VirSCAN.org-多引擎在线病毒扫描网 v1.02，当前支持 47 款杀毒引擎

导航栏

首页

去往Virscan.org

查看报告

病毒报告

行为报告

帮助我们

BUG提交

联系我们

URL检测

API

病毒百科

uploader for windows(test)

支持厂商

文件信息

安全评分:59

virscan.org多引擎扫描报告

基本信息
MD5:	4cbb72eee5872749b53cf665d122893c
文件类型:	Nsis
出品公司:
版本:
壳或编译器信息:
子文件信息:	UnblockCn.exe / 60736fa3437f7294ffa8ada88e96306f / EXE
	Update.exe / ba4fc83b779537a34ce54d4c1426ac4c / EXE
	processwork.dll / 0a4fa7a9ba969a805eb0603c7cfe3378 / DLL
	modern-wizard.bmp / 6c1752f7d62338d36c8ddaff7c5beff9 / Unknown
	InstallOptions.dll / 0dc0cc7a6d9db685bf05a7e5f3ea4781 / DLL
	browser.ico / 5f1b405a428a9a3a1b023c4b529049c0 / Unknown
	logo.ico / 930b32ae656b17be3b2383035f0c89a8 / Unknown
	[NSIS].nsi / e04396bd1e1bd0792adf264545d71c65 / Unknown
	Readme.txt / a996b45e9707445595518ebcacdfc319 / Unknown
	UnblockCn.ini / 5a6b726d0306735ff875ebbc6d263c51 / Unknown
	ioSpecial.ini / e2d5070bc28db1ac745613689ff86067 / Unknown
	UnblockCn官网.url / a63f28f9b3e27277085a8f774fe25d97 / Unknown

关键行为
行为描述:	获取系统权限
详细信息:	SE_LOAD_DRIVER_PRIVILEGE
行为描述:	获取TickCount值
详细信息:	TickCount = 495406, SleepMilliseconds = 250.
行为描述:	屏蔽窗口关闭消息
详细信息:	hWnd = 0x00060298, Text = , ClassName = #32770.
	hWnd = 0x000402a0, Text = Copyright 2015 UnblockCN, ClassName = #32770.
行为描述:	在桌面创建快捷方式
详细信息:	C:\Documents and Settings\All Users\桌面\UnblockCn.lnk
	C:\Documents and Settings\All Users\桌面\UnblockCn官网.lnk
行为描述:	设置特殊文件夹属性
详细信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies
	C:\Documents and Settings\Administrator\IECompatCache
行为描述:	修改注册表_启动项
详细信息:	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UnblockCn

进程行为
行为描述:	创建新文件进程
详细信息:	ImagePath = C:\Program Files\UnblockCn\UnblockCn.exe, CmdLine = "C:\Program Files\UnblockCn\UnblockCn.exe"
行为描述:	创建本地线程
详细信息:	N/A
行为描述:	进程退出
详细信息:	N/A
行为描述:	枚举进程
详细信息:	N/A

文件行为
行为描述:	创建文件
详细信息:	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\modern-wizard.bmp
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\InstallOptions.dll
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\processwork.dll
	C:\Program Files\UnblockCn\UnblockCn.exe
	C:\Program Files\UnblockCn\Update.exe
	C:\Program Files\UnblockCn\Readme.txt
	C:\Program Files\UnblockCn\UnblockCn官网.url
	C:\Program Files\UnblockCn\browser.ico
	C:\Program Files\UnblockCn\logo.ico
	C:\Program Files\UnblockCn\UnblockCn.ini
	C:\Program Files\UnblockCn\uninst.exe
	C:\WINDOWS\wininit.ini
行为描述:	在系统敏感位置（如开始菜单等)释放链接或快捷方式
详细信息:	C:\Documents and Settings\All Users\「开始」菜单\程序\UnblockCn\UnblockCn.lnk
	C:\Documents and Settings\All Users\「开始」菜单\程序\UnblockCn\UnblockCn官网.lnk
行为描述:	创建可执行文件
详细信息:	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\InstallOptions.dll
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\processwork.dll
	C:\Program Files\UnblockCn\UnblockCn.exe
	C:\Program Files\UnblockCn\Update.exe
	C:\Program Files\UnblockCn\uninst.exe
行为描述:	覆盖已有文件
详细信息:	C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[2]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[3]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[3]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[2]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\httpErrorPagesScripts[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[3]
行为描述:	查找文件
详细信息:	FileName = C:\DOCUME~1
	FileName = C:\Documents and Settings\ADMINI~1
	FileName = C:\Documents and Settings\Administrator\LOCALS~1
	FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
	FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp
	FileName = C:\Program Files\UnblockCn
	FileName = C:\Program Files
	FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
	FileName = C:\DOCUME~1\ADMINI~1
	FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\启动\UnblockCn.lnk
	FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\启动
	FileName = C:\Documents and Settings\All Users\「开始」菜单\程序
	FileName = C:\Documents and Settings\All Users\「开始」菜单
	FileName = C:\Documents and Settings\All Users
行为描述:	在桌面创建快捷方式
详细信息:	C:\Documents and Settings\All Users\桌面\UnblockCn.lnk
	C:\Documents and Settings\All Users\桌面\UnblockCn官网.lnk
行为描述:	删除文件
详细信息:	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsh4.tmp
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\InstallOptions.dll
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\InstallOptions.dll-newfile
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini-newfile
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\modern-wizard.bmp
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\modern-wizard.bmp-newfile
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\processwork.dll
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\processwork.dll-newfile
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
行为描述:	设置特殊文件夹属性
详细信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies
	C:\Documents and Settings\Administrator\IECompatCache
行为描述:	修改文件内容
详细信息:	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 0
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 36
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\modern-wizard.bmp---> Offset = 84990
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 124
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 33
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 43
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 60
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 277
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 301
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 356
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 364
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 376
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 225
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 325
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\ioSpecial.ini---> Offset = 619

网络行为
行为描述:	连接指定站点
详细信息:	InternetConnectA: ServerName = app.unblockcn.com, PORT = 80
	InternetConnectA: ServerName = pay.unblockcn.com, PORT = 80
行为描述:	联网打开网址
详细信息:	InternetOpenUrlA: http://www.unblockcn.com/biz/windows/pac_info.html hInternet = 0x0000046c
	InternetOpenUrlA: http://www.unblockcn.com/biz/windows/serverinfo_path.html hInternet = 0x00000440
	InternetOpenUrlA: MZ?离9u黃WPuuuu謰?髏S岴餚Wu?u<癫^鸨^痞8侃J飕[氆Z戟Z楱Y蕙P摇F聺9紱5$煋 $秜 跐e貨e讱e讱e讱e锊q聏峸\郙MM
	InternetOpenUrlA: http://www.unblockcn.com/biz/windows/unblockcn_version.html hInternet = 0x00000474
	InternetOpenUrlA: http://www.unblockcn.com/biz/windows/update_version.html hInternet = 0x0000046c
	InternetOpenUrlA: http://www.unblockcn.com/biz/windows/update_path.html hInternet = 0x00000480
行为描述:	建立到一个指定的套接字连接
详细信息:	127.0.0.1:1031
行为描述:	读取网络文件
详细信息:	hFile = 0x0000046c, BytesToRead =16384, BytesRead = 16384.
	hFile = 0x00000440, BytesToRead =16384, BytesRead = 16384.
	hFile = 0x00000474, BytesToRead =16384, BytesRead = 16384.
	hFile = 0x00000480, BytesToRead =16384, BytesRead = 16384.
行为描述:	打开HTTP请求
详细信息:	HttpOpenRequestA: app.unblockcn.com:80/app/windows/v1/index/index.html, hConnect = 0x00000390
	HttpOpenRequestA: pay.unblockcn.com:80/index.php?pay=ali&s=win&name=, hConnect = 0x00000390
	HttpOpenRequestA: app.unblockcn.com:80/app/windows/v1/kf/index.html, hConnect = 0x00000398

注册表行为
行为描述:	修改注册表
详细信息:	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UnblockCn.exe\
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnblockCn\DisplayName
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnblockCn\UninstallString
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnblockCn\DisplayIcon
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnblockCn\DisplayVersion
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnblockCn\URLInfoAbout
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnblockCn\Publisher
	\REGISTRY\MACHINE\SOFTWARE\Classes\UnblockCn\
	\REGISTRY\MACHINE\SOFTWARE\Classes\UnblockCn\DefaultIcon\
	\REGISTRY\MACHINE\SOFTWARE\Classes\UnblockCn\shell\shell
	\REGISTRY\MACHINE\SOFTWARE\Classes\UnblockCn\shell\open\
	\REGISTRY\MACHINE\SOFTWARE\Classes\UnblockCn\shell\open\command\
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\UnblockCn.exe
	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:	修改注册表_延迟重命名项
详细信息:	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
行为描述:	修改注册表_URL协议关联
详细信息:	\REGISTRY\MACHINE\SOFTWARE\Classes\UnblockCn\URL Protocol
行为描述:	删除注册表键值_IE连接设置
详细信息:	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述:	修改注册表_启动项
详细信息:	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UnblockCn

其他行为
行为描述:	创建互斥体
详细信息:	CTF.LBES.MutexDefaultS-*
	CTF.Compart.MutexDefaultS-*
	CTF.Asm.MutexDefaultS-*
	CTF.Layouts.MutexDefaultS-*
	CTF.TMD.MutexDefaultS-*
	CTF.TimListCache.FMPDefaultS-MUTEX.DefaultS-
	MSCTF.Shared.MUTEX.ELH
	MSCTF.Shared.MUTEX.ECI
	RasPbFile
	Local\ZonesCounterMutex
	Local\ZoneAttributeCacheCounterMutex
	Local\ZonesCacheCounterMutex
	Local\ZonesLockedCacheCounterMutex
	Local\!IECompat!Mutex
	Local\c:!documents and settings!administrator!iecompatcache!
行为描述:	创建事件对象
详细信息:	EventName = MSCTF.SendReceive.Event.ECI.IC
	EventName = MSCTF.SendReceiveConection.Event.ECI.IC
	EventName = Global\userenv: User Profile setup event
	EventName = DINPUTWINMM
行为描述:	查找指定窗口
详细信息:	NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
	NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
	NtUserFindWindowEx: [Class,Window] = [,Copyright 2015 UnblockCN]
	NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
	NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述:	获取系统权限
详细信息:	SE_LOAD_DRIVER_PRIVILEGE
行为描述:	获取TickCount值
详细信息:	TickCount = 495406, SleepMilliseconds = 250.
行为描述:	屏蔽窗口关闭消息
详细信息:	hWnd = 0x00060298, Text = , ClassName = #32770.
	hWnd = 0x000402a0, Text = Copyright 2015 UnblockCN, ClassName = #32770.
行为描述:	窗口信息
详细信息:	Pid = 2080, Hwnd=0x202cc, Text = 下一步(&N) >, ClassName = Button.
	Pid = 2080, Hwnd=0x202b4, Text = 取消(&C), ClassName = Button.
	Pid = 2080, Hwnd=0x202d6, Text = 软件作者：帕沃公司 , ClassName = Static.
	Pid = 2080, Hwnd=0x202d8, Text = 软件作者：帕沃公司, ClassName = Static.
	Pid = 2080, Hwnd=0x202b0, Text = UnblockCn解锁, ClassName = Static.
	Pid = 2080, Hwnd=0x202ae, Text = 使用简便、解锁稳定、功能更多、立刻解锁！搜狐高清优酷网腾讯视频爱奇艺土豆网虾米音乐 QQ音乐百度音乐赛事直播 , ClassName = Static.
	Pid = 2080, Hwnd=0x202a4, Text = UnblockCn 1.7.0.2 安装, ClassName = #32770.
	Pid = 2080, Hwnd=0x202cc, Text = 安装(&I), ClassName = Button.
	Pid = 2080, Hwnd=0x302ae, Text = C:\Program Files\UnblockCn, ClassName = Edit.
	Pid = 2080, Hwnd=0x302b0, Text = 浏览(&B)..., ClassName = Button.
	Pid = 2080, Hwnd=0x402b8, Text = 可用空间: 5.8GB, ClassName = Static.
	Pid = 2080, Hwnd=0x402be, Text = 所需空间: 1.3MB, ClassName = Static.
	Pid = 2080, Hwnd=0x702c0, Text = 现在将安装 UnblockCn 1.7.0.2 到下列文件夹。要安装到其他文件夹请单击 [浏览(B)] 进行选择。单击 [安装(I)] 开始安装进程。, ClassName = Static.
	Pid = 2080, Hwnd=0x502ce, Text = 目标文件夹, ClassName = Button(GroupBox).
	Pid = 2080, Hwnd=0x202cc, Text = 完成(&F), ClassName = Button.
行为描述:	可执行文件签名信息
详细信息:	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\InstallOptions.dll(签名验证: 未通过)
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\processwork.dll(签名验证: 未通过)
	C:\Program Files\UnblockCn\UnblockCn.exe(签名验证: 未通过)
	C:\Program Files\UnblockCn\Update.exe(签名验证: 未通过)
	C:\Program Files\UnblockCn\uninst.exe(签名验证: 未通过)
行为描述:	隐藏指定窗口
详细信息:	[Window,Class] = [,Button]
	[Window,Class] = [软件作者：帕沃公司,Static]
	[Window,Class] = [软件作者：帕沃公司 ,Static]
	[Window,Class] = [,Static]
	[Window,Class] = [,Auto-Suggest Dropdown]
	[Window,Class] = [显示细节(&D),Button]
	[Window,Class] = [安装完成,Static]
	[Window,Class] = [安装已成功完成。,Static]
	[Window,Class] = [,AfxFrameOrView90s]
	[Window,Class] = [Copyright 2015 UnblockCN,#32770]
	[Window,Class] = [,#32770]
行为描述:	可执行文件MD5
详细信息:	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\InstallOptions.dll ---> 0dc0cc7a6d9db685bf05a7e5f3ea4781
	C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\processwork.dll ---> 0a4fa7a9ba969a805eb0603c7cfe3378
	C:\Program Files\UnblockCn\UnblockCn.exe ---> 60736fa3437f7294ffa8ada88e96306f
	C:\Program Files\UnblockCn\Update.exe ---> ba4fc83b779537a34ce54d4c1426ac4c
	C:\Program Files\UnblockCn\uninst.exe ---> f927ec3c1a13463e15a2afd4c8608ee3
行为描述:	加载新释放的文件
详细信息:	Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\InstallOptions.dll.
	Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsc5.tmp\processwork.dll.

运行截图

文件信息

基本信息

关键行为

进程行为

文件行为

网络行为

注册表行为

其他行为

上传文件