manager\IDMFType64.dll
Gedrag beschrijving:覆盖已有文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp
Gedrag beschrijving:查找文件
Voor meer informatie:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp
FileName = C:\Program Files\Internet Download Manager
FileName = C:\Program Files
FileName = C:\Program Files\Internet Download Manager\IDMShellExt.dll.old.remove
FileName = C:\Program Files\Internet Download Manager\IDMShellExt64.dll.old.remove
FileName = C:\Program Files\Internet Download Manager\IDMNetMon.dll.old.remove
FileName = C:\Program Files\Internet Download Manager\IDMNetMon64.dll.old.remove
FileName = C:\Program Files\Internet Download Manager\idmbrbtn.dll.old.remove
FileName = C:\Program Files\Internet Download Manager\idmbrbtn64.dll.old.remove
FileName = C:\Program Files\Internet Download Manager\idmcchandler2.dll.old.remove
Gedrag beschrijving:删除文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsa7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp
Gedrag beschrijving:修改文件内容
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-header.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\modern-wizard.bmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\Aero.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\BrandingURL.dll ---> Offset = 0
Ander gedrag
Gedrag beschrijving:创建互斥体
Voor meer informatie:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EPP
MSCTF.Shared.MUTEX.IDI
Gedrag beschrijving:隐藏指定窗口
Voor meer informatie:[Window,Class] = [,Button]
[Window,Class] = [by D!akov 潆 diakov.net,Static]
[Window,Class] = [by D!akov 潆 diakov.net ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Show &details,Button]
Gedrag beschrijving:查找指定窗口
Voor meer informatie:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Gedrag beschrijving:打开事件
Voor meer informatie:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
Gedrag beschrijving:调整进程token权限
Voor meer informatie:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Gedrag beschrijving:屏蔽窗口关闭消息
Voor meer informatie:hWnd = 0x0001033e, Text = Installation IDM 6.33.2 , ClassName = #32770.
Gedrag beschrijving:窗口信息
Voor meer informatie:Pid = 4080, Hwnd=0x10344, Text = &Next >, ClassName = Button.
Pid = 4080, Hwnd=0x10346, Text = Cancel, ClassName = Button.
Pid = 4080, Hwnd=0x10352, Text = by D!akov 潆 diakov.net , ClassName = Static.
Pid = 4080, Hwnd=0x10354, Text = by D!akov 潆 diakov.net, ClassName = Static.
Pid = 4080, Hwnd=0x10362, Text = Welcome to the IDM 6.33.2 Setup Wizard, ClassName = Static.
Pid = 4080, Hwnd=0x10364, Text = This wizard will guide you through the installation of IDM 6.33.2. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Ne, ClassName = Static.
Pid = 4080, Hwnd=0x1033e, Text = Installation IDM 6.33.2, ClassName = #32770.
Pid = 4080, Hwnd=0x10342, Text = < &Back, ClassName = Button.
Pid = 4080, Hwnd=0x10344, Text = &Install, ClassName = Button.
Pid = 4080, Hwnd=0x10358, Text = Choose Install Location, ClassName = Static.
Pid = 4080, Hwnd=0x1035a, Text = Choose the folder in which to install IDM 6.33.2., ClassName = Static.
Pid = 4080, Hwnd=0x20364, Text = C:\Program Files\Internet Download Manager, ClassName = Edit.
Pid = 4080, Hwnd=0x20362, Text = B&rowse..., ClassName = Button.
Pid = 4080, Hwnd=0x20360, Text = Space available: 4.8GB, ClassName = Static.
Pid = 4080, Hwnd=0x1036a, Text = Space required: 23.8MB, ClassName = Static.
Gedrag beschrijving:可执行文件签名信息
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\Aero.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\BrandingURL.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll(签名验证: 未通过)
C:\Program Files\Internet Download Manager\IDMShellExt.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\IDMShellExt64.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\IDMNetMon.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\IDMNetMon64.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\idmbrbtn.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\idmbrbtn64.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\idmcchandler2.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\idmcchandler2_64.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\idmftype.dll(签名验证: 通过)
C:\Program Files\Internet Download Manager\IDMFType64.dll(签名验证: 通过)
Gedrag beschrijving:创建事件对象
Voor meer informatie:EventName = MSCTF.SendReceive.Event.EPP.IC
EventName = MSCTF.SendReceiveConection.Event.EPP.IC
EventName = MSCTF.SendReceive.Event.IDI.IC
EventName = MSCTF.SendReceiveConection.Event.IDI.IC
Gedrag beschrijving:可执行文件MD5
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\LangDLL.dll ---> 9384f4007c492d4fa040924f31c00166
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\Aero.dll ---> 243bf44688b131c3171f2827a93e39dc
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\BrandingURL.dll ---> 71c46b663baa92ad941388d082af97e7
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\nsDialogs.dll ---> c10e04dd4ad4277d5adc951bb331c777
C:\Documents and Settings\Administrator\Local Settings\Temp\nsv9.tmp\System.dll ---> c17103ae9072a06da581dec998343fc1
C:\Program Files\Internet Download Manager\IDMShellExt.dll ---> e3ffdff31fed63050fa856dbdafb1e90
C:\Program Files\Internet Download Manager\IDMShellExt64.dll ---> 555f97044de456b918b32fe684e40d78
C:\Program Files\Internet Download Manager\IDMNetMon.dll ---> 734a452e602a6b0e6481fc6dbabbc18e
C:\Program Files\Internet Download Manager\IDMNetMon64.dll ---> a6d2d817bee94807a6e99bc8807761e7
C:\Program Files\Internet Download Manager\idmbrbtn.dll ---> c122530c30e0d5c93a9119a61fb8a28d
C:\Program Files\Internet Download Manager\idmbrbtn64.dll ---> 982678229bd9f8537244d524b8780c35
C:\Program Files\Internet Download Manager\idmcchandler2.dll ---> 36b618f848d6dda620bf0b151eacf02d
C:\Program Files\Internet Download Manager\idmcchandler2_64.dll ---> 5012ea14f13dd58ffeb14553824d8ebb
C:\Program Files\Internet Download Manager\idmftype.dll ---> 48db4bfce6f3476dfa6602546f5fb5d4
C:\Program Files\Internet Download Manager\IDMFType64.dll ---> c976ceb4be1daf3a848c11a4adf224ba
Gedrag beschrijving:打开互斥体
Voor meer informatie:ShimCacheMutex
Gedrag beschrijving:加载新释放的文件
Voor meer informatie:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\LangDLL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\Aero.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\BrandingURL.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\nsDialogs.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv9.tmp\System.dll.
Screenshot uitvoeren
VirSCAN

Over VirSCAN | Privacybeleid | Neem contact met ons op | Vriendelijke link | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号