Scanner results

Scanner results:0%Antivirus software(0/32)found malware!

Behavior analysis report:         Habo file analysis

Time: 2015-10-14 17:59:45 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
antiy	AVL SDK 3.0		1970-01-01	Found nothing	5
asquared	9.0.0.4324	9.0.0.4324	2014-07-03	Found nothing	1
avast	150725-1	4.7.4	2015-07-25	Found nothing	0
avg	2109/8133	10.0.1405	2014-11-26	Found nothing	0
baidu	2.0.1.0	4.1.3.52192	2.0.1.0	Found nothing	5
baidusd	1.0	1.0	2014-04-02	Found nothing	1
bitdefender	7.58469	7.90123	2014-12-25	Found nothing	0
clamav	19861	0.97.5	2014-12-31	Found nothing	0
drweb	5.0.2.3300	5.0.1.1	2014-12-31	Found nothing	0
fortinet	23.345, 23.345	5.1.158	2014-12-08	Found nothing	0
fprot	4.6.2.117	6.5.1.5418	2014-12-31	Found nothing	0
fsecure	2014-04-02-01	9.13	2014-04-02	Found nothing	0
gdata	25.3863	25.3863	2015-10-13	Found nothing	9
ikarus	1.06.01	V1.32.31.0	2014-12-08	Found nothing	0
jiangmin	16.0.100	1.0.0.0	2015-07-25	Found nothing	57
kaspersky	5.5.33	5.5.33	2014-04-01	Found nothing	0
kingsoft	2.1	2.1	2013-09-22	Found nothing	27
mcafee	7638	5400.1158	2014-11-30	Found nothing	0
nod32	0920	3.0.21	2014-12-23	Found nothing	0
panda	9.05.01	9.05.01	2015-07-26	Found nothing	5
pcc	11.380.07	9.500-1005	2014-12-31	Found nothing	0
qh360	1.0.1	1.0.1	1.0.1	Found nothing	6
qqphone	1.0.0.0	1.0.0.0	2014-12-09	Found nothing	0
quickheal	14.00	14.00	2015-07-25	Found nothing	2
rising	25.76.04.01	25.76.04.01	2015-07-24	Found nothing	1
sophos	5.08	3.55.0	2014-12-01	Found nothing	0
symantec	20141230.001	1.3.0.24	2014-12-30	Found nothing	0
tachyon	9.9.9	9.9.9	2013-12-27	Found nothing	3
thehacker	6.8.0.5	6.8.0.5	2015-07-23	Found nothing	1
tws	17.47.17308	1.0.2.2108	2014-12-08	Found nothing	6
vba	3.12.26.3	3.12.26.3	2014-12-31	Found nothing	0
virusbuster	15.0.985.0	5.5.2.13	2014-12-05	Found nothing	0

■Heuristic/Suspicious ■Exact

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

Last Scanned File List

File Name (File Size)	Scan results (Suspicious degree)
00精武门(110880 )	Found Trojan.Script.Iframe.folzum (4%)
GLD授权软件8521 备份.exe(12054528 )	Found Trojan/Pasta.ekk (10%)
00米奇妙妙屋(45772 )	Found Worm/Win32.AGeneric (10%)
GLD授权软件8521.exe(12054528 )	Found Worm.Win32.Dropper.RA@1qraug (8%)
00篡清(482270 )	Found DeepScan:Generic.Mira.CF26E316 (22%)
00简爱(7582 )	Found nothing
00第101回(232300 )	Found JS:Trojan.JS.Agent.RRO (24%)
00第8号当铺(1209523 )	Found Heur.Corrupt.PE@1z141z3 (4%)
00第9区(420691 )	Found DeepScan:Generic.Mira.CF26E316 (22%)
qqq.exe(176220 )	Found Gen:Variant.Jaiko.3785 (14%)
00笑看风云(26700 )	Found Trojan.JS.Redirector.BVR (26%)
00笑傲江湖(722920 )	Found Gen:Variant.Zusy.189352 (32%)
00窦娥冤(144903 )	Found Trojan/Generic.ASELF.309E8 (6%)
00窈窕淑女(39316 )	Found JS:Decode-BTB (18%)
00穿越者(87304 )	Found GrayWare/Generic.Generic (4%)
00穿越火线(5884000 )	Found nothing
00穿越(1422449 )	Found Android.Adware.Kuguo.A (18%)
00穆赫兰道(3348288 )	Found Suspicious:Packed.Krap.c.zxgd.mg (2%)
GLD授权软件852.exe(12075008 )	Found Malware.Heuristic (8%)
00秦时明月(171008 )	Found Gen:Variant.MSILPerseus.127461 (16%)

没有相关的权限信息

文件信息

安全评分 :

基本信息
MD5:2b250a6461355f69405f4b7606cd27e3
包名:pan.howdifficult
最低运行环境:Android 2.2.x
版权:yunling

关键行为
行为描述:	写权限映射文件
详情信息:	CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
	MSCTF.MarshalInterface.FileMap.IDI..GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.B.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.C.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.D.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.E.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.F.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.G.GPLIG
	MSCTF.Shared.SFM.IDI
	MSCTF.MarshalInterface.FileMap.IDI.H.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.I.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.J.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.K.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.L.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.M.CPCNG
行为描述:	设置特殊文件夹属性
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies
行为描述:	隐藏指定窗口
详情信息:	[Window,Class] = [,_EL_Timer]
	[Window,Class] = [,Afx:400000:b:10011:0:0]

文件行为
行为描述:	写权限映射文件
详情信息:	CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
	MSCTF.MarshalInterface.FileMap.IDI..GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.B.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.C.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.D.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.E.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.F.GPLIG
	MSCTF.MarshalInterface.FileMap.IDI.G.GPLIG
	MSCTF.Shared.SFM.IDI
	MSCTF.MarshalInterface.FileMap.IDI.H.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.I.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.J.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.K.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.L.CPCNG
	MSCTF.MarshalInterface.FileMap.IDI.M.CPCNG
行为描述:	设置特殊文件夹属性
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
	C:\Documents and Settings\Administrator\Local Settings\History
	C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
	C:\Documents and Settings\Administrator\Cookies

网络行为
行为描述:	连接指定站点
详情信息:	InternetConnectA: ServerName = www.54xl.cn, PORT = 80
	InternetConnectA: ServerName = www.haodailiip.com, PORT = 80
行为描述:	读取网络文件
详情信息:	hFile = 0x00000568, BytesToRead =1024, BytesRead = 1024.
	hFile = 0x00000564, BytesToRead =1024, BytesRead = 1024.
行为描述:	打开HTTP请求
详情信息:	HttpOpenRequestA: www.54xl.cn:80/nf/k8up.html, hConnect = 0x00000570
	HttpOpenRequestA: www.haodailiip.com:80/domftiqu, hConnect = 0x0000056c

注册表行为
行为描述:	修改注册表
详情信息:	\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)

其他行为
行为描述:	创建互斥体
详情信息:	CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
	CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
	CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
	CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
	CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
	CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
	MSCTF.Shared.MUTEX.AEH
	MSCTF.Shared.MUTEX.IDI
行为描述:	内联HOOK
详情信息:	C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
	C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
	C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0
行为描述:	查找指定窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
	NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:	隐藏指定窗口
详情信息:	[Window,Class] = [,_EL_Timer]
	[Window,Class] = [,Afx:400000:b:10011:0:0]
行为描述:	窗口信息
详情信息:	Pid = 2100, Hwnd=0x301d0, Text = 使用匿名代理隐藏IP(会影响效率), ClassName = Button(CheckBox).
	Pid = 2100, Hwnd=0x301c0, Text = 温馨提示:本软件专治各种牛皮癣小广告,不要太邪恶哦, ClassName = _EL_Label.
	Pid = 2100, Hwnd=0x301be, Text = 注意:该软件攻击1分钟1000条短信,请合理使用 使用本软件发生的任何纠纷与本软件作者无关, ClassName = _EL_Label.
	Pid = 2100, Hwnd=0x40248, Text = 小刀娱乐网 , ClassName = _EL_Label.
	Pid = 2100, Hwnd=0x60240, Text = 停止, ClassName = Button.
	Pid = 2100, Hwnd=0x70196, Text = 短信测试, ClassName = Button.
	Pid = 2100, Hwnd=0x401ce, Text = 手机号码, ClassName = _EL_Label.
	Pid = 2100, Hwnd=0x4020e, Text = 卡吧短信压力测试器V2.5, ClassName = WTWindow.

动态列表行为
行为描述:	窗口信息
详情信息:	{"text": "网盘提取器", "class": "android.widget.TextView"}
	{"text": "请输入网盘地址", "class": "android.widget.EditText"}
	{"text": "清空", "class": "android.widget.Button"}
	{"text": "确定", "class": "android.widget.Button"}
	{"text": "制作:HOWDIFFICULT", "class": "android.widget.TextView"}
行为描述:	解析通用资源标识符
详情信息:	http://pan.baidu.com/share/home?uk=
行为描述:	初始化Intent
详情信息:	[u'android.intent.action.VIEW', u'http://pan.baidu.com/share/home?uk=']
行为描述:	激活Activity
详情信息:	Intent { act=android.intent.action.VIEW dat=http://pan.baidu.com/share/home?uk= }
行为描述:	添加悬浮窗口
详情信息:	[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414a69a8', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#810100 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414b40f8']

Activities
活动名	类型
.MainActivity	android.intent.action.MAIN
.MainActivity	android.intent.category.LAUNCHER

文件列表
文件名	校验码
META-INF/MANIFEST.MF	0xfe42c0f0
META-INF/CERT.SF	0xd476ff79
META-INF/CERT.RSA	0x968bf2bc
AndroidManifest.xml	0xe96e0f8d
classes.dex	0x533cd819
res/drawable-hdpi/ic_launcher.png	0x80334075
res/drawable-mdpi/ic_launcher.png	0x80334075
res/drawable-xhdpi/ic_launcher.png	0x80334075
res/drawable-xxhdpi/ic_launcher.png	0x80334075
res/drawable/image_teach.png	0x6610f50d
res/layout/about.xml	0xc00b9fe3
res/layout/main.xml	0xb84ff8ee
res/layout/teach.xml	0xddb3377
resources.arsc	0x12fdf3ba

运行截图