VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :NFCProxy-0.1.2.apk (File not down)
File Size :65792 byte
File Type :application/jar
MD5:a96b627b0d8fc420ee21bd26b2dd74e2
SHA1:7fe7f9f860135f4e450105c57617dfdf4cff6467
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/38)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2014-07-01 18:32:08 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 3
    antivir 1.9.2.0 1.9.159.0 7.11.157.186 Found nothing 13
    antiy 014621 AVL140512 2014-07-01 Found nothing 5
    arcavir 1.0 2011 2014-05-30 Found nothing 11
    asquared 9.0.0.4142 9.0.0.4142 2014-06-27 Found nothing 40
    avast 140630-0 4.7.4 2014-06-30 Found nothing 41
    avg 2109/7210 10.0.1405 2014-06-20 Found nothing 1
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 4
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.55630 7.90123 2014-07-01 Found nothing 15
    clamav 19141 0.97.5 2014-06-29 Found nothing 1
    comodo 15023 5.1 2014-07-01 Found nothing 3
    ctch 4.6.5 5.3.14 2013-12-01 Found nothing 1
    drweb 5.0.2.3300 5.0.1.1 2014-07-01 Found nothing 35
    fortinet 22.410 5.1.153 2014-07-01 Found nothing 1
    fprot 4.6.2.117 6.5.1.5418 2014-06-28 Found nothing 1
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 1
    gdata 24.2945 24.2945 2014-07-01 Found nothing 8
    hauri 2.73 2.73 2014-06-13 Found nothing 1
    ikarus 1.06.01 V1.32.31.0 2014-06-30 Found nothing 14
    jiangmin 16.0.100 1.0.0.0 2014-06-29 Found nothing 14
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 20
    kingsoft 2.1 2.1 2013-09-22 Found nothing 3
    mcafee 7474 5400.1158 2014-06-19 Found nothing 11
    nod32 9809 3.0.21 2014-05-16 Found nothing 1
    panda 9.05.01 9.05.01 2014-06-15 Found nothing 7
    pcc 10.894.05 9.500-1005 2014-06-30 Found nothing 1
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 12
    quickheal 14.00 14.00 2014-06-14 Found nothing 2
    rising 25.17.00.04 25.17.00.04 2014-06-02 Found nothing 1
    sophos 5.02 3.51.0 2014-06-20 Found nothing 6
    sunbelt 3.9.2589.2 3.9.2589.2 2014-06-13 Found nothing 1
    symantec 20030814.017 1.3.0.24 2003-08-14 Found nothing 1
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2014-06-12 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-06-16 Found nothing 6
    vba 3.12.26.3 3.12.26.3 2014-06-30 Found nothing 3
    virusbuster 15.0.832.0 5.5.2.13 2014-06-29 Found nothing 19
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.NFC允许NFC通讯
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
  • 文件信息
    安全评分 :75
    基本信息
    MD5:a96b627b0d8fc420ee21bd26b2dd74e2
    包名:org.eleetas.nfc.nfcproxy
    最低运行环境:Android 2.3.3, 2.3.4
    版权:
    关键行为
    行为描述:修改注册表_IE首页
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
    行为描述:在桌面创建快捷方式
    详情信息:C:\Documents and Settings\Administrator\桌面\P2PSearchers.lnk
    C:\Documents and Settings\All Users\桌面\hao123桔子浏览器.lnk
    C:\Documents and Settings\Administrator\桌面\999网址导航.url
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Static]
    [Window,Class] = [,Button]
    [Window,Class] = [,Auto-Suggest Dropdown]
    [Window,Class] = [显示细节(&D),Button]
    行为描述:按名称获取主机地址
    详情信息:www.hao123.com
    hao123.com
    s0.hao123img.com
    s1.hao123img.com
    s2.hao123img.com
    s3.hao123img.com
    p2ps.dorapp.com
    wpad
    www.p2psearchers.com
    进程行为
    行为描述:创建新文件进程
    详情信息:ImagePath = C:\Documents and Settings\Administrator\Application Data\hao123_[c=1110]__96976699_d2_hao_.exe, CmdLine = "C:\Documents and Settings\Administrator\Application Data\hao123_[c=1110]__96976699_d2_hao_.exe"
    ImagePath = C:\Program Files\hao123JuziBrowser\hao123Juzi.exe, CmdLine = "C:\Program Files\hao123JuziBrowser\hao123Juzi.exe" --class=3 --dword=1 --atb=0 --defb=1
    ImagePath = C:\Program Files\P2PSearchers\P2PSearcher.exe, CmdLine = "C:\Program Files\P2PSearchers\P2PSearcher.exe"
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
    详情信息:C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearchers\P2PSearchers.lnk
    C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearchers\访问 绿色下载吧.lnk
    C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearchers\卸载 P2PSearchers.lnk
    C:\Documents and Settings\All Users\「开始」菜单\程序\hao123桔子浏览器\hao123桔子浏览器.lnk
    C:\Documents and Settings\All Users\「开始」菜单\程序\hao123桔子浏览器\卸载.lnk
    C:\Documents and Settings\All Users\「开始」菜单\hao123桔子浏览器.lnk
    行为描述:创建可执行文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\nsProcess.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\System.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\nsDialogs.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\XZBHelper.dll
    C:\Program Files\P2PSearchers\Adbrier.dll
    C:\Program Files\P2PSearchers\HttpRq.dll
    C:\Program Files\P2PSearchers\P2PSearcher.exe
    C:\Program Files\P2PSearchers\YunBo.exe
    C:\Program Files\P2PSearchers\atl71.dll
    C:\Program Files\P2PSearchers\kad.dll
    C:\Program Files\P2PSearchers\msvcp71.dll
    C:\Program Files\P2PSearchers\msvcr71.dll
    C:\Program Files\P2PSearchers\p2p.dll
    C:\Program Files\P2PSearchers\tinyxml.dll
    C:\Documents and Settings\Administrator\Application Data\hao123_[c=1110]__96976699_d2_hao_.exe
    行为描述:在桌面创建快捷方式
    详情信息:C:\Documents and Settings\Administrator\桌面\P2PSearchers.lnk
    C:\Documents and Settings\All Users\桌面\hao123桔子浏览器.lnk
    C:\Documents and Settings\Administrator\桌面\999网址导航.url
    行为描述:写权限映射文件
    详情信息:Local\!PrivacIE!SharedMem!Counter
    \WINDOWS\system32\zh-cn\ieframe.dll.mui
    Local\UrlZonesSM_Administrator
    CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    AtlDebugAllocator_FileMappingNameStatic3_b58
    行为描述:重命名文件
    详情信息:C:\Program Files\P2PSearchers\install.log ---> C:\Program Files\P2PSearchers\uninst.dat
    C:\Program Files\hao123JuziBrowser\User_Data\Default\skin\IE8[ver=1.0.0.2].jzs.movjz.new ---> C:\Program Files\hao123JuziBrowser\User_Data\Default\skin\IE8[ver=1.0.0.2].jzs
    C:\Program Files\hao123JuziBrowser\User_Data\Default\setting.dat.movjz.new ---> C:\Program Files\hao123JuziBrowser\User_Data\Default\setting.dat
    C:\Program Files\hao123JuziBrowser\User_Data\Default\softlist.dat.movjz.new ---> C:\Program Files\hao123JuziBrowser\User_Data\Default\softlist.dat
    C:\Program Files\hao123JuziBrowser\User_Data\Default\speedup.dat.movjz.new ---> C:\Program Files\hao123JuziBrowser\User_Data\Default\speedup.dat
    C:\Program Files\hao123JuziBrowser\User_Data\Default\adblock\adbwin.dat.movjz.new ---> C:\Program Files\hao123JuziBrowser\User_Data\Default\adblock\adbwin.dat
    C:\Program Files\hao123JuziBrowser\User_Data\Default\adblock\adbraw.dat.movjz.new ---> C:\Program Files\hao123JuziBrowser\User_Data\Default\adblock\adbraw.dat
    C:\Program Files\hao123JuziBrowser\User_Data\Default\adblock\adbept.dat.movjz.new ---> C:\Program Files\hao123JuziBrowser\User_Data\Default\adblock\adbept.dat
    C:\Program Files\hao123JuziBrowser\Installer\Uninst.exe.movjz.new ---> C:\Program Files\hao123JuziBrowser\Installer\Uninst.exe
    C:\Program Files\hao123JuziBrowser\hao123Juzi.exe.movjz.new ---> C:\Program Files\hao123JuziBrowser\hao123Juzi.exe
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\modern-header.bmp---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\bg.bmp---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\modern-wizard.bmp---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\Slides\Slides.dat---> Offset = 0
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\Slides\install0.bmp---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\Slides\install1.bmp---> Offset = 49152
    C:\Program Files\P2PSearchers\bootstrap.dat---> Offset = 49152
    C:\Program Files\P2PSearchers\filter.dat---> Offset = 49152
    C:\Program Files\P2PSearchers\nodes.dat---> Offset = 0
    C:\Program Files\P2PSearchers\yunbo.rds---> Offset = 16384
    C:\Documents and Settings\Administrator\桌面\P2PSearchers.lnk---> Offset = 0
    C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearchers\P2PSearchers.lnk---> Offset = 0
    C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearchers\访问 绿色下载吧.lnk---> Offset = 0
    C:\Documents and Settings\Administrator\「开始」菜单\程序\P2PSearchers\卸载 P2PSearchers.lnk---> Offset = 0
    C:\Program Files\P2PSearchers\install.log---> Offset = 123
    网络行为
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = log.123juzi.net, PORT = 80
    行为描述:建立到一个指定的套接字连接
    详情信息:127.0.0.1:1040
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: log.123juzi.net:80/log.php?type=installend&ver=1.1.8.9&cid=96976699_d2_hao_&mid=1666c6f7fd8115612711d3a06b4978fc&umid=1e2bf0d7d8cf6d91a09a2f63a11f547a&i=2&ir=1&iec=0&os=1&safe=0&ie=8&flash=11.1, hConnect = 0x000002a0
    行为描述:按名称获取主机地址
    详情信息:www.hao123.com
    hao123.com
    s0.hao123img.com
    s1.hao123img.com
    s2.hao123img.com
    s3.hao123img.com
    p2ps.dorapp.com
    wpad
    www.p2psearchers.com
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\C:\Documents and Settings\Administrator\Application Data\hao123_[c=1110]__96976699_d2_hao_.exe
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\P2PSearcher.exe\
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearchers\DisplayName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearchers\UninstallString
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearchers\DisplayIcon
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\P2PSearchers\DisplayVersion
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\hao123JuziBrowser\cid
    \REGISTRY\MACHINE\SOFTWARE\hao123JuziBrowser\cid
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\hao123JuziBrowser\firstrun
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\hao123JuziBrowser\lastdefbrowser
    \REGISTRY\MACHINE\SOFTWARE\hao123JuziBrowser\lastdefbrowser
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\hao123JuziBrowser\favimport
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\hao123JuziBrowser\sltinst
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\hao123JuziBrowser\lastinsttype
    行为描述:修改注册表_延迟重命名项
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
    行为描述:修改注册表_IE首页
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
    行为描述:删除注册表键值_IE连接设置
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    行为描述:删除注册表键值
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx\IconHandler\
    \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx\IconHandler\
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\P2PSearcher\DEBUG\Trace Level
    其他行为
    行为描述:创建互斥体
    详情信息:Local\!PrivacIE!SharedMemory!Mutex
    Local\ZonesCounterMutex
    hao123juzibrowser_juzi_{06dc3546-4050-4ce0-9091-9d4bce75c85b}
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    _SHuassist.mtx
    {C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagIEJLGAABIFLAAAAA
    RasPbFile
    CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Static]
    [Window,Class] = [,Button]
    [Window,Class] = [,Auto-Suggest Dropdown]
    [Window,Class] = [显示细节(&D),Button]
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    行为描述:窗口信息
    详情信息:Pid = 876, Hwnd=0xb01de, Text = 安装(&I), ClassName = Button.
    Pid = 876, Hwnd=0xc01d6, Text = 取消(&C), ClassName = Button.
    Pid = 876, Hwnd=0xc0184, Text = 欢迎使用 “P2PSearchers” 安装向导, ClassName = Static.
    Pid = 876, Hwnd=0xb01aa, Text = 这个向导将指引你完成 “P2PSearchers 6.4.7” 的安装进程。在开始安装之前,建议先关闭其他相关应用程序。, ClassName = Static.
    Pid = 876, Hwnd=0xc01c6, Text = 请选择安装方式:, ClassName = Static.
    Pid = 876, Hwnd=0xb018c, Text = 快速安装, ClassName = Button(RadioButton).
    Pid = 876, Hwnd=0xc01b0, Text = 自定义安装, ClassName = Button(RadioButton).
    Pid = 876, Hwnd=0xb01be, Text = 本软件安装到:, ClassName = Static.
    Pid = 876, Hwnd=0xc01b4, Text = C:\Program Files\P2PSearchers, ClassName = Edit.
    Pid = 876, Hwnd=0xb0174, Text = ..., ClassName = Button.
    Pid = 876, Hwnd=0xd0190, Text = 自定义所有的安装选项,推荐有经验的用户使用。, ClassName = Static.
    Pid = 876, Hwnd=0xd0180, Text = 下载吧 - P2PSearchers 6.4.7 安装, ClassName = #32770.
    Pid = 876, Hwnd=0xb016a, Text = < 上一步(&P), ClassName = Button.
    Pid = 876, Hwnd=0xb01de, Text = 下一步(&N) >, ClassName = Button.
    Pid = 876, Hwnd=0xe0190, Text = 显示细节(&D), ClassName = Button.
    行为描述:内联HOOK
    详情信息:C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5633d95
    C:\WINDOWS\system32\kernel32.dll--->LoadLibraryExW Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->UnhandledExceptionFilter Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
    C:\WINDOWS\system32\SHELL32.dll--->SHGetFolderPathW Offset = 0x0
    C:\WINDOWS\system32\SHELL32.dll--->SHGetFolderPathA Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->CreateThread Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->GetModuleFileNameW Offset = 0x0
    行为描述:打开图片文件
    详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\modern-header.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\bg.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\modern-wizard.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\Slides\install0.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\Slides\install1.bmp
    异常崩溃
    行为描述:创建互斥体
    详情信息:Local\!PrivacIE!SharedMemory!Mutex
    Local\ZonesCounterMutex
    hao123juzibrowser_juzi_{06dc3546-4050-4ce0-9091-9d4bce75c85b}
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    _SHuassist.mtx
    {C15730E2-145C-4c5e-B005-3BC753F42475}-once-flagIEJLGAABIFLAAAAA
    RasPbFile
    CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Static]
    [Window,Class] = [,Button]
    [Window,Class] = [,Auto-Suggest Dropdown]
    [Window,Class] = [显示细节(&D),Button]
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    行为描述:窗口信息
    详情信息:Pid = 876, Hwnd=0xb01de, Text = 安装(&I), ClassName = Button.
    Pid = 876, Hwnd=0xc01d6, Text = 取消(&C), ClassName = Button.
    Pid = 876, Hwnd=0xc0184, Text = 欢迎使用 “P2PSearchers” 安装向导, ClassName = Static.
    Pid = 876, Hwnd=0xb01aa, Text = 这个向导将指引你完成 “P2PSearchers 6.4.7” 的安装进程。在开始安装之前,建议先关闭其他相关应用程序。, ClassName = Static.
    Pid = 876, Hwnd=0xc01c6, Text = 请选择安装方式:, ClassName = Static.
    Pid = 876, Hwnd=0xb018c, Text = 快速安装, ClassName = Button(RadioButton).
    Pid = 876, Hwnd=0xc01b0, Text = 自定义安装, ClassName = Button(RadioButton).
    Pid = 876, Hwnd=0xb01be, Text = 本软件安装到:, ClassName = Static.
    Pid = 876, Hwnd=0xc01b4, Text = C:\Program Files\P2PSearchers, ClassName = Edit.
    Pid = 876, Hwnd=0xb0174, Text = ..., ClassName = Button.
    Pid = 876, Hwnd=0xd0190, Text = 自定义所有的安装选项,推荐有经验的用户使用。, ClassName = Static.
    Pid = 876, Hwnd=0xd0180, Text = 下载吧 - P2PSearchers 6.4.7 安装, ClassName = #32770.
    Pid = 876, Hwnd=0xb016a, Text = < 上一步(&P), ClassName = Button.
    Pid = 876, Hwnd=0xb01de, Text = 下一步(&N) >, ClassName = Button.
    Pid = 876, Hwnd=0xe0190, Text = 显示细节(&D), ClassName = Button.
    行为描述:内联HOOK
    详情信息:C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5633d95
    C:\WINDOWS\system32\kernel32.dll--->LoadLibraryExW Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->UnhandledExceptionFilter Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
    C:\WINDOWS\system32\SHELL32.dll--->SHGetFolderPathW Offset = 0x0
    C:\WINDOWS\system32\SHELL32.dll--->SHGetFolderPathA Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->CreateThread Offset = 0x0
    C:\WINDOWS\system32\kernel32.dll--->GetModuleFileNameW Offset = 0x0
    行为描述:打开图片文件
    详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\modern-header.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\bg.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\modern-wizard.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\Slides\install0.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsn4.tmp\Slides\install1.bmp
    动态列表行为
    行为描述:启动服务
    详情信息:com.android.musicfx.Compatibility$Service
    com.android.mms.transaction.SmsReceiverService
    行为描述:读取文件
    详情信息:path:/proc/792/cmdline length:105
    path:/proc/808/cmdline length:105
    path:/proc/820/cmdline length:105
    path:/proc/850/cmdline length:105
    path:/proc/862/cmdline length:105
    path:/proc/868/cmdline length:105
    path:/proc/870/cmdline length:105
    行为描述:类加载
    详情信息:path:/system/app/PicoTts.apk
    path:/system/app/MusicFX.apk
    path:/system/framework/am.jar
    path:/data/app/org.eleetas.nfc.nfcproxy-1.apk
    行为描述:写入文件
    详情信息:path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
    path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
    path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
    Activities
    活动名类型
    org.eleetas.nfc.nfcproxy.SelectorActivityandroid.intent.action.MAIN
    org.eleetas.nfc.nfcproxy.SelectorActivityandroid.nfc.action.NDEF_DISCOVERED
    org.eleetas.nfc.nfcproxy.SelectorActivityandroid.nfc.action.ACTION_TECH_DISCOVERED
    org.eleetas.nfc.nfcproxy.SelectorActivityandroid.nfc.action.TAG_DISCOVERED
    org.eleetas.nfc.nfcproxy.SelectorActivityandroid.intent.category.LAUNCHER
    org.eleetas.nfc.nfcproxy.SelectorActivityandroid.intent.category.DEFAULT
    权限列表
    许可名称信息
    android.permission.NFC允许NFC通讯
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    文件列表
    文件名 校验码
    res/layout/proxy.xml 0xff9d844c
    res/layout/relay.xml 0x209d3883
    res/layout/save_dialog.xml 0xa4ec9869
    res/layout/save_tab.xml 0x39585300
    res/layout/selector.xml 0x1dbf0539
    res/menu/data_context_menu.xml 0xf58ebca3
    res/menu/menu.xml 0x505550fd
    res/menu/saved_context_menu.xml 0xf953082a
    res/xml/preferences.xml 0xf8e07d9f
    AndroidManifest.xml 0xf352bb68
    resources.arsc 0x5ab6072e
    res/drawable-hdpi/ic_launcher.png 0x3c13576b
    res/drawable-ldpi/ic_launcher.png 0x8ef78580
    res/drawable-mdpi/ic_launcher.png 0x99a4f90b
    classes.dex 0xe6f82b1e
    META-INF/MANIFEST.MF 0xd9e7810e
    META-INF/CERT.SF 0x7dfe0791
    META-INF/CERT.RSA 0xe387f29a
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号