aaa.apk MD5:dfbe3bc3daa6ced5ff7ff0460e197c22 9% Scanner(s) (3/32) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

API

uploader for windows(test)

Powered By

File information

File Name :aaa.apk (File not down)

File Size :21580 byte

File Type :application/zip

MD5:dfbe3bc3daa6ced5ff7ff0460e197c22

SHA1:4e77bb2019211adaf83d188bbc5ec878573d9848

扫描结果
权限
文件行为分析

Scanner results

Scanner results:9%Scanner(s) (3/32)found malware!

Behavior analysis report: Habo file analysis

Time: 2016-05-20 15:56:08 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
antiy	AVL SDK 3.0		1970-01-01	Found nothing	5
asquared	9.0.0.4324	9.0.0.4324	2014-07-03	Found nothing	1
avast	150725-1	4.7.4	2015-07-25	Found nothing	60
avg	2109/8133	10.0.1405	2014-11-26	Found nothing	60
baidu	2.0.1.0	4.1.3.52192	2.0.1.0	Found nothing	5
baidusd	1.0	1.0	2014-04-02	Found nothing	1
bitdefender	7.58469	7.90123	2014-12-25	Found nothing	60
clamav	19861	0.97.5	2014-12-31	Found nothing	60
drweb	5.0.2.3300	5.0.1.1	2014-12-31	Found nothing	60
fortinet	23.345, 23.345	5.1.158	2014-12-08	Found nothing	60
fprot	4.6.2.117	6.5.1.5418	2014-12-31	Found nothing	60
fsecure	2014-04-02-01	9.13	2014-04-02	Found nothing	60
gdata	25.6643	25.6643	2016-05-19	Android.Trojan.AutoSMS.MN	8
ikarus	1.06.01	V1.32.31.0	2014-12-08	Found nothing	60
jiangmin	16.0.100	1.0.0.0	2015-07-25	Found nothing	40
kaspersky	5.5.33	5.5.33	2014-04-01	Found nothing	60
kingsoft	2.1	2.1	2013-09-22	Android.Troj.iSMS.af.(kcloud)	4
mcafee	7638	5400.1158	2014-11-30	Found nothing	60
nod32	0920	3.0.21	2014-12-23	Found nothing	60
panda	9.05.01	9.05.01	2015-07-26	Found nothing	4
pcc	11.380.07	9.500-1005	2014-12-31	Found nothing	60
qh360	1.0.1	1.0.1	1.0.1	Found nothing	3
qqphone	1.0.0.0	1.0.0.0	2014-12-09	Found nothing	60
quickheal	14.00	14.00	2015-07-25	Android.Agent.DB	2
rising	25.76.04.01	25.76.04.01	2015-07-24	Found nothing	1
sophos	5.08	3.55.0	2014-12-01	Found nothing	60
symantec	20141230.001	1.3.0.24	2014-12-30	Found nothing	60
tachyon	9.9.9	9.9.9	2013-12-27	Found nothing	3
thehacker	6.8.0.5	6.8.0.5	2015-07-23	Found nothing	1
tws	17.47.17308	1.0.2.2108	2014-12-08	Found nothing	13
vba	3.12.26.3	3.12.26.3	2014-12-31	Found nothing	60
virusbuster	15.0.985.0	5.5.2.13	2014-12-05	Found nothing	60

■Heuristic/Suspicious ■Exact

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

权限列表
许可名称	信息
android.permission.READ_LOGS	读取系统日志
android.permission.KILL_BACKGROUND_PROCESSES	关闭后台进程
android.permission.RESTART_PACKAGES	重启其他程序
android.permission.SYSTEM_ALERT_WINDOW	显示系统窗口
android.permission.READ_PHONE_STATE	读取电话状态
android.permission.RECEIVE_BOOT_COMPLETED	接收开机启动广播
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.READ_EXTERNAL_STORAGE	读外部存储器（如：SD卡）
android.permission.RECEIVE_USER_PRESENT
android.permission.RECEIVE_SMS	监控接收短信
android.permission.SEND_SMS	发送短信
android.permission.READ_SMS	读取短信
android.permission.WRITE_SMS	写短信
android.permission.ACCESS_FINE_LOCATION	获取精确的位置（通过GPS）

文件信息

安全评分 :

基本信息
MD5:dfbe3bc3daa6ced5ff7ff0460e197c22
包名:com.qihoo360.moqesds
最低运行环境:Android 2.2.x
版权:

关键行为
行为描述:	探测 Virtual PC是否存在
详情信息:	N/A
行为描述:	尝试打开调试器或监控软件的驱动设备对象
详情信息:	\??\SICE
	\??\SIWVID
	\??\NTICE
行为描述:	获取TickCount值
详情信息:	TickCount = 1076784, SleepMilliseconds = 50.
	TickCount = 1076800, SleepMilliseconds = 50.
	TickCount = 1076846, SleepMilliseconds = 50.
	TickCount = 1076862, SleepMilliseconds = 50.
	TickCount = 1077534, SleepMilliseconds = 50.
	TickCount = 1077612, SleepMilliseconds = 50.
	TickCount = 1077628, SleepMilliseconds = 50.
	TickCount = 1077643, SleepMilliseconds = 50.
	TickCount = 1077659, SleepMilliseconds = 50.
	TickCount = 1077675, SleepMilliseconds = 50.
	TickCount = 1077690, SleepMilliseconds = 50.
	TickCount = 1077706, SleepMilliseconds = 50.
	TickCount = 1077721, SleepMilliseconds = 50.
	TickCount = 1077737, SleepMilliseconds = 50.
	TickCount = 1077753, SleepMilliseconds = 50.
行为描述:	设置特殊文件夹属性
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies
	C:\Documents and Settings\Administrator\IETldCache
行为描述:	查找指定内核模块
详情信息:	lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述:	查找反病毒常用工具窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
	NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
	NtUserFindWindowEx: [Class,Window] = [pediy06,]
	NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
	NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
	NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
	NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
	NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
	NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]

进程行为
行为描述:	创建本地线程
详情信息:	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1532, StartAddress = 0057C3E7, Parameter = 005E3522
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1544, StartAddress = 0057C3E7, Parameter = 005E3EC1
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1204, StartAddress = 0057C3E7, Parameter = 005E4F84
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 168, StartAddress = 0057C3E7, Parameter = 005E5A35
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1868, StartAddress = 0057C3E7, Parameter = 005E6565
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2052, StartAddress = 0057C3E7, Parameter = 005E704B
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2056, StartAddress = 0057C3E7, Parameter = 005E7C37
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2060, StartAddress = 0057C3E7, Parameter = 005E8745
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2064, StartAddress = 0057C3E7, Parameter = 005EBBED
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2068, StartAddress = 0057C3E7, Parameter = 005ECC4B
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2072, StartAddress = 0057C3E7, Parameter = 005EDD31
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2076, StartAddress = 0057C3E7, Parameter = 005EEB82
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2080, StartAddress = 0057C3E7, Parameter = 005EFAF3
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2084, StartAddress = 0057C3E7, Parameter = 005F144C
	TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2088, StartAddress = 0057C3E7, Parameter = 005F245C
行为描述:	枚举进程
详情信息:	N/A

文件行为
行为描述:	创建文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\fzgx[1].txt
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\shell_explorer_1[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\920hs_com[1]
行为描述:	覆盖已有文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
行为描述:	查找文件
详情信息:	FileName = C:\Documents and Settings
	FileName = C:\Documents and Settings\Administrator
	FileName = C:\Documents and Settings\Administrator\Local Settings
	FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
	FileName = C:\WINDOWS\system32\Ras\*.pbk
	FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
	FileName = C:\WINDOWS
	FileName = C:\WINDOWS\system32
	FileName = C:\WINDOWS\system32\urlmon.dll
	FileName = C:\WINDOWS\system32\ieframe.dll
	FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\.
行为描述:	删除文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\fzgx[1].txt
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\shell_explorer_1[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
行为描述:	设置特殊文件夹属性
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies
	C:\Documents and Settings\Administrator\IETldCache
行为描述:	修改文件内容
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1] ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] ---> Offset = 0

网络行为
行为描述:	联网打开网址
详情信息:	InternetOpenUrlA: http://.133.40.:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
行为描述:	连接指定站点
详情信息:	InternetConnectA: ServerName = do****om, PORT = 5120, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
	InternetConnectA: ServerName = sh****.1, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
	InternetConnectA: ServerName = .133.40., PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
	InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0010, Flags = 0x00000000
行为描述:	打开HTTP连接
详情信息:	InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0004
	InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
	InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
行为描述:	建立到一个指定的套接字连接
详情信息:	URL: do**om, IP: .133.40.**:5120, SOCKET = 0x000004fc
	URL: do**om, IP: .133.40.**:80, SOCKET = 0x000004dc
	URL: do**om, IP: .133.40.**:80, SOCKET = 0x000004ac
	URL: do**om, IP: .133.40.**:80, SOCKET = 0x000004b8
	URL: do**om, IP: .133.40.**:80, SOCKET = 0x000004a0
	URL: wpad, IP: .133.40.:128, SOCKET = 0x0000032c
	URL: sh**.1, IP: .133.40.**:80, SOCKET = 0x0000039c
	URL: sh**.1, IP: .133.40.**:80, SOCKET = 0x00000220
	URL: ww**om, IP: .133.40.**:80, SOCKET = 0x00000398
行为描述:	读取网络文件
详情信息:	hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
	hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
	hFile = 0x00cc0014, BytesToRead =2048, BytesRead = 2048.
行为描述:	发送HTTP包
详情信息:	GET /gx/fzgx.txt HTTP/1.1 Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Referer: http://down.xixihz.com:5120/gx/fzgx.txt Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: do****om:5120 Cache-Control: no-cache
	GET /2345_34616_34616_deskonly.exe HTTP/1.1 Host: do***om Accept: /* Referer: http://down1.xixihz.com User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
	GET /LMIns.exe HTTP/1.1 Host: do***om Accept: /* Referer: http://down1.xixihz.com User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
	GET /pc/powerword2016/PowerWord.800.3085.exe HTTP/1.1 Host: do***om Accept: /* Referer: http://download.iciba.com/pc/powerword2016 User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
	GET /unionpic/2345pic_lm_509188_v6.1.7268_silent.exe HTTP/1.1 Host: do***om Accept: /* Referer: http://download.2345.com/unionpic User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
	GET /wpad.dat HTTP/1.1 Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: .133.40.:128
	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: sh****.1 Connection: Keep-Alive
	GET / HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/msword, / Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
行为描述:	打开HTTP请求
详情信息:	HttpOpenRequestA: do****om:5120/gx/fzgx.txt, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
	HttpOpenRequestA: sh****.1:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
	HttpOpenRequestA: .133.40.:128/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x00000010
	HttpOpenRequestA: sh****.1:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
	HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0010, hRequest = 0x00cc0014, Verb: GET, Referer: , Flags = 0x00400000
行为描述:	按名称获取主机地址
详情信息:	GetAddrInfoW: do****om
	gethostbyname: do****om
	GetAddrInfoW: computer
	GetAddrInfoW: wpad
	GetAddrInfoW: sh****.1
	GetAddrInfoW: ww****om

注册表行为
行为描述:	修改注册表
详情信息:	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\跑跑火神多功能辅助0515版\DEBUG\Trace Level
行为描述:	删除注册表键值
详情信息:	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
	\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\跑跑火神多功能辅助0515版\DEBUG\Trace Level

其他行为
行为描述:	探测 Virtual PC是否存在
详情信息:	N/A
行为描述:	创建互斥体
详情信息:	CTF.LBES.MutexDefaultS-*
	CTF.Compart.MutexDefaultS-*
	CTF.Asm.MutexDefaultS-*
	CTF.Layouts.MutexDefaultS-*
	CTF.TMD.MutexDefaultS-*
	CTF.TimListCache.FMPDefaultS-MUTEX.DefaultS-
	RasPbFile
	Local\ZonesCounterMutex
	Local\ZoneAttributeCacheCounterMutex
	Local\ZonesCacheCounterMutex
	Local\ZonesLockedCacheCounterMutex
	CritOpMutex
	Local\!PrivacIE!SharedMemory!Mutex
	MSCTF.Shared.MUTEX.ELH
行为描述:	创建事件对象
详情信息:	EventName = DINPUTWINMM
	EventName = Global\userenv: User Profile setup event
	EventName = Global\crypt32LogoffEvent
行为描述:	查找指定窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [18467-41,]
	NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
	NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
	NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述:	尝试打开调试器或监控软件的驱动设备对象
详情信息:	\??\SICE
	\??\SIWVID
	\??\NTICE
行为描述:	搜索kernel32.dll基地址
详情信息:	Instruction Address = 0x0057c8f8
行为描述:	调整进程token权限
详情信息:	SE_LOAD_DRIVER_PRIVILEGE
行为描述:	窗口信息
详情信息:	Pid = 912, Hwnd=0xe031e, Text = 请选择功能版本-点击我, ClassName = ComboBox.
	Pid = 912, Hwnd=0x6034e, Text = 启动辅助, ClassName = Button.
	Pid = 912, Hwnd=0x80326, Text = 卸载辅助, ClassName = Button.
	Pid = 912, Hwnd=0x70338, Text = 问题反馈联系邮箱：kf@920hs.com, ClassName = Static.
	Pid = 912, Hwnd=0xa0300, Text = 用于学习交流,如有侵权,请告知,我们立即删除, ClassName = Static.
	Pid = 912, Hwnd=0x29031a, Text = 避免出现错误代码,使用辅助请务必关闭杀毒软件, ClassName = Static.
	Pid = 912, Hwnd=0xa030a, Text = 百度输入法, ClassName = Button(CheckBox).
	Pid = 912, Hwnd=0xb02d8, Text = 跑跑火神9.8v0515, ClassName = #32770.
	Pid = 912, Hwnd=0x103c6, Text = 您想运行或保存此文件吗?, ClassName = Static.
	Pid = 912, Hwnd=0x103ca, Text = 名称:, ClassName = Static.
	Pid = 912, Hwnd=0x103cc, Text = update.exe, ClassName = SysLink.
	Pid = 912, Hwnd=0x103ce, Text = 发行者:, ClassName = Static.
	Pid = 912, Hwnd=0x103d2, Text = 类型:, ClassName = Static.
	Pid = 912, Hwnd=0x103d4, Text = 应用程序, 358KB, ClassName = Static.
	Pid = 912, Hwnd=0x103d6, Text = 从:, ClassName = Static.
行为描述:	调用Sleep函数
详情信息:	[1]: MilliSeconds = 100.
	[4]: MilliSeconds = 100.
	[2]: MilliSeconds = 100.
	[3]: MilliSeconds = 100.
	[5]: MilliSeconds = 100.
	[7]: MilliSeconds = 100.
	[6]: MilliSeconds = 100.
	[9]: MilliSeconds = 100.
	[10]: MilliSeconds = 100.
	[8]: MilliSeconds = 100.
行为描述:	隐藏指定窗口
详情信息:	[Window,Class] = [,ComboLBox]
	[Window,Class] = [,AtlAxWin]
	[Window,Class] = [,SysLink]
	[Window,Class] = [,Static]
	[Window,Class] = [文件大小未知,Static]
	[Window,Class] = [打开此类文件前总是询问(&W),Button]
	[Window,Class] = [发行者:,Static]
行为描述:	获取TickCount值
详情信息:	TickCount = 1076784, SleepMilliseconds = 50.
	TickCount = 1076800, SleepMilliseconds = 50.
	TickCount = 1076846, SleepMilliseconds = 50.
	TickCount = 1076862, SleepMilliseconds = 50.
	TickCount = 1077534, SleepMilliseconds = 50.
	TickCount = 1077612, SleepMilliseconds = 50.
	TickCount = 1077628, SleepMilliseconds = 50.
	TickCount = 1077643, SleepMilliseconds = 50.
	TickCount = 1077659, SleepMilliseconds = 50.
	TickCount = 1077675, SleepMilliseconds = 50.
	TickCount = 1077690, SleepMilliseconds = 50.
	TickCount = 1077706, SleepMilliseconds = 50.
	TickCount = 1077721, SleepMilliseconds = 50.
	TickCount = 1077737, SleepMilliseconds = 50.
	TickCount = 1077753, SleepMilliseconds = 50.
行为描述:	查找指定内核模块
详情信息:	lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述:	查找反病毒常用工具窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
	NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
	NtUserFindWindowEx: [Class,Window] = [pediy06,]
	NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
	NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
	NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
	NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
	NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
	NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]

Activities
活动名	类型
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JieMian	android.intent.category.DEFAULT
com.qihoo360.mobilesafe.StartActivity	android.intent.action.MAIN
com.qihoo360.mobilesafe.StartActivity	android.intent.category.LAUNCHER
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07	android.intent.action.VIEW
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07	android.intent.action.DELETE
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07	android.intent.category.DEFAULT

危险函数
函数名称	信息
SmsManager;->sendMultipartTextMessage	发送彩信
ContentResolver;->query	读取联系人、短信等数据库
ContentResolver;->delete	删除短信、联系人
ActivityManager;->restartPackage	中断进程，可用于关闭杀软

启动方式
名称	信息
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04	监控短信（收到短信）启动服务
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04	开机启动服务
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04	屏幕解锁启动服务
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03	监控短信（收到短信）启动服务
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM06

权限列表
许可名称	信息
android.permission.READ_LOGS	读取系统日志
android.permission.KILL_BACKGROUND_PROCESSES	关闭后台进程
android.permission.RESTART_PACKAGES	重启其他程序
android.permission.SYSTEM_ALERT_WINDOW	显示系统窗口
android.permission.READ_PHONE_STATE	读取电话状态
android.permission.RECEIVE_BOOT_COMPLETED	接收开机启动广播
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.READ_EXTERNAL_STORAGE	读外部存储器（如：SD卡）
android.permission.RECEIVE_USER_PRESENT
android.permission.RECEIVE_SMS	监控接收短信
android.permission.SEND_SMS	发送短信
android.permission.READ_SMS	读取短信
android.permission.WRITE_SMS	写短信
android.permission.ACCESS_FINE_LOCATION	获取精确的位置（通过GPS）

服务列表
名称
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM01

文件列表
文件名	校验码
META-INF/MANIFEST.MF	0x89af2c5e
META-INF/APKIDE.SF	0x9351a966
META-INF/APKIDE.RSA	0xc3f4aaf5
AndroidManifest.xml	0x961bf990
classes.dex	0x1d907a0d
res/drawable-mdpi/ic_launcher.png	0xceb109b
res/layout/main.xml	0xddcbbfb1
res/xml/xyz.xml	0x5174a133
resources.arsc	0x575c5523

运行截图