VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :冰灵云免.apk (File not down)
File Size :6307821 byte
File Type :application/zip
MD5:a58736349dd8cfbfed85b96a37d0b7f0
SHA1:536c866491257ad02428c88676fc898728389ef2
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2018-02-03 21:56:43 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14865 10.0.1405 2018-02-02 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 24275 0.97.5 2018-02-01 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2018-02-02 Found nothing 60
    fortinet 1.000, 54.875, 54.836, 54.859 5.4.247 2018-02-03 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.15900 25.15900 2018-02-02 Found nothing 14
    ikarus 4.00.05 V1.32.31.0 2018-02-02 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-12-22 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2018-02-02 Found nothing 5
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6834 3.0.21 2018-02-01 Found nothing 60
    panda 9.05.01 9.05.01 2018-02-02 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-11-18 Found nothing 3
    rising 3170 3170 2017-12-26 Found nothing 3
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2018-01-30 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2018-02-02 Found nothing 15
    vba 3.12.29.5 beta 3.12.29.5 beta 2018-02-02 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.USE_CREDENTIALS获取认证令牌
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
  • 文件信息
    安全评分 :
    基本信息
    MD5:a58736349dd8cfbfed85b96a37d0b7f0
    包名:ym.bingly.cn
    最低运行环境:Android 4.0, 4.0.1, 4.0.2
    版权:Android
    关键行为
    行为描述:跨进程写入数据
    详情信息:TargetProcess = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000cb0
    TargetProcess = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000cb0
    TargetProcess = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000cb0
    行为描述:获取TickCount值
    详情信息:TickCount = 220093, SleepMilliseconds = 60000.
    TickCount = 220109, SleepMilliseconds = 60000.
    TickCount = 220125, SleepMilliseconds = 60000.
    TickCount = 220140, SleepMilliseconds = 60000.
    TickCount = 220406, SleepMilliseconds = 60000.
    TickCount = 220546, SleepMilliseconds = 60000.
    TickCount = 220578, SleepMilliseconds = 60000.
    行为描述:在桌面创建文件
    详情信息:C:\Users\Administrator\Desktop\Continue WinZip Installation.lnk
    行为描述:设置特殊文件夹属性
    详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x942d974b, EDX = 0x0000008b
    EAX = 0x22ee652c, EDX = 0x0000008c
    行为描述:自删除
    详情信息:C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe
    进程行为
    行为描述:跨进程写入数据
    详情信息:TargetProcess = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000cb0
    TargetProcess = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000cb0
    TargetProcess = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000cb0
    行为描述:创建新文件进程
    详情信息:[0x00000cb0]ImagePath = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe, CmdLine = :\Users\Administrator\AppData\Local\%temp%\b70c.exe run=1 shortcut="C:\Users\Administrator\AppData\Local\%temp%\b70c.exe"
    文件行为
    行为描述:创建文件
    详情信息:C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe
    C:\Users\Administrator\AppData\Local\Temp\270d1\installer_log_20180314073953.txt
    C:\ProgramData\UniqueId\data
    C:\Users\Administrator\AppData\Local\Temp\273ef\Agreement.html
    C:\Users\Administrator\AppData\Local\Temp\273ef\Complete.html
    C:\Users\Administrator\AppData\Local\Temp\273ef\css\jquery-ui.css
    C:\Users\Administrator\AppData\Local\Temp\273ef\css\style.css
    C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\arrow.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\button-hover.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\button-normal.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\centerImg.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\close-hover.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\close-normal.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\footerImg.png
    行为描述:创建可执行文件
    详情信息:C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe
    C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html-temp
    行为描述:复制文件
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\b70c.exe ---> C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe
    行为描述:删除文件
    详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\Eula[1].html
    C:\Users\Administrator\AppData\Local\Temp\273ef\Agreement.html
    C:\Users\Administrator\AppData\Local\Temp\273ef\Complete.html
    C:\Users\Administrator\AppData\Local\Temp\273ef\css\jquery-ui.css
    C:\Users\Administrator\AppData\Local\Temp\273ef\css\style.css
    C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\arrow.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\button-hover.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\button-normal.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\centerImg.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\close-hover.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\close-normal.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\footerImg.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\headerImg.png
    C:\Users\Administrator\AppData\Local\Temp\273ef\images\header_logo.png
    行为描述:查找文件
    详情信息:FileName = C:\Users
    FileName = C:\Users\ADMINI~1
    FileName = C:\Users\ADMINI~1\AppData
    FileName = C:\Users\ADMINI~1\AppData\Local
    FileName = C:\Users\ADMINI~1\AppData\Local\Temp
    FileName = C:\Users\Administrator\AppData
    FileName = C:\Users\Administrator\AppData\Local
    FileName = C:\Users\Administrator\AppData\Local\Temp
    FileName = C:\Users\Administrator\AppData\Local\Temp\26fa8
    FileName = C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe
    FileName = C:\Users\Administrator\AppData\Local\Temp\26fa8\*.*
    FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
    FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\Windows\system32\Ras\*.pbk
    FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
    行为描述:重命名文件
    详情信息:C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html-temp ---> C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html
    行为描述:设置特殊文件夹属性
    详情信息:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
    行为描述:修改文件内容
    详情信息:C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe ---> Offset = 0
    C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe ---> Offset = 65536
    C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe ---> Offset = 131072
    C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe ---> Offset = 196608
    C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe ---> Offset = 262144
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19430
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19434
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 16
    C:\Users\Administrator\AppData\Local\Temp\270d1\installer_log_20180314073953.txt ---> Offset = 0
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19498
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19502
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19556
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19560
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19638
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19642
    行为描述:自删除
    详情信息:C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe
    行为描述:在桌面创建文件
    详情信息:C:\Users\Administrator\Desktop\Continue WinZip Installation.lnk
    网络行为
    行为描述:下载文件
    详情信息:URLDownloadToFileW: http://dl****om/license/WNZP/zh/Eula.html ---> C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html-temp
    C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html-temp
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = dl****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    WinHttpConnect: ServerName = i.****om, PORT = 80, UserName = , Password = , hSession = 0x0038c0e0, hConnect = 0x003c06f8, Flags = 0x00000000
    WinHttpConnect: ServerName = i.****om, PORT = 80, UserName = , Password = , hSession = 0x024b7098, hConnect = 0x003b7048, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2), hSession = 0x00cc0004
    WinHttpOpen: UserAgent: Glority Message Client/1.0, hSession = 0x0038c0e0
    WinHttpOpen: UserAgent: Glority Message Client/1.0, hSession = 0x024b7098
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: dl****om, IP: **.133.40.**:80, SOCKET = 0x000002ec
    行为描述:读取网络文件
    详情信息:hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
    行为描述:发送HTTP包
    详情信息:GET /license/WNZP/zh/Eula.html HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2) Host: dl****om Connection: Keep-Alive
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: dl****om:80/license/wnzp/zh/eula.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
    WinHttpOpenRequest: i.****om:80/v1/loganalytics, hConnect = 0x003c06f8, hRequest = 0x003c4890, Verb: POST, Referer: , Flags = 0x00000100
    WinHttpOpenRequest: i.****om:80/v1/loganalytics, hConnect = 0x003b7048, hRequest = 0x024c65e0, Verb: POST, Referer: , Flags = 0x00000100
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: dl****om
    GetAddrInfoW: i.****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableFileTracing
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableConsoleTracing
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileTracingMask
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\ConsoleTracingMask
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\MaxFileSize
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileDirectory
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableFileTracing
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableConsoleTracing
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileTracingMask
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\ConsoleTracingMask
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\MaxFileSize
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileDirectory
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{21405768-cb87-11e4-8598-806e6f6e6963}\DriveNumber
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{21405768-cb87-11e4-8598-806e6f6e6963}\DriveNumber
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\CD Recorder Drive
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid
    其他行为
    行为描述:检测自身是否被调试
    详情信息:IsDebuggerPresent
    行为描述:创建互斥体
    详情信息:WinZipDownloadManager
    Local\!IETld!Mutex
    Local\_!MSFTHISTORY!_
    Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
    Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
    Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
    Local\WininetStartupMutex
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    RasPbFile
    Local\!PrivacIE!SharedMemory!Mutex
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Internet Explorer_Server]
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x942d974b, EDX = 0x0000008b
    EAX = 0x22ee652c, EDX = 0x0000008c
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    行为描述:窗口信息
    详情信息:Pid = 3248, Hwnd=0x101b2, Text = C:\Users\Administrator\AppData\Local\Temp\273ef\Load.html, ClassName = HTMLUI.
    Pid = 3248, Hwnd=0x101b2, Text = Welcome, ClassName = HTMLUI.
    行为描述:获取TickCount值
    详情信息:TickCount = 220093, SleepMilliseconds = 60000.
    TickCount = 220109, SleepMilliseconds = 60000.
    TickCount = 220125, SleepMilliseconds = 60000.
    TickCount = 220140, SleepMilliseconds = 60000.
    TickCount = 220406, SleepMilliseconds = 60000.
    TickCount = 220546, SleepMilliseconds = 60000.
    TickCount = 220578, SleepMilliseconds = 60000.
    行为描述:调整进程token权限
    详情信息:SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
    SE_AUDIT_PRIVILEGE
    SE_SHUTDOWN_PRIVILEGE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    \KernelObjects\MaximumCommitCondition
    MSFT.VSA.COM.DISABLE.3248
    MSFT.VSA.IEC.STATUS.6c736db0
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    Global\SvcctrlStartEvent_A3752DX
    Local\MSCTF.CtfActivated.Default1
    Local\MSCTF.AsmCacheReady.Default1
    {A1965210-3A9D-4bca-822B-433645B3F5A2}
    行为描述:可执行文件签名信息
    详情信息:C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe(签名验证: 通过)
    C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html-temp(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 60000.
    [2]: MilliSeconds = 60000.
    [3]: MilliSeconds = 60000.
    [4]: MilliSeconds = 0.
    [5]: MilliSeconds = 60000.
    [6]: MilliSeconds = 0.
    [7]: MilliSeconds = 0.
    [8]: MilliSeconds = 0.
    [9]: MilliSeconds = 0.
    [10]: MilliSeconds = 0.
    行为描述:获取光标位置
    详情信息:CursorPos = (48,18794), SleepMilliseconds = 60000.
    CursorPos = (6341,26827), SleepMilliseconds = 60000.
    CursorPos = (19176,16051), SleepMilliseconds = 60000.
    CursorPos = (11485,29685), SleepMilliseconds = 60000.
    CursorPos = (26969,24791), SleepMilliseconds = 60000.
    CursorPos = (5712,28472), SleepMilliseconds = 60000.
    CursorPos = (23288,17154), SleepMilliseconds = 60000.
    行为描述:可执行文件MD5
    详情信息:C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe ---> 9e3b90aa9aab7ade763cfa5fb3e80c53
    C:\Users\Administrator\AppData\Local\Temp\273ef\Eula.html-temp ---> d0966601ecd6239a9ce0241c9aa21571
    行为描述:打开互斥体
    详情信息:Local\!IETld!Mutex
    Local\_!MSFTHISTORY!_
    Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
    Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
    Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
    Local\WininetStartupMutex
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    Local\MSCTF.Asm.MutexDefault1
    CDBurnNotify
    Global\CDBurnExclusive
    行为描述:加载新释放的文件
    详情信息:Image: C:\Users\Administrator\AppData\Local\Temp\26fa8\b70c.exe.
    Activities
    活动名类型
    net.openvpn.openvpn.OpenVPNAttachmentReceiverandroid.intent.action.VIEW
    net.openvpn.openvpn.OpenVPNAttachmentReceiverandroid.intent.category.BROWSABLE
    net.openvpn.openvpn.OpenVPNAttachmentReceiverandroid.intent.category.DEFAULT
    net.openvpn.openvpn.Splashandroid.intent.action.MAIN
    net.openvpn.openvpn.Splashandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    启动方式
    名称信息
    net.openvpn.openvpn.OpenVPNRebootReceiver开机启动服务
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.USE_CREDENTIALS获取认证令牌
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    服务列表
    名称
    net.openvpn.openvpn.OpenVPNService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xfeda33a5
    META-INF/CERT.SF 0x6ac8926f
    META-INF/CERT.RSA 0xf783c17c
    AndroidManifest.xml 0x9efb0480
    assets/.appkey 0xa0d5eaca
    assets/btn_login.xml 0xc94f50c2
    assets/error.html 0xa5b1820a
    assets/help/default/index.html 0x55e96f0
    assets/libjiagu.so 0x455ce6df
    assets/libjiagu_a64.so 0xa910a287
    assets/libjiagu_x86.so 0x4c4085d1
    classes.dex 0x1b783f6f
    lib/arm64-v8a/libovpncli.so 0xc6b8a8d9
    lib/armeabi-v7a/libovpncli.so 0x77c5da1c
    lib/armeabi/libovpncli.so 0xe3e69f9e
    res/drawable-hdpi-v4/icon.png 0xe653ea6a
    res/drawable-hdpi-v4/info.png 0x799e162
    res/drawable-hdpi-v4/openvpn_connected.png 0x2981e42a
    res/drawable-hdpi-v4/openvpn_connecting.png 0x9b82d27f
    res/drawable-hdpi-v4/openvpn_disconnected.png 0x3990b5d3
    res/drawable-mdpi-v4/icon.png 0xe653ea6a
    res/drawable-mdpi-v4/info.png 0x3a7e65e0
    res/drawable-mdpi-v4/openvpn_connected.png 0x2981e42a
    res/drawable-mdpi-v4/openvpn_connecting.png 0x9b82d27f
    res/drawable-mdpi-v4/openvpn_disconnected.png 0x3990b5d3
    res/drawable-xhdpi-v4/icon.png 0xe653ea6a
    res/drawable-xhdpi-v4/openvpn_connected.png 0x2981e42a
    res/drawable-xhdpi-v4/openvpn_connecting.png 0x9b82d27f
    res/drawable-xhdpi-v4/openvpn_disconnected.png 0x3990b5d3
    res/drawable/bt.xml 0x2242b6ff
    res/drawable/bt_add.png 0xe39e4ef1
    res/drawable/bt_bg.png 0x1c2ed224
    res/drawable/bt_center.png 0x5f60f6d7
    res/drawable/bt_day.png 0xa558d0d0
    res/drawable/bt_icon.png 0x8a4cf4af
    res/drawable/bt_info.png 0x5c0b908e
    res/drawable/bt_line.png 0x1905561c
    res/drawable/bt_lj.png 0x13820829
    res/drawable/bt_on.xml 0x7f9fd18a
    res/drawable/bt_time.png 0xe295f46c
    res/drawable/btn.png 0x32943724
    res/drawable/btn_accept_install.xml 0xcd7a6780
    res/drawable/btn_back_on.png 0x7f55a702
    res/drawable/btn_cancel_install.xml 0xd9a24884
    res/drawable/btn_center.png 0xdccb5f8e
    res/drawable/btn_login.xml 0x88bba1a0
    res/drawable/btn_on.png 0x1bab8d1
    res/drawable/btn_on_xml.xml 0xf13d942a
    res/drawable/btn_update.xml 0x39009832
    res/drawable/btns_on_xml.xml 0xe048477e
    res/drawable/connected.png 0x48920990
    res/drawable/connecting.png 0xe340ec91
    res/drawable/delete.png 0x845457df
    res/drawable/disconnected.png 0x845457df
    res/drawable/edit.png 0x8eaaddd8
    res/drawable/error.png 0x845457df
    res/drawable/file_dialog_file.png 0xbeff24a3
    res/drawable/file_dialog_folder.png 0xd54d0cdc
    res/drawable/file_dialog_icon.png 0x99a4f90b
    res/drawable/gg.png 0xd349f386
    res/drawable/info.png 0xe2f4d09a
    res/drawable/info_box.xml 0xa3ae0df8
    res/drawable/inner.xml 0xaffb3741
    res/drawable/line.png 0x35c083f5
    res/drawable/line_bg.png 0x874c9581
    res/drawable/login_bg.png 0x712320af
    res/drawable/login_button.png 0xfd5a6e2c
    res/drawable/logo.png 0x2c717e64
    res/drawable/main_bg.jpg 0xf2809d63
    res/drawable/main_bg.png 0x2758184a
    res/drawable/menu.png 0xd248fbdb
    res/drawable/my_bg.png 0x6f1320c7
    res/drawable/pass.png 0xa81e376
    res/drawable/password.png 0x1975566b
    res/drawable/pause.png 0x6f332d55
    res/drawable/profile_box.xml 0x4cc276a6
    res/drawable/progress_bar_states.xml 0xbc2dd259
    res/drawable/pt.png 0x55b2d9a0
    res/drawable/reload.png 0xb16cb5db
    res/drawable/rightarrow.png 0x6a4a8a4f
    res/drawable/rounded_editview.xml 0xaeba1453
    res/drawable/shap.xml 0x9384137e
    res/drawable/shap2.xml 0x2b535a27
    res/drawable/shape_progressbar_bg.xml 0x48c403c4
    res/drawable/shape_progressbar_mini.xml 0x37f548f
    res/drawable/splash.png 0x6f1320c7
    res/drawable/stats_box.xml 0xca691a9b
    res/drawable/user.png 0xb727bb2d
    res/drawable/user_center.png 0xa0009c85
    res/drawable/username.png 0x2a1b4643
    res/drawable/ws.png 0x4cb04be0
    res/layout-land/cert_warn.xml 0xbcad2270
    res/layout/about.xml 0x5880d0d0
    res/layout/activity_main.xml 0x8417fab9
    res/layout/activity_reg.xml 0xc6ab4ee3
    res/layout/activity_splash.xml 0x64bb9e7d
    res/layout/activity_update.xml 0x8e0d50e2
    res/layout/add_proxy.xml 0x281b051e
    res/layout/add_shortcut.xml 0xffcb9ee5
    res/layout/attachment_receiver.xml 0x80365672
    res/layout/cert_warn.xml 0x5f2dedd2
    res/layout/cr_dialog.xml 0x3a0d4fe7
    res/layout/create_shortcut_dialog.xml 0xf0080b74
    res/layout/file_dialog_main.xml 0xc2fc40cf
    res/layout/file_dialog_row.xml 0x31dfbc4e
    res/layout/form.xml 0x619a02d2
    res/layout/import_profile.xml 0xc6dc6d6f
    res/layout/import_server_item.xml 0x4aa50903
    res/layout/log.xml 0xb205a07a
    res/layout/login.xml 0xa36fed5
    res/layout/proxy_creds.xml 0x63c5c5cc
    res/layout/rename_profile_dialog.xml 0x34e1b9c1
    res/layout/stats.xml 0xed7b389a
    res/menu/menu.xml 0x7932b055
    res/raw/disconnect.wav 0xfa2817f6
    res/xml/preferences.xml 0x98da62d9
    resources.arsc 0x9669a0bb
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号