VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-02 22:19:03 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14122 10.0.1405 2017-06-29 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23503 0.97.5 2017-06-24 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.891, 49.796 5.4.247 2017-07-02 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13160 25.13160 2017-07-02 Application.HackTool.MeterPreter.AQR 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-30 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-07-01 Found nothing 5
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-30 Found nothing 3
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-07-01 Found nothing 2
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-06-27 Found nothing 1
tws 17.47.17308 1.0.2.2108 2017-07-01 Found nothing 13
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-30 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.CALL_PHONE 拨打电话
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.CAMERA 访问照相机设备
android.permission.READ_SMS 读取短信
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.READ_CALL_LOG 读取通话记录
android.permission.WRITE_CALL_LOG 写入通话记录
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:977a19aff2a017c5b626780e3c53fa4e
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.metasploit.stage
最低运行环境:Android 2.3.3, 2.3.4
版权:
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\WINDOWS\system32\GroupPolicy
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 5430559, SleepMilliseconds = 200.
TickCount = 5430575, SleepMilliseconds = 200.
TickCount = 5430606, SleepMilliseconds = 200.
TickCount = 5430621, SleepMilliseconds = 200.
TickCount = 5430637, SleepMilliseconds = 200.
TickCount = 5430653, SleepMilliseconds = 200.
TickCount = 5430731, SleepMilliseconds = 200.
TickCount = 5430856, SleepMilliseconds = 200.
TickCount = 5430965, SleepMilliseconds = 200.
TickCount = 5432012, SleepMilliseconds = 200.
TickCount = 5432668, SleepMilliseconds = 200.
TickCount = 5432793, SleepMilliseconds = 200.
TickCount = 5432809, SleepMilliseconds = 200.
TickCount = 5433028, SleepMilliseconds = 200.
TickCount = 5433075, SleepMilliseconds = 200.
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x001b02b6, Text = Rufus 2.15.1117 , ClassName = #32770.
行为描述: 查找PE资源信息
详情信息: (FindResourceA) hModule = 0x00000000, ResName: , ResType:
行为描述: 修改敏感的系统文件
详情信息: C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 155
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 0
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 4
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 8
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 10
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 130
C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 148
C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 260
行为描述: 直接调用系统关键API
详情信息: Index = 0x0000007B, Name: NtOpenProcessToken, Instruction Address = 0x0041E3E9
Index = 0x0000000B, Name: NtAdjustPrivilegesToken, Instruction Address = 0x0041E441
Index = 0x00000019, Name: NtClose, Instruction Address = 0x0041E452
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\WINDOWS\system32\GroupPolicy
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 5430559, SleepMilliseconds = 200.
TickCount = 5430575, SleepMilliseconds = 200.
TickCount = 5430606, SleepMilliseconds = 200.
TickCount = 5430621, SleepMilliseconds = 200.
TickCount = 5430637, SleepMilliseconds = 200.
TickCount = 5430653, SleepMilliseconds = 200.
TickCount = 5430731, SleepMilliseconds = 200.
TickCount = 5430856, SleepMilliseconds = 200.
TickCount = 5430965, SleepMilliseconds = 200.
TickCount = 5432012, SleepMilliseconds = 200.
TickCount = 5432668, SleepMilliseconds = 200.
TickCount = 5432793, SleepMilliseconds = 200.
TickCount = 5432809, SleepMilliseconds = 200.
TickCount = 5433028, SleepMilliseconds = 200.
TickCount = 5433075, SleepMilliseconds = 200.
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x001b02b6, Text = Rufus 2.15.1117 , ClassName = #32770.
行为描述: 查找PE资源信息
详情信息: (FindResourceA) hModule = 0x00000000, ResName: , ResType:
行为描述: 修改敏感的系统文件
详情信息: C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 155
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 0
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 4
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 8
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 10
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 130
C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 148
C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 260
行为描述: 直接调用系统关键API
详情信息: Index = 0x0000007B, Name: NtOpenProcessToken, Instruction Address = 0x0041E3E9
Index = 0x0000000B, Name: NtAdjustPrivilegesToken, Instruction Address = 0x0041E441
Index = 0x00000019, Name: NtClose, Instruction Address = 0x0041E452
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\rufus.com
C:\Documents and Settings\Administrator\Local Settings\Temp\Ruf51.tmp
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\rufus.com
行为描述: 设置特殊文件夹属性
详情信息: C:\WINDOWS\system32\GroupPolicy
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\Ruf51.tmp
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\Ruf51.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\rufus.com
行为描述: 修改敏感的系统文件
详情信息: C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 155
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 0
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 4
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 8
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 10
C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol ---> Offset = 130
C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 148
C:\WINDOWS\system32\GroupPolicy\gpt.ini ---> Offset = 260
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\rufus.com ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Ruf51.tmp ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = ru****ie, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Rufus/2.15.1117 (Windows NT 5.1), hSession = 0x00cc0004
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ru****ie, IP: **.133.40.**:443, SOCKET = 0x000003b4
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: ru****ie:443/rufus_win_x86_5.1.ver, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x0488c600
HttpOpenRequestA: ru****ie:443/rufus_win_x86_5.ver, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x0488c600
HttpOpenRequestA: ru****ie:443/rufus_win_x86.ver, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x0488c600
HttpOpenRequestA: ru****ie:443/rufus_win.ver, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x0488c600
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: ru****ie
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutorun
\REGISTRY\USER\S-*\Software\Akeo Consulting\Rufus\Locale
\REGISTRY\USER\S-*\Software\Akeo Consulting\Rufus\CommCheck64
\REGISTRY\USER\S-*\Software\Akeo Consulting\Rufus\UpdateCheckInterval
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{280B848F-9C6F-4069-95E3-480D0FFA5AA4}User\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{645FF040-5081-101B-9F08-00AA002F954E}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{280B848F-9C6F-4069-95E3-480D0FFA5AA4}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutorun
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\Software\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\Software\Microsoft\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\Software\Microsoft\Windows\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\Software\Microsoft\Windows\CurrentVersion\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\Software\Microsoft\Windows\CurrentVersion\Policies\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}User\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\Software\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\Software\Microsoft\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\Software\Microsoft\Windows\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\Software\Microsoft\Windows\CurrentVersion\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{8F276B63-398E-47F6-80B4-087B502646CF}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{280B848F-9C6F-4069-95E3-480D0FFA5AA4}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutorun
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: Global/Rufus_CmdLine
Global/Rufus
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
RasPbFile
行为描述: 创建事件对象
详情信息: EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
EventName = Group Policy registry event name for {8F276B63-398E-47F6-80B4-087B502646CF}User
EventName = Group Policy registry event name for {8F276B63-398E-47F6-80B4-087B502646CF}Machine
EventName = DINPUTWINMM
EventName = Group Policy registry event name for {280B848F-9C6F-4069-95E3-480D0FFA5AA4}User
EventName = Group Policy registry event name for {280B848F-9C6F-4069-95E3-480D0FFA5AA4}Machine
行为描述: 直接调用系统关键API
详情信息: Index = 0x0000007B, Name: NtOpenProcessToken, Instruction Address = 0x0041E3E9
Index = 0x0000000B, Name: NtAdjustPrivilegesToken, Instruction Address = 0x0041E441
Index = 0x00000019, Name: NtClose, Instruction Address = 0x0041E452
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述: 窗口信息
详情信息: Pid = 164, Hwnd=0xe0316, Text = 你是否允许 Rufus 联网检查程序更新?, ClassName = Static.
Pid = 164, Hwnd=0xe0362, Text = 否, ClassName = Button.
Pid = 164, Hwnd=0x50376, Text = 更多信息, ClassName = Button.
Pid = 164, Hwnd=0xf032c, Text = 是, ClassName = Button.
Pid = 164, Hwnd=0x50384, Text = Rufus 更新策略, ClassName = #32770.
Pid = 164, Hwnd=0x60380, Text = 设备, ClassName = Static.
Pid = 164, Hwnd=0x303dc, Text = 分区方案和目标系统类型, ClassName = Static.
Pid = 164, Hwnd=0x100320, Text = 文件系统, ClassName = Static.
Pid = 164, Hwnd=0xc038a, Text = 簇大小, ClassName = Static.
Pid = 164, Hwnd=0x6037e, Text = 新卷标, ClassName = Static.
Pid = 164, Hwnd=0xb03ba, Text = 格式化选项 , ClassName = Button(GroupBox).
Pid = 164, Hwnd=0x503b2, Text = 检查设备坏块, ClassName = Button(CheckBox).
Pid = 164, Hwnd=0x1f02fe, Text = 1 遍, ClassName = ComboBox.
Pid = 164, Hwnd=0x100398, Text = 快速格式化, ClassName = Button(CheckBox).
Pid = 164, Hwnd=0x170340, Text = 创建一个启动盘使用, ClassName = Button(CheckBox).
行为描述: 获取TickCount值
详情信息: TickCount = 5430559, SleepMilliseconds = 200.
TickCount = 5430575, SleepMilliseconds = 200.
TickCount = 5430606, SleepMilliseconds = 200.
TickCount = 5430621, SleepMilliseconds = 200.
TickCount = 5430637, SleepMilliseconds = 200.
TickCount = 5430653, SleepMilliseconds = 200.
TickCount = 5430731, SleepMilliseconds = 200.
TickCount = 5430856, SleepMilliseconds = 200.
TickCount = 5430965, SleepMilliseconds = 200.
TickCount = 5432012, SleepMilliseconds = 200.
TickCount = 5432668, SleepMilliseconds = 200.
TickCount = 5432793, SleepMilliseconds = 200.
TickCount = 5432809, SleepMilliseconds = 200.
TickCount = 5433028, SleepMilliseconds = 200.
TickCount = 5433075, SleepMilliseconds = 200.
行为描述: 调整进程token权限
详情信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x001b02b6, Text = Rufus 2.15.1117 , ClassName = #32770.
行为描述: 打开事件
详情信息: Global\crypt32LogoffEvent
HookSwitchHookEnabledEvent
Global\userenv: machine policy refresh event
Group Policy registry event name for {8F276B63-398E-47F6-80B4-087B502646CF}User
Group Policy registry event name for {8F276B63-398E-47F6-80B4-087B502646CF}Machine
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
Global\SvcctrlStartEvent_A3752DX
Group Policy registry event name for {280B848F-9C6F-4069-95E3-480D0FFA5AA4}User
Group Policy registry event name for {280B848F-9C6F-4069-95E3-480D0FFA5AA4}Machine
行为描述: 查找PE资源信息
详情信息: (FindResourceA) hModule = 0x00000000, ResName: , ResType:
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\rufus.com(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 200.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 500.
[5]: MilliSeconds = 500.
[6]: MilliSeconds = 500.
[7]: MilliSeconds = 500.
[8]: MilliSeconds = 500.
[9]: MilliSeconds = 500.
[10]: MilliSeconds = 500.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [显示 USB 外置硬盘,Button]
[Window,Class] = [添加对旧 BIOS 修正(额外的分区,校准等),Button]
[Window,Class] = [使用 Rufus MBR 配合 BIOS ID,Button]
[Window,Class] = [‪0x80‬ (默认),ComboBox]
[Window,Class] = [高级选项,Button]
[Window,Class] = [标准 Windows 安装,Button]
[Window,Class] = [Windows To Go,Button]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\rufus.com ---> d7e5d3a09ebfa04c5e2eb9bf6ec9947b
行为描述: 打开互斥体
详情信息: DBWinMutex
ShimCacheMutex
RasPbFile
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Activities
VirSCANVirSCAN
活动名 类型
.MainActivity android.intent.action.MAIN
.MainActivity android.intent.action.VIEW
.MainActivity android.intent.category.LAUNCHER
.MainActivity android.intent.category.DEFAULT
.MainActivity android.intent.category.BROWSABLE
危险函数
VirSCANVirSCAN
函数名称 信息
java/net/URL;->openConnection 连接URL
启动方式
VirSCANVirSCAN
名称 信息
com.metasploit.stage.MainBroadcastReceiver 开机启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.CALL_PHONE 拨打电话
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.CAMERA 访问照相机设备
android.permission.READ_SMS 读取短信
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.READ_CALL_LOG 读取通话记录
android.permission.WRITE_CALL_LOG 写入通话记录
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
服务列表
VirSCANVirSCAN
名称
com.metasploit.stage.MainService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0xa9676916
META-INF/APK.SF 0xe9bbeb92
META-INF/APK.RSA 0xf1a33a6a
META-INF/ 0x0
META-INF/SIGNFILE.SF 0xe627a492
META-INF/SIGNFILE.RSA 0xe10f2d1c
AndroidManifest.xml 0xfe8efcb8
resources.arsc 0x287e42d
classes.dex 0xeb23dd91
运行截图
VirSCANVirSCAN
VirSCAN