VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-09 12:58:06 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23542 0.97.5 2017-07-07 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 5.4.247 2017-07-09 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13282 25.13282 2017-07-08 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-07-05 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-07-08 Found nothing 5
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-07-08 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-07-07 Found nothing 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-07-07 Found nothing 1
tws 17.47.17308 1.0.2.2108 2017-07-07 Found nothing 14
vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-07 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:a253a36e078bb76bd28cb170d21a308a
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.missview
最低运行环境:Android 4.0, 4.0.1, 4.0.2
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x0001033e, Text = 迅雷5.8.14.706典藏版 安装 , ClassName = #32770.
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改注册表_BHO
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\
行为描述: 在桌面创建文件
详情信息: C:\Documents and Settings\All Users\桌面\迅雷.lnk
C:\Documents and Settings\All Users\桌面\迅雷资源助手.lnk
行为描述: 获取TickCount值
详情信息: TickCount = 258359, SleepMilliseconds = 250.
TickCount = 264281, SleepMilliseconds = 5000.
TickCount = 264343, SleepMilliseconds = 5000.
TickCount = 264671, SleepMilliseconds = 5000.
TickCount = 264687, SleepMilliseconds = 5000.
TickCount = 264703, SleepMilliseconds = 5000.
TickCount = 264718, SleepMilliseconds = 5000.
TickCount = 264750, SleepMilliseconds = 5000.
TickCount = 264765, SleepMilliseconds = 5000.
TickCount = 264781, SleepMilliseconds = 5000.
TickCount = 264796, SleepMilliseconds = 5000.
TickCount = 264812, SleepMilliseconds = 5000.
TickCount = 264828, SleepMilliseconds = 5000.
TickCount = 265000, SleepMilliseconds = 5000.
TickCount = 265093, SleepMilliseconds = 5000.
进程行为
VirSCANVirSCAN
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x0001033e, Text = 迅雷5.8.14.706典藏版 安装 , ClassName = #32770.
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改注册表_BHO
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\
行为描述: 在桌面创建文件
详情信息: C:\Documents and Settings\All Users\桌面\迅雷.lnk
C:\Documents and Settings\All Users\桌面\迅雷资源助手.lnk
行为描述: 获取TickCount值
详情信息: TickCount = 258359, SleepMilliseconds = 250.
TickCount = 264281, SleepMilliseconds = 5000.
TickCount = 264343, SleepMilliseconds = 5000.
TickCount = 264671, SleepMilliseconds = 5000.
TickCount = 264687, SleepMilliseconds = 5000.
TickCount = 264703, SleepMilliseconds = 5000.
TickCount = 264718, SleepMilliseconds = 5000.
TickCount = 264750, SleepMilliseconds = 5000.
TickCount = 264765, SleepMilliseconds = 5000.
TickCount = 264781, SleepMilliseconds = 5000.
TickCount = 264796, SleepMilliseconds = 5000.
TickCount = 264812, SleepMilliseconds = 5000.
TickCount = 264828, SleepMilliseconds = 5000.
TickCount = 265000, SleepMilliseconds = 5000.
TickCount = 265093, SleepMilliseconds = 5000.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsd3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\InstallOptions.dll
C:\Program Files\Thunder\Profiles\UserConfig.ini
C:\Program Files\Thunder\ComDlls\BHOInstall.exe
C:\Program Files\Thunder\ComDlls\FirefoxPatch.exe
C:\Program Files\Thunder\ComDlls\ThunderAgent.dll
C:\Program Files\Thunder\ComDlls\ThunderAgent7.dll
C:\Program Files\Thunder\ComDlls\UriX.dll
C:\Program Files\Thunder\ComDlls\XLNonIESvr.exe
行为描述: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息: C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\扩展设置.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\启动迅雷.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\卸载迅雷.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\迅雷\迅雷资源助手.lnk
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\InstallOptions.dll
C:\Program Files\Thunder\ComDlls\BHOInstall.exe
C:\Program Files\Thunder\ComDlls\FirefoxPatch.exe
C:\Program Files\Thunder\ComDlls\ThunderAgent.dll
C:\Program Files\Thunder\ComDlls\ThunderAgent7.dll
C:\Program Files\Thunder\ComDlls\UriX.dll
C:\Program Files\Thunder\ComDlls\XLNonIESvr.exe
C:\Program Files\Thunder\ComDlls\XunLeiBHO.dll
C:\Program Files\Thunder\ComDlls\libexpat.dll
C:\Program Files\Thunder\ComDlls\npxunlei.dll
C:\Program Files\Thunder\ComDlls\FirefoxPatch\components\ThunderComponent.dll
C:\Program Files\Thunder\Program\atl71.dll
C:\Program Files\Thunder\Program\msvcirt.dll
C:\Program Files\Thunder\Program\msvcp60.dll
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp
C:\Program Files\Thunder\Program\XLCrypto.dll
C:\Program Files\Thunder\Program\fs.dll
C:\Program Files\Thunder\Program\upnp.exe
C:\Program Files\Thunder\Program\zlib1.dll
C:\Program Files\Thunder\Program\addins.ini
行为描述: 查找文件
详情信息: FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp
FileName = C:\Program Files\Thunder
FileName = C:\Program Files
FileName = C:\Program Files\Thunder\Program\Thunder.exe
FileName = C:\Program Files\Thunder\ComDlls
FileName = C:\Program Files\Thunder\ComDlls\*.*
FileName = C:\Program Files\Thunder\Components
FileName = C:\Program Files\Thunder\Components\*.*
FileName = C:\Program Files\Thunder\Languages
FileName = C:\Program Files\Thunder\Languages\*.*
FileName = C:\Program Files\Thunder\Program
FileName = C:\Program Files\Thunder\Program\*.*
FileName = C:\Program Files\Thunder\Skins
行为描述: 复制文件
详情信息: C:\Program Files\Thunder\ComDlls\ThunderAgent.dll ---> C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll
C:\Program Files\Thunder\ComDlls\XunLeiBHO.dll ---> C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsd3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\update[1]
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE998.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE9F6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEA2E.tmp
行为描述: 在桌面创建文件
详情信息: C:\Documents and Settings\All Users\桌面\迅雷.lnk
C:\Documents and Settings\All Users\桌面\迅雷资源助手.lnk
行为描述: 修改BAT脚本文件
详情信息: C:\Program Files\Thunder\Program\takeown.bat ---> Offset = 0
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp ---> Offset = 66428
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy4.tmp ---> Offset = 99196
C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\ioSpecial.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\ioSpecial.ini ---> Offset = 36
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\modern-wizard.bmp ---> Offset = 32768
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://ay****om/thunder/update, hInternet = 0x00cc0004, Flags = 0x00000000
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = ay****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1), hSession = 0x00cc0004
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ay****om, IP: **.133.40.**:80, SOCKET = 0x00000324
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =7, BytesRead = 7.
行为描述: 发送HTTP包
详情信息: GET /thunder/update HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: ay****om
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: ay****om:80/thunder/update, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00000000
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: ay****om
gethostbyname: hu****et
gethostbyname: re****et
gethostbyname: im****et
gethostbyname: sc****et
gethostbyname: computer
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表_URL协议关联
详情信息: \REGISTRY\USER\S-*_CLASSES\magnet\URL Protocol
行为描述: 修改注册表_浏览器右键菜单
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载\Name
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Contexts
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接\Name
行为描述: 修改注册表_浏览器默认下载工具
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\DownloadUI
行为描述: 修改注册表_延迟重命名项
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
行为描述: 修改注册表_BHO
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SOFTWARE\Thunder Network\ThunderOem\thunder_backwnd\Path
\REGISTRY\MACHINE\SOFTWARE\Thunder Network\ThunderOem\thunder_backwnd\instdir
\REGISTRY\MACHINE\SOFTWARE\Thunder Network\ThunderOem\thunder_backwnd\Version
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\iexplore\Flags
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\ThunderAgent.Agent\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}\TypeLib\
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
VirSCANVirSCAN
行为描述: 设置对象安全信息
详情信息: C:\Program Files\Thunder
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IHP
oleacc-msaa-loaded
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
thunder5_shell_mutex
Global\thunder5_app_mutex
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,Button]
[Window,Class] = [Ayu,Static]
[Window,Class] = [Ayu ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [安装完成,Static]
[Window,Class] = [安装已成功完成。,Static]
[Window,Class] = [,tooltips_class32]
[Window,Class] = [,SysListView32]
[Window,Class] = [雷友信息,Afx:400000:8:10011:6:0]
[Window,Class] = [资源信息,Afx:400000:8:10011:6:0]
[Window,Class] = [ToolBarChevron,AfxWnd42]
[Window,Class] = [MenuBarChevron,AfxWnd42]
行为描述: 检测自身是否被调试
详情信息: IsDebuggerPresent
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [TfrmCmdCenter,thunder_backwnd]
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Thunder Shell Stop Delay
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
行为描述: 获取TickCount值
详情信息: TickCount = 258359, SleepMilliseconds = 250.
TickCount = 264281, SleepMilliseconds = 5000.
TickCount = 264343, SleepMilliseconds = 5000.
TickCount = 264671, SleepMilliseconds = 5000.
TickCount = 264687, SleepMilliseconds = 5000.
TickCount = 264703, SleepMilliseconds = 5000.
TickCount = 264718, SleepMilliseconds = 5000.
TickCount = 264750, SleepMilliseconds = 5000.
TickCount = 264765, SleepMilliseconds = 5000.
TickCount = 264781, SleepMilliseconds = 5000.
TickCount = 264796, SleepMilliseconds = 5000.
TickCount = 264812, SleepMilliseconds = 5000.
TickCount = 264828, SleepMilliseconds = 5000.
TickCount = 265000, SleepMilliseconds = 5000.
TickCount = 265093, SleepMilliseconds = 5000.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x0001033e, Text = 迅雷5.8.14.706典藏版 安装 , ClassName = #32770.
行为描述: 窗口信息
详情信息: Pid = 3956, Hwnd=0x10344, Text = 下一步(&N) >, ClassName = Button.
Pid = 3956, Hwnd=0x10346, Text = 取消(&C), ClassName = Button.
Pid = 3956, Hwnd=0x10352, Text = Ayu , ClassName = Static.
Pid = 3956, Hwnd=0x10354, Text = Ayu, ClassName = Static.
Pid = 3956, Hwnd=0x10364, Text = 欢迎使用“迅雷5.8.14.706典藏版”安装向导, ClassName = Static.
Pid = 3956, Hwnd=0x10366, Text = 这个向导将指引你完成“迅雷5.8.14.706典藏版”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指定的系统文件,而不需要重新启动你的计算机。 单击 [下一步(N)] 继续。, ClassName = Static.
Pid = 3956, Hwnd=0x1033e, Text = 迅雷5.8.14.706典藏版 安装, ClassName = #32770.
Pid = 3956, Hwnd=0x10342, Text = < 上一步(&P), ClassName = Button.
Pid = 3956, Hwnd=0x10344, Text = 我同意(&I), ClassName = Button.
Pid = 3956, Hwnd=0x10358, Text = 许可证协议, ClassName = Static.
Pid = 3956, Hwnd=0x1035a, Text = 在安装“迅雷5.8.14.706典藏版”之前,请阅读授权协议。, ClassName = Static.
Pid = 3956, Hwnd=0x20366, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 3956, Hwnd=0x20362, Text = 如果你接受协议中的条款,单击 [我接受(I)] 继续安装。如果你选定 [取消(C)] ,安装程序将会关闭。必须接受协议才能安装“迅雷5.8.14.706典藏版”。, ClassName = Static.
Pid = 3956, Hwnd=0x10358, Text = 选择组件, ClassName = Static.
Pid = 3956, Hwnd=0x1035a, Text = 选择你想要安装“迅雷5.8.14.706典藏版”的那些功能。, ClassName = Static.
行为描述: 直接操作物理设备
详情信息: \??\PhysicalDrive0
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\InstallOptions.dll(签名验证: 未通过)
C:\Program Files\Thunder\ComDlls\BHOInstall.exe(签名验证: 通过)
C:\Program Files\Thunder\ComDlls\FirefoxPatch.exe(签名验证: 通过)
C:\Program Files\Thunder\ComDlls\ThunderAgent.dll(签名验证: 未通过)
C:\Program Files\Thunder\ComDlls\ThunderAgent7.dll(签名验证: 通过)
C:\Program Files\Thunder\ComDlls\UriX.dll(签名验证: 未通过)
C:\Program Files\Thunder\ComDlls\XLNonIESvr.exe(签名验证: 通过)
C:\Program Files\Thunder\ComDlls\XunLeiBHO.dll(签名验证: 通过)
C:\Program Files\Thunder\ComDlls\libexpat.dll(签名验证: 未通过)
C:\Program Files\Thunder\ComDlls\npxunlei.dll(签名验证: 通过)
C:\Program Files\Thunder\ComDlls\FirefoxPatch\components\ThunderComponent.dll(签名验证: 通过)
C:\Program Files\Thunder\Program\atl71.dll(签名验证: 未通过)
C:\Program Files\Thunder\Program\msvcirt.dll(签名验证: 通过)
C:\Program Files\Thunder\Program\msvcp60.dll(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 250.
[1]: MilliSeconds = 5000.
行为描述: 创建事件对象
详情信息: EventName = MSCTF.SendReceiveConection.Event.IHP.IC
EventName = MSCTF.SendReceive.Event.IHP.IC
EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
行为描述: 获取光标位置
详情信息: CursorPos = (80,18468), SleepMilliseconds = 5000.
CursorPos = (6373,26501), SleepMilliseconds = 5000.
CursorPos = (19208,15725), SleepMilliseconds = 5000.
CursorPos = (11517,29359), SleepMilliseconds = 5000.
CursorPos = (27001,24465), SleepMilliseconds = 5000.
CursorPos = (5744,28146), SleepMilliseconds = 5000.
CursorPos = (23320,16828), SleepMilliseconds = 5000.
CursorPos = (10000,492), SleepMilliseconds = 5000.
CursorPos = (3034,11943), SleepMilliseconds = 5000.
CursorPos = (4866,5437), SleepMilliseconds = 5000.
CursorPos = (32430,14605), SleepMilliseconds = 5000.
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\NSISHelper.dll ---> d4136ac9bed9878c26896c98025fca54
C:\Documents and Settings\Administrator\Local Settings\Temp\nsy5.tmp\InstallOptions.dll ---> 325b008aec81e5aaa57096f05d4212b5
C:\Program Files\Thunder\ComDlls\BHOInstall.exe ---> 58ef70156e8d63a6d5be2d8203d57131
C:\Program Files\Thunder\ComDlls\FirefoxPatch.exe ---> 9a0bf613d51523a3055200a4019bd771
C:\Program Files\Thunder\ComDlls\ThunderAgent.dll ---> 7b2708712237683a600ad84834d7118e
C:\Program Files\Thunder\ComDlls\ThunderAgent7.dll ---> fe85bce4f6ede961b2d46571be4f1466
C:\Program Files\Thunder\ComDlls\UriX.dll ---> 2c022099cefc692edf2b9eb512d85830
C:\Program Files\Thunder\ComDlls\XLNonIESvr.exe ---> 58ef70156e8d63a6d5be2d8203d57131
C:\Program Files\Thunder\ComDlls\XunLeiBHO.dll ---> 21a9220b38b15dd15795bcf75d364a21
C:\Program Files\Thunder\ComDlls\libexpat.dll ---> 47cd11aad9b14cfbfb76ddfb72b61f89
C:\Program Files\Thunder\ComDlls\npxunlei.dll ---> 6871ab72bcc7ce86c3a50ffc6878bebf
C:\Program Files\Thunder\ComDlls\FirefoxPatch\components\ThunderComponent.dll ---> b997caeef02644cc201072c9dd5db899
C:\Program Files\Thunder\Program\atl71.dll ---> 1f1d608abcc34ca2a5369c95b47605f0
C:\Program Files\Thunder\Program\msvcirt.dll ---> 4b9f725ffa925826e9018da5b74146ca
C:\Program Files\Thunder\Program\msvcp60.dll ---> 1f57eb5b92b2ac7f9d71a77d184d8c13
行为描述: 打开互斥体
详情信息: ShimCacheMutex
DBWinMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
行为描述: 加载新释放的文件
详情信息: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\InstallOptions.dll.
Image: C:\Program Files\Thunder\ComDlls\ThunderAgent.dll.
Image: C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsy5.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NSISHelper.dll.
Image: C:\Program Files\Thunder\ComDlls\XunLeiBHO.dll.
Image: C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll.
Image: C:\Program Files\Thunder\ComDlls\UriX.dll.
Image: C:\Program Files\Thunder\Program\BugReport.dll.
Image: C:\Program Files\Thunder\Program\msvcp60.dll.
Image: C:\Program Files\Thunder\Program\ThunderEx.dll.
Image: C:\Program Files\Thunder\Program\TaskManager.dll.
Image: C:\Program Files\Thunder\Program\download_interface.dll.
Image: C:\Program Files\Thunder\Program\mp.dll.
Image: C:\Program Files\Thunder\Program\msvcp71.dll.
Activities
VirSCANVirSCAN
活动名 类型
.MainActivity android.intent.action.MAIN
.MainActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x2ce3d3c8
META-INF/CERT.SF 0xb2e1964b
META-INF/CERT.RSA 0xe8b1f308
AndroidManifest.xml 0x2c546f37
classes.dex 0xcd3f587
res/drawable-hdpi/ic_launcher.png 0x30923243
res/drawable-mdpi/ic_launcher.png 0x30923243
res/drawable-xhdpi/ic_launcher.png 0x30923243
res/drawable-xxhdpi/ic_launcher.png 0x30923243
res/layout/main.xml 0xdb662c0c
res/匿魂官网主页背景音乐QQ群471722071.mp3 0xa853894a
resources.arsc 0x17aed5fd
运行截图
VirSCANVirSCAN
VirSCAN