VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :kknet.term.apk (File not down)
File Size :352673 byte
File Type :Zip archive data
MD5:12039cb4baa73c62e6db8856de433f04
SHA1:8261f6049403b1b9bf1e7431b4f6d64d910af555
SHA256:7ac62d96f39cbbc1a60767b6e7fbdfee00bfdb95db9690039d7684c6d58c7020
SSDEEP:6144:/SkHQ3E1PXwOK7l7Bgq1xV8T+ojUYS0pZsj39ziSTl5k:qkAsPXwOK7l1gqbVTok0pOj9lk
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2016-08-29 10:21:26 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 60
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 10
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
    clamav 19861 0.97.5 2014-12-31 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
    gdata 25.8072 25.8072 2016-08-28 Found nothing 9
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 45
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2013-09-22 Found nothing 5
    mcafee 7638 5400.1158 2014-11-30 Found nothing 60
    nod32 0920 3.0.21 2014-12-23 Found nothing 60
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 2
    sophos 5.08 3.55.0 2014-12-01 Found nothing 60
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 14
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
  • 文件信息
    安全评分 :80
    基本信息
    MD5:12039cb4baa73c62e6db8856de433f04
    包名:com.kknet.term
    最低运行环境:Android 2.3, 2.3.1, 2.3.2
    版权:kknet Team
    关键行为
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Button]
    [Window,Class] = [< 上一步(&B),Button]
    [Window,Class] = [,ComboLBox]
    [Window,Class] = [选择附加任务,Static]
    [Window,Class] = [您想要安装程序执行哪些附加任务?,Static]
    [Window,Class] = [下一步(&N) >,Button]
    [Window,Class] = [显示细节(&D),Button]
    [Window,Class] = [取消(&C),Button]
    [Window,Class] = [缩放级别,ToolbarWindow32]
    [Window,Class] = [,XLHotkeyWindow]
    [Window,Class] = [,msctls_progress32]
    [Window,Class] = [thunder_backwnd,TfrmCmdCenter]
    [Window,Class] = [迅雷7,XLUEFrameHostWnd]
    [Window,Class] = [,{C827FAFC-60D5-46BA-AEAE-251D59949D6A}]
    [Window,Class] = [,ATL:248940B8]
    行为描述:修改注册表_BHO
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}\
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}\NoExplorer
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\NoExplorer
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\
    行为描述:在桌面创建快捷方式
    详情信息:C:\Documents and Settings\All Users\桌面\迅雷7.lnk
    行为描述:修改注册表_系统防火墙可信进程列表
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe
    行为描述:修改注册表_IE首页
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
    行为描述:按名称获取主机地址
    详情信息:media.info.client.xunlei.com
    hub5pn.sandai.net
    hub5u.sandai.net
    relay.phub.sandai.net
    hub5pnc.sandai.net
    hub5c.sandai.net
    plugin.xl7.xunlei.com
    static.client.xunlei.com
    biz5.sandai.net
    hub5pr.sandai.net
    score.phub.sandai.net
    imhub5pr.sandai.net
    webassist.shub.sandai.net
    client.stat.xunlei.com
    hubciddata.sandai.net
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\nsi3.tmp\ns4.tmp" c:\docume~1\admini~1\locals~1\temp\iesvr.bat
    行为描述:创建进程
    详情信息:ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\addins\Community\http.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\WINDOWS\system32\msxml3.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /u /s "C:\Program Files\Thunder Network\Thunder\BHO\MediaMonitor.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\BHO\ThunderAgent.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\BHO\UserAgent.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\BHO\XunLeiBHO.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\Program\XLUserAX.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\Program\xl_stat_client.dll"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\BHO\thunder.xpi"
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\BHO\xl_plugin_chrome.crx"
    ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IESvr.bat
    ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 /s "C:\Program Files\Thunder Network\Thunder\BHO\LinkSimulate.dll"
    行为描述:创建新文件进程
    详情信息:ImagePath = C:\Program Files\Thunder Network\Thunder\BHO\BHOInstall.exe, CmdLine = "C:\Program Files\Thunder Network\Thunder\BHO\BHOInstall.exe" -install
    ImagePath = C:\Program Files\Thunder Network\Thunder\Program\ThunderFW.exe, CmdLine = "C:\Program Files\Thunder Network\Thunder\Program\ThunderFW.exe" Thunder "C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe" /u
    ImagePath = C:\Program Files\Thunder Network\Thunder\Program\ThunderFW.exe, CmdLine = "C:\Program Files\Thunder Network\Thunder\Program\ThunderFW.exe" Thunder "C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" /u
    ImagePath = C:\Program Files\Thunder Network\Thunder\Program\ThunderFW.exe, CmdLine = "C:\Program Files\Thunder Network\Thunder\Program\ThunderFW.exe" Thunder7.1.8.2298 "C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe"
    ImagePath = C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe, CmdLine = "C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" "-install" "-associate:td" "-associate:torrent" "-associate:downlist" "-associate:thunderskin" "-regprotocol:ed2k
    ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\ns4.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\ns4.tmp" C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IESvr.bat
    ImagePath = C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe, CmdLine = "C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe"
    ImagePath = C:\Program Files\Thunder Network\Thunder\Program\ThunderPlatform.exe, CmdLine = "C:\Program Files\Thunder Network\Thunder\Program\ThunderPlatform.exe" -StartTP
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
    详情信息:C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷软件\迅雷7\启动迅雷7.lnk
    C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷软件\迅雷7\卸载迅雷7.lnk
    行为描述:写权限映射文件
    详情信息:DfSharedHeapBFB00
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFB03.tmp
    DfRoot0000BFB00
    BHO_FILE_MAPPING:2136{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    WaitingDlg{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    xl_{D48222F7-CA0A-4f09-B8EA-482DA3F50227}
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\ns4.tmp
    Local\UrlZonesSM_Administrator
    \WINDOWS\system32\zh-cn\ieframe.dll.mui
    {BE418F67-608C-0875-31E6-A4EDFA366CE1}{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    DB580FA5-86D7-4753-878F-D75ECA33AB18..XlBrowserAddin.ini.ReadWriteLockShareMemory{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    DB580FA5-86D7-4753-878F-D75ECA33AB18..XlMediaMonitor.ini.ReadWriteLockShareMemory{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    DB580FA5-86D7-4753-878F-D75ECA33AB18..XlMediaMonitorWhiteList.ini.ReadWriteLockShareMemory{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    BHO_FILE_MAPPING:2588{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    DB580FA5-86D7-4753-878F-D75ECA33AB18..XlDownloadAssistant.ini.ReadWriteLockShareMemory{00D765BD-E15C-49fc-85F3-8D9175531AEF}
    行为描述:在桌面创建快捷方式
    详情信息:C:\Documents and Settings\All Users\桌面\迅雷7.lnk
    行为描述:创建可执行文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\ButtonEvent.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\ButtonLinker.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\FindProcDLL.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\KillProcDLL.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\PPSSetupIMG.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\SkinH.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\System.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\nsDialogs.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\nsExec.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\waterctrl.dll
    C:\Program Files\Thunder Network\Thunder\addins\Community\Community.dll
    C:\Program Files\Thunder Network\Thunder\addins\Community\VipService.dll
    C:\Program Files\Thunder Network\Thunder\addins\Community\XLCPAddinManager.dll
    C:\Program Files\Thunder Network\Thunder\BHO\BHOInstall.exe
    C:\Program Files\Thunder Network\Thunder\BHO\ThunderAgent.dll
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\01.jpg---> Offset = 16384
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\02.jpg---> Offset = 16384
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\03.jpg---> Offset = 16384
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\04.jpg---> Offset = 0
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\05.jpg---> Offset = 16384
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\1.bmp---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\2.bmp---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\Folder.ico---> Offset = 16384
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\LeftLog.bmp---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\Licence.txt---> Offset = 0
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\Thumbs.db---> Offset = 49152
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\simple.bmp---> Offset = 0
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\skinh.she---> Offset = 16384
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\xl7img.dat---> Offset = 0
    C:\Program Files\Thunder Network\Thunder\addins\Community\addin.cfg---> Offset = 0
    网络行为
    行为描述:建立到一个指定的套接字连接
    详情信息:219.133.40.1:80
    219.133.40.1:9001
    行为描述:按名称获取主机地址
    详情信息:media.info.client.xunlei.com
    hub5pn.sandai.net
    hub5u.sandai.net
    relay.phub.sandai.net
    hub5pnc.sandai.net
    hub5c.sandai.net
    plugin.xl7.xunlei.com
    static.client.xunlei.com
    biz5.sandai.net
    hub5pr.sandai.net
    score.phub.sandai.net
    imhub5pr.sandai.net
    webassist.shub.sandai.net
    client.stat.xunlei.com
    hubciddata.sandai.net
    注册表行为
    行为描述:修改注册表_浏览器右键菜单
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Name
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Contexts
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Name
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Contexts
    行为描述:删除注册表键
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\ProgID
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\TypeLib
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\Version
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\VersionIndependentProgID
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument.3.0
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InProcServer32
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\ProgID
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TypeLib
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\Version
    行为描述:修改注册表_URL协议关联
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\ed2k\URL Protocol
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\thunder\URL Protocol
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\magnet\URL Protocol
    行为描述:修改注册表_IE关键属性
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
    行为描述:修改注册表_延迟重命名项
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
    行为描述:修改注册表_BHO
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}\
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}\NoExplorer
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\NoExplorer
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
    \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\DrawDib\vga.drv 1676x885x32(BGR 0)
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument\CurVer\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32\ThreadingModel
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\ProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\VersionIndependentProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\Version\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\TypeLib\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument.3.0\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\
    行为描述:修改注册表_系统防火墙可信进程列表
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe
    行为描述:修改注册表_浏览器默认下载工具
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\DownloadUI
    行为描述:修改注册表_IE首页
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
    行为描述:删除注册表键_文件关联
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\Open\command
    \REGISTRY\MACHINE\SOFTWARE\Classes\xslfile\shell\Open\command
    其他行为
    行为描述:设置对象安全信息
    详情信息:C:\Program Files\Thunder Network\Thunder\Program\
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThunderLiveUD\
    行为描述:创建互斥体
    详情信息:sample.exe
    SHIMLIB_LOG_MUTEX
    BHO_FILE_MAPPING:2136{0552B021-385F-42ff-9575-B13473D97923}
    WaitingDlg{0552B021-385F-42ff-9575-B13473D97923}
    oleacc-msaa-loaded
    Global\thunder5_app_mutex
    thunder6_app_mutex
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    IESQMMUTEX_2356_27
    {BE418F67-608C-0875-31E6-A4EDFA366CE1}{0552B021-385F-42ff-9575-B13473D97923}
    DB580FA5-86D7-4753-878F-D75ECA33AB18..XlBrowserAddin.ini.ReadWriteLockShareMemory{0552B021-385F-42ff-9575-B13473D97923}
    DB580FA5-86D7-4753-878F-D75ECA33AB18..XlMediaMonitor.ini.ReadWriteLockShareMemory{0552B021-385F-42ff-9575-B13473D97923}
    行为描述:内联HOOK
    详情信息:C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
    C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [TrayNotifyWnd,]
    NtUserFindWindowEx: [Class,Window] = [ToolBarWindow32,]
    NtUserFindWindowEx: [Class,Window] = [SysPager,]
    NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [XLUEFrameHostWnd,迅雷7]
    NtUserFindWindowEx: [Class,Window] = [XLShellCommandWindow,XLShellCommandWindow]
    NtUserFindWindowEx: [Class,Window] = [SysListView32,]
    NtUserFindWindowEx: [Class,Window] = [WorkerW,]
    NtUserFindWindowEx: [Class,Window] = [ReBarWindow32,]
    NtUserFindWindowEx: [Class,Window] = [Address Band Root,]
    NtUserFindWindowEx: [Class,Window] = [AddressDisplay Control,]
    NtUserFindWindowEx: [Class,Window] = [Frame Tab,]
    NtUserFindWindowEx: [Class,Window] = [TabWindowClass,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    行为描述:窗口信息
    详情信息:Pid = 1268, Hwnd=0xb01de, Text = 接受(&Y)>, ClassName = Button.
    Pid = 1268, Hwnd=0xc01d6, Text = 取消(&N), ClassName = Button.
    Pid = 1268, Hwnd=0xc01c6, Text = QQ终极论坛, ClassName = Static.
    Pid = 1268, Hwnd=0xc01b0, Text = 检查更新, ClassName = Static.
    Pid = 1268, Hwnd=0xb0170, Text = 欢迎使用 迅雷7 安装向导, ClassName = Static.
    Pid = 1268, Hwnd=0xb01ce, Text = 在安装软件前,请仔细阅读下面的软件许可协议和青少年安全上网指引, ClassName = Static.
    Pid = 1268, Hwnd=0xd01ac, Text = 软件许可协议 重要须知: 迅雷在此特别提醒用户认真阅读本《软件许可协议》--- 用户应认真阅读本《软件许可协议》 (下称《协议》, ClassName = Edit.
    Pid = 1268, Hwnd=0xb0164, Text = 您接受前面的许可协议中的所有条款吗?, ClassName = Static.
    Pid = 1268, Hwnd=0xd0180, Text = 迅雷7:用户使用协议, ClassName = #32770.
    Pid = 1268, Hwnd=0xb016a, Text = < 上一步(&B), ClassName = Button.
    Pid = 1268, Hwnd=0xb01de, Text = 安装(&I), ClassName = Button.
    Pid = 1268, Hwnd=0xc01d6, Text = 取消(&C), ClassName = Button.
    Pid = 1268, Hwnd=0xb0196, Text = 自定义, ClassName = ComboBox.
    Pid = 1268, Hwnd=0xc01be, Text = 请选择迅雷7的安装目录:, ClassName = Static.
    Pid = 1268, Hwnd=0xf01ac, Text = 浏览(&B)..., ClassName = Button.
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:打开指定IE网页
    详情信息:http://www.qqzj8.com
    行为描述:直接操作物理设备
    详情信息:\??\PhysicalDrive0
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Button]
    [Window,Class] = [< 上一步(&B),Button]
    [Window,Class] = [,ComboLBox]
    [Window,Class] = [选择附加任务,Static]
    [Window,Class] = [您想要安装程序执行哪些附加任务?,Static]
    [Window,Class] = [下一步(&N) >,Button]
    [Window,Class] = [显示细节(&D),Button]
    [Window,Class] = [取消(&C),Button]
    [Window,Class] = [缩放级别,ToolbarWindow32]
    [Window,Class] = [,XLHotkeyWindow]
    [Window,Class] = [,msctls_progress32]
    [Window,Class] = [thunder_backwnd,TfrmCmdCenter]
    [Window,Class] = [迅雷7,XLUEFrameHostWnd]
    [Window,Class] = [,{C827FAFC-60D5-46BA-AEAE-251D59949D6A}]
    [Window,Class] = [,ATL:248940B8]
    行为描述:打开图片文件
    详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\01.jpg
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\02.jpg
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\03.jpg
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\04.jpg
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\05.jpg
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\1.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\2.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\LeftLog.bmp
    \DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp\simple.bmp
    \Program Files\Thunder Network\Thunder\Program\icon\Thumb_Progressbar.bmp
    Thumb_Progressbar.bmp
    动态列表行为
    行为描述:初始化Intent
    详情信息:Ljava/lang/String;=com.kknet.broadcast.APPEND_TO_PATH
    Landroid/content/Intent;=Intent { act=com.kknet.broadcast.APPEND_TO_PATH flg=0x20 }
    Landroid/content/Context;=com.kknet.term.Term@41541600 | Ljava/lang/Class;=class com.kknet.term.TermService
    Landroid/content/Context;=com.kknet.term.TermService@415771d8 | Ljava/lang/Class;=class com.kknet.term.Term
    行为描述:启动服务
    详情信息:com.android.musicfx.Compatibility$Service
    com.kknet.term.TermService
    com.android.mms.transaction.SmsReceiverService
    行为描述:读取文件
    详情信息:path:/dev/ptmx length:105
    path:/proc/783/cmdline length:105
    path:/proc/799/cmdline length:105
    path:/proc/811/cmdline length:105
    path:/proc/841/cmdline length:105
    path:/proc/852/cmdline length:105
    path:/proc/859/cmdline length:105
    path:/proc/864/cmdline length:105
    path:/proc/866/cmdline length:105
    行为描述:类加载
    详情信息:path:/system/app/PicoTts.apk
    path:/system/app/MusicFX.apk
    path:/system/framework/am.jar
    path:/data/app/com.kknet.term-1.apk
    行为描述:写入文件
    详情信息:path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
    path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
    path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
    Activities
    活动名类型
    Termandroid.intent.action.MAIN
    Termandroid.intent.category.LAUNCHER
    RemoteInterfacecom.kknet.OPEN_NEW_WINDOW
    RemoteInterfaceandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    服务列表
    名称
    com.kknet.term.TermService
    文件列表
    文件名 校验码
    res/drawable/atari_small.png 0x3cfe4eac
    res/drawable/btn_close_window.png 0xf073f92d
    res/drawable/close_background.xml 0xc8d7dec2
    res/drawable/ic_launcher.png 0xb4a7684b
    res/drawable/ic_menu_add.png 0xd96b995a
    res/drawable/ic_menu_back.png 0xa8142d41
    res/drawable/ic_menu_close_clear_cancel.png 0xc02adaec
    res/drawable/ic_menu_forward.png 0x1295683d
    res/drawable/ic_menu_preferences.png 0x3ed1eb33
    res/drawable/ic_menu_windows.png 0xf5f40635
    res/drawable/ic_stat_service_notification_icon.png 0x49ce0dc
    res/layout/term_activity.xml 0x995e934a
    res/layout/window_list_item.xml 0xb1b91107
    res/layout/window_list_new_window.xml 0x681de408
    res/menu/main.xml 0xba2dd2ba
    res/xml/preferences.xml 0x5dda2911
    AndroidManifest.xml 0xf084858d
    resources.arsc 0x8d0c12c
    res/drawable-hdpi/btn_close_window.png 0xc01e1a9
    res/drawable-hdpi/ic_launcher.png 0x92cf17eb
    res/drawable-hdpi/ic_menu_add.png 0xd0d38917
    res/drawable-hdpi/ic_menu_back.png 0x4a0c49d9
    res/drawable-hdpi/ic_menu_close_clear_cancel.png 0x35e560b3
    res/drawable-hdpi/ic_menu_forward.png 0xb5ee5613
    res/drawable-hdpi/ic_menu_preferences.png 0x88421ab2
    res/drawable-hdpi/ic_menu_windows.png 0xf69f3cdc
    res/drawable-hdpi/ic_stat_service_notification_icon.png 0x21af845c
    res/drawable-hdpi-v11/ic_menu_add.png 0x2ede9955
    res/drawable-hdpi-v11/ic_menu_back.png 0xef9a1cc5
    res/drawable-hdpi-v11/ic_menu_close_clear_cancel.png 0x670c8a41
    res/drawable-hdpi-v11/ic_menu_forward.png 0x8c06912b
    res/drawable-hdpi-v11/ic_menu_preferences.png 0x976b15f3
    res/drawable-hdpi-v11/ic_stat_service_notification_icon.png 0x70dccc13
    res/drawable-hdpi-v9/ic_stat_service_notification_icon.png 0x7f0a4cdd
    res/drawable-ldpi/ic_launcher.png 0x2c705732
    res/drawable-ldpi/ic_menu_add.png 0x71231e42
    res/drawable-ldpi/ic_menu_close_clear_cancel.png 0x60fd15a
    res/drawable-ldpi/ic_menu_preferences.png 0xdc94ac81
    res/drawable-ldpi/ic_stat_service_notification_icon.png 0xfdaa587b
    res/drawable-ldpi-v11/ic_menu_add.png 0x71231e42
    res/drawable-ldpi-v11/ic_menu_back.png 0x1c79dbc
    res/drawable-ldpi-v11/ic_menu_close_clear_cancel.png 0x60fd15a
    res/drawable-ldpi-v11/ic_menu_forward.png 0x336b7200
    res/drawable-ldpi-v11/ic_menu_preferences.png 0xdc94ac81
    res/drawable-ldpi-v11/ic_stat_service_notification_icon.png 0xe1d47db7
    res/drawable-ldpi-v9/ic_stat_service_notification_icon.png 0xfd51a472
    res/drawable-mdpi/btn_close_window.png 0xf073f92d
    res/drawable-mdpi/ic_launcher.png 0xb4a7684b
    res/drawable-mdpi/ic_menu_add.png 0xd96b995a
    res/drawable-mdpi/ic_menu_back.png 0xa8142d41
    res/drawable-mdpi/ic_menu_close_clear_cancel.png 0xc02adaec
    res/drawable-mdpi/ic_menu_forward.png 0x1295683d
    res/drawable-mdpi/ic_menu_preferences.png 0x3ed1eb33
    res/drawable-mdpi/ic_menu_windows.png 0xf5f40635
    res/drawable-mdpi/ic_stat_service_notification_icon.png 0x49ce0dc
    res/drawable-mdpi-v11/ic_menu_add.png 0x3a919a85
    res/drawable-mdpi-v11/ic_menu_back.png 0xaaa00e2d
    res/drawable-mdpi-v11/ic_menu_close_clear_cancel.png 0xb35a0f4a
    res/drawable-mdpi-v11/ic_menu_forward.png 0xb57a165d
    res/drawable-mdpi-v11/ic_menu_preferences.png 0x48b719f2
    res/drawable-mdpi-v11/ic_stat_service_notification_icon.png 0x7fd363
    res/drawable-mdpi-v9/ic_stat_service_notification_icon.png 0x15052f21
    res/drawable-nodpi/atari_small_nodpi.png 0x3cfe4eac
    res/drawable-xhdpi/ic_launcher.png 0x8cfeff87
    res/drawable-xhdpi/ic_stat_service_notification_icon.png 0x60165dbd
    res/drawable-xhdpi-v11/ic_menu_add.png 0xf596ba14
    res/drawable-xhdpi-v11/ic_menu_back.png 0x7200f137
    res/drawable-xhdpi-v11/ic_menu_close_clear_cancel.png 0x9c370231
    res/drawable-xhdpi-v11/ic_menu_forward.png 0xd4e01cc6
    res/drawable-xhdpi-v11/ic_menu_preferences.png 0x9cd8aa7
    res/drawable-xhdpi-v11/ic_stat_service_notification_icon.png 0x1f43c90e
    res/drawable-xhdpi-v9/ic_stat_service_notification_icon.png 0x883de658
    classes.dex 0x1ac4fc27
    lib/armeabi/libterm-androidterm4.so 0x3bd8b384
    lib/mips/libterm-androidterm4.so 0x30003927
    lib/x86/libterm-androidterm4.so 0xbdb965cf
    META-INF/MANIFEST.MF 0x4b35021a
    META-INF/CERT.SF 0x3306d357
    META-INF/CERT.RSA 0xcaac1f0a
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号