VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

La langue
Charge du serveur
Server Load

Informations sur le fichier
Nom de fichier :聚餐邀请函1.apk (Fichier pas vers le bas)
Taille du fichier :444891 byte
Type de fichier :application/jar
MD5:c4f361be502c66888123745f2dcaa375
SHA1:95f3aacea0b5281421afcfea304bbc188082f061
  • 扫描结果
  • 权限
  • 文件行为分析
  • Résultats des moteurs
    Résultats des moteurs:34%Scanner(s) (11/32)a trouvé un malware !
    Rapport d'analyse du comportement:         Analyse de fichier Habo
    Temps: 2019-01-28 09:33:23 (CST)
    VirSCANVirSCAN
    Scanner Vers. moteur Vers. Sig. Date Sig. Résultats des moteurs Temps
    antiy AVL SDK 3.0 2019-01-25 Rien n'a été trouvé 1
    avast 18.4.3895.0 18.4.3895.0 2019-01-28 Rien n'a été trouvé 37
    avg 10.0.1405 10.0.1405 2019-01-28 Rien n'a été trouvé 1
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Rien n'a été trouvé 2
    baidusd 1.0 1.0 2019-01-25 Rien n'a été trouvé 1
    bitdefender 7.141118 7.141118 2019-01-28 Rien n'a été trouvé 6
    clamav 25158 0.97.5 2018-11-27 Andr.Malware.Smsthief-6804566-0 1
    emsisoft 9.0.0.4324 9.0.0.4324 2014-07-03 Rien n'a été trouvé 2
    fortinet 1.000, 65.921, 65.828, 65.852 5.4.247 2019-01-28 Android/Generic.Z.42A4C4!tr 1
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Rien n'a été trouvé 1
    fsecure 2015-08-01-02 9.13 2019-01-28 Trojan:Android/Fakeinst.IT 1
    gdata 25.20358 25.20358 2019-01-28 Android.Trojan.SMSSend.ACX 12
    ikarus 5.01.02 V1.32.39.0 2019-01-15 AdWare.AndroidOS.TencentProtect 12
    jiangmin 16.0.100 1.0.0.0 2017-03-30 Rien n'a été trouvé 2
    kaspersky 5.5.33 5.5.33 2019-01-25 Rien n'a été trouvé 20
    kingsoft 2.1 2.1 2013-09-22 Rien n'a été trouvé 8
    mcafee 8974 5400.1158 2018-08-03 Rien n'a été trouvé 12
    nod32 8771 3.0.21 2019-01-26 a variant of Android/Spy.Agent.LL trojan 1
    panda 9.05.01 9.05.01 2017-03-30 Rien n'a été trouvé 4
    pcc 11.380.07 9.500-1005 2014-12-31 Rien n'a été trouvé 2
    qh360 1.0.1 1.0.1 2019-01-25 Trojan.Android.Gen 4
    qqphone 2.0.0.0 2.0.0.0 2019-01-25 Rien n'a été trouvé 1
    quickheal 14.00 14.00 2018-08-07 Android.SmThief.A 3
    rising 4593 4593 2019-01-27 Trojan.Android.SpyAgent 3
    sophos 4.62 3.16.1 2016-09-20 Andr/SmsSend-LL 11
    symantec 20151230.005 1.3.0.24 2015-12-30 Rien n'a été trouvé 1
    tachyon 9.9.9 9.9.9 2013-12-27 Rien n'a été trouvé 4
    thehacker 6.8.0.5 6.8.0.5 2017-03-30 Rien n'a été trouvé 1
    tws 17.47.17308 1.0.2.2108 2019-01-27 Rien n'a été trouvé 1
    vba 3.12.29.3 beta 3.12.29.3 beta 2016-09-19 Rien n'a été trouvé 3
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Rien n'a été trouvé 3
    Heuristic/Suspicious Exact
    Nota Bene : Un malware trouvé par certains analyseurs peut être un faux positif, aussi devez-vous juger par vous-même.
  • 权限列表
    许可名称信息
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.SEND_SMS发送短信
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_CONTACTS读取联系人信息
    android.permission.RECEIVE_WAP_PUSH接收wap push信息
    android.permission.RECEIVE_MMS接收彩信
    android.permission.CALL_PHONE拨打电话
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.READ_LOGS读取系统日志
  • 文件信息
    安全评分 :
    基本信息
    MD5:c4f361be502c66888123745f2dcaa375
    包名:com.rayark.Cytus.full
    最低运行环境:Android 2.2.x
    版权:Android
    关键行为
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012019012820190129
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
    C:\Documents and Settings\Administrator\IECompatCache
    行为描述:设置消息钩子
    详情信息:C:\WINDOWS\system32\IEFRAME.dll
    进程行为
    行为描述:创建进程
    详情信息:[0x00000e0c]ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3448 CREDAT:79873
    [0x00000f1c]ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3448 CREDAT:14340
    行为描述:创建本地线程
    详情信息:TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3460, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3540, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3544, StartAddress = 7C930230, Parameter = 00000000
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3548, StartAddress = 7C949B6F, Parameter = 00000000
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3552, StartAddress = 77E56C7D, Parameter = 00196888
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3556, StartAddress = 5DE05ABD, Parameter = 00198680
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3560, StartAddress = 5DE05BC0, Parameter = 001941E8
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3564, StartAddress = 0122F74F, Parameter = 00000210
    TargetProcess: iexplore.exe, InheritedFromPID = 3448, ProcessID = 3596, ThreadID = 3604, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3608, StartAddress = 77C0A341, Parameter = 003F6C48
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3612, StartAddress = 77E56C7D, Parameter = 001B6208
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3616, StartAddress = 769AE43B, Parameter = 001B8C38
    TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 3448, ThreadID = 3620, StartAddress = 769AE43B, Parameter = 001BB298
    TargetProcess: iexplore.exe, InheritedFromPID = 3448, ProcessID = 3596, ThreadID = 3624, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: iexplore.exe, InheritedFromPID = 3448, ProcessID = 3596, ThreadID = 3628, StartAddress = 7C930230, Parameter = 00000000
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{73F35ABE-229E-11E9-91C0-7B****28}.dat
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF815B.tmp
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73F35ABF-229E-11E9-91C0-7B****28}.dat
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF941C.tmp
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012019012820190129\index.dat
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A3586FA-229E-11E9-91C0-7B****28}.dat
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF750.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\yixun_com[1]
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2742.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF286B.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2BEE.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2C06.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3188.tmp
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    行为描述:查找文件
    详情信息:FileName = C:\Program Files\Common Files\Adobe
    FileName = C:\Program Files\Common Files\Adobe\Acrobat
    FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
    FileName = C:\Program Files\Java
    FileName = C:\Program Files\Java\jre7
    FileName = C:\Program Files\Java\jre7\bin
    FileName = C:\Program Files\Java\jre7\bin\jp2ssv.dll
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\PriceRule.html
    FileName = C:\Program Files\Internet Explorer\iexplore.exe
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\~DF815B.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF941C.tmp
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\index.dat
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF750.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2742.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF286B.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2BEE.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2C06.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3188.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF31A3.tmp
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012019012820190129
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
    C:\Documents and Settings\Administrator\IECompatCache
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{73F35ABE-229E-11E9-91C0-7B****28}.dat ---> Offset = 512
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{73F35ABE-229E-11E9-91C0-7B****28}.dat ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF815B.tmp ---> Offset = 16383
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF815B.tmp ---> Offset = 12288
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{73F35ABE-229E-11E9-91C0-7B****28}.dat ---> Offset = 3072
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{73F35ABE-229E-11E9-91C0-7B****28}.dat ---> Offset = 1536
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73F35ABF-229E-11E9-91C0-7B****28}.dat ---> Offset = 512
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73F35ABF-229E-11E9-91C0-7B****28}.dat ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF941C.tmp ---> Offset = 16383
    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF941C.tmp ---> Offset = 12288
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73F35ABF-229E-11E9-91C0-7B****28}.dat ---> Offset = 3072
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{73F35ABF-229E-11E9-91C0-7B****28}.dat ---> Offset = 1536
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012019012820190129\index.dat ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7A3586FA-229E-11E9-91C0-7B****28}.dat ---> Offset = 512
    网络行为
    行为描述:下载文件
    详情信息:URLDownloadToFileW: http://ww****om/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
    行为描述:打开HTTP连接
    详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
    InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000057c
    URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000458
    URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000264
    URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x00000594
    行为描述:读取网络文件
    详情信息:hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
    hFile = 0x00cc0018, BytesToRead =4095, BytesRead = 4095.
    行为描述:发送HTTP包
    详情信息:GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
    GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: ww****om Connection: Keep-Alive
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: ww****om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
    HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
    HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=qude84nqsjq/hka2h4tgtq%3d%3d&msurs-patented-lock=670mxk1flvy%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ww****om
    GetAddrInfoW: ur****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{73F35ABE-229E-11E9-91C0-7B****28}
    \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
    \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
    \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
    行为描述:删除注册表键
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
    \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
    \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
    \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
    \REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
    \REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    Local\!BrowserEmulation!SharedMemory!Mutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    RasPbFile
    ConnHashTable<3448>_HashTable_Mutex
    oleacc-msaa-loaded
    Local\ZonesCounterMutex
    Local\RSS Eventing Connection Database Mutex 00000d78
    行为描述:创建事件对象
    详情信息:EventName = Isolation Signal Registry Event (73F35ABB-229E-11E9-91C0-7B****28, 0)
    EventName = IE_EarlyTabStart_0xd7c
    EventName = Isolation Signal Registry Event (73F35ABC-229E-11E9-91C0-7B****28, 0)
    EventName = DINPUTWINMM
    EventName = Global\userenv: User Profile setup event
    EventName = Local\RSS Eventing Event Event 00000d78
    EventName = Global\crypt32LogoffEvent
    EventName = IEFrame.EventCheckDefaultBrowser
    EventName = IE_EarlyTabStart_0xf18
    EventName = Isolation Signal Registry Event (73F35AC0-229E-11E9-91C0-7B****28, 0)
    EventName = MSCTF.SendReceive.Event.MHN.IC
    EventName = MSCTF.SendReceiveConection.Event.MHN.IC
    EventName = Local\Feed Arbitration Lock Event [ Process : 0x00000d78 ]
    EventName = Local\Feed Arbitration Unlock Event [ Process : 0x00000d78 ]
    EventName = Local\f1c_29
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    NtUserFindWindowEx: [Class,Window] = [Static,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 3448, Hwnd=0x10358, Text = 导航栏, ClassName = WorkerW.
    Pid = 3448, Hwnd=0x10362, Text = 地址组合控制, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x10366, Text = 页面控制, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x10376, Text = 搜索..., ClassName = Edit.
    Pid = 3448, Hwnd=0x1037a, Text = 搜索组合控制, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x1037c, Text = 搜索控制, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x10396, Text = 命令栏, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x1038e, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x10382, Text = LinksBand, ClassName = LinksBandClass.
    Pid = 3448, Hwnd=0x1038a, Text = 收藏夹栏, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x10386, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
    Pid = 3596, Hwnd=0x103ac, Text = ITBarHost, ClassName = InternetToolbarHost.
    Pid = 3596, Hwnd=0x103ae, Text = 菜单栏, ClassName = WorkerW.
    Pid = 3596, Hwnd=0x103c0, Text = 缩放级别, ClassName = ToolbarWindow32.
    Pid = 3448, Hwnd=0x2033c, Text = Windows Internet Explorer, ClassName = IEFrame.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:打开事件
    详情信息:\SECURITY\LSA_AUTHENTICATION_INITIALIZED
    Isolation Signal Registry Event (73F35ABB-229E-11E9-91C0-7B****28, 0)
    _fCanRegisterWithShellService
    Global\SvcctrlStartEvent_A3752DX
    \INSTALLATION_SECURITY_HOLD
    MSFT.VSA.COM.DISABLE.3448
    MSFT.VSA.IEC.STATUS.6c736db0
    Isolation Signal Registry Event (73F35ABC-229E-11E9-91C0-7B****28, 0)
    IE_EarlyTabStart_0xd7c
    MSFT.VSA.COM.DISABLE.3596
    Local\RSS Eventing Event Event 00000d78
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceive.Event.IOH.IC
    MSCTF.SendReceiveConection.Event.IOH.IC
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,BrowserFrameGripperClass]
    [Window,Class] = [缩放级别,ToolbarWindow32]
    [Window,Class] = [,msctls_progress32]
    [Window,Class] = [,AddressDisplay Control]
    [Window,Class] = [,CtrlNotifySink]
    [Window,Class] = [http://www.yixun.com/ - Windows Internet Explorer,IEFrame]
    [Window,Class] = [,DUIListViewHost]
    [Window,Class] = [,SysLink]
    [Window,Class] = [,UniversalSearchBand]
    [Window,Class] = [,Static]
    [Window,Class] = [,TravelBand]
    [Window,Class] = [,CommandBarClass]
    [Window,Class] = [,ReBarWindow32]
    [Window,Class] = [,TabBandClass]
    [Window,Class] = [文件大小未知,Static]
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
    行为描述:打开互斥体
    详情信息:Local\_!MSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
    Local\c:!documents and settings!administrator!cookies!
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!
    Local\WininetStartupMutex
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    Local\!BrowserEmulation!SharedMemory!Mutex
    ShimCacheMutex
    RasPbFile
    CtfmonInstMutexDefaultS-*
    Local\!IETld!Mutex
    Local\RSS Eventing Connection Database Mutex 00000d78
    _!SHMSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012019012820190129!
    Activities
    活动名类型
    ashdun.meaimai.MainActivityandroid.intent.action.MAIN
    ashdun.meaimai.MainActivityandroid.intent.category.LAUNCHER
    ashdun.meaimai.UninstallerActivityandroid.intent.action.VIEW
    ashdun.meaimai.UninstallerActivityandroid.intent.action.DELETE
    ashdun.meaimai.UninstallerActivityandroid.intent.category.DEFAULT
    ashdun.meaimai.ComposeSmsActivityandroid.intent.action.SEND
    ashdun.meaimai.ComposeSmsActivityandroid.intent.action.SENDTO
    ashdun.meaimai.ComposeSmsActivityandroid.intent.category.DEFAULT
    ashdun.meaimai.ComposeSmsActivityandroid.intent.category.BROWSABLE
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    ContentResolver;->query读取联系人、短信等数据库
    SmsReceiver;->abortBroadcast拦截短信接收
    SmsManager;->sendMultipartTextMessage发送彩信
    SmsManager;->sendTextMessage发送普通短信
    TelephonyManager;->getLine1Number获取手机号
    ContentResolver;->delete删除短信、联系人
    java/net/URL;->openConnection连接URL
    启动方式
    名称信息
    ashdun.meaimai.TelInternal
    ashdun.meaimai.TelInternal
    ashdun.meaimai.BootReceiver监控短信(收到短信)启动服务
    ashdun.meaimai.BootReceiver
    ashdun.meaimai.BootReceiver
    ashdun.meaimai.BootReceiver
    ashdun.meaimai.BootReceiver开机启动服务
    ashdun.meaimai.BootReceiver屏幕解锁启动服务
    ashdun.meaimai.NetstateReceiver网络连接改变时启动服务
    ashdun.meaimai.SmsReceiver监控短信(收到短信)启动服务
    ashdun.meaimai.SmsReceiver
    ashdun.meaimai.SmsReceiver
    ashdun.meaimai.SmsReceiver屏幕解锁启动服务
    ashdun.meaimai.SmsReceiver
    ashdun.meaimai.MyAdmin
    ashdun.meaimai.SmsReceiver4_4
    ashdun.meaimai.MmsReceiver4_4
    权限列表
    许可名称信息
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.SEND_SMS发送短信
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_CONTACTS读取联系人信息
    android.permission.RECEIVE_WAP_PUSH接收wap push信息
    android.permission.RECEIVE_MMS接收彩信
    android.permission.CALL_PHONE拨打电话
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.READ_LOGS读取系统日志
    服务列表
    名称
    ashdun.meaimai.MainService
    ashdun.meaimai.PhoService
    ashdun.meaimai.MainService4_4
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x75eff45f
    META-INF/CERT.SF 0xfc39c584
    META-INF/CERT.RSA 0xf314325
    AndroidManifest.xml 0x1f8ee47a
    res/xml/lock_screen.xml 0xeab2c16b
    res/layout/activity_main.xml 0x6c6ea2d0
    res/drawable-hdpi-v4/ic_launcher.png 0x77423bb1
    res/drawable-hdpi-v4/icon.png 0xac8b5a00
    resources.arsc 0x49fd8d12
    classes.dex 0xdc9e4c7d
    res/layout/my_admin.xml 0xddcbbfb1
    运行截图
    VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | Lien amical | Aider VirSCAN
Traduit par Gérard Mélone (Paris)
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号