VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

File Name :古巴战士.apk (File not down)
File Size :1510386 byte
File Type : application/zip
MD5:96c4467081fd1f11bed6a918eb3bcb7c
SHA1:eb4b3363ef876a7c00ad4ad1669ab5438383e1dd
Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-05-17 13:26:33 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 2
avast 150725-1 4.7.4 2015-07-25 Found nothing 60
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 4
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
clamav 19861 0.97.5 2014-12-31 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
gdata 25.6612 25.6612 2016-05-17 Found nothing 10
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 46
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Found nothing 8
mcafee 7638 5400.1158 2014-11-30 Found nothing 60
nod32 0920 3.0.21 2014-12-23 Found nothing 60
panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
quickheal 14.00 14.00 2015-07-25 Found nothing 3
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 2
sophos 5.08 3.55.0 2014-12-01 Found nothing 60
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 6
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 14
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:96c4467081fd1f11bed6a918eb3bcb7c
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.jason.cuban
最低运行环境:Android 2.3, 2.3.1, 2.3.2
版权:jinglinglong
关键行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
行为描述: 获取TickCount值
详情信息: TickCount = 490140, SleepMilliseconds = 1000.
TickCount = 490156, SleepMilliseconds = 1000.
TickCount = 490171, SleepMilliseconds = 1000.
TickCount = 490187, SleepMilliseconds = 1000.
TickCount = 490218, SleepMilliseconds = 1000.
TickCount = 490296, SleepMilliseconds = 1000.
TickCount = 489329, SleepMilliseconds = 1.
TickCount = 489344, SleepMilliseconds = 1.
TickCount = 490421, SleepMilliseconds = 1000.
TickCount = 490812, SleepMilliseconds = 1000.
TickCount = 491390, SleepMilliseconds = 1000.
TickCount = 491406, SleepMilliseconds = 1000.
TickCount = 493437, SleepMilliseconds = 1000.
TickCount = 493453, SleepMilliseconds = 1000.
TickCount = 493468, SleepMilliseconds = 1000.
进程行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
行为描述: 获取TickCount值
详情信息: TickCount = 490140, SleepMilliseconds = 1000.
TickCount = 490156, SleepMilliseconds = 1000.
TickCount = 490171, SleepMilliseconds = 1000.
TickCount = 490187, SleepMilliseconds = 1000.
TickCount = 490218, SleepMilliseconds = 1000.
TickCount = 490296, SleepMilliseconds = 1000.
TickCount = 489329, SleepMilliseconds = 1.
TickCount = 489344, SleepMilliseconds = 1.
TickCount = 490421, SleepMilliseconds = 1000.
TickCount = 490812, SleepMilliseconds = 1000.
TickCount = 491390, SleepMilliseconds = 1000.
TickCount = 491406, SleepMilliseconds = 1000.
TickCount = 493437, SleepMilliseconds = 1000.
TickCount = 493453, SleepMilliseconds = 1000.
TickCount = 493468, SleepMilliseconds = 1000.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ibcgkau
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\Lng.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\bk.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF64D9.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F77A0A94-1BE5-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA48E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F77A0A95-1BE5-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBA1A.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{FAD6BB7E-1BE5-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFFF49.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\redirect[1].php
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno7.tmp
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\ibcgkau
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\Lng.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\bk.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF64D9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA48E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBA1A.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFFF49.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\redirect[1].php
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3381.tmp
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp ---> Offset = 8192
C:\Documents and Settings\Administrator\Local Settings\Temp\ibcgkau ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\ibcgkau ---> Offset = 45056
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp ---> Offset = 0
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\Lng.ini ---> Offset = 0
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\Lng.ini ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut6.tmp ---> Offset = 12288
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\bk.bmp ---> Offset = 0
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\bk.bmp ---> Offset = 65536
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\bk.bmp ---> Offset = 131072
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\bk.bmp ---> Offset = 196608
C:\WINDOWS\Temp\SkyIAR.6f3R.Temp\bk.bmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF64D9.tmp ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0004, Flags = 0x80000010
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://ww****om/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
URLDownloadToFileW: https://go****om/fwlink/?LinkId=141260 ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno7.tmp
行为描述: 打开指定IE网页
详情信息: http://bb****om/redirect.php?product=usbzl&artide=default
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000010
InternetConnectA: ServerName = bb****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
InternetConnectA: ServerName = go****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00800000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
行为描述: 建立到一个指定的套接字连接
详情信息: URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000004c0
URL: wpad, IP: **.133.40.**:128, SOCKET = 0x00000548
URL: bb****om, IP: **.133.40.**:80, SOCKET = 0x0000054c
URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000004c8
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000004f4
URL: bb****om, IP: **.133.40.**:80, SOCKET = 0x00000570
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x000005ec
URL: go****om, IP: **.133.40.**:443, SOCKET = 0x000004c8
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000005f4
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
行为描述: 发送HTTP包
详情信息: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128 Cache-Control: no-cache
GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET /redirect.php?product=usbzl&artide=default HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: bb****om Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
GET /redirect.php?product=usbzl&artide=default HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: bb****om Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000010
HttpOpenRequestA: bb****om:80/redirect.php?product=usbzl&artide=default, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: ww****om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
HttpOpenRequestA: bb****om:80/redirect.php?product=usbzl&artide=default, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=nkt3hjvzzm5gqpbgg1c31g%3d%3d&msurs-patented-lock=orcekdj0g1k%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
HttpOpenRequestA: go****om:443/fwlink/?linkid=141260, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00c00010
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: bb****om
GetAddrInfoW: ww****om
GetAddrInfoW: ur****om
GetAddrInfoW: go****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{F77A0A94-1BE5-11E6-91BE-7B****28}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{FAD6BB7E-1BE5-11E6-91BE-7B****28}
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Window_Placement
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Security\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2\UserFile
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\Version
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IIC
Local\!BrowserEmulation!SharedMemory!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
ConnHashTable<2136>_HashTable_Mutex
Local\ZonesCounterMutex
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IIC.IC
EventName = MSCTF.SendReceiveConection.Event.IIC.IC
EventName = ShellCopyEngineRunning
EventName = Global\crypt32LogoffEvent
EventName = ShellCopyEngineFinished
EventName = Isolation Signal Registry Event (F77A0A91-1BE5-11E6-91BE-7B****28, 0)
EventName = IE_EarlyTabStart_0x85c
EventName = Isolation Signal Registry Event (F77A0A92-1BE5-11E6-91BE-7B****28, 0)
EventName = Local\IEDDEExecuteEvent
EventName = Local\RSS Eventing Event Event 00000858
EventName = Isolation Signal Registry Event (FAD6BB7B-1BE5-11E6-91BE-7B****28, 0)
EventName = IE_EarlyTabStart_0x900
EventName = Isolation Signal Registry Event (FAD6BB7C-1BE5-11E6-91BE-7B****28, 0)
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [IEFrame,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述: 获取TickCount值
详情信息: TickCount = 490140, SleepMilliseconds = 1000.
TickCount = 490156, SleepMilliseconds = 1000.
TickCount = 490171, SleepMilliseconds = 1000.
TickCount = 490187, SleepMilliseconds = 1000.
TickCount = 490218, SleepMilliseconds = 1000.
TickCount = 490296, SleepMilliseconds = 1000.
TickCount = 489329, SleepMilliseconds = 1.
TickCount = 489344, SleepMilliseconds = 1.
TickCount = 490421, SleepMilliseconds = 1000.
TickCount = 490812, SleepMilliseconds = 1000.
TickCount = 491390, SleepMilliseconds = 1000.
TickCount = 491406, SleepMilliseconds = 1000.
TickCount = 493437, SleepMilliseconds = 1000.
TickCount = 493453, SleepMilliseconds = 1000.
TickCount = 493468, SleepMilliseconds = 1000.
行为描述: 搜索kernel32.dll基地址
详情信息: Instruction Address = 0x005046e5
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 1412, Hwnd=0x10316, Text = 是(&Y), ClassName = Button.
Pid = 1412, Hwnd=0x10318, Text = 否(&N), ClassName = Button.
Pid = 1412, Hwnd=0x1031c, Text = 本程序需运行于 Windows PE 环境, 需要为您推荐好用的 PE 系统吗?, ClassName = Static.
Pid = 1412, Hwnd=0x10314, Text = 信息, ClassName = #32770.
Pid = 1412, Hwnd=0x202c4, Text = 开始, ClassName = Button.
Pid = 1412, Hwnd=0x202c8, Text = 退出, ClassName = Button.
Pid = 1412, Hwnd=0x202ca, Text = 关于, ClassName = Button.
Pid = 1412, Hwnd=0x202c6, Text = 系统信息, ClassName = Button(GroupBox).
Pid = 1412, Hwnd=0x302da, Text = 位置, ClassName = Static.
Pid = 1412, Hwnd=0x202aa, Text = .., ClassName = Button.
Pid = 1412, Hwnd=0x202ac, Text = 系统, ClassName = Static.
Pid = 1412, Hwnd=0x302b6, Text = 版本, ClassName = Static.
Pid = 1412, Hwnd=0x202d2, Text = 位宽, ClassName = Static.
Pid = 1412, Hwnd=0x102e6, Text = 磁盘控制器驱动, ClassName = Button(GroupBox).
Pid = 1412, Hwnd=0x102e8, Text = 磁盘控制器ID, ClassName = Static.
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno7.tmp(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 1000.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 1000.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [,ComboLBox]
[Window,Class] = [,ComboBox]
[Window,Class] = [SkyIAR v2.52 稳定版 - IT天空出品,AutoIt v3 GUI]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [Windows Internet Explorer,IEFrame]
[Window,Class] = [,UniversalSearchBand]
[Window,Class] = [,TravelBand]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno7.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
Activities
VirSCANVirSCAN
活动名 类型
com.bkb.nes.SplashActivity android.intent.action.MAIN
com.bkb.nes.SplashActivity android.intent.category.LAUNCHER
com.bkb.nes.MainActivity android.intent.category.DEFAULT
com.bkb.nes.EmulatorActivity android.intent.action.VIEW
com.bkb.nes.EmulatorActivity android.intent.category.DEFAULT
危险函数
VirSCANVirSCAN
函数名称 信息
android/app/NotificationManager;->notify 信息通知栏
ContentResolver;->query 读取联系人、短信等数据库
getRuntime 获取命令行环境
java/net/HttpURLConnection;->connect 连接URL
java/net/URL;->openConnection 连接URL
HttpClient;->execute 请求远程服务器
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
LocationManager;->getLastKnownLocation 获取地址位置
java/lang/Runtime;->exec 执行字符串命令
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
服务列表
VirSCANVirSCAN
名称
com.bkb.nes.EmulatorService
com.wandoujia.ads.sdk.download.AppDownloadService
com.umeng.common.net.DownloadingService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0xd0fb507c
META-INF/JINGLING.SF 0x4d16e419
META-INF/JINGLING.RSA 0x9b5f8150
assets/about.html 0xadcc0fb6
assets/bkbcontra30.nes 0x49261f9c
assets/bkbmario.nes 0x7d5faa58
assets/bkbtank.nes 0xf599a07e
assets/cuban.nes 0x2c156c0a
assets/faq.html 0xa0aaf4f2
lib/armeabi/libbspatch.so 0xe095a6a4
lib/armeabi/libemu.so 0x1b6b4026
lib/armeabi/libemumedia.so 0xcfabee5
lib/armeabi/libnes.so 0x3647eb19
lib/armeabi/libwdj_adnetwork.so 0x1087f8ed
res/drawable/appwall_ratingbar_star.png 0xddb72603
res/drawable/appwall_ratingbar_starclose.png 0x5572e3ab
res/drawable/back.png 0x51d57be6
res/drawable/btn_cover.xml 0xc0bfdce2
res/drawable/btn_cover_normal.9.png 0x29f24b31
res/drawable/btn_cover_pressed.9.png 0x6a2b7cea
res/drawable/card_background.xml 0x746b28af
res/drawable/close.png 0x2c0f0b58
res/drawable/game_gripper.png 0x4a1d84a8
res/drawable/ic_launcher.png 0xb9487326
res/drawable/ic_menu_change_disk.png 0xb61e0a7d
res/drawable/ic_menu_disconnect.png 0xd778d9f4
res/drawable/ic_menu_fast_forward.png 0x499fe96a
res/drawable/ic_menu_netplay.png 0x68629b69
res/drawable/ic_menu_open.png 0x4d5bc4e
res/drawable/ic_menu_refresh.png 0xd8e13f97
res/drawable/ic_menu_rom_gripper.png 0x3fc2c63a
res/drawable/install_button.xml 0xe1ab13c5
res/drawable/install_button_disable.xml 0xf3c46e1
res/drawable/install_button_enable.xml 0x5359e3d2
res/drawable/interstitial_close_banner.png 0x57752a26
res/drawable/interstitial_close_non_banner.png 0xf911ab1
res/drawable/push_icon.png 0x8835fc0f
res/drawable/rom_gripper.png 0x1edc53dc
res/drawable/sdcard.png 0x36d785bb
res/drawable/sym_action_email.png 0x655e8ae
res/drawable/up_dir.png 0x834352e0
res/drawable/white_corner_background.xml 0x746b28af
res/layout/activity_main.xml 0x68d40fc1
res/layout/app_detail.xml 0x6964b7a4
res/layout/app_detail_hsep.xml 0xb953aff7
res/layout/app_grid_item.xml 0x53b6549c
res/layout/app_list_item.xml 0xf1d55857
res/layout/appwall_gridlayout.xml 0xf38d2891
res/layout/banner.xml 0x1af95ab5
res/layout/confirm_download.xml 0xa2a15276
res/layout/device_list.xml 0x1d2b0537
res/layout/device_name.xml 0xafe5af99
res/layout/emulator.xml 0xabe977c0
res/layout/fake_actionbar.xml 0x1a713875
res/layout/file_chooser.xml 0x40fc844e
res/layout/game_gripper.xml 0xe59516db
res/layout/interstitial.xml 0xec413afd
res/layout/new_profile.xml 0xa343f46d
res/layout/push_layout.xml 0xdfc752a8
res/layout/seekbar_dialog.xml 0xc329fadf
res/layout/shortcut.xml 0x5af6e867
res/layout/state_slot_item.xml 0x1800c86c
res/layout/wifi_connect.xml 0x1fb3c515
res/menu/emulator.xml 0xcc4b669b
res/menu/file_chooser.xml 0x8ebcd894
res/menu/key_profiles.xml 0x3b6974a0
res/menu/main.xml 0xb9ba84cd
res/menu/main_context.xml 0x4e793d1c
res/raw/buttons.png 0xf5214ef7
res/raw/dpad.png 0x334574b6
res/raw/extra_buttons.png 0x2d8c6902
res/raw/select_start_buttons.png 0xa1fb62e1
res/xml/preferences.xml 0x1e7ee453
AndroidManifest.xml 0xc9724922
classes.dex 0x2a6e1920
resources.arsc 0x13b51f2a
运行截图
VirSCANVirSCAN
VirSCAN