VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :aaa.apk (File not down)
File Size :21580 byte
File Type :application/zip
MD5:dfbe3bc3daa6ced5ff7ff0460e197c22
SHA1:4e77bb2019211adaf83d188bbc5ec878573d9848
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:9%Scanner(s) (3/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2016-05-20 15:56:08 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 60
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
    clamav 19861 0.97.5 2014-12-31 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
    gdata 25.6643 25.6643 2016-05-19 Android.Trojan.AutoSMS.MN 8
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 40
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2013-09-22 Android.Troj.iSMS.af.(kcloud) 4
    mcafee 7638 5400.1158 2014-11-30 Found nothing 60
    nod32 0920 3.0.21 2014-12-23 Found nothing 60
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
    quickheal 14.00 14.00 2015-07-25 Android.Agent.DB 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 60
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 13
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.READ_LOGS读取系统日志
    android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
    android.permission.RESTART_PACKAGES重启其他程序
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.RECEIVE_USER_PRESENT
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.SEND_SMS发送短信
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
  • 文件信息
    安全评分 :
    基本信息
    MD5:dfbe3bc3daa6ced5ff7ff0460e197c22
    包名:com.qihoo360.moqesds
    最低运行环境:Android 2.2.x
    版权:
    关键行为
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:尝试打开调试器或监控软件的驱动设备对象
    详情信息:\??\SICE
    \??\SIWVID
    \??\NTICE
    行为描述:获取TickCount值
    详情信息:TickCount = 1076784, SleepMilliseconds = 50.
    TickCount = 1076800, SleepMilliseconds = 50.
    TickCount = 1076846, SleepMilliseconds = 50.
    TickCount = 1076862, SleepMilliseconds = 50.
    TickCount = 1077534, SleepMilliseconds = 50.
    TickCount = 1077612, SleepMilliseconds = 50.
    TickCount = 1077628, SleepMilliseconds = 50.
    TickCount = 1077643, SleepMilliseconds = 50.
    TickCount = 1077659, SleepMilliseconds = 50.
    TickCount = 1077675, SleepMilliseconds = 50.
    TickCount = 1077690, SleepMilliseconds = 50.
    TickCount = 1077706, SleepMilliseconds = 50.
    TickCount = 1077721, SleepMilliseconds = 50.
    TickCount = 1077737, SleepMilliseconds = 50.
    TickCount = 1077753, SleepMilliseconds = 50.
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    行为描述:查找指定内核模块
    详情信息:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
    行为描述:查找反病毒常用工具窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
    NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
    NtUserFindWindowEx: [Class,Window] = [pediy06,]
    NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
    NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
    NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
    NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
    NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
    NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1532, StartAddress = 0057C3E7, Parameter = 005E3522
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1544, StartAddress = 0057C3E7, Parameter = 005E3EC1
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1204, StartAddress = 0057C3E7, Parameter = 005E4F84
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 168, StartAddress = 0057C3E7, Parameter = 005E5A35
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 1868, StartAddress = 0057C3E7, Parameter = 005E6565
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2052, StartAddress = 0057C3E7, Parameter = 005E704B
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2056, StartAddress = 0057C3E7, Parameter = 005E7C37
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2060, StartAddress = 0057C3E7, Parameter = 005E8745
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2064, StartAddress = 0057C3E7, Parameter = 005EBBED
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2068, StartAddress = 0057C3E7, Parameter = 005ECC4B
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2072, StartAddress = 0057C3E7, Parameter = 005EDD31
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2076, StartAddress = 0057C3E7, Parameter = 005EEB82
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2080, StartAddress = 0057C3E7, Parameter = 005EFAF3
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2084, StartAddress = 0057C3E7, Parameter = 005F144C
    TargetProcess: 跑跑火神多功能辅助0515版.exe, InheritedFromPID = 1944, ProcessID = 912, ThreadID = 2088, StartAddress = 0057C3E7, Parameter = 005F245C
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\fzgx[1].txt
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\shell_explorer_1[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\920hs_com[1]
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\WINDOWS\system32\Ras\*.pbk
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\WINDOWS
    FileName = C:\WINDOWS\system32
    FileName = C:\WINDOWS\system32\urlmon.dll
    FileName = C:\WINDOWS\system32\ieframe.dll
    FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\*.*
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\fzgx[1].txt
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\shell_explorer_1[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1] ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] ---> Offset = 0
    网络行为
    行为描述:联网打开网址
    详情信息:InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = do****om, PORT = 5120, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    InternetConnectA: ServerName = sh****.1, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
    InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0010, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0004
    InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
    InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: do****om, IP: **.133.40.**:5120, SOCKET = 0x000004fc
    URL: do****om, IP: **.133.40.**:80, SOCKET = 0x000004dc
    URL: do****om, IP: **.133.40.**:80, SOCKET = 0x000004ac
    URL: do****om, IP: **.133.40.**:80, SOCKET = 0x000004b8
    URL: do****om, IP: **.133.40.**:80, SOCKET = 0x000004a0
    URL: wpad, IP: **.133.40.**:128, SOCKET = 0x0000032c
    URL: sh****.1, IP: **.133.40.**:80, SOCKET = 0x0000039c
    URL: sh****.1, IP: **.133.40.**:80, SOCKET = 0x00000220
    URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000398
    行为描述:读取网络文件
    详情信息:hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
    hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
    hFile = 0x00cc0014, BytesToRead =2048, BytesRead = 2048.
    行为描述:发送HTTP包
    详情信息:GET /gx/fzgx.txt HTTP/1.1 Accept: image/gif, image/bmp, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://down.xixihz.com:5120/gx/fzgx.txt Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: do****om:5120 Cache-Control: no-cache
    GET /2345_34616_34616_deskonly.exe HTTP/1.1 Host: do****om Accept: */* Referer: http://down1.xixihz.com User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
    GET /LMIns.exe HTTP/1.1 Host: do****om Accept: */* Referer: http://down1.xixihz.com User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
    GET /pc/powerword2016/PowerWord.800.3085.exe HTTP/1.1 Host: do****om Accept: */* Referer: http://download.iciba.com/pc/powerword2016 User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
    GET /unionpic/2345pic_lm_509188_v6.1.7268_silent.exe HTTP/1.1 Host: do****om Accept: */* Referer: http://download.2345.com/unionpic User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) Pragma: no-cache Cache-Control: no-cache Connection: close
    GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
    GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: sh****.1 Connection: Keep-Alive
    GET / HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/msword, */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: do****om:5120/gx/fzgx.txt, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
    HttpOpenRequestA: sh****.1:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
    HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x00000010
    HttpOpenRequestA: sh****.1:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
    HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0010, hRequest = 0x00cc0014, Verb: GET, Referer: , Flags = 0x00400000
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: do****om
    gethostbyname: do****om
    GetAddrInfoW: computer
    GetAddrInfoW: wpad
    GetAddrInfoW: sh****.1
    GetAddrInfoW: ww****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\跑跑火神多功能辅助0515版\DEBUG\Trace Level
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\跑跑火神多功能辅助0515版\DEBUG\Trace Level
    其他行为
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    RasPbFile
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    CritOpMutex
    Local\!PrivacIE!SharedMemory!Mutex
    MSCTF.Shared.MUTEX.ELH
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = Global\userenv: User Profile setup event
    EventName = Global\crypt32LogoffEvent
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [18467-41,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    行为描述:尝试打开调试器或监控软件的驱动设备对象
    详情信息:\??\SICE
    \??\SIWVID
    \??\NTICE
    行为描述:搜索kernel32.dll基地址
    详情信息:Instruction Address = 0x0057c8f8
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:窗口信息
    详情信息:Pid = 912, Hwnd=0xe031e, Text = 请选择功能版本-点击我, ClassName = ComboBox.
    Pid = 912, Hwnd=0x6034e, Text = 启动辅助, ClassName = Button.
    Pid = 912, Hwnd=0x80326, Text = 卸载辅助, ClassName = Button.
    Pid = 912, Hwnd=0x70338, Text = 问题反馈联系邮箱:kf@920hs.com, ClassName = Static.
    Pid = 912, Hwnd=0xa0300, Text = 用于学习交流,如有侵权,请告知,我们立即删除, ClassName = Static.
    Pid = 912, Hwnd=0x29031a, Text = 避免出现错误代码,使用辅助请务必关闭杀毒软件, ClassName = Static.
    Pid = 912, Hwnd=0xa030a, Text = 百度输入法, ClassName = Button(CheckBox).
    Pid = 912, Hwnd=0xb02d8, Text = 跑跑火神9.8v0515, ClassName = #32770.
    Pid = 912, Hwnd=0x103c6, Text = 您想运行或保存此文件吗?, ClassName = Static.
    Pid = 912, Hwnd=0x103ca, Text = 名称:, ClassName = Static.
    Pid = 912, Hwnd=0x103cc, Text = update.exe, ClassName = SysLink.
    Pid = 912, Hwnd=0x103ce, Text = 发行者:, ClassName = Static.
    Pid = 912, Hwnd=0x103d2, Text = 类型:, ClassName = Static.
    Pid = 912, Hwnd=0x103d4, Text = 应用程序, 358KB, ClassName = Static.
    Pid = 912, Hwnd=0x103d6, Text = 从:, ClassName = Static.
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 100.
    [4]: MilliSeconds = 100.
    [2]: MilliSeconds = 100.
    [3]: MilliSeconds = 100.
    [5]: MilliSeconds = 100.
    [7]: MilliSeconds = 100.
    [6]: MilliSeconds = 100.
    [9]: MilliSeconds = 100.
    [10]: MilliSeconds = 100.
    [8]: MilliSeconds = 100.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [,AtlAxWin]
    [Window,Class] = [,SysLink]
    [Window,Class] = [,Static]
    [Window,Class] = [文件大小未知,Static]
    [Window,Class] = [打开此类文件前总是询问(&W),Button]
    [Window,Class] = [发行者:,Static]
    行为描述:获取TickCount值
    详情信息:TickCount = 1076784, SleepMilliseconds = 50.
    TickCount = 1076800, SleepMilliseconds = 50.
    TickCount = 1076846, SleepMilliseconds = 50.
    TickCount = 1076862, SleepMilliseconds = 50.
    TickCount = 1077534, SleepMilliseconds = 50.
    TickCount = 1077612, SleepMilliseconds = 50.
    TickCount = 1077628, SleepMilliseconds = 50.
    TickCount = 1077643, SleepMilliseconds = 50.
    TickCount = 1077659, SleepMilliseconds = 50.
    TickCount = 1077675, SleepMilliseconds = 50.
    TickCount = 1077690, SleepMilliseconds = 50.
    TickCount = 1077706, SleepMilliseconds = 50.
    TickCount = 1077721, SleepMilliseconds = 50.
    TickCount = 1077737, SleepMilliseconds = 50.
    TickCount = 1077753, SleepMilliseconds = 50.
    行为描述:查找指定内核模块
    详情信息:lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
    lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
    行为描述:查找反病毒常用工具窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
    NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
    NtUserFindWindowEx: [Class,Window] = [pediy06,]
    NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
    NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
    NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
    NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
    NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
    NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
    Activities
    活动名类型
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JieMianandroid.intent.category.DEFAULT
    com.qihoo360.mobilesafe.StartActivityandroid.intent.action.MAIN
    com.qihoo360.mobilesafe.StartActivityandroid.intent.category.LAUNCHER
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07android.intent.action.VIEW
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07android.intent.action.DELETE
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07android.intent.category.DEFAULT
    危险函数
    函数名称信息
    SmsManager;->sendMultipartTextMessage发送彩信
    ContentResolver;->query读取联系人、短信等数据库
    ContentResolver;->delete删除短信、联系人
    ActivityManager;->restartPackage中断进程,可用于关闭杀软
    启动方式
    名称信息
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04监控短信(收到短信)启动服务
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04开机启动服务
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04屏幕解锁启动服务
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03监控短信(收到短信)启动服务
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM06
    权限列表
    许可名称信息
    android.permission.READ_LOGS读取系统日志
    android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
    android.permission.RESTART_PACKAGES重启其他程序
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.RECEIVE_USER_PRESENT
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.SEND_SMS发送短信
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    服务列表
    名称
    ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM01
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x89af2c5e
    META-INF/APKIDE.SF 0x9351a966
    META-INF/APKIDE.RSA 0xc3f4aaf5
    AndroidManifest.xml 0x961bf990
    classes.dex 0x1d907a0d
    res/drawable-mdpi/ic_launcher.png 0xceb109b
    res/layout/main.xml 0xddcbbfb1
    res/xml/xyz.xml 0x5174a133
    resources.arsc 0x575c5523
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号