VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-01 09:03:02 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 4
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.3686 25.3686 2015-09-30 Found nothing 9
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 40
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 14
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Found nothing 2
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
权限列表
许可名称 信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.WRITE_SETTINGS 读写系统设置项
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:756c47f021141e558937daff5264a632
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.proxy.samv
最低运行环境:Android 2.1.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:0:10011:0:0]
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x00010300, Text = , ClassName = Afx:400000:0:10011:0:0.
hWnd = 0x000202a4, Text = 无界浏览 15.02, ClassName = #32770.
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..PGNIH
MSCTF.MarshalInterface.FileMap.EHF.B.PHNIH
MSCTF.MarshalInterface.FileMap.EHF.C.PHNIH
MSCTF.MarshalInterface.FileMap.EHF.D.OINIH
MSCTF.MarshalInterface.FileMap.EHF.E.MNNIH
MSCTF.MarshalInterface.FileMap.EHF.F.MPNIH
MSCTF.MarshalInterface.FileMap.EHF.G.LBOIH
MSCTF.MarshalInterface.FileMap.MMM..JAAJH
MSCTF.MarshalInterface.FileMap.MMM.B.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.C.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.D.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.E.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.F.IBAJH
MSCTF.MarshalInterface.FileMap.MMM.G.MPOIH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015100120151002
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
进程行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:0:10011:0:0]
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x00010300, Text = , ClassName = Afx:400000:0:10011:0:0.
hWnd = 0x000202a4, Text = 无界浏览 15.02, ClassName = #32770.
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..PGNIH
MSCTF.MarshalInterface.FileMap.EHF.B.PHNIH
MSCTF.MarshalInterface.FileMap.EHF.C.PHNIH
MSCTF.MarshalInterface.FileMap.EHF.D.OINIH
MSCTF.MarshalInterface.FileMap.EHF.E.MNNIH
MSCTF.MarshalInterface.FileMap.EHF.F.MPNIH
MSCTF.MarshalInterface.FileMap.EHF.G.LBOIH
MSCTF.MarshalInterface.FileMap.MMM..JAAJH
MSCTF.MarshalInterface.FileMap.MMM.B.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.C.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.D.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.E.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.F.IBAJH
MSCTF.MarshalInterface.FileMap.MMM.G.MPOIH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015100120151002
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EHF..PGNIH
MSCTF.MarshalInterface.FileMap.EHF.B.PHNIH
MSCTF.MarshalInterface.FileMap.EHF.C.PHNIH
MSCTF.MarshalInterface.FileMap.EHF.D.OINIH
MSCTF.MarshalInterface.FileMap.EHF.E.MNNIH
MSCTF.MarshalInterface.FileMap.EHF.F.MPNIH
MSCTF.MarshalInterface.FileMap.EHF.G.LBOIH
MSCTF.MarshalInterface.FileMap.MMM..JAAJH
MSCTF.MarshalInterface.FileMap.MMM.B.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.C.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.D.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.E.JAAJH
MSCTF.MarshalInterface.FileMap.MMM.F.IBAJH
MSCTF.MarshalInterface.FileMap.MMM.G.MPOIH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015100120151002
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Rdfnibiwkc8l3d4x---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Zhahwaljsr2q5a8h---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Nobgjmntzp1i8l3x---> Offset = 0
C:\Documents and Settings\Administrator\PUTTY.RND---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\utmp\Bfkhcvcxew3a6v7g---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015100120151002\index.dat---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\*
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015100120151002\*.*
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = d3rkfw22xppori.cloudfront.net, PORT = 443
InternetConnectA: ServerName = d19ya6dk74n9uf.cloudfront.net, PORT = 443
InternetConnectA: ServerName = s3-ap-southeast-1.amazonaws.com, PORT = 443
InternetConnectA: ServerName = s3-ap-northeast-1.amazonaws.com, PORT = 443
InternetConnectA: ServerName = s3.amazonaws.com, PORT = 443
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/afpncpkaym/d9ezmhycnt/5jwbu3cd/gn9urhc3/bcnw_obribzx/ans9xtpzjy7x/nkcqzgd/vxqr9kxhq/6hmsxgqi/cydqula7/tblhbuy/8gwlb8666/bd4aswkr/skcgswud/rbuvih21j3/cbz3_vdmkbqth/zhbi6yrsszhbt/o_rxayqubm/a0h3bhpvc/xc8y
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/b3vxavh45wjf2/imul1vqiyrs-/f9hlb0kxm1n/q8afukzn/gt2_s-mt/muwlhps/cdcuv53zd/yp7k8bnch/8zev2nszio/h3eixbuo4v8/g4bwdzxt/cwub2ftqgaddq/bu0cs3c0e/kdafu67p4o/tnve24wt2jbl/gkrrjmxk9w2/odkd-cyi/wx6-tgnkpzg4hos?
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/flj4ok1zvfz3o/f_om9w8lckgr/ee9du9xhav3pr/y3unlisy7utd/2no1ao6/efdoixty/vqeoqshma3s/ogjg17ojcwsc/j4jt-hcj2km/3zga6b67mp/xsrqpevf/dwgxkutayb2hj/h-mq_aoz-/q88zmib/phow_cma9bmg/v01b0285vdxky/4ugbze6o2exwr?p
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/9akwm9zyabejq6cr/sehlejad1qis/de1mk1u/hgsgtv4/of2bqzte/pfnwvlz5zvkj/4ej8e9ipav2rr/ekofipsw-gtn/zfclkktb/kh7liud_aw_0/gt7z0oulm_z/mwnpf1dlnygel/oqeeda7/ftkflwttu/l1yj-sv0cpxin/mohvaho/fvcs5oj/rtj0yibs8k?
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/kdzt-cbwlqoclj/t9mduje3zrkl/dvux3owxnm1l/vrplb7j80tb/crvj5th_pmro/ru-f0gdzs/ji3s_fexx/cr58ze5n_9ys/k7xszk_ca5/5i-zxlrk1hog/v-ay0nfbuth/9xcl083hoasq6/l2cywwtt8hci/zrnbglhy/2d-e6ovlz/nyq4xe9wmzub-/h3sbl?p
HttpOpenRequestA: s3-ap-southeast-1.amazonaws.com:443/wujiesg/cn1501/nhcguqjyo?hqghumeaylnlfdxfircvscxggbwkfnqduxwfnfozvsrtkjprepggxrpnrvystmwcysyycqpevikeffmznimkkasvwsrenzkycxfxtlsgypsfadpooefxzbcoejuvpvaboygpoeylfpbnpljvrvipyamyehwqnqrqpmxujjloovaowuxwhmsn
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/3fhypdp/ob7zlmmcgh/mcrppmuhv/gdxi8c312l50a/sf39nuqut/3aqkgzvcv/yhlqjt8kj4iaq/-uamzszr/gfsxpwwe77/v83twjwabeaj/vhwsgk4yy7q/skfdatq6iumw/dmolvmgpkkesb/9pvliza4/dizbtziaxreu/hdbypaa/nhyxwvbsp/0jimti6-cbb7t
HttpOpenRequestA: s3-ap-northeast-1.amazonaws.com:443/wujiejp/cn1501/uiesfjcop?hqghumeaylnlfdxfircvscxggbwkfnqduxwfnfozvsrtkjprepggxrpnrvystmwcysyycqpevikeffmznimkkasvwsrenzkycxfxtlsgypsfadpooefxzbcoejuvpvaboygpoeylfpbnpljvrvipyamyehwqnqrqpmxujjloovaowuxwhmsn
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/e17rmwvrodivkdmn/luqsi77/qzkc9ftbqvppz/tabmup54w/xqxpizneh/lnwfnufz/uqnc5x7z/-i6rt6kp7/hfxju-vhrpi/xtyaspgsdnc2/kis1acsmqjsm/wvadedu/wehuwjjybxyzs/k9jneb8pzpzp/p2813thf/ybqvyk6vyf8ju/azb9b4z/-gtx9ubr/dx
HttpOpenRequestA: s3.amazonaws.com:443/ultrasurfus/cn1501/xaeiepoda?hqghumeaylnlfdxfircvscxggbwkfnqduxwfnfozvsrtkjprepggxrpnrvystmwcysyycqpevikeffmznimkkasvwsrenzkycxfxtlsgypsfadpooefxzbcoejuvpvaboygpoeylfpbnpljvrvipyamyehwqnqrqpmxujjloovaowuxwhmsncbxcoksfzkv
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/nvzgkhr6uyb3/bn-ab8hx/crc6ljxq1/bdb0jphr/rpoauzsxnp/9rf5a_q2r/3jyduzwoo/d_ydq0gjwh/17wr97rqca/yajfy5_clv/fudk4wqbqwqk/gmpjudls/judjgfe-6jn/0tpywjjfdvl/nbie3fkg_n44u/tuu3vdu5qqnl/bmwfh7r/zdlelouvcd8su/v1
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/cgxbhcqroav/kerqakzn/etjs7xpbzso/cobzuod5pbdcn/x_t32rvejlgqk/zbjw0kre/mharbzejkvar/ds73mif/g_anxsri/1hinnrobltkx/7b5ezn4e/0wquihys/4zdpjmt/z2gexdo_eyvg/bm0i6e6fopp4/fng3tn5eaup/lwtfnj31gwii-/r6am-2my_/b
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/1iydn75x_qd92/7hxxwkfz/kwlhxw3/kp9ejal--tdpw/dastuyxzpbf/mz5rowq/5rwq5h2t-n/nrj0ygfsiv/d8jlxixv/s-t9_tr/h1hu8kullzmu/ib30mq2mgcgi/bugwcm2k/msd3zk5p5crza/rxulzzp7vnd-/blas2hqyix8i/1847q69g/dr22gmysvot/yr
HttpOpenRequestA: d3rkfw22xppori.cloudfront.net:443/news/gkqjv1u8/uqav2kqz/gr8kkzt-4/a-pxwq_r_bhc/vyo8ipvo/ajvuqj8s/ozywix2l5xg/sjokyekpo/qolxr5putw/9qnpcmay3tugo/uzp4d77rxhu/nlplpmtk/khowe3r5t/dumrjszymtr/13ni1aue/6f1pv-h/szx-bbysuu_u/oedhtwo4qlerg/vqhnods55
HttpOpenRequestA: d19ya6dk74n9uf.cloudfront.net:443/news/lojyuqqcjjxdyj3/kve9_p8y/j3pn0kxc/tdyk-dqo1nzqf/qoile69k/ejvw8sbpmdb/3zzot3w/xpwv42a/jbcsr7kkxnq/d5ose_evufe8/25wgfx-ug84kd/1wfzoyg/cz9w6yky/7adlddxba/1cfyycwdyeze/q0pjax6wsxal/j4-vhyb59c/c6la7-t/kzw6oq
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseHTTP
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseTCP
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseUDP
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseMulticast
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP\ProxyStyle
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Isolation
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Safety\ActiveXFiltering\IsEnabled
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\MediaPlayer\Preferences\UseCustomUDPPort
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Isolation
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url1
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url2
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url3
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url4
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TypedURLs\url5
行为描述: 修改注册表_IE连接设置
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015100120151002
其他行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MMM
MSCTF.Shared.MUTEX.EHF
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012015100120151002!
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,tooltips_class32]
[Window,Class] = [,Afx:400000:0:10011:0:0]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\SICE
\??\SIWVID
\??\NTICE
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 获取TickCount值
详情信息: TickCount = 489675, SleepMilliseconds = 50.
TickCount = 489784, SleepMilliseconds = 50.
TickCount = 489862, SleepMilliseconds = 50.
TickCount = 491175, SleepMilliseconds = 50.
TickCount = 491487, SleepMilliseconds = 50.
TickCount = 492456, SleepMilliseconds = 50.
TickCount = 492471, SleepMilliseconds = 50.
TickCount = 492518, SleepMilliseconds = 50.
TickCount = 492550, SleepMilliseconds = 50.
TickCount = 492596, SleepMilliseconds = 50.
TickCount = 492643, SleepMilliseconds = 50.
TickCount = 492659, SleepMilliseconds = 50.
TickCount = 492706, SleepMilliseconds = 50.
TickCount = 492721, SleepMilliseconds = 50.
TickCount = 492737, SleepMilliseconds = 50.
行为描述: 获取光标位置
详情信息: CursorPos = (106,18467), SleepMilliseconds = 50.
CursorPos = (6399,26500), SleepMilliseconds = 50.
CursorPos = (19234,15724), SleepMilliseconds = 50.
CursorPos = (106,18467), SleepMilliseconds = 200.
CursorPos = (6399,26500), SleepMilliseconds = 200.
CursorPos = (19234,15724), SleepMilliseconds = 200.
CursorPos = (11543,29358), SleepMilliseconds = 200.
CursorPos = (27027,24464), SleepMilliseconds = 200.
CursorPos = (106,18467), SleepMilliseconds = 500.
CursorPos = (6399,26500), SleepMilliseconds = 500.
CursorPos = (6399,26500), SleepMilliseconds = 100.
CursorPos = (19234,15724), SleepMilliseconds = 100.
CursorPos = (5770,28145), SleepMilliseconds = 200.
CursorPos = (6399,26500), SleepMilliseconds = 1200.
CursorPos = (5770,28145), SleepMilliseconds = 1200.
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x00010300, Text = , ClassName = Afx:400000:0:10011:0:0.
hWnd = 0x000202a4, Text = 无界浏览 15.02, ClassName = #32770.
行为描述: 窗口信息
详情信息: Pid = 1344, Hwnd=0x140134, Text = 打开主页, ClassName = Button.
Pid = 1344, Hwnd=0x160142, Text = 经典模式, ClassName = Button.
Pid = 1344, Hwnd=0x3015a, Text = 高级设置, ClassName = Button.
Pid = 1344, Hwnd=0x202a8, Text = 帮助, ClassName = Button.
Pid = 1344, Hwnd=0x202cc, Text = 退出, ClassName = Button.
Pid = 1344, Hwnd=0x202b4, Text = 无界浏览, ClassName = Static.
Pid = 1344, Hwnd=0x202b2, Text = 服务器选择, ClassName = Static.
Pid = 1344, Hwnd=0x302ba, Text = 连接速度, ClassName = Static.
Pid = 1344, Hwnd=0x202d6, Text = 0%, ClassName = Static.
Pid = 1344, Hwnd=0x202d8, Text = 0%, ClassName = Static.
Pid = 1344, Hwnd=0x202c2, Text = 0%, ClassName = Static.
Pid = 1344, Hwnd=0x202c4, Text = Progress1, ClassName = msctls_progress32.
Pid = 1344, Hwnd=0x202c8, Text = Progress1, ClassName = msctls_progress32.
Pid = 1344, Hwnd=0x202ca, Text = Progress1, ClassName = msctls_progress32.
Pid = 1344, Hwnd=0x302b8, Text = 反馈信息, ClassName = Button.
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x0101038b, DC = 0x0101038b.
Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 3000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 3000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 3000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 3000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 3000.
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe (ntice.sys)
lstrcmpiA: ntice.sys <------> hal.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> KDCOM.DLL (ntice.sys)
lstrcmpiA: ntice.sys <------> BOOTVID.dll (ntice.sys)
lstrcmpiA: ntice.sys <------> ACPI.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> WMILIB.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> pci.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> isapnp.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> compbatt.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> BATTC.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> intelide.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS (ntice.sys)
lstrcmpiA: ntice.sys <------> MountMgr.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> ftdisk.sys (ntice.sys)
lstrcmpiA: ntice.sys <------> dmload.sys (ntice.sys)
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
危险行为
VirSCANVirSCAN
行为描述: 执行系统命令
详情信息: [u'chmod 700 /data/data/com.proxy.samv/files/txRes_1.4']
[u'chmod 700 /data/data/com.proxy.samv/files/txRes_1.4_Exec']
动态列表行为
VirSCANVirSCAN
行为描述: 调用哈希算法
详情信息: MD5
行为描述: 传递附加信息
详情信息: i:off
行为描述: 执行系统命令
详情信息: [u'chmod 700 /data/data/com.proxy.samv/files/txRes_1.4']
[u'chmod 700 /data/data/com.proxy.samv/files/txRes_1.4_Exec']
行为描述: 读取文件
详情信息: path:unknown length:17
path:unknown length:5
path:/sys/class/net/lo/ifindex length:7
path:/sys/class/net/lo/ifindex length:5
path:/proc/net/if_inet6 length:69
path:/proc/net/if_inet6 length:5
path:/sys/class/net/eth0/ifindex length:7
path:/sys/class/net/eth0/ifindex length:5
path:/sys/class/net/sit0/ifindex length:7
path:/sys/class/net/sit0/ifindex length:5
行为描述: 获取运行service
详情信息: [u'30']
[u'30']
行为描述: 注册广播接收器
详情信息: [u'com.proxy.samv.c@4153a568', u'android.content.IntentFilter@4153a5f0']
[u'com.proxy.samv.b@414c0a50', u'android.content.IntentFilter@415106d0']
[u'com.proxy.samv.p@41517970', u'android.content.IntentFilter@41de3c00']
行为描述: Android运行时错误
详情信息: E/AndroidRuntime( 1541): FATAL EXCEPTION: IntentService[FastService]
E/AndroidRuntime( 1541): java.lang.NullPointerException
E/AndroidRuntime( 1541): at neo.proxy.FastService.onHandleIntent(Native Method)
E/AndroidRuntime( 1541): at android.app.IntentService$ServiceHandler.handleMessage(Native Method)
E/AndroidRuntime( 1541): at android.os.Handler.dispatchMessage(Native Method)
E/AndroidRuntime( 1541): at android.os.Looper.loop(Native Method)
E/AndroidRuntime( 1541): at android.os.HandlerThread.run(Native Method)
行为描述: 窗口信息
详情信息: {"text": "鑫哥一键免流", "class": "android.widget.TextView"}
{"text": "暂未奔放", "class": "android.widget.TextView"}
{"text": "当前网络类型:WIFI
网络接入点名:freewifi", "class": "android.widget.TextView"}
{"text": "接入点 IP : null:-1
网关分配IP : 10.0.2.15", "class": "android.widget.TextView"}
{"text": "点击崩溃", "class": "android.widget.TextView"}
{"text": "一键奔放", "class": "android.widget.TextView"}
{"text": "设置APN", "class": "android.widget.TextView"}
{"text": "开始免流", "class": "android.widget.TextView"}
{"text": "关闭免流", "class": "android.widget.TextView"}
{"text": "控制中心", "class": "android.widget.TextView"}
{"text": " ", "class": "android.widget.TextView"}
{"text": "必看教程", "class": "android.widget.TextView"}
行为描述: 初始化IntentFilter
详情信息: [u'com.proxy.service.move']
行为描述: 发送广播
详情信息: {"ACTION":"com.secneo.plugin.action.APP_STARTED","FLAG":0}
{"ACTION":"com.proxy.service.move","FLAG":0,"EXTRAS":{"i":"off"}}
行为描述: 缓冲区读取一行数据
详情信息: 00000000000000000000000000000001 01 80 10 80 lo
fe80000000000000505400fffe123456 02 40 20 80 eth0
null
00000000000000000000000000000001 01 80 10 80 lo
fe80000000000000505400fffe123456 02 40 20 80 eth0
null
00000000000000000000000000000001 01 80 10 80 lo
fe80000000000000505400fffe123456 02 40 20 80 eth0
null
00000000000000000000000000000001 01 80 10 80 lo
fe80000000000000505400fffe123456 02 40 20 80 eth0
null
00000000000000000000000000000001 01 80 10 80 lo
fe80000000000000505400fffe123456 02 40 20 80 eth0
null
00000000000000000000000000000001 01 80 10 80 lo
fe80000000000000505400fffe123456 02 40 20 80 eth0
null
行为描述: 添加View
详情信息: [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41537518', u'WM.LayoutParams{(0,0)(fillxfill) sim=#120 ty=1 fl=#8110100 pfl=0x8 fmt=-2 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414af8d0']
行为描述: 写入文件
详情信息: path:/data/data/com.proxy.samv/files/txRes_1.4 length:69
path:/data/data/com.proxy.samv/files/txRes_1.4_Exec length:69
行为描述: 启动服务
详情信息: {"ACTION":"com.secneo.plugin.action.APP_STARTED","FLAG":16,"COMPONENT_NAME":"ComponentInfo{com.proxy.samv\/neo.proxy.FastService}"}
行为描述: 获取网络状态信息[*]
详情信息: NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
行为描述: 获取设备ID
详情信息: 357143040944263
357143040944263
357143040944263
357143040944263
357143040944263
行为描述: 初始化Intent
详情信息: [u'com.secneo.plugin.action.APP_STARTED']
[u'android.os.Parcel@414ad158']
[u'com.proxy.samv.MainActivity@414c0ff8', u'class com.proxy.samv.Activity1']
[u'android.os.Parcel@414ad198']
[u'com.proxy.samv.MainActivity@414c0ff8', u'class com.proxy.samv.Activity2']
[u'com.proxy.samv.MainActivity@414c0ff8', u'class com.proxy.samv.Activity3']
[u'android.os.Parcel@414ad198']
[u'android.os.Parcel@414ad198']
[u'android.os.Parcel@414ad198']
[u'com.proxy.proxy.tobservcr@41ea8a50', u'class com.proxy.samv.MainActivity']
[u'com.proxy.service.move']
[u'android.os.Parcel@414ad158']
[u'android.os.Parcel@414ad198']
[u'android.os.Parcel@414ad158']
Activities
VirSCANVirSCAN
活动名 类型
.MainActivity android.intent.action.MAIN
.MainActivity android.intent.category.LAUNCHER
neo.proxy.ToolActivity com.secneo.proxy.action.CUSTOM
neo.proxy.ToolActivity android.intent.category.DEFAULT
危险函数
VirSCANVirSCAN
函数名称 信息
java/net/URL;->openConnection 连接URL
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
启动方式
VirSCANVirSCAN
名称 信息
com.proxy.proxy.bootReceiver 开机启动服务
com.proxy.proxy.bootReceiver 网络连接改变时启动服务
neo.proxy.DistributeReceiver 网络连接改变时启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.WRITE_SETTINGS 读写系统设置项
服务列表
VirSCANVirSCAN
名称
com.proxy.proxy.tobservcr
neo.proxy.FastService
文件列表
VirSCANVirSCAN
文件名 校验码
AndroidManifest.xml 0x2e057173
classes.dex 0xcf99cc33
assets/com.proxy.samp.L 0x63509f52
assets/com.proxy.samp 0x41cc3bd6
assets/com.proxy.samp.art 0x18ee04b
assets/com.proxy.samp.x86 0x5f0dcf29
res/menu/main.xml 0x4938818
res/drawable/checkbox_style.xml 0x8ea270fd
res/drawable/b.jpg 0x10e80cd2
res/drawable/checkbox_pressed.png 0xfbbadcc2
res/drawable/checkbox_normal.png 0xf4b4b5b3
res/layout/main.xml 0x51c29528
res/layout/denlu.xml 0x8cb527d7
res/layout/main1.xml 0x8f1a7f16
res/layout/main2.xml 0x8d290d3f
res/layout/main3.xml 0xb358054
res/layout/qzxml.xml 0xb9e9d4d0
res/layout/appuid.xml 0xe2076e59
res/layout/jiazai.xml 0xd878c270
res/layout/uidview.xml 0xeb40df47
res/drawable-xhdpi-v4/nav_bar.9.png 0x623ace1a
res/drawable-xhdpi-v4/b.jpg 0x10e80cd2
res/drawable-xhdpi-v4/ic_launcher_topsrecre.png 0x9f6fab1a
res/drawable-xhdpi-v4/ic_launcher.png 0x9f6fab1a
res/drawable-hdpi-v4/ic_launcher_topsrecre.png 0x9f6fab1a
res/drawable-hdpi-v4/ic_launcher.png 0x9f6fab1a
res/drawable-mdpi-v4/ic_launcher_topsrecre.png 0x9f6fab1a
res/drawable-mdpi-v4/ic_launcher.png 0x9f6fab1a
res/drawable-xxhdpi-v4/ic_launcher_topsrecre.png 0x9f6fab1a
res/drawable-xxhdpi-v4/ic_launcher.png 0x9f6fab1a
assembly-descriptor.xml 0xd2a3e682
resources.arsc 0x7fbfde17
lib/armeabi/libtxRes64.so 0x0
assets/.DS_Store 0x3c725b49
assets/txResElf 0xf611130a
assets/txResElfx 0x96fca43e
assets/txRes 0x8105498
assets/txResConfig 0x0
assets/txResx 0xcf9aceb5
META-INF/MANIFEST.MF 0xafb5a2ea
META-INF/CERT.SF 0x550b0e3e
META-INF/CERT.RSA 0xd401f790
运行截图
VirSCANVirSCAN
VirSCAN