VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

File Name :tubiao_v_3.apk (File not down)
File Size :370252 byte
File Type : application/jar
MD5:a01501f097010289976f26b995ebd05b
SHA1:3ea089e07eaf9d656d0aa92abccf1ada4eadfafa
Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-06-18 02:40:04 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14054 10.0.1405 2017-06-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23479 0.97.5 2017-06-16 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.549, 49.549, 49.549 5.4.233 2017-06-18 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.12919 25.12919 2017-06-18 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-16 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-06-17 Found nothing 7
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-16 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 5
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-06-16 Found nothing 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-06-15 Found nothing 2
tws 17.47.17308 1.0.2.2108 2017-06-17 Found nothing 14
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-16 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:a01501f097010289976f26b995ebd05b
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.mob.iconspedia
最低运行环境:Android 2.1.x
版权:
关键行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述: 获取TickCount值
详情信息: TickCount = 5439206, SleepMilliseconds = 50.
TickCount = 5439237, SleepMilliseconds = 50.
TickCount = 5439315, SleepMilliseconds = 50.
TickCount = 5439346, SleepMilliseconds = 50.
TickCount = 5439503, SleepMilliseconds = 50.
TickCount = 5439628, SleepMilliseconds = 50.
TickCount = 5439831, SleepMilliseconds = 50.
TickCount = 5440112, SleepMilliseconds = 50.
TickCount = 5440565, SleepMilliseconds = 50.
TickCount = 5440581, SleepMilliseconds = 50.
TickCount = 5440628, SleepMilliseconds = 50.
TickCount = 5440643, SleepMilliseconds = 50.
TickCount = 5440690, SleepMilliseconds = 50.
TickCount = 5440737, SleepMilliseconds = 50.
TickCount = 5440768, SleepMilliseconds = 50.
行为描述: 打开注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xca3c70dd, EDX = 0x0000119a
EAX = 0xca3c7129, EDX = 0x0000119a
EAX = 0x24527657, EDX = 0x0000119b
EAX = 0x245276a3, EDX = 0x0000119b
EAX = 0x245276ef, EDX = 0x0000119b
EAX = 0x2452773b, EDX = 0x0000119b
EAX = 0x24527787, EDX = 0x0000119b
EAX = 0x245277d3, EDX = 0x0000119b
EAX = 0x2452781f, EDX = 0x0000119b
EAX = 0x2452786b, EDX = 0x0000119b
行为描述: VMWare特殊指令检测虚拟机
详情信息: N/A
进程行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述: 获取TickCount值
详情信息: TickCount = 5439206, SleepMilliseconds = 50.
TickCount = 5439237, SleepMilliseconds = 50.
TickCount = 5439315, SleepMilliseconds = 50.
TickCount = 5439346, SleepMilliseconds = 50.
TickCount = 5439503, SleepMilliseconds = 50.
TickCount = 5439628, SleepMilliseconds = 50.
TickCount = 5439831, SleepMilliseconds = 50.
TickCount = 5440112, SleepMilliseconds = 50.
TickCount = 5440565, SleepMilliseconds = 50.
TickCount = 5440581, SleepMilliseconds = 50.
TickCount = 5440628, SleepMilliseconds = 50.
TickCount = 5440643, SleepMilliseconds = 50.
TickCount = 5440690, SleepMilliseconds = 50.
TickCount = 5440737, SleepMilliseconds = 50.
TickCount = 5440768, SleepMilliseconds = 50.
行为描述: 打开注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xca3c70dd, EDX = 0x0000119a
EAX = 0xca3c7129, EDX = 0x0000119a
EAX = 0x24527657, EDX = 0x0000119b
EAX = 0x245276a3, EDX = 0x0000119b
EAX = 0x245276ef, EDX = 0x0000119b
EAX = 0x2452773b, EDX = 0x0000119b
EAX = 0x24527787, EDX = 0x0000119b
EAX = 0x245277d3, EDX = 0x0000119b
EAX = 0x2452781f, EDX = 0x0000119b
EAX = 0x2452786b, EDX = 0x0000119b
行为描述: VMWare特殊指令检测虚拟机
详情信息: N/A
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\mac51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WINDOW.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\ad-mymacro[1].xml
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BGKMS6_10.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MEDIA.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\liveupdate8[1].dat
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WEB.DLL
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WINDOW.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BGKMS6_10.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MEDIA.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WEB.DLL
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe
C:\Documents and Settings\Administrator\Application Data\MyMacro\Wqm.exe
C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe
C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat
C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\mac51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\ad-mymacro[1].xml
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\mymacro.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\RKey.zip
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\liveupdate8[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Runner.zip
C:\Documents and Settings\Administrator\Local Settings\Temp\MT.zip
行为描述: 重命名文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\tmpad.xml ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\mac51.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Temp\plugin.zip ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL ---> Offset = 16384
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL ---> Offset = 32768
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL ---> Offset = 49152
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL ---> Offset = 65536
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://so****om/Include/BuildPage/AnJianBindingInstallPC.html, hInternet = 0x00cc0014, Flags = 0x80000001
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://so****om/V2014V2/Config/ad-mymacro.xml ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad-mymacro9.xml.tmp
URLDownloadToFileW: http://do****om/qmacro/up_mymacro/liveupdate8.dat ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adcon\mm\liveupdate8.dat.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = do****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0010, Flags = 0x00000000
InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x04000000
InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0014, hConnect = 0x00cc0018, Flags = 0x80000001
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible), hSession = 0x00cc0008
InternetOpenA: UserAgent: HttpClient, hSession = 0x00cc0014
行为描述: 建立到一个指定的套接字连接
详情信息: URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000358
URL: do****om, IP: **.133.40.**:80, SOCKET = 0x00000358
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x00000350
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x0000037c
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0014, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0010, BytesToRead =4095, BytesRead = 4095.
行为描述: 发送HTTP包
详情信息: GET /V2014V2/Config/ad-mymacro.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: so****om Connection: Keep-Alive
GET /qmacro/up_mymacro/liveupdate8.dat HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: do****om Connection: Keep-Alive
POST /Include/BuildPage/ExitAdXJL.shtml HTTP/1.1 Accept: */* Host: so****om Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 0 Cache-Control: no-cache
GET /Include/BuildPage/AnJianBindingInstallPC.html HTTP/1.1 User-Agent: HttpClient Host: so****om Cache-Control: no-cache
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: so****om:80/v2014v2/config/ad-mymacro.xml, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: do****om:80/qmacro/up_mymacro/liveupdate8.dat, hConnect = 0x00cc0010, hRequest = 0x00cc0014, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: so****om:80/include/buildpage/exitadxjl.shtml, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: POST, Referer: , Flags = 0x04000040
HttpOpenRequestA: so****om:80/include/buildpage/anjianbindinginstallpc.html, hConnect = 0x00cc0018, hRequest = 0x00cc001c, Verb: GET, Referer: , Flags = 0x80000001
HttpOpenRequestA: so****om:80/interface/getip.aspx, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: POST, Referer: , Flags = 0x04000040
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: so****om
GetAddrInfoW: do****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 打开注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
其他行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 创建互斥体
详情信息: oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
行为描述: 打开互斥体
详情信息: ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
行为描述: 获取TickCount值
详情信息: TickCount = 5439206, SleepMilliseconds = 50.
TickCount = 5439237, SleepMilliseconds = 50.
TickCount = 5439315, SleepMilliseconds = 50.
TickCount = 5439346, SleepMilliseconds = 50.
TickCount = 5439503, SleepMilliseconds = 50.
TickCount = 5439628, SleepMilliseconds = 50.
TickCount = 5439831, SleepMilliseconds = 50.
TickCount = 5440112, SleepMilliseconds = 50.
TickCount = 5440565, SleepMilliseconds = 50.
TickCount = 5440581, SleepMilliseconds = 50.
TickCount = 5440628, SleepMilliseconds = 50.
TickCount = 5440643, SleepMilliseconds = 50.
TickCount = 5440690, SleepMilliseconds = 50.
TickCount = 5440737, SleepMilliseconds = 50.
TickCount = 5440768, SleepMilliseconds = 50.
行为描述: 获取光标位置
详情信息: CursorPos = (96,18500), SleepMilliseconds = 50.
CursorPos = (6389,26533), SleepMilliseconds = 50.
CursorPos = (19224,15757), SleepMilliseconds = 50.
CursorPos = (11533,29391), SleepMilliseconds = 50.
CursorPos = (27017,24497), SleepMilliseconds = 50.
CursorPos = (5760,28178), SleepMilliseconds = 50.
行为描述: 搜索kernel32.dll基地址
详情信息: Instruction Address = 0x0070da8a
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WINDOW.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BGKMS6_10.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MEDIA.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WEB.DLL(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\Wqm.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe(签名验证: 通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 50.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ShadowWnd_UI]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\SYS.DLL ---> 9e540d9b62d97b7ec9761ab519db6a5c
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BKGND.DLL ---> 9aa755517def342955e563728d470e90
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WINDOW.DLL ---> 6b7a84d4bb513320b4b96bdc125f57f6
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\LXJ_PLUG.DLL ---> 73d262c0e36879640ed84b65b2390a78
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\BGKMS6_10.DLL ---> 8b2130cb5cb32fc9e4d594cfa9a276d8
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\MEDIA.DLL ---> eea4f0787d81735c7a71aff85518667a
C:\Documents and Settings\Administrator\Local Settings\Temp\ad-mymacro9.xml.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\FILE.DLL ---> 4723c8d438821f0b0bc7edfe9811a1dc
C:\Documents and Settings\Administrator\Application Data\MyMacro\plugin\WEB.DLL ---> d9dc7b4e21c447e0b9cddfbd8555f288
C:\Documents and Settings\Administrator\Local Settings\Temp\adcon\mm\liveupdate8.dat.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Application Data\MyMacro\Runner.exe ---> 文件过大!
C:\Documents and Settings\Administrator\Application Data\MyMacro\Wqm.exe ---> a1836a2a7c1afb60a6ee4d549b8d2f81
C:\Documents and Settings\Administrator\Application Data\MyMacro\MT.exe ---> 295f142c363d8c14a3f7c84622497cf6
C:\Documents and Settings\Administrator\Application Data\MyMacro\updatemacro.dat ---> cf91ee6448dde1032c3b91ae8031389b
C:\Documents and Settings\Administrator\Application Data\MyMacro\binding.exe ---> 6abd36f782e36bcf9e90a3230d6ca97f
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xca3c70dd, EDX = 0x0000119a
EAX = 0xca3c7129, EDX = 0x0000119a
EAX = 0x24527657, EDX = 0x0000119b
EAX = 0x245276a3, EDX = 0x0000119b
EAX = 0x245276ef, EDX = 0x0000119b
EAX = 0x2452773b, EDX = 0x0000119b
EAX = 0x24527787, EDX = 0x0000119b
EAX = 0x245277d3, EDX = 0x0000119b
EAX = 0x2452781f, EDX = 0x0000119b
EAX = 0x2452786b, EDX = 0x0000119b
行为描述: VMWare特殊指令检测虚拟机
详情信息: N/A
Activities
VirSCANVirSCAN
活动名 类型
com.mob.iconspedia.MainActivity android.intent.action.MAIN
com.mob.iconspedia.MainActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
HttpClient;->execute 请求远程服务器
ContentResolver;->query 读取联系人、短信等数据库
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
文件列表
VirSCANVirSCAN
文件名 校验码
res/layout/about_us.xml 0x9bba5a97
res/layout/activity_main.xml 0x9971b796
res/layout/help.xml 0x41e3f502
res/layout/icon_packs.xml 0xaa5b7620
res/layout/latest_icons.xml 0xe6b15421
res/layout/main.xml 0xf24f9212
res/layout/popula_icons.xml 0xd59b9597
res/layout/random_icons.xml 0xcc0ef54c
res/layout/row.xml 0x9b1564ec
res/layout/tags.xml 0x91d1ca79
res/menu/about_us.xml 0x46e25f56
res/menu/help.xml 0x46e25f56
res/menu/icon_packs.xml 0x46e25f56
res/menu/latest_icons.xml 0x46e25f56
res/menu/list_apps.xml 0x2ff16b65
res/menu/main.xml 0x2c856f1f
res/menu/popular_icons.xml 0x46e25f56
res/menu/random_icons.xml 0x46e25f56
res/menu/tags.xml 0x46e25f56
AndroidManifest.xml 0x70a9e733
resources.arsc 0x8a3fe85e
res/drawable-hdpi/av_repeat.png 0x83b35fd2
res/drawable-hdpi/changer.png 0x2d203466
res/drawable-hdpi/facebook.png 0xc7399a84
res/drawable-hdpi/google.png 0xcf5a62e
res/drawable-hdpi/ic_launcher.png 0xbc871120
res/drawable-hdpi/icon.png 0x4d1d205d
res/drawable-hdpi/iconspedia.png 0x28f9ec71
res/drawable-mdpi/av_repeat.png 0xd1d3a3aa
res/drawable-mdpi/changer.png 0xfe4a7e55
res/drawable-mdpi/facebook.png 0xefae6aea
res/drawable-mdpi/google.png 0x2b16834f
res/drawable-mdpi/ic_launcher.png 0x5f179c96
res/drawable-mdpi/iconspedia.png 0x28f9ec71
res/drawable-xhdpi/av_repeat.png 0x2703d386
res/drawable-xhdpi/changer.png 0x55fbd571
res/drawable-xhdpi/ic_launcher.png 0xbd5be1bc
res/drawable-xxhdpi/changer.png 0x169611c
res/drawable-xxhdpi/ic_launcher.png 0x799f7801
classes.dex 0xcf52055f
META-INF/MANIFEST.MF 0x1dbe9089
META-INF/CERT.SF 0x2b80e704
META-INF/CERT.RSA 0xb704a616
运行截图
VirSCANVirSCAN
VirSCAN