VirSCAN VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.
4, Якщо ваш переглядач не може вивантажити файли, будь ласка, звантажити вивантаження VirSCAN.

Мова
Завантаження сервера
Server Load

VirSCAN
VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.

   Інформація про файл

Основна інформація

MD5:45e94576154a747ada64a6bf214a83e0
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Назва пакета:
Мінімальне робоче середовище:
Авторське право:

Ключова поведінка

Опис поведінки: 获取TickCount值
Подробиці: TickCount = 224593, SleepMilliseconds = 250.
TickCount = 225140, SleepMilliseconds = 250.
TickCount = 225203, SleepMilliseconds = 250.
TickCount = 225250, SleepMilliseconds = 250.
TickCount = 225265, SleepMilliseconds = 250.
TickCount = 225312, SleepMilliseconds = 250.
TickCount = 225531, SleepMilliseconds = 250.
TickCount = 227953, SleepMilliseconds = 250.
TickCount = 227968, SleepMilliseconds = 250.
TickCount = 229968, SleepMilliseconds = 250.
TickCount = 229984, SleepMilliseconds = 250.
TickCount = 230937, SleepMilliseconds = 250.
TickCount = 230968, SleepMilliseconds = 250.
TickCount = 230984, SleepMilliseconds = 250.
TickCount = 231000, SleepMilliseconds = 250.

Процес поведінки

Опис поведінки: 隐藏窗口创建进程
Подробиці: ImagePath = , CmdLine = C:\Program Files\MP3Gain\mp3gain /v
Опис поведінки: 创建本地线程
Подробиці: TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3060, ThreadID = 3244, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3060, ThreadID = 3448, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3060, ThreadID = 3452, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 3060, ThreadID = 3548, StartAddress = 00405199, Parameter = 00040368
Опис поведінки: 创建新文件进程
Подробиці: [0x00000e30]ImagePath = C:\Program Files\MP3Gain\MP3GainGUI.exe, CmdLine = "C:\Program Files\MP3Gain\MP3GainGUI.exe"
[0x00000e38]ImagePath = C:\Program Files\MP3Gain\mp3gain.exe, CmdLine = "C:\Program Files\MP3Gain\mp3gain" /v

Поведінка файлів

Опис поведінки: 创建文件
Подробиці: C:\Documents and Settings\Administrator\Local Settings\Temp\nsm7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\InstallOptions.dll
C:\Program Files\MP3Gain\MP3GainGUI.exe
C:\Program Files\MP3Gain\mp3gain.exe
C:\Program Files\MP3Gain\README.txt
C:\Program Files\MP3Gain\MP3Gain.chm
C:\Program Files\MP3Gain\uninst-mp3gain.exe
C:\WINDOWS\wininit.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF94BC.tmp
Опис поведінки: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
Подробиці: C:\Documents and Settings\Administrator\「开始」菜单\程序\MP3Gain\MP3Gain.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\MP3Gain\MP3Gain Help.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\MP3Gain\Uninstall MP3Gain.lnk
Опис поведінки: 创建可执行文件
Подробиці: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\InstallOptions.dll
C:\Program Files\MP3Gain\MP3GainGUI.exe
C:\Program Files\MP3Gain\mp3gain.exe
C:\Program Files\MP3Gain\uninst-mp3gain.exe
Опис поведінки: 查找文件
Подробиці: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr8.tmp
FileName = C:\Program Files\MP3Gain
FileName = C:\Program Files
FileName = C:\Program Files\MP3Gain\MP3GainGUI.exe
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\「开始」菜单
Опис поведінки: 删除文件
Подробиці: C:\Documents and Settings\Administrator\Local Settings\Temp\nsm7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\modern-wizard.bmp
Опис поведінки: 修改文件内容
Подробиці: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 124
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 33
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 43
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 60
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 277
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 308
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 363
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 371
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 383
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\InstallOptions.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 225
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\ioSpecial.ini ---> Offset = 331

Реєстр поведінки

Опис поведінки: 修改注册表
Подробиці: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\
\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Version\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\MiscStatus\1\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\ToolboxBitmap32\
Опис поведінки: 删除注册表键值
Подробиці: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel
Опис поведінки: 删除注册表键
Подробиці: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\
Опис поведінки: 修改注册表_延迟重命名项
Подробиці: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations

Інша поведінка

Опис поведінки: 获取光标位置
Подробиці: CursorPos = (80,18468), SleepMilliseconds = 250.
CursorPos = (6373,26501), SleepMilliseconds = 250.
CursorPos = (19208,15725), SleepMilliseconds = 250.
Опис поведінки: 创建互斥体
Подробиці: oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IPL
Опис поведінки: 创建事件对象
Подробиці: EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IPL.IC
EventName = MSCTF.SendReceiveConection.Event.IPL.IC
Опис поведінки: 查找指定窗口
Подробиці: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Опис поведінки: 窗口信息
Подробиці: Pid = 3060, Hwnd=0x1034a, Text = &Next >, ClassName = Button.
Pid = 3060, Hwnd=0x1034c, Text = Cancel, ClassName = Button.
Pid = 3060, Hwnd=0x10358, Text = Nullsoft Install System v3.03 , ClassName = Static.
Pid = 3060, Hwnd=0x1035a, Text = Nullsoft Install System v3.03, ClassName = Static.
Pid = 3060, Hwnd=0x10368, Text = Welcome to MP3Gain Setup, ClassName = Static.
Pid = 3060, Hwnd=0x1036a, Text = Setup will guide you through the installation of MP3Gain. It is recommended that you close all other applications before starting Setup. This will make it possible to update relevant system files without having to reboot your computer. Click Next to con, ClassName = Static.
Pid = 3060, Hwnd=0x60342, Text = MP3Gain 1.2.5, ClassName = #32770.
Pid = 3060, Hwnd=0x10348, Text = < &Back, ClassName = Button.
Pid = 3060, Hwnd=0x1035e, Text = Choose Components, ClassName = Static.
Pid = 3060, Hwnd=0x10360, Text = Choose which features of MP3Gain you want to install., ClassName = Static.
Pid = 3060, Hwnd=0x2036a, Text = This will install MP3Gain 1.2.5 on your computer:, ClassName = Static.
Pid = 3060, Hwnd=0x20368, Text = Select the type of install:, ClassName = Static.
Pid = 3060, Hwnd=0x20366, Text = Normal, ClassName = ComboBox.
Pid = 3060, Hwnd=0x10370, Text = Or, select the optional components you wish to install:, ClassName = Static.
Pid = 3060, Hwnd=0x10372, Text = Space required: 1.0 MB, ClassName = Static.
Опис поведінки: 获取TickCount值
Подробиці: TickCount = 224593, SleepMilliseconds = 250.
TickCount = 225140, SleepMilliseconds = 250.
TickCount = 225203, SleepMilliseconds = 250.
TickCount = 225250, SleepMilliseconds = 250.
TickCount = 225265, SleepMilliseconds = 250.
TickCount = 225312, SleepMilliseconds = 250.
TickCount = 225531, SleepMilliseconds = 250.
TickCount = 227953, SleepMilliseconds = 250.
TickCount = 227968, SleepMilliseconds = 250.
TickCount = 229968, SleepMilliseconds = 250.
TickCount = 229984, SleepMilliseconds = 250.
TickCount = 230937, SleepMilliseconds = 250.
TickCount = 230968, SleepMilliseconds = 250.
TickCount = 230984, SleepMilliseconds = 250.
TickCount = 231000, SleepMilliseconds = 250.
Опис поведінки: 调整进程token权限
Подробиці: SE_LOAD_DRIVER_PRIVILEGE
Опис поведінки: 打开事件
Подробиці: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
Опис поведінки: 可执行文件签名信息
Подробиці: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\InstallOptions.dll(签名验证: 未通过)
C:\Program Files\MP3Gain\MP3GainGUI.exe(签名验证: 未通过)
C:\Program Files\MP3Gain\mp3gain.exe(签名验证: 未通过)
C:\Program Files\MP3Gain\uninst-mp3gain.exe(签名验证: 未通过)
Опис поведінки: 调用Sleep函数
Подробиці: [1]: MilliSeconds = 250.
[2]: MilliSeconds = 250.
[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
Опис поведінки: 隐藏指定窗口
Подробиці: [Window,Class] = [,Button]
[Window,Class] = [Nullsoft Install System v3.03,Static]
[Window,Class] = [Nullsoft Install System v3.03 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
Опис поведінки: 可执行文件MD5
Подробиці: C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp\InstallOptions.dll ---> 8d5a5529462a9ba1ac068ee0502578c7
C:\Program Files\MP3Gain\MP3GainGUI.exe ---> f3a35fd430520d2f5261c2fc9296ba80
C:\Program Files\MP3Gain\mp3gain.exe ---> f44f61cb7140e42c0e65450160b9a6f3
C:\Program Files\MP3Gain\uninst-mp3gain.exe ---> e32f382719c075c0f1a336f1d0f3569f
Опис поведінки: 打开互斥体
Подробиці: ShimCacheMutex
Опис поведінки: 加载新释放的文件
Подробиці: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr8.tmp\InstallOptions.dll.