VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : 546457.apk (File not down)
File Size :1011887 byte
File Type :application/zip
MD5:f3e488deca10f41aeb3814957a115a2d
SHA1:aa7db73e5785834df3d728e3d26267a7b171b258
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!        Behavior
    Time: 2017-09-19 10:32:17 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23845 0.97.5 2017-09-17 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
    fortinet 1.000, 51.740, 51.597, 51.621 5.4.247 2017-09-19 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14236 25.14236 2017-09-18 Android.Trojan.Dropper.LA 12
    ikarus 3.02.09 V1.32.31.0 2017-09-18 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-18 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-18 Found nothing 5
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6095 3.0.21 2017-09-17 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-18 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-18 Found nothing 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 3
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2017-09-16 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-09-18 Found nothing 15
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-18 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.RECORD_AUDIO录音(使用AudioRecord)
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.SET_WALLPAPER设置桌面壁纸
  • 文件信息
    安全评分 :
    基本信息
    MD5:f3e488deca10f41aeb3814957a115a2d
    包名:com.One.WoodenLetter
    最低运行环境:Android 5.0
    版权:Android
    关键行为
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:查询注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
    \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
    \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
    行为描述:获取TickCount值
    详情信息:TickCount = 224565, SleepMilliseconds = 50.
    TickCount = 224581, SleepMilliseconds = 50.
    TickCount = 224596, SleepMilliseconds = 50.
    TickCount = 224690, SleepMilliseconds = 50.
    TickCount = 224721, SleepMilliseconds = 50.
    TickCount = 224878, SleepMilliseconds = 50.
    TickCount = 225065, SleepMilliseconds = 50.
    TickCount = 225268, SleepMilliseconds = 50.
    TickCount = 225284, SleepMilliseconds = 50.
    TickCount = 225456, SleepMilliseconds = 50.
    TickCount = 225612, SleepMilliseconds = 50.
    TickCount = 225628, SleepMilliseconds = 50.
    TickCount = 225643, SleepMilliseconds = 50.
    TickCount = 225675, SleepMilliseconds = 50.
    TickCount = 225690, SleepMilliseconds = 50.
    行为描述:打开注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x00010352, Text = , ClassName = ShadowWnd_UI.
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xa6a4f03c, EDX = 0x000000ba
    EAX = 0xa6a4f088, EDX = 0x000000ba
    EAX = 0xa6a4f0d4, EDX = 0x000000ba
    EAX = 0xa6a4f120, EDX = 0x000000ba
    EAX = 0xa957f09c, EDX = 0x000000ba
    EAX = 0xa957f0e8, EDX = 0x000000ba
    EAX = 0xa957f134, EDX = 0x000000ba
    EAX = 0xabdfc0bd, EDX = 0x000000ba
    EAX = 0xabdfc109, EDX = 0x000000ba
    EAX = 0xabdfc155, EDX = 0x000000ba
    行为描述:VMWare特殊指令检测虚拟机
    详情信息:N/A
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2780, StartAddress = 0070C0CB, Parameter = 0086662C
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2784, StartAddress = 0070C0CB, Parameter = 008670B4
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2788, StartAddress = 0070C0CB, Parameter = 008679A0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2792, StartAddress = 0070C0CB, Parameter = 00868483
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2796, StartAddress = 0070C0CB, Parameter = 00868EC7
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2800, StartAddress = 0070C0CB, Parameter = 0086998D
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2804, StartAddress = 0070C0CB, Parameter = 0086A445
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2808, StartAddress = 0070C0CB, Parameter = 0086AF7B
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2812, StartAddress = 0070C0CB, Parameter = 0086F39F
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2816, StartAddress = 0070C0CB, Parameter = 00870336
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2820, StartAddress = 0070C0CB, Parameter = 00871358
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2824, StartAddress = 0070C0CB, Parameter = 0087247D
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2828, StartAddress = 0070C0CB, Parameter = 00873404
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2832, StartAddress = 0070C0CB, Parameter = 00874517
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2696, ThreadID = 2836, StartAddress = 0070C0CB, Parameter = 008755BE
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml
    C:\Documents and Settings\Administrator\Local Settings\Temp\mac3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ad-mymacro[1].xml
    C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\liveupdate8[1].dat
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL
    C:\Documents and Settings\Administrator\Local Settings\Temp\mymacro.zip
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL
    C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL
    C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe
    C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe
    C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat
    C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\WINDOWS\system32\Ras\*.pbk
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml
    C:\Documents and Settings\Administrator\Local Settings\Temp\mac3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ad-mymacro[1].xml
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\liveupdate8[1].dat
    C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip
    C:\Documents and Settings\Administrator\Local Settings\Temp\mymacro.zip
    C:\Documents and Settings\Administrator\Local Settings\Temp\RKey.zip
    C:\Documents and Settings\Administrator\Local Settings\Temp\Runner.zip
    C:\Documents and Settings\Administrator\Local Settings\Temp\MT.zip
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\AnJianBindingInstallPC[1].html
    行为描述:重命名文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\mac3.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 4096
    C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 8192
    C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 12288
    C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 16384
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> Offset = 16384
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 16384
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 32768
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 49152
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> Offset = 65536
    网络行为
    行为描述:联网打开网址
    详情信息:InternetOpenUrlA: http://so****om/Include/BuildPage/AnJianBindingInstallPC.html, hInternet = 0x00cc0014, Flags = 0x80000001
    行为描述:下载文件
    详情信息:URLDownloadToFileW: http://so****om/V2014V2/Config/ad-mymacro.xml ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp
    URLDownloadToFileW: http://do****om/qmacro/up_mymacro/liveupdate8.dat ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    InternetConnectA: ServerName = do****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0010, Flags = 0x00000000
    InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x04000000
    InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0014, hConnect = 0x00cc0018, Flags = 0x80000001
    行为描述:打开HTTP连接
    详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
    InternetOpenA: UserAgent: Mozilla/4.0 (compatible), hSession = 0x00cc0008
    InternetOpenA: UserAgent: HttpClient, hSession = 0x00cc0014
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000358
    URL: do****om, IP: **.133.40.**:80, SOCKET = 0x00000360
    URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000374
    URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000350
    行为描述:读取网络文件
    详情信息:hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
    hFile = 0x00cc0014, BytesToRead =2048, BytesRead = 2048.
    hFile = 0x00cc0010, BytesToRead =4095, BytesRead = 4095.
    hFile = 0x00cc001c, BytesToRead =4096, BytesRead = 4096.
    行为描述:发送HTTP包
    详情信息:GET /V2014V2/Config/ad-mymacro.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: so****om Connection: Keep-Alive
    GET /qmacro/up_mymacro/liveupdate8.dat HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: do****om Connection: Keep-Alive
    POST /Include/BuildPage/ExitAdXJL.shtml HTTP/1.1 Accept: */* Host: so****om Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 0 Cache-Control: no-cache
    GET /Include/BuildPage/AnJianBindingInstallPC.html HTTP/1.1 User-Agent: HttpClient Host: so****om Cache-Control: no-cache
    POST /Interface/GetIP.aspx HTTP/1.1 Accept: */* Host: so****om Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 29 Cache-Control: no-cache data=30497A4B3525323E7EE50001
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: so****om:80/v2014v2/config/ad-mymacro.xml, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
    HttpOpenRequestA: do****om:80/qmacro/up_mymacro/liveupdate8.dat, hConnect = 0x00cc0010, hRequest = 0x00cc0014, Verb: GET, Referer: , Flags = 0x00400010
    HttpOpenRequestA: so****om:80/include/buildpage/exitadxjl.shtml, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: POST, Referer: , Flags = 0x04000040
    HttpOpenRequestA: so****om:80/include/buildpage/anjianbindinginstallpc.html, hConnect = 0x00cc0018, hRequest = 0x00cc001c, Verb: GET, Referer: , Flags = 0x80000001
    HttpOpenRequestA: so****om:80/interface/getip.aspx, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: POST, Referer: , Flags = 0x04000040
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: so****om
    GetAddrInfoW: do****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
    行为描述:打开注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
    行为描述:查询注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
    \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
    \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
    行为描述:删除注册表键
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
    其他行为
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:创建互斥体
    详情信息:oleacc-msaa-loaded
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    RasPbFile
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = Global\userenv: User Profile setup event
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Local\!IETld!Mutex
    Local\_!MSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
    Local\c:!documents and settings!administrator!cookies!
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!
    Local\WininetStartupMutex
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    RasPbFile
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    Global\SvcctrlStartEvent_A3752DX
    \INSTALLATION_SECURITY_HOLD
    行为描述:获取TickCount值
    详情信息:TickCount = 224565, SleepMilliseconds = 50.
    TickCount = 224581, SleepMilliseconds = 50.
    TickCount = 224596, SleepMilliseconds = 50.
    TickCount = 224690, SleepMilliseconds = 50.
    TickCount = 224721, SleepMilliseconds = 50.
    TickCount = 224878, SleepMilliseconds = 50.
    TickCount = 225065, SleepMilliseconds = 50.
    TickCount = 225268, SleepMilliseconds = 50.
    TickCount = 225284, SleepMilliseconds = 50.
    TickCount = 225456, SleepMilliseconds = 50.
    TickCount = 225612, SleepMilliseconds = 50.
    TickCount = 225628, SleepMilliseconds = 50.
    TickCount = 225643, SleepMilliseconds = 50.
    TickCount = 225675, SleepMilliseconds = 50.
    TickCount = 225690, SleepMilliseconds = 50.
    行为描述:获取光标位置
    详情信息:CursorPos = (80,18468), SleepMilliseconds = 50.
    CursorPos = (6373,26501), SleepMilliseconds = 50.
    CursorPos = (19208,15725), SleepMilliseconds = 50.
    CursorPos = (11517,29359), SleepMilliseconds = 50.
    CursorPos = (27001,24465), SleepMilliseconds = 50.
    CursorPos = (5744,28146), SleepMilliseconds = 50.
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x00010352, Text = , ClassName = ShadowWnd_UI.
    行为描述:搜索kernel32.dll基地址
    详情信息:Instruction Address = 0x0070da8a
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe(签名验证: 通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe(签名验证: 通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat(签名验证: 通过)
    C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe(签名验证: 通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 50.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ShadowWnd_UI]
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> 9e540d9b62d97b7ec9761ab519db6a5c
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\REGDLL.DLL ---> f2d9f1443217e23b29d64978d2f61612
    C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
    C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL ---> f2b95bba57762d7a6ac0045288a226ce
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LAZYOFFICE.DLL ---> 9633ea58182770aa29872ac9fbe020e6
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MSG.DLL ---> 67be71ef830b10f536c9fadfd0ff8689
    C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL ---> 4723c8d438821f0b0bc7edfe9811a1dc
    C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe ---> 文件过大!
    C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe ---> 295f142c363d8c14a3f7c84622497cf6
    C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat ---> cf91ee6448dde1032c3b91ae8031389b
    C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe ---> 6abd36f782e36bcf9e90a3230d6ca97f
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xa6a4f03c, EDX = 0x000000ba
    EAX = 0xa6a4f088, EDX = 0x000000ba
    EAX = 0xa6a4f0d4, EDX = 0x000000ba
    EAX = 0xa6a4f120, EDX = 0x000000ba
    EAX = 0xa957f09c, EDX = 0x000000ba
    EAX = 0xa957f0e8, EDX = 0x000000ba
    EAX = 0xa957f134, EDX = 0x000000ba
    EAX = 0xabdfc0bd, EDX = 0x000000ba
    EAX = 0xabdfc109, EDX = 0x000000ba
    EAX = 0xabdfc155, EDX = 0x000000ba
    行为描述:VMWare特殊指令检测虚拟机
    详情信息:N/A
    Activities
    活动名类型
    com.androlua.Mainandroid.intent.action.VIEW
    com.androlua.Mainandroid.intent.action.EDIT
    com.androlua.Mainandroid.intent.category.DEFAULT
    com.androlua.Mainandroid.intent.category.BROWSABLE
    com.androlua.LuaActivityandroid.intent.action.VIEW
    com.androlua.LuaActivityandroid.intent.action.EDIT
    com.androlua.LuaActivitycom.One.WoodenLetter.action.SHORTCUT
    com.androlua.LuaActivityandroid.intent.action.MAIN
    com.androlua.LuaActivityandroid.intent.category.DEFAULT
    com.androlua.LuaActivityandroid.intent.category.BROWSABLE
    com.androlua.Welcomeandroid.intent.action.MAIN
    com.androlua.Welcomeandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    ContentResolver;->query读取联系人、短信等数据库
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    Camera;->open开启相机
    权限列表
    许可名称信息
    android.permission.RECORD_AUDIO录音(使用AudioRecord)
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.SET_WALLPAPER设置桌面壁纸
    服务列表
    名称
    com.androlua.LuaService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x67d332a6
    META-INF/CERT.SF 0xec6beffc
    META-INF/CERT.RSA 0x5310514b
    AndroidManifest.xml 0x98991c84
    assets/ExpressionBrowse.lua 0xb96e9507
    assets/ExpressionEditor.lua 0x5692acb1
    assets/FalsePrivateLetter.lua 0xfadebc28
    assets/FastBlur 0x2f076dc3
    assets/Hydrogen.lua 0x507c8a8
    assets/Hydrogen2.lua 0xda40acf2
    assets/Image_Preview.lua 0x12b78c0
    assets/LinearExtraction.lua 0xaf5dcf69
    assets/MyBrowserApp/color.lua 0xbbdf7548
    assets/MyBrowserApp/funs.lua 0x243ca440
    assets/MyBrowserApp/init.lua 0x486a6cc9
    assets/MyBrowserApp/layout.lua 0x817e4851
    assets/MyBrowserApp/main.lua 0x9ef058e7
    assets/MyBrowserApp/mao.dex 0x40fb90ce
    assets/MyBrowserApp/strings_code.lua 0x7c3957bc
    assets/StringManipulation.lua 0x9ffcd60f
    assets/WoodTranslation/BaiduTables.lua 0x61e0d49c
    assets/WoodTranslation/GoogleTables.lua 0x74bb3d2
    assets/WoodTranslation/init.lua 0xa1178a3e
    assets/WoodTranslation/main.lua 0xb3c88235
    assets/WoodTranslation/ygmy_function.lua 0x1710bc8f
    assets/WoodTranslation/ygmy_main_layout.lua 0x39591cd8
    assets/aboutandhelp.lua 0x308845ad
    assets/appManager/CodeMod.lua 0xb3d2984d
    assets/appManager/Style.conf 0x38aee10f
    assets/appManager/app_oper.lua 0x40780ec1
    assets/appManager/app_oper_fun.lua 0x51769cd9
    assets/appManager/init.lua 0xbda773f1
    assets/appManager/layout.lua 0xfc0f96fb
    assets/appManager/main.lua 0x38fce7a2
    assets/appManager/operlayout.lua 0x8912df31
    assets/appManager/permission.lua 0x137db0f9
    assets/choiceTheme.lua 0xe80d9b3e
    assets/colorPicker.lua 0xabda849d
    assets/customInit.lua 0x55f0a24d
    assets/first.lua 0x7e012f56
    assets/fun_view.lua 0xd9588502
    assets/functions.lua 0x60f294a6
    assets/icons/ic_account_multiple_plus.png 0x6d931301
    assets/icons/ic_add.png 0xe7906837
    assets/icons/ic_android.png 0x19e76e1e
    assets/icons/ic_apps.png 0x793f0d3e
    assets/icons/ic_archieliu.png 0x4caaff44
    assets/icons/ic_back.png 0x78d20f49
    assets/icons/ic_broom.png 0xcca0433e
    assets/icons/ic_circle.png 0x712c8124
    assets/icons/ic_clipboard_text.png 0x3a1a27d4
    assets/icons/ic_close.png 0x9d92fda
    assets/icons/ic_comment_processing.png 0x66db3a24
    assets/icons/ic_copy.png 0xc924aff8
    assets/icons/ic_delete.png 0xdd8aab5f
    assets/icons/ic_download.png 0xd36e70c1
    assets/icons/ic_email.png 0x26a8c5a1
    assets/icons/ic_emoticon.png 0x7086f772
    assets/icons/ic_expand.png 0xbac3908e
    assets/icons/ic_flower.png 0xd0b170b7
    assets/icons/ic_hange.png 0xf8b9b726
    assets/icons/ic_heart.png 0x137f0ee
    assets/icons/ic_import.png 0x246e0b
    assets/icons/ic_keyboard.png 0x94e038ca
    assets/icons/ic_launcher_ygmy.png 0xfe5a4319
    assets/icons/ic_leaf.png 0x3a884cfd
    assets/icons/ic_mapleleaf.png 0x9ef88e78
    assets/icons/ic_menu.png 0x77c9218e
    assets/icons/ic_message.png 0x3b411082
    assets/icons/ic_ok.png 0x12280af9
    assets/icons/ic_onedrive.png 0xbcd8edb6
    assets/icons/ic_open_in_new.png 0xde8581af
    assets/icons/ic_package_up.png 0xc2f7886c
    assets/icons/ic_pound.png 0xe2d71d53
    assets/icons/ic_reply_all.png 0x51cf6392
    assets/icons/ic_save.png 0x3270f3e4
    assets/icons/ic_search.png 0xcde13710
    assets/icons/ic_send.png 0xd60b529c
    assets/icons/ic_settings.png 0xaa54df9f
    assets/icons/ic_share.png 0x53e8c861
    assets/icons/ic_sound.png 0xcb2a2aed
    assets/icons/ic_star_half.png 0x110cab46
    assets/icons/ic_sun.png 0x25a4ac28
    assets/icons/ic_thumb_up.png 0x682b992b
    assets/icons/ic_translate.png 0x4c106c9e
    assets/icons/ic_upimage.png 0xc6a4d494
    assets/icons/ic_water.png 0x283111c6
    assets/icons/ic_worker.png 0x1f38dff1
    assets/icons/ic_xml.png 0x74fd4e9d
    assets/icons/ic_z1576796635.png 0x122c8134
    assets/images/Argon/frame.png 0xdc5b982c
    assets/images/Argon/frame2.png 0x1fe9640a
    assets/images/Argon/statusBarShadow.png 0x3280285c
    assets/init.lua 0xdb9db53e
    assets/inout.lua 0xab781cbd
    assets/jike_zzjqr.lua 0x22faede8
    assets/keys/keystore.ks 0x3d7ea71f
    assets/keys/platform.pk8 0x7d91e3b8
    assets/keys/platform.sbt 0x78fc5c38
    assets/keys/platform.x509.pem 0x2e31cc61
    assets/keys/testkey.pk8 0x5c6d8836
    assets/keys/testkey.sbt 0x197cd57f
    assets/keys/testkey.x509.pem 0xa9dc5f50
    assets/layouts/Toast_layout.lua 0xe52d582d
    assets/layouts/TwoEdit_layout.lua 0x4445dcb4
    assets/layouts/card_style.lua 0xbad7d9b2
    assets/layouts/homecard2_listitem_aly.lua 0xa5f7f857
    assets/layouts/homecard_listitem_aly.lua 0x433d364e
    assets/layouts/homelistlayout.lua 0x481ae1b9
    assets/layouts/lsitem.lua 0x49e9cf5d
    assets/layouts/lsitem2.lua 0x9c2d044d
    assets/layouts/oneEdit_layout.lua 0xd5987a1b
    assets/layouts/qrcodemake_aly.lua 0x777e999f
    assets/layouts/rewardView.lua 0xee85e461
    assets/layouts/updatelog_view.lua 0x5e0e0b2
    assets/load_layout.lua 0x7ae7d54c
    assets/look.lua 0x978bbbac
    assets/main.lua 0xdf1758f6
    assets/main_layout.lua 0x39cff2d4
    assets/mods/SnackBar.lua 0xc689bcbc
    assets/mods/mod_file.lua 0xd3abe1ff
    assets/mods/mod_fun.lua 0xc77a186b
    assets/mods/mod_string.lua 0xdaf6447f
    assets/mods/mod_ui.lua 0xf373ac90
    assets/qrcodemake.lua 0xd6a2e11
    assets/screenshot/init.lua 0x8d4a5353
    assets/screenshot/ke.png 0xa6e665b8
    assets/screenshot/main.lua 0xf3ec1bef
    assets/screenshot/makelayout.lua 0x76518fa3
    assets/screenshot/utils.lua 0x8be59a1e
    assets/screenshot/values.lua 0xfd76680b
    assets/search.lua 0xf361f424
    assets/searchImage.lua 0xeb3f4c4
    assets/settings.lua 0x604f1168
    assets/toolbox.lua 0x7f064107
    assets/values/color.lua 0x28ebc5a5
    assets/values/colors.lua 0xcd92037d
    assets/values/string_path.lua 0x9da3644f
    assets/values/style.lua 0x982061d3
    assets/values/tables.lua 0x71c37737
    assets/web.lua 0x6d75cb53
    assets/webPreview.lua 0x6f9ff172
    assets/wlcx/Details.lua 0x408f5c88
    assets/wlcx/addDialog_aly.lua 0x4b9ac1dc
    assets/wlcx/homelist_aly.lua 0x94b19722
    assets/wlcx/init.lua 0x213c1f1e
    assets/wlcx/layout.lua 0xb810dcbe
    assets/wlcx/main.lua 0x9948d73d
    classes.dex 0xd47c703f
    lib/armeabi-v7a/libcjson.so 0x1cddc405
    lib/armeabi-v7a/libluajava.so 0x301d28c0
    lib/armeabi-v7a/libmime.so 0x10d8f69f
    lib/armeabi-v7a/libsocket.so 0x5f0b7b48
    lua/base64.lua 0x114b81c5
    lua/bin.lua 0x54cd33b7
    lua/bmob.lua 0xbf319235
    lua/console.lua 0x6bfbce55
    lua/http.lua 0x3b546be3
    lua/import.lua 0xb2e870ca
    lua/loadbitmap.lua 0x4a547742
    lua/loadlayout.lua 0x30771de
    lua/loadmenu.lua 0x61833760
    lua/ltn12.lua 0xcb8b3f66
    lua/mime.lua 0xdebb3a6b
    lua/permission.lua 0x6d53ff0a
    lua/socket.lua 0x3d978d53
    lua/socket/headers.lua 0xae5a93a7
    lua/socket/url.lua 0xcce5a9e5
    res/drawable/divider.xml 0x82ea226c
    res/drawable/icon.png 0x4882c318
    resources.arsc 0x4603377
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号