VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

Langue
Charge du serveur
Server Load

  Menu Principal
VirSCAN  ACCUEIL VirSCAN  go Virscan.org VirSCAN  Compte rendu VirSCAN  Aider VirSCAN VirSCAN  Soumettre un bug VirSCAN  Contacts


Informations sur le fichier
Nom de fichier :最好时钟TellMeTheTime115.apk (File not down)
Taille du fichier :627051 byte
Type de fichier :application/jar
MD5:d3e8a2c168695c9617dddda0af920e8e
SHA1:747d12bb3fb9fe0df5d6fd5d490b60c7aa7cf48c
  • 扫描结果
  • 权限
  • 文件行为分析
  • Résultats des moteurs
    Résultats des moteurs:0%(0/32)a trouvé un malware !
    Rapport d'analyse du comportement:         Analyse de fichier Habo
    Temps: 2018-01-13 20:41:22 (CST)
    VirSCANVirSCAN
    Scanner Vers. moteur Vers. Sig. Date Sig. Résultats des moteurs Temps
    antiy AVL SDK 2.0 1970-01-01 Rien n'a été trouvé 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Rien n'a été trouvé 1
    avast 170303-1 4.7.4 2017-03-03 Rien n'a été trouvé 60
    avg 2109/14785 10.0.1405 2018-01-04 Rien n'a été trouvé 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Rien n'a été trouvé 6
    baidusd 1.0 1.0 2017-03-22 Rien n'a été trouvé 1
    bitdefender 7.58879 7.90123 2015-01-16 Rien n'a été trouvé 60
    clamav 24212 0.97.5 2018-01-11 Rien n'a été trouvé 60
    drweb 5.0.2.3300 5.0.1.1 2017-11-04 Rien n'a été trouvé 60
    fortinet 1.000, 54.385, 54.343, 54.201 5.4.247 2018-01-13 Rien n'a été trouvé 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Rien n'a été trouvé 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Rien n'a été trouvé 60
    gdata 25.15650 25.15650 2018-01-12 Rien n'a été trouvé 13
    ikarus 4.00.03 V1.32.31.0 2018-01-12 Rien n'a été trouvé 60
    jiangmin 16.0.100 1.0.0.0 2017-12-22 Rien n'a été trouvé 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Rien n'a été trouvé 60
    kingsoft 2.1 2.1 2018-01-12 Rien n'a été trouvé 4
    mcafee 8620 5400.1158 2017-08-12 Rien n'a été trouvé 60
    nod32 6720 3.0.21 2018-01-11 Rien n'a été trouvé 60
    panda 9.05.01 9.05.01 2018-01-12 Rien n'a été trouvé 4
    pcc 13.302.06 9.500-1005 2017-03-27 Rien n'a été trouvé 60
    qh360 1.0.1 1.0.1 1.0.1 Rien n'a été trouvé 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Rien n'a été trouvé 60
    quickheal 14.00 14.00 2017-11-18 Rien n'a été trouvé 3
    rising 3090 3090 2017-12-26 Rien n'a été trouvé 2
    sophos 5.32 3.65.2 2016-10-10 Rien n'a été trouvé 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Rien n'a été trouvé 60
    tachyon 9.9.9 9.9.9 2013-12-27 Rien n'a été trouvé 9
    thehacker 6.8.0.5 6.8.0.5 2018-01-08 Rien n'a été trouvé 2
    tws 17.47.17308 1.0.2.2108 2018-01-12 Rien n'a été trouvé 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2018-01-12 Rien n'a été trouvé 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Rien n'a été trouvé 60
    Heuristic/Suspicious Exact
    Nota Bene : Un malware trouvé par certains analyseurs peut être un faux positif, aussi devez-vous juger par vous-même.
    Presse-papier
  • 权限列表
    许可名称信息
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.VIBRATE允许设备震动
  • 文件信息
    安全评分 :
    基本信息
    MD5:d3e8a2c168695c9617dddda0af920e8e
    包名:TellMeTheTime.App
    最低运行环境:Android 2.2.x
    版权:-
    关键行为
    行为描述:杀掉进程
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe
    行为描述:获取TickCount值
    详情信息:TickCount = 222403, SleepMilliseconds = 200.
    TickCount = 222418, SleepMilliseconds = 200.
    TickCount = 222434, SleepMilliseconds = 200.
    TickCount = 222496, SleepMilliseconds = 200.
    TickCount = 222512, SleepMilliseconds = 200.
    TickCount = 222543, SleepMilliseconds = 200.
    TickCount = 222559, SleepMilliseconds = 200.
    TickCount = 230653, SleepMilliseconds = 200.
    TickCount = 230668, SleepMilliseconds = 200.
    TickCount = 231965, SleepMilliseconds = 200.
    TickCount = 232012, SleepMilliseconds = 200.
    TickCount = 244340, SleepMilliseconds = 200.
    TickCount = 244403, SleepMilliseconds = 200.
    TickCount = 244418, SleepMilliseconds = 200.
    TickCount = 244434, SleepMilliseconds = 200.
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x0001033c, Text = 无界浏览 17.04, ClassName = #32770.
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00000000, ResName: , ResType: BIN
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018011320180114
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x919b6d40, EDX = 0x000000b8
    EAX = 0x919b6d8c, EDX = 0x000000b8
    EAX = 0x919b6dd8, EDX = 0x000000b8
    EAX = 0x919b6e24, EDX = 0x000000b8
    EAX = 0xb12774f1, EDX = 0x000000b8
    EAX = 0xb66243aa, EDX = 0x000000b8
    EAX = 0xcb78ad9d, EDX = 0x000000b8
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe -L="127.0.0.1:9666" -CID="2e7bd183", -ProgPath="C:\Documents and Settings\Administrator\Local Settings\%temp%\\" -TmpPath="C:\Documents and Settings\Administrator\Local Setting
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2808, ThreadID = 2820, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2808, ThreadID = 2824, StartAddress = 5FE01259, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2808, ThreadID = 2832, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2808, ThreadID = 2836, StartAddress = 7C930230, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2808, ThreadID = 2880, StartAddress = 004BEE47, Parameter = 011760D0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2808, ThreadID = 2948, StartAddress = 004BEE47, Parameter = 01178DD0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2808, ThreadID = 2952, StartAddress = 004BEE47, Parameter = 01178BB0
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 2980, StartAddress = 0044CF50, Parameter = 4CB3E000
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 2984, StartAddress = 0044CF50, Parameter = 4CB3E240
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 2988, StartAddress = 0044CF50, Parameter = 4CB3E480
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 2992, StartAddress = 0044CF50, Parameter = 4CB9CFC0
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 2996, StartAddress = 0044CF50, Parameter = 4CB3E6C0
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 3000, StartAddress = 0044CF50, Parameter = 4CB3E900
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 3004, StartAddress = 0044CF50, Parameter = 4CB3EB40
    TargetProcess: u.exe, InheritedFromPID = 2808, ProcessID = 2940, ThreadID = 3032, StartAddress = 0044CF50, Parameter = 4CB3ED80
    行为描述:创建新文件进程
    详情信息:[0x00000b7c]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe" -L="127.0.0.1:9666" -CID="2e7bd183", -ProgPath="C:\Documents and Settings\Administrator\Local Settings\%temp%\\" -TmpPath="C:\Documents and Settings\Administrator\Local Setti
    行为描述:杀掉进程
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\19d5
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Pfftrbewpx9t6a1m
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Lpibviwjgb0i9j0j
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Lqqdsmjtek3i0i1m
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe
    C:\Documents and Settings\Administrator\PUTTY.RND
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018011320180114\index.dat
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\WINDOWS\system32\Ras\*.pbk
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\wifpttubguwe\*
    FileName = C:\WINDOWS\*
    FileName = C:\Documents and Settings\Administrator\Local Settings\History
    FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\*.*
    FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018011320180114\*.*
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\19d5
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Pfftrbewpx9t6a1m
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Lpibviwjgb0i9j0j
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Lqqdsmjtek3i0i1m
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[2]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[2]
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018011320180114
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Pfftrbewpx9t6a1m ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Lpibviwjgb0i9j0j ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Lqqdsmjtek3i0i1m ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe ---> Offset = 1986560
    C:\Documents and Settings\Administrator\PUTTY.RND ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018011320180114\index.dat ---> Offset = 0
    网络行为
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: do****om
    GetAddrInfoW: a0****om
    GetAddrInfoW: ie****om
    GetAddrInfoW: ra****et
    GetAddrInfoW: fa****et
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseHTTP
    \REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseTCP
    \REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseUDP
    \REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseMulticast
    \REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyBypass
    \REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyStyle
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Isolation
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
    行为描述:删除注册表键
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091220160913\
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018011320180114\
    行为描述:修改注册表_IE连接设置
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Isolation
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url1
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url2
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url3
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url4
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url5
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    RasPbFile
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.MPK
    _!SHMSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012018011320180114!
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = U2T48FAER2EL
    EventName = Global\userenv: User Profile setup event
    EventName = MSCTF.SendReceive.Event.MPK.IC
    EventName = MSCTF.SendReceiveConection.Event.MPK.IC
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x919b6d40, EDX = 0x000000b8
    EAX = 0x919b6d8c, EDX = 0x000000b8
    EAX = 0x919b6dd8, EDX = 0x000000b8
    EAX = 0x919b6e24, EDX = 0x000000b8
    EAX = 0xb12774f1, EDX = 0x000000b8
    EAX = 0xb66243aa, EDX = 0x000000b8
    EAX = 0xcb78ad9d, EDX = 0x000000b8
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 2808, Hwnd=0x10340, Text = 打开IE, ClassName = Button.
    Pid = 2808, Hwnd=0x10342, Text = Chrome, ClassName = Button.
    Pid = 2808, Hwnd=0x10344, Text = 高级设置, ClassName = Button.
    Pid = 2808, Hwnd=0x10346, Text = 帮助, ClassName = Button.
    Pid = 2808, Hwnd=0x10348, Text = 隐藏, ClassName = Button.
    Pid = 2808, Hwnd=0x1034a, Text = 退出, ClassName = Button.
    Pid = 2808, Hwnd=0x1034c, Text = 无界浏览, ClassName = Static.
    Pid = 2808, Hwnd=0x1034e, Text = 服务器选择, ClassName = Static.
    Pid = 2808, Hwnd=0x10350, Text = 连接速度, ClassName = Static.
    Pid = 2808, Hwnd=0x10358, Text = 0%, ClassName = Static.
    Pid = 2808, Hwnd=0x1035a, Text = 0%, ClassName = Static.
    Pid = 2808, Hwnd=0x1035c, Text = 0%, ClassName = Static.
    Pid = 2808, Hwnd=0x1035e, Text = Progress1, ClassName = msctls_progress32.
    Pid = 2808, Hwnd=0x10360, Text = Progress1, ClassName = msctls_progress32.
    Pid = 2808, Hwnd=0x10362, Text = Progress1, ClassName = msctls_progress32.
    行为描述:获取TickCount值
    详情信息:TickCount = 222403, SleepMilliseconds = 200.
    TickCount = 222418, SleepMilliseconds = 200.
    TickCount = 222434, SleepMilliseconds = 200.
    TickCount = 222496, SleepMilliseconds = 200.
    TickCount = 222512, SleepMilliseconds = 200.
    TickCount = 222543, SleepMilliseconds = 200.
    TickCount = 222559, SleepMilliseconds = 200.
    TickCount = 230653, SleepMilliseconds = 200.
    TickCount = 230668, SleepMilliseconds = 200.
    TickCount = 231965, SleepMilliseconds = 200.
    TickCount = 232012, SleepMilliseconds = 200.
    TickCount = 244340, SleepMilliseconds = 200.
    TickCount = 244403, SleepMilliseconds = 200.
    TickCount = 244418, SleepMilliseconds = 200.
    TickCount = 244434, SleepMilliseconds = 200.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x0001033c, Text = 无界浏览 17.04, ClassName = #32770.
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    Global\SvcctrlStartEvent_A3752DX
    \INSTALLATION_SECURITY_HOLD
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    _fCanRegisterWithShellService
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00000000, ResName: , ResType: BIN
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 200.
    [2]: MilliSeconds = 200.
    [3]: MilliSeconds = 200.
    [4]: MilliSeconds = 250.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,tooltips_class32]
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\u.exe ---> 6e8821da6bbaaac5784fad0b0dde63c3
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Local\_!MSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
    Local\c:!documents and settings!administrator!cookies!
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!
    Local\WininetStartupMutex
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    RasPbFile
    _!SHMSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012018011320180114!
    Activities
    活动名类型
    .TellMeTheTimeandroid.intent.action.MAIN
    .TellMeTheTimeandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    启动方式
    名称信息
    com.ame.android.mediabutton.MediaButtonReceiver
    TellMeTheTime.App.BootupReceiver开机启动服务
    权限列表
    许可名称信息
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.VIBRATE允许设备震动
    服务列表
    名称
    TellMeTheTime.App.TellMeTheTimeService
    文件列表
    文件名 校验码
    res/anim/fadein.xml 0x5ef0d9bc
    res/anim/fadeinback.xml 0x1545399b
    res/anim/fadeout.xml 0x95e5417
    res/anim/fadeoutback.xml 0xc4cc1f8d
    res/drawable/button_selector.xml 0xbedc0851
    res/drawable/button_shape_pressed.xml 0x8a7e6c95
    res/layout/close.xml 0x68d2ef02
    res/layout/info.xml 0xd4819a83
    res/layout/language.xml 0xbcf49d9d
    res/layout/main.xml 0x1bda61c1
    res/layout/seekbar.xml 0x336e0e6
    res/menu/opt_menu.xml 0x91bdcec
    res/xml/preference_appearance.xml 0x2539c8fd
    res/xml/preference_audio.xml 0xe5b0eace
    res/xml/preference_control.xml 0xec30ea
    res/xml/preference_control_headset.xml 0xc1cb7f99
    res/xml/preference_control_interval.xml 0x890a7b7f
    res/xml/preference_control_night.xml 0x568ebee9
    res/xml/preference_control_open.xml 0x1c529fd6
    res/xml/preference_control_power.xml 0xf8a77c56
    res/xml/preference_control_proximity.xml 0x91ed26ae
    res/xml/preference_control_shake.xml 0xde6d868d
    res/xml/preference_main.xml 0xc31a9765
    res/xml/preference_system.xml 0x3ef9056f
    AndroidManifest.xml 0x22df4b03
    resources.arsc 0xf9f045be
    res/drawable-hdpi/google_tts.png 0x5b090520
    res/drawable-hdpi/ic_launcher.png 0x3aa5e2b2
    res/drawable-hdpi/ic_menu_close_clear_cancel.png 0x35e560b3
    res/drawable-hdpi/ic_menu_info_details.png 0x97180586
    res/drawable-hdpi/ic_menu_night_clock.png 0xf973d110
    res/drawable-hdpi/ic_menu_preferences.png 0x88421ab2
    res/drawable-hdpi/ic_menu_speaking_clock.png 0xe1cb86bd
    res/drawable-hdpi/ic_state_night_clock.png 0x9d4e2ab3
    res/drawable-hdpi/ic_state_pulse_generator.png 0x3779bdfb
    res/drawable-hdpi/ivona_de.png 0x866b5103
    res/drawable-hdpi/ivona_es.png 0x62d72365
    res/drawable-hdpi/ivona_es_us.png 0xa75f2676
    res/drawable-hdpi/ivona_fr.png 0xb8765810
    res/drawable-hdpi/ivona_it.png 0xec4c833d
    res/drawable-hdpi/ivona_pl.png 0x558f539e
    res/drawable-hdpi/ivona_uk.png 0xcab48c30
    res/drawable-hdpi/ivona_us.png 0x3486a3c4
    res/drawable-hdpi/svox_cs.png 0xab84bbb3
    res/drawable-hdpi/svox_de.png 0xd5ecc30c
    res/drawable-hdpi/svox_es.png 0x1fe6b20
    res/drawable-hdpi/svox_fr.png 0x5d1fad5e
    res/drawable-hdpi/svox_it.png 0xca939098
    res/drawable-hdpi/svox_nl.png 0xc82926d4
    res/drawable-hdpi/svox_pl.png 0xc7337778
    res/drawable-hdpi/svox_pt.png 0xdb8304a6
    res/drawable-hdpi/svox_ru.png 0xa08cdd81
    res/drawable-hdpi/svox_tr.png 0x62db2687
    res/drawable-hdpi/svox_uk.png 0xfccd2a4e
    res/drawable-hdpi/svox_us.png 0xe50072a
    res/drawable-hdpi/svox_zh.png 0x12f420fa
    res/drawable-hdpi-v11/ic_action_night_clock.png 0xd2f87fd4
    res/drawable-hdpi-v11/ic_action_speaking_clock.png 0x46ec2174
    res/drawable-hdpi-v11/ic_state_night_clock.png 0x5bcc33c5
    res/drawable-hdpi-v11/ic_state_pulse_generator.png 0xf44898c3
    res/drawable-ldpi/google_tts.png 0xa39f5e2
    res/drawable-ldpi/ic_launcher.png 0x2c7d1540
    res/drawable-ldpi/ic_menu_close_clear_cancel.png 0x60fd15a
    res/drawable-ldpi/ic_menu_info_details.png 0x6d57b9a6
    res/drawable-ldpi/ic_menu_night_clock.png 0xd3046cee
    res/drawable-ldpi/ic_menu_preferences.png 0xdc94ac81
    res/drawable-ldpi/ic_menu_speaking_clock.png 0xb5c4536f
    res/drawable-ldpi/ic_state_night_clock.png 0xce426430
    res/drawable-ldpi/ic_state_pulse_generator.png 0xec00d53c
    res/drawable-ldpi/ivona_de.png 0x74741a22
    res/drawable-ldpi/ivona_es.png 0x2258b443
    res/drawable-ldpi/ivona_es_us.png 0x27a4c55b
    res/drawable-ldpi/ivona_fr.png 0xbb92f166
    res/drawable-ldpi/ivona_it.png 0x7d570599
    res/drawable-ldpi/ivona_pl.png 0xe0b02739
    res/drawable-ldpi/ivona_uk.png 0x70d943ca
    res/drawable-ldpi/ivona_us.png 0x7c831f62
    res/drawable-ldpi/svox_cs.png 0x34a5fbcb
    res/drawable-ldpi/svox_de.png 0x6ec6dc84
    res/drawable-ldpi/svox_es.png 0x21a6f27
    res/drawable-ldpi/svox_fr.png 0x40c08f76
    res/drawable-ldpi/svox_it.png 0x5a287962
    res/drawable-ldpi/svox_nl.png 0x7d5f8e33
    res/drawable-ldpi/svox_pl.png 0x95a42250
    res/drawable-ldpi/svox_pt.png 0xfb8fe048
    res/drawable-ldpi/svox_ru.png 0x84be5549
    res/drawable-ldpi/svox_tr.png 0x28eec29d
    res/drawable-ldpi/svox_uk.png 0xbb3ed0df
    res/drawable-ldpi/svox_us.png 0x3c62a33a
    res/drawable-ldpi/svox_zh.png 0x4ec78ade
    res/drawable-mdpi/google_tts.png 0x163da3d7
    res/drawable-mdpi/ic_launcher.png 0x4333b63
    res/drawable-mdpi/ic_menu_close_clear_cancel.png 0xc02adaec
    res/drawable-mdpi/ic_menu_info_details.png 0x6ffdbb4b
    res/drawable-mdpi/ic_menu_night_clock.png 0x4dc501a9
    res/drawable-mdpi/ic_menu_preferences.png 0x3ed1eb33
    res/drawable-mdpi/ic_menu_speaking_clock.png 0xd20319ce
    res/drawable-mdpi/ic_state_night_clock.png 0xc9b4e78c
    res/drawable-mdpi/ic_state_pulse_generator.png 0x1bde7814
    res/drawable-mdpi/ivona_de.png 0x25ce4cd1
    res/drawable-mdpi/ivona_es.png 0xa95dbb1c
    res/drawable-mdpi/ivona_es_us.png 0x5dbadea
    res/drawable-mdpi/ivona_fr.png 0x192eb2f9
    res/drawable-mdpi/ivona_it.png 0xd4fe93df
    res/drawable-mdpi/ivona_pl.png 0x53adf5c
    res/drawable-mdpi/ivona_uk.png 0x57e3f754
    res/drawable-mdpi/ivona_us.png 0x229613b9
    res/drawable-mdpi/svox_cs.png 0xcf127a78
    res/drawable-mdpi/svox_de.png 0xf56dfca6
    res/drawable-mdpi/svox_es.png 0x9cfc0715
    res/drawable-mdpi/svox_fr.png 0x9cab6dc9
    res/drawable-mdpi/svox_it.png 0x1ea47e54
    res/drawable-mdpi/svox_nl.png 0xa6737ef
    res/drawable-mdpi/svox_pl.png 0xc4c3f812
    res/drawable-mdpi/svox_pt.png 0xedc5295e
    res/drawable-mdpi/svox_ru.png 0x5446d11b
    res/drawable-mdpi/svox_tr.png 0x153f7421
    res/drawable-mdpi/svox_uk.png 0xee304fd6
    res/drawable-mdpi/svox_us.png 0xf8bc0f79
    res/drawable-mdpi/svox_zh.png 0xe433a89f
    res/drawable-mdpi-v11/ic_action_night_clock.png 0x82f7d808
    res/drawable-mdpi-v11/ic_action_speaking_clock.png 0x3ba33c22
    res/drawable-mdpi-v11/ic_state_night_clock.png 0xf3131aa9
    res/drawable-mdpi-v11/ic_state_pulse_generator.png 0x140a63e3
    res/drawable-xhdpi/ic_launcher.png 0x3e0c6223
    res/drawable-xhdpi/ic_menu_night_clock.png 0xed77df63
    res/drawable-xhdpi/ic_menu_speaking_clock.png 0xf6e17659
    res/drawable-xhdpi/ic_state_night_clock.png 0x6df4590
    res/drawable-xhdpi/ic_state_pulse_generator.png 0x8e2bfc3a
    res/drawable-xhdpi-v11/ic_action_night_clock.png 0xbfcd4c66
    res/drawable-xhdpi-v11/ic_action_speaking_clock.png 0x5a48af83
    res/drawable-xhdpi-v11/ic_state_night_clock.png 0x706f1c96
    res/drawable-xhdpi-v11/ic_state_pulse_generator.png 0x1fb9d543
    res/drawable-xxhdpi/ic_launcher.png 0x4084bf93
    res/drawable-xxhdpi/ic_state_night_clock.png 0x752536a9
    res/drawable-xxhdpi/ic_state_pulse_generator.png 0xc0d69654
    res/drawable-xxhdpi-v11/ic_action_night_clock.png 0x16edf9b1
    res/drawable-xxhdpi-v11/ic_action_speaking_clock.png 0xd572343
    res/drawable-xxhdpi-v11/ic_state_night_clock.png 0x73e63c9c
    res/drawable-xxhdpi-v11/ic_state_pulse_generator.png 0x31cb7825
    classes.dex 0x3796713
    META-INF/MANIFEST.MF 0xcf2ea0b8
    META-INF/CERT.SF 0x90c1cff2
    META-INF/CERT.RSA 0x900cb5a3
    运行截图
    VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | 友情链接 | Aider VirSCAN
Traduit par Gérard Mélone (Paris)
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号