VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : 绿苹果影视.apk (File not down)
File Size :2457465 byte
File Type :application/zip
MD5:332e3f731f11cdfdc1e9a5282a53be99
SHA1:c856d8e45dbbc90b435367ccb336ef62da9a5b4d
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!        Behavior
    Time: 2018-02-28 15:38:46 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14933 10.0.1405 2018-02-26 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 8
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 24351 0.97.5 2018-02-27 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2018-02-28 Found nothing 60
    fortinet 1.000, 55.441, 55.353, 55.360 5.4.247 2018-02-28 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.16160 25.16160 2018-02-28 Found nothing 15
    ikarus 4.00.06 V1.32.31.0 2018-02-26 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-12-22 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2018-02-27 Found nothing 60
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6968 3.0.21 2018-02-26 Found nothing 60
    panda 9.05.01 9.05.01 2018-02-27 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-11-18 Android.Styricka.GEN6254 3
    rising 3277 3277 2017-12-26 Found nothing 2
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2018-02-25 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2018-02-27 Found nothing 15
    vba 3.12.29.5 beta 3.12.29.5 beta 2018-02-27 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.CALL_PHONE拨打电话
    android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.MODIFY_PHONE_STATE修改电话状态
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.VIBRATE允许设备震动
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.READ_CALL_LOG读取通话记录
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    android.permission.READ_SETTINGS
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
  • 文件信息
    安全评分 :
    基本信息
    MD5:332e3f731f11cdfdc1e9a5282a53be99
    包名:com.top.lvpingguo
    最低运行环境:Android 2.2.x
    版权:CHINA
    关键行为
    行为描述:常规加载驱动
    详情信息:system32\DRIVERS\sysdiag.sys
    行为描述:在桌面创建文件
    详情信息:C:\Documents and Settings\All Users\桌面\火绒剑.lnk
    行为描述:获取TickCount值
    详情信息:TickCount = 228278, SleepMilliseconds = 200.
    TickCount = 228496, SleepMilliseconds = 200.
    TickCount = 228512, SleepMilliseconds = 200.
    TickCount = 228715, SleepMilliseconds = 200.
    TickCount = 228731, SleepMilliseconds = 200.
    TickCount = 228934, SleepMilliseconds = 200.
    TickCount = 229153, SleepMilliseconds = 200.
    TickCount = 229168, SleepMilliseconds = 200.
    TickCount = 229371, SleepMilliseconds = 200.
    TickCount = 229387, SleepMilliseconds = 200.
    TickCount = 229590, SleepMilliseconds = 200.
    TickCount = 229606, SleepMilliseconds = 200.
    TickCount = 229809, SleepMilliseconds = 200.
    TickCount = 229825, SleepMilliseconds = 200.
    TickCount = 229856, SleepMilliseconds = 200.
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = "C:\Program Files\Huorong\Sysdiag\bin\usysdiag.exe" 480
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 1668, ThreadID = 2212, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 1668, ThreadID = 2216, StartAddress = 7C930230, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 1668, ThreadID = 2168, StartAddress = 00404FD6, Parameter = 00020372
    TargetProcess: usysdiag.exe, InheritedFromPID = 1668, ProcessID = 2472, ThreadID = 2480, StartAddress = 00411CD5, Parameter = 00AC3D80
    TargetProcess: usysdiag.exe, InheritedFromPID = 1668, ProcessID = 2472, ThreadID = 2504, StartAddress = 00411CD5, Parameter = 00AC3FC0
    TargetProcess: usysdiag.exe, InheritedFromPID = 1668, ProcessID = 2472, ThreadID = 2508, StartAddress = 00411CD5, Parameter = 00AC41E0
    TargetProcess: usysdiag.exe, InheritedFromPID = 1668, ProcessID = 2472, ThreadID = 2516, StartAddress = 00411CD5, Parameter = 00AC4430
    TargetProcess: usysdiag.exe, InheritedFromPID = 1668, ProcessID = 2472, ThreadID = 2500, StartAddress = 0040ED50, Parameter = 000001E0
    行为描述:创建新文件进程
    详情信息:[0x000009a8]ImagePath = C:\Program Files\Huorong\Sysdiag\bin\usysdiag.exe, CmdLine = "C:\Program Files\Huorong\Sysdiag\bin\usysdiag.exe" 480
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsb7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\System.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-header.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\nsDialogs.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\installer-helper.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\AccessControl.dll
    C:\Program Files\Huorong\Sysdiag\bin\uactmon.dll
    C:\Program Files\Huorong\Sysdiag\bin\usysdiag.dll
    C:\Program Files\Huorong\Sysdiag\bin\daemon.dll
    C:\Program Files\Huorong\Sysdiag\bin\behavior.dll
    C:\Program Files\Huorong\Sysdiag\bin\libxsse.dll
    C:\Program Files\Huorong\Sysdiag\bin\dbghelp.dll
    行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
    详情信息:C:\Documents and Settings\All Users\「开始」菜单\程序\火绒安全实验室\Sysdiag\火绒剑.lnk
    C:\Documents and Settings\All Users\「开始」菜单\程序\火绒安全实验室\Sysdiag\卸载.lnk
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\System.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\nsDialogs.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\installer-helper.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\AccessControl.dll
    C:\Program Files\Huorong\Sysdiag\bin\uactmon.dll
    C:\Program Files\Huorong\Sysdiag\bin\usysdiag.dll
    C:\Program Files\Huorong\Sysdiag\bin\daemon.dll
    C:\Program Files\Huorong\Sysdiag\bin\behavior.dll
    C:\Program Files\Huorong\Sysdiag\bin\libxsse.dll
    C:\Program Files\Huorong\Sysdiag\bin\dbghelp.dll
    C:\Program Files\Huorong\Sysdiag\bin\symsrv.dll
    C:\Program Files\Huorong\Sysdiag\bin\usysdiag.exe
    C:\WINDOWS\system32\drivers\sysdiag.sys
    C:\Program Files\Huorong\Sysdiag\bin\sysdiag-gui.exe
    C:\Program Files\Huorong\Sysdiag\uninst.exe
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg9.tmp
    FileName = C:\Program Files\Huorong\Sysdiag\bin\HipsDaemon.exe
    FileName = C:\Program Files\Huorong\Sysdiag
    FileName = C:\Program Files\Huorong
    FileName = C:\Program Files
    FileName = \uninst.exe
    FileName = C:\Program Files\Huorong\Sysdiag\bin
    FileName = C:\Program Files\Huorong\Sysdiag\bin\sysdiag-gui.exe
    FileName = C:\Documents and Settings\Administrator\My Documents
    FileName = C:\Documents and Settings\All Users
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsb7.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\AccessControl.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\installer-helper.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-header.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\nsDialogs.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\System.dll
    行为描述:在桌面创建文件
    详情信息:C:\Documents and Settings\All Users\桌面\火绒剑.lnk
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp ---> Offset = 98304
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsr8.tmp ---> Offset = 108352
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\System.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-header.bmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-header.bmp ---> Offset = 16384
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp ---> Offset = 16384
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp ---> Offset = 49152
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\modern-wizard.bmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\nsDialogs.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\installer-helper.dll ---> Offset = 0
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\DebugLevel
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\DependOnService
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\ErrorControl
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Type
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Tag
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Group
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\DisplayName
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Description
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Instances\DefaultInstance
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Instances\sysdiag\Altitude
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Instances\sysdiag\Flags
    \REGISTRY\MACHINE\SOFTWARE\Huorong\Sysdiag\InstallPath
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag\DisplayName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HuorongSysdiag\UninstallString
    行为描述:修改注册表_延迟重命名项
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
    行为描述:修改注册表_服务项
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\Start
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\sysdiag\ImagePath
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.EFG
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Button]
    [Window,Class] = [火绒安全实验室,Static]
    [Window,Class] = [火绒安全实验室 ,Static]
    [Window,Class] = [,Static]
    [Window,Class] = [,Auto-Suggest Dropdown]
    [Window,Class] = [显示细节(&D),Button]
    [Window,Class] = [安装完成,Static]
    [Window,Class] = [安装已成功完成。,Static]
    行为描述:常规加载驱动
    详情信息:system32\DRIVERS\sysdiag.sys
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 1668, Hwnd=0x10348, Text = 下一步(&N) >, ClassName = Button.
    Pid = 1668, Hwnd=0x1034a, Text = 取消(&C), ClassName = Button.
    Pid = 1668, Hwnd=0x10356, Text = 火绒安全实验室 , ClassName = Static.
    Pid = 1668, Hwnd=0x10358, Text = 火绒安全实验室, ClassName = Static.
    Pid = 1668, Hwnd=0x10368, Text = 欢迎使用“火绒剑”安装向导, ClassName = Static.
    Pid = 1668, Hwnd=0x1036a, Text = 这个向导将指引你完成“火绒剑”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定的系统文件,而不需要重新启动你的计算机。 单击 [下一步(N)] 继续。, ClassName = Static.
    Pid = 1668, Hwnd=0x10342, Text = 火绒剑 安装, ClassName = #32770.
    Pid = 1668, Hwnd=0x10346, Text = < 上一步(&P), ClassName = Button.
    Pid = 1668, Hwnd=0x10348, Text = 安装(&I), ClassName = Button.
    Pid = 1668, Hwnd=0x1035c, Text = 选择安装位置, ClassName = Static.
    Pid = 1668, Hwnd=0x1035e, Text = 选择“火绒剑”的安装文件夹。, ClassName = Static.
    Pid = 1668, Hwnd=0x2036a, Text = C:\Program Files\Huorong\Sysdiag, ClassName = Edit.
    Pid = 1668, Hwnd=0x20368, Text = 浏览(&B)..., ClassName = Button.
    Pid = 1668, Hwnd=0x20366, Text = 可用空间: 4.8GB, ClassName = Static.
    Pid = 1668, Hwnd=0x10370, Text = 所需空间: 7.6MB, ClassName = Static.
    行为描述:获取TickCount值
    详情信息:TickCount = 228278, SleepMilliseconds = 200.
    TickCount = 228496, SleepMilliseconds = 200.
    TickCount = 228512, SleepMilliseconds = 200.
    TickCount = 228715, SleepMilliseconds = 200.
    TickCount = 228731, SleepMilliseconds = 200.
    TickCount = 228934, SleepMilliseconds = 200.
    TickCount = 229153, SleepMilliseconds = 200.
    TickCount = 229168, SleepMilliseconds = 200.
    TickCount = 229371, SleepMilliseconds = 200.
    TickCount = 229387, SleepMilliseconds = 200.
    TickCount = 229590, SleepMilliseconds = 200.
    TickCount = 229606, SleepMilliseconds = 200.
    TickCount = 229809, SleepMilliseconds = 200.
    TickCount = 229825, SleepMilliseconds = 200.
    TickCount = 229856, SleepMilliseconds = 200.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    Global\crypt32LogoffEvent
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\System.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\nsDialogs.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\installer-helper.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\AccessControl.dll(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\bin\uactmon.dll(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\bin\usysdiag.dll(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\bin\daemon.dll(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\bin\behavior.dll(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\bin\libxsse.dll(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\bin\dbghelp.dll(签名验证: 通过)
    C:\Program Files\Huorong\Sysdiag\bin\symsrv.dll(签名验证: 通过)
    C:\Program Files\Huorong\Sysdiag\bin\usysdiag.exe(签名验证: 未通过)
    C:\WINDOWS\system32\drivers\sysdiag.sys(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\bin\sysdiag-gui.exe(签名验证: 未通过)
    C:\Program Files\Huorong\Sysdiag\uninst.exe(签名验证: 通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 200.
    [2]: MilliSeconds = 200.
    [3]: MilliSeconds = 200.
    [4]: MilliSeconds = 200.
    [5]: MilliSeconds = 200.
    [6]: MilliSeconds = 200.
    [7]: MilliSeconds = 200.
    [8]: MilliSeconds = 200.
    行为描述:创建事件对象
    详情信息:EventName = MSCTF.SendReceive.Event.EFG.IC
    EventName = MSCTF.SendReceiveConection.Event.EFG.IC
    EventName = Global\userenv: User Profile setup event
    EventName = Global\crypt32LogoffEvent
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\System.dll ---> c17103ae9072a06da581dec998343fc1
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\nsDialogs.dll ---> c10e04dd4ad4277d5adc951bb331c777
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\installer-helper.dll ---> bfde6b61201b95a2892e63adfce22769
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsg9.tmp\AccessControl.dll ---> 971a1632f3f6ed6942b22b6d77692a12
    C:\Program Files\Huorong\Sysdiag\bin\uactmon.dll ---> ffae295cc48606ba15fd9ac07c0c112f
    C:\Program Files\Huorong\Sysdiag\bin\usysdiag.dll ---> 4c5db6477ea151be370854b1346eeda0
    C:\Program Files\Huorong\Sysdiag\bin\daemon.dll ---> fe39e5e036b5c86ddb3ef2ada62ba0bf
    C:\Program Files\Huorong\Sysdiag\bin\behavior.dll ---> cf5d7b176a13b35e03eb290ba9dbe48f
    C:\Program Files\Huorong\Sysdiag\bin\libxsse.dll ---> c39b00b17ca0a7b6bfc8c9ef8173538c
    C:\Program Files\Huorong\Sysdiag\bin\dbghelp.dll ---> 4003e34416ebd25e4c115d49dc15e1a7
    C:\Program Files\Huorong\Sysdiag\bin\symsrv.dll ---> 39572ded651b59a792b3f0c82603bf9e
    C:\Program Files\Huorong\Sysdiag\bin\usysdiag.exe ---> 4385ba0b742ed93f309c717ecd6ea0e8
    C:\WINDOWS\system32\drivers\sysdiag.sys ---> 1cb5904fda4524db0a9b8b234c6d36e1
    C:\Program Files\Huorong\Sysdiag\bin\sysdiag-gui.exe ---> 8097161ce5b29e81a4d9420ac468ea0e
    C:\Program Files\Huorong\Sysdiag\uninst.exe ---> 058ce181143c882ec8a2dc765d13be26
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    行为描述:加载新释放的文件
    详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg9.tmp\System.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg9.tmp\nsDialogs.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg9.tmp\installer-helper.dll.
    Image: C:\Program Files\Huorong\Sysdiag\bin\usysdiag.dll.
    Image: C:\Program Files\Huorong\Sysdiag\bin\uactmon.dll.
    Image: C:\Program Files\Huorong\Sysdiag\bin\dbghelp.dll.
    Activities
    活动名类型
    com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.android.StartActivityandroid.intent.category.LAUNCHER
    com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
    com.tencent.smtt.sdk.VideoActivitycom.tencent.smtt.tbs.video.PLAY
    com.tencent.smtt.sdk.VideoActivityandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    ContentResolver;->query读取联系人、短信等数据库
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    java/net/HttpURLConnection;->connect连接URL
    LocationManager;->getLastKnownLocation获取地址位置
    HttpClient;->execute请求远程服务器
    java/net/URL;->openConnection连接URL
    权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.CALL_PHONE拨打电话
    android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.MODIFY_PHONE_STATE修改电话状态
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.VIBRATE允许设备震动
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.READ_CALL_LOG读取通话记录
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    android.permission.READ_SETTINGS
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xc06149e3
    META-INF/LVPINGGU.SF 0x81e68f74
    META-INF/LVPINGGU.RSA 0x427b244c
    assets/a4g_71x72x256.png 0xcf0c5285
    assets/a4h_71x72x256.png 0x6ad8184e
    assets/ac5_71x72x256.png 0xd19b45b1
    assets/ac9_71x72x256.png 0xc5c11781
    assets/acg_71x72x256.png 0xde70ad78
    assets/ack_71x72x256.png 0x3f3e0e75
    assets/acm_71x72x256.png 0x4ec8463c
    assets/acp_71x72x256.png 0x492b6a7
    assets/acq_71x72x256.png 0x62f6ac26
    assets/act_71x72x256.png 0x3f18e142
    assets/beijing8000.png 0x31b3606e
    assets/beijing8001.png 0x280e2f54
    assets/beijing8002.png 0xf45871ad
    assets/beijing8003.png 0x8f12924f
    assets/beijing8004.png 0x22a6f3c9
    assets/beijing8005.png 0xbd8aa227
    assets/beijing8006.png 0x87611b71
    assets/beijing8007.png 0xe1bbf55
    assets/beijing8008.png 0x9ee1799d
    assets/beijing8009.png 0x4e1dbde0
    assets/beijing8010.png 0x2e2c84cd
    assets/beijing8011.png 0xcc0958ae
    assets/beijingse030.png 0xd5dea881
    assets/beijingse_1.png 0x4d7e9c16
    assets/beijingse_2.png 0xe02403f
    assets/beijingse_3.png 0x2783564d
    assets/beijingse_4.png 0x724193c9
    assets/beijingse_5.png 0xa74b2a46
    assets/beijingse_6.png 0x3211f709
    assets/beijingse_7.png 0x23c912bf
    assets/tubaio01.png 0xf5f8234b
    assets/tubaio02.png 0xc100abc1
    assets/tubiao0039.png 0x44667d0f
    assets/tubiao025.gif 0x7e5bb99e
    assets/tubiao026.png 0xfc5f3a49
    assets/tubiao03.png 0x4adeeece
    assets/tubiao04.png 0x9d422ff9
    assets/tubiao05.png 0x674e26ea
    assets/tubiao06.png 0xc2ed26fd
    assets/tubiao07.png 0xe1809665
    assets/tubiao08.png 0x1900560a
    assets/tubiao088.png 0xab240e5e
    assets/tubiao089.png 0x1162b9df
    assets/tubiao10001.png 0x45819152
    assets/tubiao10002.png 0x890608fe
    assets/tubiao10003.png 0x140be5aa
    assets/tubiao10004.png 0xa09f2bb3
    assets/tubiao100200.png 0xc693cbd0
    assets/tubiao100201.png 0xc26ba1fb
    assets/tubiao100202.png 0xb5df06dd
    assets/tubiao20010.png 0xa23926
    assets/tubiao20011.png 0x4392d4a1
    assets/tubiao20015.png 0x67f689ac
    assets/tubiao20022.png 0x9a991841
    assets/tubiao20033.png 0xeb822415
    assets/tubiao20044.png 0xbd30862d
    assets/tubiao20055.png 0x663d4868
    assets/tubiao20066.png 0xf9f4a8cc
    assets/tubiao20077.png 0x8fa1bd18
    assets/tubiao20088.png 0x52c0b9fd
    assets/tubiao20099.png 0x387246ec
    assets/tubiao_1.png 0x867815cc
    assets/tubiao_2.png 0xbeede539
    assets/tubiao_3.png 0x79b3659a
    assets/tubiao_fanhui.png 0x7e0d033e
    assets/tubiao_fanhui10.png 0x72bdee2c
    assets/tubiao_fanhui11.png 0xab21f8dc
    assets/tubiao_fanhui2.png 0x48828ed7
    assets/tubiao_fanhui3.png 0xfe0aaf09
    assets/tubiao_guanbi.png 0x2652df77
    assets/tubiao_jiexi.png 0x546dbbd
    assets/tubiao_jx01.png 0xbf082b8
    assets/tubiao_jx01_1.png 0x1de3f01e
    assets/tubiao_jx02.png 0x5b8d76e4
    assets/tubiao_jx02_2.png 0x60b89c29
    assets/tubiao_jx03.png 0x52c05fee
    assets/tubiao_jx03_3.png 0xa13f4dcc
    assets/tubiao_jx04.png 0x1ef2b43b
    assets/tubiao_jx04_4.png 0xfde7bb09
    assets/tubiao_jx05.png 0xb81815c9
    assets/tubiao_jx05_5.png 0xba79754f
    assets/tubiao_jx06.png 0xd011cba4
    assets/tubiao_jx06_6.png 0xfb8bf24d
    assets/tubiao_jx07.png 0x5fb6dc4f
    assets/tubiao_jx07_7.png 0x39ff9e50
    assets/tubiao_jx08.png 0xdfed0dbe
    assets/tubiao_jx08_8.png 0x71ca6dd3
    assets/tubiao_jx09.png 0xdbc70620
    assets/tubiao_jx09_9.png 0x8c03f2e
    assets/tubiao_list_chunse.png 0x4c6e9009
    assets/tubiao_list_fenlei.png 0xaa951bb5
    assets/tubiao_list_iqiyi.png 0x97f3be1
    assets/tubiao_list_le.png 0xaa696955
    assets/tubiao_list_mgtv.png 0xc5372b88
    assets/tubiao_list_qq.png 0x60e241f5
    assets/tubiao_list_sohu.png 0xc47ebde5
    assets/tubiao_list_wxs.png 0x71707a44
    assets/tubiao_list_youku.png 0x6e86422d
    assets/tubiao_list_zhi.png 0xf92d76cb
    assets/tubiao_qianjing10.png 0xb6e51066
    assets/tubiao_shanchu01.png 0x4c64175f
    assets/tubiao_shanchu02.png 0xa890603c
    assets/tubiao_shanchu2.png 0xaa0fd031
    assets/tubiao_sousuo10.png 0x12884ba5
    assets/tubiao_touxiang.png 0xf6ad5d9
    assets/tubiao_wangluo01.png 0xb6199928
    assets/tupian0002.png 0x96dfb860
    assets/tupian080.png 0xec9ec7a6
    assets/tupian10000.png 0x84d38586
    assets/tupian8000.jpg 0x7b5a2237
    assets/tupian80005.jpg 0x7f5052bc
    res/drawable/anniu.xml 0xe39f4afb
    res/drawable/anniu001.xml 0x39ac5e1d
    res/drawable/anniu002.xml 0xc3126df2
    res/drawable/anniu003.xml 0xf5483f2d
    res/drawable/anniu1.xml 0xd1d8e809
    res/drawable/anniu2.xml 0x6a68948d
    res/drawable/anniu3.xml 0x303cdf6b
    res/drawable/anniu4.xml 0xc0692e65
    res/drawable/anniu_1.xml 0xd2ce4a86
    res/drawable/bjk.xml 0xbb01f8d8
    res/drawable/bjk2.xml 0x73c1e94d
    res/drawable/bjk3.xml 0x68bd9164
    res/drawable/bjk4.xml 0x9384e1e0
    res/drawable/e4alistview_new_message.png 0x1cdc5409
    res/drawable/icon.png 0x35feed27
    res/drawable/icon_1.png 0xa8855a47
    res/drawable/icon_2.png 0xeb43fe13
    res/drawable/icon_3.png 0x20c33ae9
    res/drawable/icon_4.png 0x552d7eb7
    res/drawable/icon_5.png 0x20031721
    res/drawable/icon_empty.png 0x95d5b4c8
    res/drawable/icon_error.png 0x38fd3fd7
    res/drawable/icon_point.png 0xa830f52b
    res/drawable/icon_point_pre.png 0x91131896
    res/drawable/icon_stub.png 0xa595e8c0
    res/drawable/tupian_shibai.png 0x1532ede4
    AndroidManifest.xml 0xd4c904c1
    resources.arsc 0x2033ad12
    classes.dex 0x561dae93
    lib/armeabi/liblbs.so 0xbe8edb00
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号