VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Taal
Serverbelasting
Server Load

Bestandsinformatie
Veiligheidsclassificatie:77
Gedragslijst
Basis informatie
MD5:b9aa1955732127f71908ea597338d960
Bestandstype:zip
Productie bedrijf:
versie:
Shell- of compiler-informatie:COMPILER:Microsoft Visual C++ v7.1 DLL [Overlay]
Subfile-informatie:download_engine.dlldumpFile / 1a87ff238df9ea26e76b56f34e18402c / DLL
download_engine.dll / 1a87ff238df9ea26e76b56f34e18402c / DLL
upx_c_42fb4c4bdumpFile / dd68a1bd7fd538897f376d9237a144e4 / EXE
msvcp71.dlldumpFile / a94dc60a90efd7a35c36d971e3ee7470 / DLL
msvcp71.dll / a94dc60a90efd7a35c36d971e3ee7470 / DLL
音乐下载.exedumpFile / cfbc41353d8d1ae802e9962febbe0047 / EXE
音乐下载.exe / cfbc41353d8d1ae802e9962febbe0047 / EXE
msvcr71.dlldumpFile / ca2f560921b7b8be1cf555a5a18d54c3 / DLL
msvcr71.dll / ca2f560921b7b8be1cf555a5a18d54c3 / DLL
xldl.dlldumpFile / 40e8d381da7c2badc4b6f0cdb4b5378f / DLL
xldl.dll / 40e8d381da7c2badc4b6f0cdb4b5378f / DLL
MiniThunderPlatform.exedumpFile / 0c8f2b0ee5bf990c6541025e94985c9f / EXE
MiniThunderPlatform.exe / 0c8f2b0ee5bf990c6541025e94985c9f / EXE
XLBugReport.exedumpFile / 67c767470d0893c4a2e46be84c9afcbb / EXE
XLBugReport.exe / 67c767470d0893c4a2e46be84c9afcbb / EXE
unrar.dlldumpFile / 20fe8157cf3215e8c91611cf8ce3641b / DLL
unrar.dll / 20fe8157cf3215e8c91611cf8ce3641b / DLL
XLBugHandler.dlldumpFile / 92154e720998acb6fa0f7bad63309470 / DLL
XLBugHandler.dll / 92154e720998acb6fa0f7bad63309470 / DLL
Sleutelgedrag
Gedrag beschrijving:修改原系统的EXE文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\atl71.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\zlib1.dll
Gedrag beschrijving:设置特殊文件夹属性
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Verwerk gedrag
Gedrag beschrijving:创建进程
Voor meer informatie:ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe" -StartTP
Gedrag beschrijving:创建本地线程
Voor meer informatie:TargetProcess: 音乐下载.exe, InheritedFromPID = 1944, ProcessID = 1076, ThreadID = 1096, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 1536, StartAddress = 765E964D, Parameter = 0018C858
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 1268, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 1956, StartAddress = 0168AB50, Parameter = 009EC6B8
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 1532, StartAddress = 0168AB50, Parameter = 009EC750
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 412, StartAddress = 0168AB50, Parameter = 009E5068
TargetProcess: 音乐下载.exe, InheritedFromPID = 1944, ProcessID = 1076, ThreadID = 1412, StartAddress = 1001BFA9, Parameter = 00F84CB8
TargetProcess: 音乐下载.exe, InheritedFromPID = 1944, ProcessID = 1076, ThreadID = 784, StartAddress = 1001BFA9, Parameter = 00F84D10
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 156, StartAddress = 015AC6F0, Parameter = 0BEF04A8
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 1808, StartAddress = 0168AB50, Parameter = 009EA318
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 564, StartAddress = 0168AB50, Parameter = 009E5200
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 912, StartAddress = 014CC250, Parameter = 009E3C68
TargetProcess: MiniThunderPlatform.exe, InheritedFromPID = 1076, ProcessID = 932, ThreadID = 460, StartAddress = 014CC250, Parameter = 009E3C68
TargetProcess: 音乐下载.exe, InheritedFromPID = 1944, ProcessID = 1076, ThreadID = 632, StartAddress = 00402FBB, Parameter = 00000000
TargetProcess: 音乐下载.exe, InheritedFromPID = 1944, ProcessID = 1076, ThreadID = 1560, StartAddress = 7C947EBB, Parameter = 00000000
Bestand gedrag
Gedrag beschrijving:创建文件
Voor meer informatie:C:\Documents and Settings\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwNTU=\Version_3_2_1_40\Profiles\error.dat
C:\Documents and Settings\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAwNTU=\Version_3_2_1_40\Profiles\asyn_frame.dat
Gedrag beschrijving:修改原系统的EXE文件
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\atl71.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\zlib1.dll
Gedrag beschrijving:设置特殊文件夹属性
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Gedrag beschrijving:修改文件内容
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\xldl.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\xldl.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\xldl.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\xldl.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\xldl.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll ---> Offset = 262144
Gedrag beschrijving:查找文件
Voor meer informatie:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\MiniThunderPlatform.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\WINDOWS\system32\drivers\etc\Hosts
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
Netwerk gedrag
Gedrag beschrijving:连接指定站点
Voor meer informatie:InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0010, Flags = 0x00000000
Gedrag beschrijving:打开HTTP连接
Voor meer informatie:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0004
Gedrag beschrijving:建立到一个指定的套接字连接
Voor meer informatie:URL: hu****et, IP: **.133.40.**:80, SOCKET = 0x00000308
URL: pm****et, IP: **.133.40.**:80, SOCKET = 0x0000032c
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x0000056c
URL: hu****et, IP: **.133.40.**:80, SOCKET = 0x0000030c
URL: im****et, IP: **.133.40.**:80, SOCKET = 0x00000328
URL: sc****et, IP: **.133.40.**:80, SOCKET = 0x0000033c
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000568
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x000004ec
Gedrag beschrijving:读取网络文件
Voor meer informatie:hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00cc0014, BytesToRead =1024, BytesRead = 1024.
Gedrag beschrijving:发送HTTP包
Voor meer informatie:POST / HTTP/1.1 Host: hu****et:80 Content-type: application/octet-stream Content-Length: 268 Connection: Keep-Alive =
POST / HTTP/1.1 Host: pm****et:80 Content-type: application/octet-stream Content-Length: 92 Connection: Keep-Alive @
GET /song_search_v2?keyword=%E4%B8%9C%E6%9D%A5%E4%B8%9C%E5%BE%80&page=0&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=PcFilter&userid=785408929&clientver=8063&iscorrection=3 HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://songsearch.kugou.com/song_search_v2?keyword=%E4%B8%9C%E6%9D%A5%E4%B8%9C%E5%BE%80&page=0&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=PcFilter&userid=785408929&clientver=8063&iscorrection=3 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Connection: Keep-Alive Host: so****om Cache-Control: no-cache
POST / HTTP/1.1 Host: hu****et:80 Content-type: application/octet-stream Content-Length: 44 Connection: Keep-Alive A
POST / HTTP/1.1 Host: im****et:80 Content-type: application/octet-stream Content-Length: 44 Connection: Keep-Alive A
POST / HTTP/1.1 Host: sc****et:80 Content-type: application/octet-stream Content-Length: 92 Connection: Keep-Alive <
GET /song_search_v2?keyword=%E4%B8%9C%E6%9D%A5%E4%B8%9C%E5%BE%80&page=1&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=PcFilter&userid=785408929&clientver=8063&iscorrection=3 HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://songsearch.kugou.com/song_search_v2?keyword=%E4%B8%9C%E6%9D%A5%E4%B8%9C%E5%BE%80&page=1&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=PcFilter&userid=785408929&clientver=8063&iscorrection=3 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Connection: Keep-Alive Host: so****om Cache-Control: no-cache
GET /song_search_v2?keyword=%E4%B8%9C%E6%9D%A5%E4%B8%9C%E5%BE%80&page=2&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=PcFilter&userid=785408929&clientver=8063&iscorrection=3 HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://songsearch.kugou.com/song_search_v2?keyword=%E4%B8%9C%E6%9D%A5%E4%B8%9C%E5%BE%80&page=2&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=PcFilter&userid=785408929&clientver=8063&iscorrection=3 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Connection: Keep-Alive Host: so****om Cache-Control: no-cache
Gedrag beschrijving:打开HTTP请求
Voor meer informatie:HttpOpenRequestA: so****om:80/song_search_v2?keyword=%e4%b8%9c%e6%9d%a5%e4%b8%9c%e5%be%80&page=0&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=pcfilter&userid=785408929&clientver=8063&iscorrection=3, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84283000
HttpOpenRequestA: so****om:80/song_search_v2?keyword=%e4%b8%9c%e6%9d%a5%e4%b8%9c%e5%be%80&page=1&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=pcfilter&userid=785408929&clientver=8063&iscorrection=3, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84283000
HttpOpenRequestA: so****om:80/song_search_v2?keyword=%e4%b8%9c%e6%9d%a5%e4%b8%9c%e5%be%80&page=2&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=pcfilter&userid=785408929&clientver=8063&iscorrection=3, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84283000
HttpOpenRequestA: so****om:80/song_search_v2?keyword=%e4%b8%9c%e6%9d%a5%e4%b8%9c%e5%be%80&page=0&pagesize=40&filter=0&bitrate=0&isfuzzy=0&tag=em&inputtype=2&platform=pcfilter&userid=785408929&clientver=8063&iscorrection=3, hConnect = 0x00cc0010, hRequest = 0x00cc0014, Verb: GET, Referer: , Flags = 0x84283000
Gedrag beschrijving:按名称获取主机地址
Voor meer informatie:gethostbyname: hu****et
gethostbyname: re****et
gethostbyname: computer
gethostbyname: pm****et
GetAddrInfoW: so****om
gethostbyname: im****et
gethostbyname: sc****et
Register gedrag
Gedrag beschrijving:修改注册表
Voor meer informatie:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Gedrag beschrijving:删除注册表键值
Voor meer informatie:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Ander gedrag
Gedrag beschrijving:创建互斥体
Voor meer informatie:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tp_connector_tpka_m_2013515_360_a
RasPbFile
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tpka_m_2013515_360_a
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AHB
F8730FC7_1436_4121_9FA6_C0FBF4817482
Gedrag beschrijving:创建事件对象
Voor meer informatie:EventName = DINPUTWINMM
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tpstart_up_e_20130515_360_a
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tpstart_up_failed_e_20130515_360_a
EventName = Global\crypt32LogoffEvent
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tpr_e_2013515_360_a
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tpw_e_2013515_360_a
EventName = c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tp_alive_check_e_2013515_360_a
EventName = MSCTF.SendReceive.Event.AHB.IC
EventName = MSCTF.SendReceiveConection.Event.AHB.IC
EventName = Global\userenv: User Profile setup event
Gedrag beschrijving:查找指定窗口
Voor meer informatie:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Gedrag beschrijving:窗口信息
Voor meer informatie:Pid = 1076, Hwnd=0xe039e, Text = 为了方便那些喜欢听音乐的人 现在连下载个音乐都收费了 - -, ClassName = _EL_Label.
Pid = 1076, Hwnd=0x13033a, Text = www.52pojie.cn 2016.8.18, ClassName = _EL_Label.
Pid = 1076, Hwnd=0x10034c, Text = 本程序可下载高质/无损音质/及匹配的MV, ClassName = _EL_Label.
Pid = 1076, Hwnd=0x1302c4, Text = 使用本工具下载的内容统一存放在本程序路径的Mymp3文件夹内, ClassName = _EL_Label.
Pid = 1076, Hwnd=0x1902ce, Text = 3, ClassName = Edit.
Pid = 1076, Hwnd=0x403a2, Text = 搜索页数:, ClassName = _EL_Label.
Pid = 1076, Hwnd=0x40392, Text = 搜索, ClassName = Button.
Pid = 1076, Hwnd=0x703ba, Text = 东来东往, ClassName = Edit.
Pid = 1076, Hwnd=0x503b0, Text = 歌手/歌曲名:, ClassName = _EL_Label.
Pid = 1076, Hwnd=0x1902fe, Text = 音乐下载 [高音质/无损音质/MV], ClassName = WTWindow.
Gedrag beschrijving:调整进程token权限
Voor meer informatie:SE_LOAD_DRIVER_PRIVILEGE
Gedrag beschrijving:打开事件
Voor meer informatie:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tpstart_up_e_20130515_360_a
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
\INSTALLATION_SECURITY_HOLD
Gedrag beschrijving:修改后的可执行文件签名信息
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\atl71.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\zlib1.dll(签名验证: 未通过)
Gedrag beschrijving:直接操作物理设备
Voor meer informatie:\??\PhysicalDrive0
Gedrag beschrijving:隐藏指定窗口
Voor meer informatie:[Window,Class] = [,SysListView32]
[Window,Class] = [使用本工具下载的内容统一存放在本程序路径的Mymp3文件夹内,_EL_Label]
[Window,Class] = [本程序可下载高质/无损音质/及匹配的MV,_EL_Label]
[Window,Class] = [www.52pojie.cn 2016.8.18,_EL_Label]
[Window,Class] = [为了方便那些喜欢听音乐的人 现在连下载个音乐都收费了 - -,_EL_Label]
Gedrag beschrijving:打开互斥体
Voor meer informatie:ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tpka_m_2013515_360_a
RasPbFile
c:/documents and settings/administrator/local settings/temp/eb93a6/%temp%\****.exe_7zdump/音乐下载/download/minithunderplatform.exe_mini_tp_connector_tpka_m_2013515_360_a
Gedrag beschrijving:修改后的可执行文件MD5
Voor meer informatie:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\msvcr71.dll ---> ca2f560921b7b8be1cf555a5a18d54c3
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\atl71.dll ---> 79cb6457c81ada9eb7f2087ce799aaa7
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\音乐下载\download\zlib1.dll ---> 89f6488524eaa3e5a66c5f34f3b92405
Screenshot uitvoeren
VirSCAN

Over VirSCAN | Privacybeleid | Neem contact met ons op | Vriendelijke link | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号