学籍.apk MD5:aadb69cf6ede65163fa0a823d6c2e1df 0% Scanner(s) (0/32) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

API

uploader for windows(test)

Powered By

File information

File Name :学籍.apk (File not down)

File Size :1046723 byte

File Type :application/zip

MD5:aadb69cf6ede65163fa0a823d6c2e1df

SHA1:9781e5b41ec8d13fe8ca8d7a2b0c24437ccbe7f5

扫描结果
权限
文件行为分析

Scanner results

Scanner results:0%Scanner(s) (0/32)found malware!

Behavior analysis report: Habo file analysis

Time: 2016-08-30 12:48:55 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
antiy	AVL SDK 3.0		1970-01-01	Found nothing	5
asquared	9.0.0.4324	9.0.0.4324	2014-07-03	Found nothing	1
avast	150725-1	4.7.4	2015-07-25	Found nothing	60
avg	2109/8133	10.0.1405	2014-11-26	Found nothing	60
baidu	2.0.1.0	4.1.3.52192	2.0.1.0	Found nothing	7
baidusd	1.0	1.0	2014-04-02	Found nothing	1
bitdefender	7.58469	7.90123	2014-12-25	Found nothing	60
clamav	19861	0.97.5	2014-12-31	Found nothing	60
drweb	5.0.2.3300	5.0.1.1	2014-12-31	Found nothing	60
fortinet	23.345, 23.345	5.1.158	2014-12-08	Found nothing	60
fprot	4.6.2.117	6.5.1.5418	2014-12-31	Found nothing	60
fsecure	2014-04-02-01	9.13	2014-04-02	Found nothing	60
gdata	25.8084	25.8084	2016-08-30	Found nothing	11
ikarus	1.06.01	V1.32.31.0	2014-12-08	Found nothing	60
jiangmin	16.0.100	1.0.0.0	2015-07-25	Found nothing	42
kaspersky	5.5.33	5.5.33	2014-04-01	Found nothing	60
kingsoft	2.1	2.1	2013-09-22	Found nothing	5
mcafee	7638	5400.1158	2014-11-30	Found nothing	60
nod32	0920	3.0.21	2014-12-23	Found nothing	60
panda	9.05.01	9.05.01	2015-07-26	Found nothing	4
pcc	11.380.07	9.500-1005	2014-12-31	Found nothing	60
qh360	1.0.1	1.0.1	1.0.1	Found nothing	5
qqphone	1.0.0.0	1.0.0.0	2014-12-09	Found nothing	60
quickheal	14.00	14.00	2015-07-25	Found nothing	8
rising	25.76.04.01	25.76.04.01	2015-07-24	Found nothing	1
sophos	5.08	3.55.0	2014-12-01	Found nothing	60
symantec	20141230.001	1.3.0.24	2014-12-30	Found nothing	60
tachyon	9.9.9	9.9.9	2013-12-27	Found nothing	4
thehacker	6.8.0.5	6.8.0.5	2015-07-23	Found nothing	1
tws	17.47.17308	1.0.2.2108	2014-12-08	Found nothing	13
vba	3.12.26.3	3.12.26.3	2014-12-31	Found nothing	60
virusbuster	15.0.985.0	5.5.2.13	2014-12-05	Found nothing	60

■Heuristic/Suspicious ■Exact

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

没有相关的权限信息

文件信息

安全评分 :

基本信息
MD5:aadb69cf6ede65163fa0a823d6c2e1df
包名:
最低运行环境:
版权:

关键行为
行为描述:	设置特殊文件夹属性
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies
	C:\Documents and Settings\Administrator\IETldCache

进程行为
行为描述:	创建本地线程
详情信息:	TargetProcess: 京东商城商品价格-有货监控软件-V1.1.exe, InheritedFromPID = 1944, ProcessID = 2100, ThreadID = 2116, StartAddress = 77DC845A, Parameter = 00000000
	TargetProcess: 京东商城商品价格-有货监控软件-V1.1.exe, InheritedFromPID = 1944, ProcessID = 2100, ThreadID = 2136, StartAddress = 7C947EBB, Parameter = 00000000
	TargetProcess: 京东商城商品价格-有货监控软件-V1.1.exe, InheritedFromPID = 1944, ProcessID = 2100, ThreadID = 2140, StartAddress = 7C930230, Parameter = 00000000

文件行为
行为描述:	删除文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\jd[1].jpg
行为描述:	创建文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\jd[1].jpg
	C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\autio.mp3
行为描述:	设置特殊文件夹属性
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies
	C:\Documents and Settings\Administrator\IETldCache
行为描述:	修改文件内容
详情信息:	C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\autio.mp3 ---> Offset = 0
行为描述:	查找文件
详情信息:	FileName = C:\Documents and Settings
	FileName = C:\Documents and Settings\Administrator
	FileName = C:\Documents and Settings\Administrator\Local Settings
	FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
	FileName = C:\WINDOWS\system32\Ras\*.pbk
	FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\autio.mp3
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\god.xin
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\京东监控记录.txt

网络行为
行为描述:	连接指定站点
详情信息:	InternetConnectA: ServerName = ww****me, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述:	打开HTTP连接
详情信息:	InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1), hSession = 0x00cc0004
行为描述:	建立到一个指定的套接字连接
详情信息:	URL: ww**me, IP: .133.40.**:80, SOCKET = 0x00000578
行为描述:	读取网络文件
详情信息:	hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
行为描述:	发送HTTP包
详情信息:	GET /jd.jpg HTTP/1.1 Accept: / Referer: http://www.bsh.me/jd.jpg Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: ww****me Cache-Control: no-cache
行为描述:	打开HTTP请求
详情信息:	HttpOpenRequestA: ww****me:80/jd.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80004010
行为描述:	按名称获取主机地址
详情信息:	GetAddrInfoW: ww****me

注册表行为
行为描述:	修改注册表
详情信息:	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述:	删除注册表键值
详情信息:	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
	\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

其他行为
行为描述:	创建互斥体
详情信息:	RasPbFile
	CTF.LBES.MutexDefaultS-*
	CTF.Compart.MutexDefaultS-*
	CTF.Asm.MutexDefaultS-*
	CTF.Layouts.MutexDefaultS-*
	CTF.TMD.MutexDefaultS-*
	CTF.TimListCache.FMPDefaultS-MUTEX.DefaultS-
	Local\ZonesCounterMutex
	Local\ZoneAttributeCacheCounterMutex
	Local\ZonesCacheCounterMutex
	Local\ZonesLockedCacheCounterMutex
	Local\c:!documents and settings!administrator!ietldcache!
	MSCTF.Shared.MUTEX.ELH
	MSCTF.Shared.MUTEX.IDI
行为描述:	隐藏指定窗口
详情信息:	[Window,Class] = [,ComboLBox]
	[Window,Class] = [,_EL_Timer]
	[Window,Class] = [,Afx:400000:b:10011:0:0]
行为描述:	查找指定窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
	NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
	NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
行为描述:	窗口信息
详情信息:	Pid = 2100, Hwnd=0xd032c, Text = >, ClassName = CMIButton.
	Pid = 2100, Hwnd=0xd033c, Text = <, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x4037e, Text = -=-, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x20382, Text = ---, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x20394, Text = >, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x303b2, Text = <, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x30376, Text = -=-, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x203ca, Text = ---, ClassName = CMIButton.
	Pid = 2100, Hwnd=0xb0336, Text = >, ClassName = CMIButton.
	Pid = 2100, Hwnd=0xb0364, Text = <, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x90366, Text = -=-, ClassName = CMIButton.
	Pid = 2100, Hwnd=0xd0312, Text = ---, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x120308, Text = >, ClassName = CMIButton.
	Pid = 2100, Hwnd=0x1002b0, Text = <, ClassName = CMIButton.
	Pid = 2100, Hwnd=0xe0310, Text = -=-, ClassName = CMIButton.
行为描述:	打开事件
详情信息:	HookSwitchHookEnabledEvent
	\SECURITY\LSA_AUTHENTICATION_INITIALIZED
	Global\SvcctrlStartEvent_A3752DX
	\INSTALLATION_SECURITY_HOLD
	CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
	CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
	MSCTF.SendReceiveConection.Event.ELH.IC
	MSCTF.SendReceive.Event.ELH.IC
	CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
	CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
行为描述:	创建事件对象
详情信息:	EventName = DINPUTWINMM
	EventName = Global\userenv: User Profile setup event
	EventName = MSCTF.SendReceive.Event.IDI.IC
	EventName = MSCTF.SendReceiveConection.Event.IDI.IC
行为描述:	打开互斥体
详情信息:	RasPbFile
	ShimCacheMutex
	Local\_!MSFTHISTORY!_
	Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
	Local\c:!documents and settings!administrator!cookies!
	Local\c:!documents and settings!administrator!local settings!history!history.ie5!
	Local\WininetStartupMutex
	Local\WininetConnectionMutex
	Local\WininetProxyRegistryMutex
	Local\!IETld!Mutex
	Local\c:!documents and settings!administrator!ietldcache!

运行截图