VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Scanner(s) (0/39)found malware!
Behavior analysis report:         Habo file analysis
Time: 2014-11-07 23:40:53 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 4
antivir 1.9.2.0 1.9.159.0 7.11.183.128 Found nothing 15
antiy 110646 AVL141105 2014-11-06 Found nothing 5
arcavir 1.0 2011 2014-05-30 Found nothing 47
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 2
avast 141106-0 4.7.4 2014-11-06 Found nothing 56
avg 2109/8019 10.0.1405 2014-11-06 Found nothing 31
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.57589 7.90123 2014-11-06 Found nothing 56
clamav 19595 0.97.5 2014-11-07 Found nothing 18
comodo 15023 5.1 2014-11-06 Found nothing 3
ctch 4.6.5 5.3.14 2013-12-01 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-10-31 Found nothing 58
fortinet 23.129, 23.129 5.1.158 2014-11-07 Found nothing 2
fprot 4.6.2.117 6.5.1.5418 2014-11-06 Found nothing 1
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 11
gdata 24.4815 24.4815 2014-11-07 Found nothing 11
hauri 2.73 2.73 2014-11-06 Found nothing 1
ikarus 1.06.01 V1.32.31.0 2014-11-06 Found nothing 25
jiangmin 16.0.100 1.0.0.0 2014-08-20 Found nothing 37
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 53
kingsoft 2.1 2.1 2013-09-22 Found nothing 4
mcafee 7520 5400.1158 2014-08-04 Found nothing 14
nod32 0436 3.0.21 2014-09-18 Found nothing 3
panda 9.05.01 9.05.01 2014-11-06 Found nothing 6
pcc 11.260.05 9.500-1005 2014-11-06 Found nothing 2
qh360 1.0.1 1.0.1 1.0.1 Found nothing 13
qqphone 1.0.0.0 1.0.0.0 2014-11-07 Found nothing 1
quickheal 14.00 14.00 2014-11-03 Found nothing 4
rising 25.39.03.01 25.39.03.01 2014-11-06 Found nothing 4
sophos 5.04 3.51.0 2014-08-05 Found nothing 8
sunbelt 3.9.2595.2 3.9.2595.2 2014-11-06 Found nothing 5
symantec 20141104.004 1.3.0.24 2014-11-04 Found nothing 1
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 8
thehacker 6.8.0.5 6.8.0.5 2014-11-03 Found nothing 6
tws 17.47.17308 1.0.2.2108 2014-11-06 Found nothing 8
vba 3.12.26.3 3.12.26.3 2014-11-06 Found nothing 13
virusbuster 15.0.960.0 5.5.2.13 2014-11-06 Found nothing 55
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.VIBRATE 允许设备震动
文件信息
VirSCANVirSCAN
安全评分 :77
基本信息
VirSCANVirSCAN
MD5:d2eadced1cf757867f4a1cd4501df555
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.psiphon3
最低运行环境:Android 2.2.x
版权:Psiphon Inc.
关键行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 405504
C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe---> Offset = 280576
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe---> Offset = 98816
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
行为描述: 跨进程写入数据
详情信息: TargetProcess = explorer.exe, WriteAddress = 0x02890000, Size = 8192
C:\WINDOWS\explorer.exe
TargetProcess = explorer.exe, WriteAddress = 0x03010000, Size = 4096
TargetProcess = ctfmon.exe, WriteAddress = 0x009a0000, Size = 8192
C:\WINDOWS\system32\ctfmon.exe
TargetProcess = ctfmon.exe, WriteAddress = 0x009b0000, Size = 4096
TargetProcess = QQ.exe, WriteAddress = 0x00c60000, Size = 8192
C:\Program Files\Tencent\QQ\Bin\QQ.exe
TargetProcess = QQ.exe, WriteAddress = 0x00c90000, Size = 4096
TargetProcess = TXPlatform.exe, WriteAddress = 0x010c0000, Size = 8192
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
TargetProcess = TXPlatform.exe, WriteAddress = 0x010d0000, Size = 4096
TargetProcess = EasyWebSvr.exe, WriteAddress = 0x00d20000, Size = 8192
C:\%temp%\1415372988.863146.exe
TargetProcess = EasyWebSvr.exe, WriteAddress = 0x00d30000, Size = 4096
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
行为描述: 获取文件属性探测VMware
详情信息: GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwaretray.exe
GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwareuser.exe
行为描述: 尝试连接RootKit驱动设备对象
详情信息: \??\amsint32
行为描述: 修改注册表_UAC关键设置
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
行为描述: 常规加载驱动
详情信息: system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 创建远程线程
详情信息: C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\%temp%\1415373048.205095.exe
C:\%temp%\1415373048.294922.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\WINDOWS\system32\conime.exe
C:\%temp%\1415373049.023706.exe
C:\%temp%\1415373049.143568.exe
C:\%temp%\1415373049.240550.exe
C:\%temp%\1415373049.346275.exe
C:\%temp%\1415373049.459815.exe
C:\%temp%\1415373049.543849.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\windows\system32\cmb_pb_liveupdate.exe
\device\harddiskvolume1\windows\$ntuninstallkb2412687$\spuninst\spuninst.exe
\device\harddiskvolume1\program files\adobe\reader 9.0\reader\reader_sl.exe
\device\harddiskvolume1\windows\system32\notepad.exe
\device\harddiskvolume1\program files\windows nt\accessories\wordpad.exe
\device\harddiskvolume1\program files\microsoft office\office11\winword.exe
行为描述: 设置特殊文件属性
详情信息: C:\houk.exe
C:\WINDOWS\jbye.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
行为描述: 停止系统服务
详情信息: ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\%temp%\1415372980.613885.exe
行为描述: 在根目录创建自运行文件
详情信息: C:\autorun.inf
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 创建系统服务
详情信息: [服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\hksjl.sys
进程行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 405504
C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe---> Offset = 280576
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe---> Offset = 98816
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
行为描述: 跨进程写入数据
详情信息: TargetProcess = explorer.exe, WriteAddress = 0x02890000, Size = 8192
C:\WINDOWS\explorer.exe
TargetProcess = explorer.exe, WriteAddress = 0x03010000, Size = 4096
TargetProcess = ctfmon.exe, WriteAddress = 0x009a0000, Size = 8192
C:\WINDOWS\system32\ctfmon.exe
TargetProcess = ctfmon.exe, WriteAddress = 0x009b0000, Size = 4096
TargetProcess = QQ.exe, WriteAddress = 0x00c60000, Size = 8192
C:\Program Files\Tencent\QQ\Bin\QQ.exe
TargetProcess = QQ.exe, WriteAddress = 0x00c90000, Size = 4096
TargetProcess = TXPlatform.exe, WriteAddress = 0x010c0000, Size = 8192
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
TargetProcess = TXPlatform.exe, WriteAddress = 0x010d0000, Size = 4096
TargetProcess = EasyWebSvr.exe, WriteAddress = 0x00d20000, Size = 8192
C:\%temp%\1415372988.863146.exe
TargetProcess = EasyWebSvr.exe, WriteAddress = 0x00d30000, Size = 4096
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
行为描述: 获取文件属性探测VMware
详情信息: GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwaretray.exe
GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwareuser.exe
行为描述: 尝试连接RootKit驱动设备对象
详情信息: \??\amsint32
行为描述: 修改注册表_UAC关键设置
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
行为描述: 常规加载驱动
详情信息: system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 创建远程线程
详情信息: C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\%temp%\1415373048.205095.exe
C:\%temp%\1415373048.294922.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\WINDOWS\system32\conime.exe
C:\%temp%\1415373049.023706.exe
C:\%temp%\1415373049.143568.exe
C:\%temp%\1415373049.240550.exe
C:\%temp%\1415373049.346275.exe
C:\%temp%\1415373049.459815.exe
C:\%temp%\1415373049.543849.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\windows\system32\cmb_pb_liveupdate.exe
\device\harddiskvolume1\windows\$ntuninstallkb2412687$\spuninst\spuninst.exe
\device\harddiskvolume1\program files\adobe\reader 9.0\reader\reader_sl.exe
\device\harddiskvolume1\windows\system32\notepad.exe
\device\harddiskvolume1\program files\windows nt\accessories\wordpad.exe
\device\harddiskvolume1\program files\microsoft office\office11\winword.exe
行为描述: 设置特殊文件属性
详情信息: C:\houk.exe
C:\WINDOWS\jbye.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
行为描述: 停止系统服务
详情信息: ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\%temp%\1415372980.613885.exe
行为描述: 在根目录创建自运行文件
详情信息: C:\autorun.inf
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 创建系统服务
详情信息: [服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\hksjl.sys
文件行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 405504
C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe---> Offset = 280576
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe---> Offset = 98816
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
行为描述: 创建可执行文件
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wuso.exe
C:\WINDOWS\system32\drivers\hksjl.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintrna.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxnhd.exe
C:\houk.exe
C:\WINDOWS\jbye.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\windows\system32\cmb_pb_liveupdate.exe
\device\harddiskvolume1\windows\$ntuninstallkb2412687$\spuninst\spuninst.exe
\device\harddiskvolume1\program files\adobe\reader 9.0\reader\reader_sl.exe
\device\harddiskvolume1\windows\system32\notepad.exe
\device\harddiskvolume1\program files\windows nt\accessories\wordpad.exe
\device\harddiskvolume1\program files\microsoft office\office11\winword.exe
行为描述: 设置特殊文件属性
详情信息: C:\houk.exe
C:\WINDOWS\jbye.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
行为描述: 写权限映射文件
详情信息: hh8geqpHJTkdns6
purity_control_7728
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wuso.exe
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxnhd.exe
\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe
\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe
Local\UrlZonesSM_Administrator
\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
\WINDOWS\system32\notepad.exe
\Program Files\Windows NT\Accessories\wordpad.exe
\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
行为描述: 在根目录创建自运行文件
详情信息: C:\autorun.inf
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\WINDOWS\system.ini---> Offset = 231
C:\autorun.inf---> Offset = 0
C:\WINDOWS\autorun.inf---> Offset = 0
行为描述: 修改新生成的可执行文件
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wuso.exe---> Offset = 66560
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxnhd.exe---> Offset = 66560
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://padrup.com/sobaka.aspx?148d4a=12122010 hInternet = 0x00000474
InternetOpenUrlA: http://kuku1.infoier?148d98=5387872 hInternet = 0x00000460
InternetOpenUrlA: http://padrup.com/sobaka.aspx?149588=13490000 hInternet = 0x00000448
InternetOpenUrlA: http://kuku1.infoier?1495f5=2698218 hInternet = 0x00000514
InternetOpenUrlA: http://padrup.com/sobaka.aspx?149e03=5404684 hInternet = 0x000003f4
InternetOpenUrlA: http://kuku1.infoier?149e23=8107218 hInternet = 0x000003e0
InternetOpenUrlA: http://padrup.com/sobaka.aspx?14a602=6766090 hInternet = 0x000003cc
InternetOpenUrlA: http://kuku1.infoier?14a641=13532810 hInternet = 0x00000444
InternetOpenUrlA: http://padrup.com/sobaka.aspx?14ae4f=8132058 hInternet = 0x000003d0
InternetOpenUrlA: http://kuku1.infoier?14aebd=13554530 hInternet = 0x000004d0
InternetOpenUrlA: http://padrup.com/sobaka.aspx?14b6bc=8145000 hInternet = 0x000003f8
InternetOpenUrlA: http://kuku1.infoier?14b6cb=12217635 hInternet = 0x0000039c
InternetOpenUrlA: http://padrup.com/sobaka.aspx?14beba=2719092 hInternet = 0x000003b8
InternetOpenUrlA: http://kuku1.infoier?14beca=1359562 hInternet = 0x00000390
InternetOpenUrlA: http://padrup.com/sobaka.aspx?14c6b9=5446372 hInternet = 0x00000364
行为描述: 枚举网络共享资源
详情信息: N/A
行为描述: 读取网络文件
详情信息: hFile = 0x00000474, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000460, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000448, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000514, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000003f4, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000003e0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000003cc, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000444, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000003d0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004d0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000003f8, BytesToRead =1024, BytesRead = 1024.
hFile = 0x0000039c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000003b8, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000390, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000364, BytesToRead =1024, BytesRead = 1024.
行为描述: 下载文件
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winekccx.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmppnkf.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\urnur.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\advdbd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpvgwrc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhnue.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fnkm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winferaii.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winarwd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ejaw.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winylcc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgga.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ufptmm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jynx.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyfmmpl.exe
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表_Explorer文件显示相关属性
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
行为描述: 删除注册表键_安全模式启动项
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\AppMgmt
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Base
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot Bus Extender
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Boot file system
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CryptSvc
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\DcomLaunch
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmadmin
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmboot.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmio.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmload.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\dmserver
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\EventLog
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\File system
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Filter
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Netlogon
行为描述: 修改注册表_UAC关键设置
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
行为描述: 删除注册表键值_安全模式启动项
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\AlternateShell
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A2_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A3_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A4_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A2_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A3_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A4_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A2_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A3_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A4_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_3
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\%temp%\1415372980.613885.exe
行为描述: 修改注册表_安全中心相关属性
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UacDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A2_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A3_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A4_0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A2_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A3_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A4_1
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A2_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A3_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A4_2
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A1_3
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A2_3
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Fobvexllmtqkq\A3_3
其他行为
VirSCANVirSCAN
行为描述: 创建驱动文件镜像
详情信息: C:\WINDOWS\system32\drivers\ipfltdrv.sys
C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 创建互斥体
详情信息: uxJLpe1m
smss.exeM_532_
csrss.exeM_592_
winlogon.exeM_616_
services.exeM_668_
lsass.exeM_680_
33acthlp.exeM_840_
svchost.exeM_856_
svchost.exeM_924_
svchost.exeM_964_
svchost.exeM_1048_
svchost.exeM_1080_
spoolsv.exeM_1320_
33toolsd.exeM_1488_
33upgradehelper.exeM_1584_
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
行为描述: 尝试连接RootKit驱动设备对象
详情信息: \??\amsint32
行为描述: 常规加载驱动
详情信息: system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
行为描述: 启动系统服务
详情信息: [服务启动成功]: , IP Traffic Filter Driver, system32\DRIVERS\ipfltdrv.sys
[服务启动成功]: , amsint32, \??\C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 获取系统权限
详情信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
行为描述: 搜索kernel32.dll基地址
详情信息: Instruction Address = 0x0040237e
行为描述: 枚举窗口
详情信息: N/A
行为描述: 停止系统服务
详情信息: ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
行为描述: 获取文件属性探测VMware
详情信息: GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwaretray.exe
GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwareuser.exe
行为描述: 创建系统服务
详情信息: [服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\hksjl.sys
异常崩溃
VirSCANVirSCAN
行为描述: 创建驱动文件镜像
详情信息: C:\WINDOWS\system32\drivers\ipfltdrv.sys
C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 创建互斥体
详情信息: uxJLpe1m
smss.exeM_532_
csrss.exeM_592_
winlogon.exeM_616_
services.exeM_668_
lsass.exeM_680_
33acthlp.exeM_840_
svchost.exeM_856_
svchost.exeM_924_
svchost.exeM_964_
svchost.exeM_1048_
svchost.exeM_1080_
spoolsv.exeM_1320_
33toolsd.exeM_1488_
33upgradehelper.exeM_1584_
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
行为描述: 尝试连接RootKit驱动设备对象
详情信息: \??\amsint32
行为描述: 常规加载驱动
详情信息: system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
行为描述: 启动系统服务
详情信息: [服务启动成功]: , IP Traffic Filter Driver, system32\DRIVERS\ipfltdrv.sys
[服务启动成功]: , amsint32, \??\C:\WINDOWS\system32\drivers\hksjl.sys
行为描述: 获取系统权限
详情信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
行为描述: 搜索kernel32.dll基地址
详情信息: Instruction Address = 0x0040237e
行为描述: 枚举窗口
详情信息: N/A
行为描述: 停止系统服务
详情信息: ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
行为描述: 获取文件属性探测VMware
详情信息: GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwaretray.exe
GetFileAttributes: FileName = c:\program files\vmware\vmware tools\vmwareuser.exe
行为描述: 创建系统服务
详情信息: [服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\hksjl.sys
动态列表行为
VirSCANVirSCAN
行为描述: 启动服务
详情信息: com.android.musicfx.Compatibility$Service
com.android.mms.transaction.SmsReceiverService
行为描述: 读取文件
详情信息: path:/proc/787/cmdline length:105
path:/proc/799/cmdline length:105
path:/proc/801/cmdline length:105
path:/proc/810/cmdline length:105
path:/proc/824/cmdline length:105
path:/proc/825/cmdline length:105
path:/proc/837/cmdline length:105
path:/proc/868/cmdline length:105
path:/proc/878/cmdline length:105
path:/proc/891/cmdline length:105
path:/proc/893/cmdline length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
行为描述: 类加载
详情信息: path:/system/app/PicoTts.apk
path:/system/app/MusicFX.apk
path:/system/framework/am.jar
path:/data/app/com.psiphon3-1.apk
行为描述: 缓冲区读取一行数据
详情信息: {"serverEntries":["3132382e3139392e3133332e32343720383137372033663236313039386436616139383236336133626637303532393834646237373736313439353637353632353934346231346462663361343730643039656366204d494943647a434341562b6741774942416749424144414e42676b71686b69473977304241515546414441414d423458445445304d4467774e5449794d7a4d784f466f58445449304d4467774d6a49794d7a4d784f466f7741444343415341774451594a4b6f5a496876634e41514542425141446767454e414443434151674367674542414c624a4444702b615735705645616c59434571563649596d6d53703261364f744f6f4d5557414e46726d716d4131763359636838326865716a4974464d34494b42637a5077704d553846334d71427a637467335741664d573574415a5763647a5a6f564b3358636372344639306e3650314f692f72797132486e6c794634704d3463613671765166646a4375705857434e76455178714a736c6e65736c734d4e416a446a6f2f3879386350427a306772343362416a754c56717043494d4664566e6863444b31734377677a2f794c6c75312f5a4a556d52495136467a51334d50715877444a6435496c395875656c7853426458385338594d4a735843626746324755694d76432f483330556751304463682f576154564b502f5a79746664535944592f54515745757a446432316f50514f766b743143356e784d6f38426d496e33455a315762674b6f4e37724270597077435353776b4341514d774451594a4b6f5a496876634e41514546425141446767454241462f6249732f5454703543333631573136794d7274364772757a684a4c666839396f4572574f75736c537647636b77684449636a38537a2f7677437267625252465972502f76796c6a54595a4d79573272702b6d4e756f7a32336d665572334e356231594d3776797631496563713041397353524c363172744e6f6d736643754434713259514e59767833386b4c376164597a476c57367178446456724646594143744750446f3976336d47465a744f452f793131785461574a666d394349512b35632b376b4b5365587470643046493466414f414d4b654555694f563033516e683562442f67436c4761706d51624c7841737753725261794b784e65676152356d79774f52746a64344e57575241586c4f3549656a78755a4c6b623748634d4d386b45453656724f4b6971664145334c2b567543582f73544d41425835354a383164335753784872653665713150737433335255513d207b227765625365727665724365727469666963617465223a20224d494943647a434341562b6741774942416749424144414e42676b71686b69473977304241515546414441414d423458445445304d4467774e5449794d7a4d784f466f58445449304d4467774d6a49794d7a4d784f466f7741444343415341774451594a4b6f5a496876634e41514542425141446767454e414443434151674367674542414c624a4444702b615735705645616c59434571563649596d6d53703261364f744f6f4d5557414e46726d716d4131763359636838326865716a4974464d34494b42637a5077704d553846334d71427a637467335741664d573574415a5763647a5a6f564b3358636372344639306e3650314f692f72797132486e6c794634704d3463613671765166646a4375705857434e76455178714a736c6e65736c734d4e416a446a6f2f3879386350427a306772343362416a754c56717043494d4664566e6863444b31734377677a2f794c6c75312f5a4a556d52495136467a51334d50715877444a6435496c395875656c7853426458385338594d4a735843626746324755694d76432f483330556751304463682f576154564b502f5a79746664535944592f54515745757a446432316f50514f766b743143356e784d6f38426d496e33455a315762674b6f4e37724270597077435353776b4341514d774451594a4b6f5a496876634e41514546425141446767454241462f6249732f5454703543333631573136794d7274364772757a684a4c666839396f4572574f75736c537647636b77684449636a38537a2f7677437267625252465972502f76796c6a54595a4d79573272702b6d4e756f7a32336d665572334e356231594d3776797631496563713041397353524c363172744e6f6d736643754434713259514e59767833386b4c376164597a476c57367178446456724646594143744750446f3976336d47465a744f452f793131785461574a666d394349512b35632b376b4b5365587470643046493466414f414d4b654555694f563033516e683562442f67436c4761706d51624c7841737753725261794b784e65676152356d79774f52746a64344e57575241586c4f3549656a78755a4c6b623748634d4d386b45453656724f4b6971664145334c2b567543582f73544d41425835354a383164335753784872653665713150737433335255513d222c20226d65656b436f6f6b6965456e6372797074696f6e5075626c69634b6579223a2022635939504f75514d3136476f624962444248394b6645705a7752426b7650326c59536e3071736b6e7457343d222c20226d65656b46726f6e74696e67486f7374223a20226170706c6f72792d616c6c6f63757263652d666f72736f6e69632e70736970686f6e332e636f6d222c20227373684f626675736361746564506f7274223a203836372c20227373684f62667573636174656
null
行为描述: 初始化Intent
详情信息: Ljava/lang/String;=com.psiphon3.PsiphonAndroidActivity.STATUS_ADDED
Ljava/lang/String;=com.psiphon3.PsiphonAndroidActivity.STATUS_ENTRY_AVAILABLE
行为描述: 写入文件
详情信息: path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
path:/data/data/com.psiphon3/shared_prefs/com.psiphon3_preferences.xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.psiphon3/files/psiphon_server_entries.json length:105
path:/data/data/com.psiphon3/shared_prefs/com.psiphon3_preferences.xml length:105
path:/data/data/com.psiphon3/files/bannerImage length:12
path:/data/data/com.psiphon3/files/bannerImage length:13
path:/data/data/com.psiphon3/files/bannerImage length:17
path:/data/data/com.psiphon3/files/bannerImage length:7
path:/data/data/com.psiphon3/files/bannerImage length:13
path:/data/data/com.psiphon3/files/bannerImage length:8
path:/data/data/com.psiphon3/files/bannerImage length:6
path:/data/data/com.psiphon3/files/bannerImage length:13
path:/data/data/com.psiphon3/files/bannerImage length:48
path:/data/data/com.psiphon3/files/bannerImage length:60
path:/data/data/com.psiphon3/files/bannerImage length:9
path:/data/data/com.psiphon3/files/bannerImage length:52
path:/data/data/com.psiphon3/files/bannerImage length:56
path:/data/data/com.psiphon3/files/bannerImage length:6
path:/data/data/com.psiphon3/files/bannerImage length:48
path:/data/data/com.psiphon3/files/bannerImage length:48
path:/data/data/com.psiphon3/files/bannerImage length:7
path:/data/data/com.psiphon3/files/bannerImage length:13
path:/data/data/com.psiphon3/files/bannerImage length:54
path:/data/data/com.psiphon3/files/bannerImage length:59
path:/data/data/com.psiphon3/files/bannerImage length:7
path:/data/data/com.psiphon3/files/bannerImage length:13
path:/data/data/com.psiphon3/files/bannerImage length:7
Activities
VirSCANVirSCAN
活动名 类型
.StatusActivity android.intent.action.MAIN
.StatusActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
HttpClient;->execute 请求远程服务器
DefaultHttpClient;->execute 发送HTTP请求
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
android/app/NotificationManager;->notify 信息通知栏
ContentResolver;->delete 删除短信、联系人
ContentResolver;->query 读取联系人、短信等数据库
java/net/URL;->openConnection 连接URL
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.VIBRATE 允许设备震动
服务列表
VirSCANVirSCAN
名称
com.psiphon3.psiphonlibrary.TunnelService
com.psiphon3.psiphonlibrary.TunnelVpnService
Providers
VirSCANVirSCAN
名称 信息
com.psiphon3.psiphonlibrary.TunnelService
com.psiphon3.psiphonlibrary.TunnelVpnService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0xd82988b0
META-INF/PSIPHON.SF 0xbe9a192d
META-INF/PSIPHON.RSA 0xa3cead91
assets/startpage/bookmarks.png 0x7e5f747a
assets/startpage/history.png 0x50ebe645
assets/startpage/linef.png 0xd27a38f
assets/startpage/search.png 0xb93ddb9b
assets/feedback.html 0x94352361
res/anim/gd_grow_from_bottom.xml 0xc3a8c4be
res/anim/gd_grow_from_bottomleft_to_topright.xml 0x3905646d
res/anim/gd_grow_from_bottomright_to_topleft.xml 0x73e0f184
res/anim/gd_grow_from_top.xml 0xa3ed7667
res/anim/gd_grow_from_topleft_to_bottomright.xml 0x4626f1a8
res/anim/gd_grow_from_topright_to_bottomleft.xml 0xf6a48275
res/anim/gd_shrink_from_bottom.xml 0x85f9a610
res/anim/gd_shrink_from_bottomleft_to_topright.xml 0xd0b05202
res/anim/gd_shrink_from_bottomright_to_topleft.xml 0x603221df
res/anim/gd_shrink_from_top.xml 0xe5bc14c9
res/anim/gd_shrink_from_topleft_to_bottomright.xml 0xb0f5e0db
res/anim/gd_shrink_from_topright_to_bottomleft.xml 0x779306
res/drawable/banner.bmp 0x284a8a39
res/drawable/bubbleleft48.png 0x745c495b
res/drawable/bubbleright48.png 0xf0e44ea4
res/drawable/buttons.xml 0x6b272e
res/drawable/buttons_bottom.xml 0x4071d736
res/drawable/download_anim.xml 0x4f45dc80
res/drawable/flag_ca.png 0x97f26ceb
res/drawable/flag_de.png 0xaeb6596b
res/drawable/flag_gb.png 0xf8a9fccc
res/drawable/flag_hk.png 0x9b96c786
res/drawable/flag_jp.png 0x1e5ddd08
res/drawable/flag_nl.png 0x29626c9d
res/drawable/flag_sg.png 0x7f01f305
res/drawable/flag_unknown.png 0xeec0c3bf
res/drawable/flag_us.png 0x53ffbe15
res/drawable/gd_quick_action_grid_selector.xml 0x26731dd7
res/drawable/ic_menu_feedback.png 0xd6f0cf82
res/drawable/ic_tab_bookmarks.xml 0xbc9d8005
res/drawable/ic_tab_history.xml 0x41a0adcc
res/drawable/ic_tab_weave.xml 0x603c8f9b
res/drawable/icon.png 0xd34ac901
res/drawable/next_tab.png 0x1f98aa92
res/drawable/previous_tab.png 0xa184e0b4
res/drawable/spinner.xml 0x8c32cb8d
res/drawable/spinner_black_20_1.png 0xf7045046
res/drawable/spinner_black_20_2.png 0x1735abf8
res/drawable/spinner_black_20_3.png 0xc8e1ea60
res/drawable/spinner_black_20_4.png 0xf83f9e7e
res/drawable/spinner_black_20_5.png 0xbf90c7b7
res/drawable/spinner_black_20_6.png 0xcf6641f7
res/drawable/spinner_black_20_7.png 0xac94383b
res/drawable/spinner_black_20_8.png 0xcdba65fb
res/drawable/tb_background_bottom.png 0xb5615f13
res/drawable/tb_background_top.png 0x9c6c24da
res/layout/about_activity.xml 0x3b9ad8f8
res/layout/adblocker_whitelist_activity.xml 0x879af289
res/layout/adblocker_whitelist_row.xml 0xfec2c7b2
res/layout/base_spinner_custom_preference_activity.xml 0x1608bbe6
res/layout/bookmark_row.xml 0x876440d5
res/layout/bookmarks_history_activity.xml 0x1b71c0ab
res/layout/bookmarks_list_activity.xml 0xa46da2a2
res/layout/changelog_activity.xml 0xce2e185
res/layout/desktop_view_list_activity.xml 0x3755dd0c
res/layout/desktop_view_list_row.xml 0x688b3e26
res/layout/download_row.xml 0xb9df827e
res/layout/downloads_list_activity.xml 0x7a30a0c4
res/layout/edit_bookmark_activity.xml 0x9ce39337
res/layout/feedback.xml 0xd89b7e0d
res/layout/gd_quick_action_grid.xml 0xb419df3
res/layout/gd_quick_action_grid_item.xml 0xe108c68a
res/layout/history_row.xml 0xdca3e777
res/layout/http_authentication_dialog.xml 0xc8f68bd5
res/layout/javascript_prompt_dialog.xml 0xfa7a3eff
res/layout/main.xml 0x88689b2f
res/layout/message_row.xml 0x17dbaf1a
res/layout/mobile_view_list_activity.xml 0xa6b18f6a
res/layout/mobile_view_list_row.xml 0x7491132
res/layout/preferences_activity.xml 0x4f3ca8bb
res/layout/region_row.xml 0x8ccc7066
res/layout/statistics.xml 0x161347d5
res/layout/tabs.xml 0x2d8ea83c
res/layout/url_autocomplete_line.xml 0x1cd54370
res/layout/video_loading_progress.xml 0x27d00b7a
res/layout/weave_bookmark_row.xml 0x46475a0
res/layout/weave_bookmarks_list_activity.xml 0x286a339f
res/layout/weave_preferences_activity.xml 0x48e55077
res/layout/webview.xml 0x72dca9d6
res/layout/zirco_main.xml 0xe125d48
res/raw/adsweep 0xca400d92
res/raw/changelog 0x83e738d5
res/raw/iptables_arm.zip 0xe0187b81
res/raw/iptables_arm7.zip 0xbdb7ac9a
res/raw/iptables_mips.zip 0x81f88de5
res/raw/iptables_x86.zip 0xeba4fe3b
res/raw/start.html 0x83983b7e
res/raw/start_bookmarks.html 0x7aaa9c2b
res/raw/start_history.html 0xfe962727
res/raw/start_search.html 0xa471e090
res/raw/start_style.css 0xb2c1d062
res/xml/preferences.xml 0xc1af72e3
AndroidManifest.xml 0x8fdda187
resources.arsc 0x1ae9e058
res/drawable-hdpi/btn_bottom.9.png 0xb3f5935e
res/drawable-hdpi/btn_bottom_disabled.9.png 0x1f4382ca
res/drawable-hdpi/btn_bottom_pressed.9.png 0x2e5a8772
res/drawable-hdpi/btn_default.9.png 0xb722400c
res/drawable-hdpi/btn_default_disabled.9.png 0x9945eca8
res/drawable-hdpi/btn_default_pressed.9.png 0x4cc04729
res/drawable-hdpi/default_video_poster.png 0x21c537e8
res/drawable-hdpi/fav_icn_background.png 0x892d5a0e
res/drawable-hdpi/fav_icn_default.png 0x28f2d26f
res/drawable-hdpi/fav_icn_default_toolbar.png 0xd3d60fdf
res/drawable-hdpi/fav_icn_unknown.png 0x88e69fb4
res/drawable-hdpi/gd_quick_action_arrow_up.png 0x503d1dc7
res/drawable-hdpi/gd_quick_action_grid_arrow_down.png 0x85647040
res/drawable-hdpi/gd_quick_action_grid_bg.9.png 0x9385ccd
res/drawable-hdpi/gd_quick_action_grid_bottom_frame.9.png 0xe7f7f3e5
res/drawable-hdpi/gd_quick_action_grid_selector_focused.9.png 0x6c68da7e
res/drawable-hdpi/gd_quick_action_grid_selector_pressed.9.png 0x66c52e6f
res/drawable-hdpi/gd_quick_action_top_frame.9.png 0x64e32b57
res/drawable-hdpi/ic_btn_back.png 0xa4e52128
res/drawable-hdpi/ic_btn_bookmarks.png 0xe83e7b0a
res/drawable-hdpi/ic_btn_close_panel.png 0xffbf6c17
res/drawable-hdpi/ic_btn_close_tab.png 0xc01e1a9
res/drawable-hdpi/ic_btn_find.png 0x23fb649c
res/drawable-hdpi/ic_btn_find_next.png 0x4ec94897
res/drawable-hdpi/ic_btn_find_prev.png 0x1b331ffa
res/drawable-hdpi/ic_btn_forward.png 0xf826fa95
res/drawable-hdpi/ic_btn_go.png 0xae1222c4
res/drawable-hdpi/ic_btn_home.png 0x58465ade
res/drawable-hdpi/ic_btn_mobile_view.png 0x7c1d9f00
res/drawable-hdpi/ic_btn_next.png 0x46e8fd1d
res/drawable-hdpi/ic_btn_open_tab.png 0x1a89d1b8
res/drawable-hdpi/ic_btn_reload.png 0xd8e13f97
res/drawable-hdpi/ic_btn_select.png 0x8e3580b9
res/drawable-hdpi/ic_btn_share.png 0x28d2a6ff
res/drawable-hdpi/ic_btn_stop.png 0x8484a443
res/drawable-hdpi/ic_launcher.png 0xe6891722
res/drawable-hdpi/ic_menu_add.png 0xa7ec2cc3
res/drawable-hdpi/ic_menu_add_bookmark.png 0x673566bf
res/drawable-hdpi/ic_menu_bookmarks.png 0x88c9d10c
res/drawable-hdpi/ic_menu_delete.png 0xa527a50
res/drawable-hdpi/ic_menu_downloads.png 0x5d043b46
res/drawable-hdpi/ic_menu_exit.png 0x756dca7f
res/drawable-hdpi/ic_menu_preferences.png 0x98be0cee
res/drawable-hdpi/ic_menu_sort.png 0xff4bdde6
res/drawable-hdpi/ic_menu_sync.png 0x9ee1978f
res/drawable-hdpi/ic_tab_bookmarks_selected.png 0x8cd340f2
res/drawable-hdpi/ic_tab_bookmarks_unselected.png 0xb53e8e5a
res/drawable-hdpi/ic_tab_history_selected.png 0x733aaeae
res/drawable-hdpi/ic_tab_history_unselected.png 0xd23ae1aa
res/drawable-hdpi/ic_tab_weave_selected.png 0x48adf32e
res/drawable-hdpi/ic_tab_weave_unselected.png 0x8fe8ac1
res/drawable-hdpi/notification_icon_connected.png 0xccb376f8
res/drawable-hdpi/notification_icon_connecting.png 0x93d0d56d
res/drawable-hdpi/notification_icon_upgrade_available.png 0xb166980b
res/drawable-hdpi/stat_sys_download.png 0x621e4969
res/drawable-hdpi/stat_sys_download_anim0.png 0x621e4969
res/drawable-hdpi/stat_sys_download_anim1.png 0xc39618ed
res/drawable-hdpi/stat_sys_download_anim2.png 0x396c2d8
res/drawable-hdpi/stat_sys_download_anim3.png 0x1d6091f1
res/drawable-hdpi/stat_sys_download_anim4.png 0x464d9240
res/drawable-hdpi/stat_sys_download_anim5.png 0x30e33168
res/drawable-hdpi/status_icon_connected.png 0xbfac5bf1
res/drawable-hdpi/status_icon_connecting.png 0x9cd7b149
res/drawable-hdpi/status_icon_disconnected.png 0x7f0aca31
res/drawable-mdpi/btn_bottom.9.png 0x655e1fbe
res/drawable-mdpi/btn_bottom_disabled.9.png 0xbd57cf1e
res/drawable-mdpi/btn_bottom_pressed.9.png 0x3768a369
res/drawable-mdpi/btn_default.9.png 0x2da2af5
res/drawable-mdpi/btn_default_disabled.9.png 0xe9ea5a9a
res/drawable-mdpi/btn_default_pressed.9.png 0x53c01072
res/drawable-mdpi/default_video_poster.png 0xd2da86da
res/drawable-mdpi/fav_icn_background.png 0xa6afff10
res/drawable-mdpi/fav_icn_default.png 0x8b5c4458
res/drawable-mdpi/fav_icn_default_toolbar.png 0xc13496b0
res/drawable-mdpi/fav_icn_unknown.png 0x2c87ac6f
res/drawable-mdpi/folder_icon.png 0x70252c49
res/drawable-mdpi/gd_quick_action_arrow_up.png 0xfdb75d4a
res/drawable-mdpi/gd_quick_action_grid_arrow_down.png 0xa80b86d2
res/drawable-mdpi/gd_quick_action_grid_bg.9.png 0x2d04f5c0
res/drawable-mdpi/gd_quick_action_grid_bottom_frame.9.png 0x282eac29
res/drawable-mdpi/gd_quick_action_grid_selector_focused.9.png 0xe96a58cf
res/drawable-mdpi/gd_quick_action_grid_selector_pressed.9.png 0xcb6d8fdd
res/drawable-mdpi/gd_quick_action_top_frame.9.png 0x54b21def
res/drawable-mdpi/ic_btn_bookmarks.png 0xea485ebf
res/drawable-mdpi/ic_btn_close_panel.png 0x6d245d53
res/drawable-mdpi/ic_btn_close_tab.png 0xf073f92d
res/drawable-mdpi/ic_btn_find.png 0x8ed15863
res/drawable-mdpi/ic_btn_find_next.png 0x4d304b53
res/drawable-mdpi/ic_btn_find_prev.png 0xd51feaa7
res/drawable-mdpi/ic_btn_forward.png 0xa0964353
res/drawable-mdpi/ic_btn_go.png 0x6f8a8629
res/drawable-mdpi/ic_btn_home.png 0x4f7e5879
res/drawable-mdpi/ic_btn_mobile_view.png 0x7dbc6539
res/drawable-mdpi/ic_btn_next.png 0x22f8e300
res/drawable-mdpi/ic_btn_open_tab.png 0x8e988fba
res/drawable-mdpi/ic_btn_reload.png 0xb222ab72
res/drawable-mdpi/ic_btn_select.png 0xd20778d7
res/drawable-mdpi/ic_btn_share.png 0x9c6e7b75
res/drawable-mdpi/ic_btn_stop.png 0x74e1c8c7
res/drawable-mdpi/ic_launcher.png 0x28a5f58a
res/drawable-mdpi/ic_menu_add.png 0x17d7ad63
res/drawable-mdpi/ic_menu_add_bookmark.png 0xea7f2711
res/drawable-mdpi/ic_menu_bookmarks.png 0xe83e7b0a
res/drawable-mdpi/ic_menu_delete.png 0x105aa2e8
res/drawable-mdpi/ic_menu_downloads.png 0x4d5bc4e
res/drawable-mdpi/ic_menu_exit.png 0x6e0db080
res/drawable-mdpi/ic_menu_preferences.png 0xf3f998ab
res/drawable-mdpi/ic_menu_sort.png 0x86f541ae
res/drawable-mdpi/ic_menu_sync.png 0xd8e13f97
res/drawable-mdpi/ic_tab_bookmarks_selected.png 0x5d987f70
res/drawable-mdpi/ic_tab_bookmarks_unselected.png 0xd86826a9
res/drawable-mdpi/ic_tab_history_selected.png 0xf774d2fa
res/drawable-mdpi/ic_tab_history_unselected.png 0x96d44e73
res/drawable-mdpi/ic_tab_weave_selected.png 0x53ce72cf
res/drawable-mdpi/ic_tab_weave_unselected.png 0xcf733441
res/drawable-mdpi/notification_icon_connected.png 0xd2727d31
res/drawable-mdpi/notification_icon_connecting.png 0xc17e5792
res/drawable-mdpi/notification_icon_upgrade_available.png 0x5c995fc3
res/drawable-mdpi/stat_sys_download.png 0xfa63080c
res/drawable-mdpi/stat_sys_download_anim0.png 0xfa63080c
res/drawable-mdpi/stat_sys_download_anim1.png 0x5a0cff1e
res/drawable-mdpi/stat_sys_download_anim2.png 0xbe1d734a
res/drawable-mdpi/stat_sys_download_anim3.png 0xdb4c596
res/drawable-mdpi/stat_sys_download_anim4.png 0xeeba5706
res/drawable-mdpi/stat_sys_download_anim5.png 0x428806af
res/drawable-mdpi/status_icon_connected.png 0x2bdf949d
res/drawable-mdpi/status_icon_connecting.png 0x6cf12f6a
res/drawable-mdpi/status_icon_disconnected.png 0xe3199bd1
res/drawable-tvdpi/ic_launcher.png 0xb227a247
res/drawable-tvdpi/notification_icon_connected.png 0x3d976aa5
res/drawable-tvdpi/notification_icon_connecting.png 0xe6cd82b3
res/drawable-tvdpi/notification_icon_upgrade_available.png 0x791170ad
res/drawable-tvdpi/status_icon_connected.png 0x40f7dfd2
res/drawable-tvdpi/status_icon_connecting.png 0xe2521367
res/drawable-tvdpi/status_icon_disconnected.png 0x2c035401
res/drawable-xhdpi/ic_launcher.png 0x134b6071
res/drawable-xhdpi/notification_icon_connected.png 0xd4f0943e
res/drawable-xhdpi/notification_icon_connecting.png 0x857781ba
res/drawable-xhdpi/notification_icon_upgrade_available.png 0xec5754f5
res/drawable-xhdpi/status_icon_connected.png 0x173939ba
res/drawable-xhdpi/status_icon_connecting.png 0x828c41fe
res/drawable-xhdpi/status_icon_disconnected.png 0xdce4ee47
res/drawable-xxhdpi/ic_launcher.png 0xdec844ec
res/drawable-xxhdpi/notification_icon_connected.png 0xbcc41bed
res/drawable-xxhdpi/notification_icon_connecting.png 0x379e947c
res/drawable-xxhdpi/notification_icon_upgrade_available.png 0xe7c8119
res/drawable-xxhdpi/status_icon_connected.png 0x718c105c
res/drawable-xxhdpi/status_icon_connecting.png 0x9b7c38e5
res/drawable-xxhdpi/status_icon_disconnected.png 0xd14d4392
res/layout-ar/message_row.xml 0x66b055e9
res/layout-fa/message_row.xml 0x66b055e9
classes.dex 0x2ade862d
ch/ethz/ssh2/HISTORY.txt 0x3f7ba75c
ch/ethz/ssh2/LICENSE.txt 0xf540a0f7
ch/ethz/ssh2/README.txt 0xb22e273b
com/psiphon3/psiphonlibrary/EmbeddedValues.java.stub 0x25f9e9cd
com/stericson/RootTools/RootTools-NOTICE.txt 0x56c17fd9
net/sourceforge/jsocks/LICENSE.txt 0x75312e7a
org/xbill/DNS/LICENSE.txt 0xecc5f0ed
LICENSE 0xda8ebe88
NOTICE 0x3f58cc88
org/achartengine/image/zoom-1.png 0x474c0862
org/achartengine/image/zoom_in.png 0x6cbca6b4
org/achartengine/image/zoom_out.png 0xad161e40
ch/boye/httpclientandroidlib/impl/conn/tsccm/doc-files/tsccm-structure.png 0x497cbe0
lib/armeabi/libnacl.so 0x94186d73
lib/armeabi/libOriginalDest.so 0xc1138fa1
lib/armeabi/libpolipo.so 0xc85f08a1
lib/armeabi/libtun2socks.so 0x8bfabd9b
lib/armeabi-v7a/libnacl.so 0xa2f7540d
lib/armeabi-v7a/libOriginalDest.so 0xc809838d
lib/armeabi-v7a/libpolipo.so 0xaca0edbb
lib/armeabi-v7a/libtun2socks.so 0x5a37b54e
lib/mips/libnacl.so 0x6bd180cf
lib/mips/libOriginalDest.so 0xc2711854
lib/mips/libpolipo.so 0x7dffb3a4
lib/mips/libtun2socks.so 0x2b5cef30
lib/x86/libnacl.so 0x297e8fb7
lib/x86/libOriginalDest.so 0x6b9a80d3
lib/x86/libpolipo.so 0x520e7873
lib/x86/libtun2socks.so 0x2909004c
运行截图
VirSCANVirSCAN
VirSCAN