VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-09-29 20:29:10 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2014-04-02 Found nothing 15
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.3658 25.3658 2015-09-28 Found nothing 9
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 47
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 7
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Found nothing 2
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 3
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :84
基本信息
VirSCANVirSCAN
MD5:bf0c7ac8cc94a413a146e9ed1505bce2
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,#32770]
[Window,Class] = [,Button]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [百度电脑专家-在线安装,BDEOnLineAladdinWnd]
行为描述: 按名称获取主机地址
详情信息: p.x.baidu.com
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MHK..EDOFF
MSCTF.MarshalInterface.FileMap.MHK.B.EDOFF
MSCTF.MarshalInterface.FileMap.MHK.C.EEOFF
MSCTF.MarshalInterface.FileMap.MHK.D.EEOFF
MSCTF.MarshalInterface.FileMap.MHK.E.EEOFF
MSCTF.MarshalInterface.FileMap.MHK.F.EEOFF
MSCTF.MarshalInterface.FileMap.MHK.G.EEOFF
MSCTF.Shared.SFM.MHK
行为描述: 创建可执行文件
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu6.tmp\BDMSkin.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu6.tmp\BDMGetNetInfo.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu6.tmp\BDExDownload.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu6.tmp\BDECommonInstall.dll
行为描述: 修改文件内容
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu6.tmp\res\AladdinMiniWnd.zip---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu6.tmp\AladdinConfig.ini---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Baidu\Common\Global.db---> Offset = 20
网络行为
VirSCANVirSCAN
行为描述: 发送一个已连接的套接字数据
详情信息: SOCKET = 0x00000610, TotalSize = 235, Offset = 0, ReadSize = 235.
行为描述: 建立到一个指定的套接字连接
详情信息: 219.133.40.1:80
行为描述: 按名称获取主机地址
详情信息: p.x.baidu.com
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\%temp%\1423668076.042722.exe
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\%temp%\1423668076.074881.exe
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.MHK
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,#32770]
[Window,Class] = [,Button]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [百度电脑专家-在线安装,BDEOnLineAladdinWnd]
行为描述: 样本控制台输出内容
详情信息: N/A
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 2680, Hwnd=0x10394, Text = MessageBoxWnd, ClassName = MessageBoxWnd.
Pid = 2680, Hwnd=0x10354, Text = 安装(&I), ClassName = Button.
Pid = 2680, Hwnd=0x10356, Text = 取消(&C), ClassName = Button.
Pid = 2680, Hwnd=0x10362, Text = Nullsoft Install System v2.46.5-Unicode , ClassName = Static.
Pid = 2680, Hwnd=0x10364, Text = Nullsoft Install System v2.46.5-Unicode, ClassName = Static.
Pid = 2680, Hwnd=0x10372, Text = C:\Program Files\Baidu\BaiduExpert, ClassName = Edit.
Pid = 2680, Hwnd=0x10374, Text = 浏览(&B)..., ClassName = Button.
Pid = 2680, Hwnd=0x10376, Text = 可用空间: 5.8GB, ClassName = Static.
Pid = 2680, Hwnd=0x1037a, Text = 所需空间: 0.0KB, ClassName = Static.
Pid = 2680, Hwnd=0x1037c, Text = Setup 将安装 °ù?èμ???ר?ò-?ú??°2×° 1.0 在下列文件夹。要安装到不同文件夹,单击 [浏览(B)] 并选择其他的文件夹。 单击 [安装, ClassName = Static.
Pid = 2680, Hwnd=0x1037e, Text = 目标文件夹, ClassName = Button(GroupBox).
Pid = 2680, Hwnd=0x10352, Text = < 上一步(&P), ClassName = Button.
Pid = 2680, Hwnd=0x10354, Text = 关闭(&L), ClassName = Button.
Pid = 2680, Hwnd=0x2037e, Text = 显示细节(&D), ClassName = Button.
行为描述: 直接操作物理设备
详情信息: \??\PhysicalDrive0
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [BDEOnLineAladdinWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
运行截图
VirSCANVirSCAN
VirSCAN