VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

File Name :全网影视_1.7.apk (File not down)
File Size :7107813 byte
File Type : application/zip
MD5:d0a913221ecd663b36dd3e1de2d97612
SHA1:684a473400bfa1a88dad085d0a8ca88e1199c30a
Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-06-29 14:01:21 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 9
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14105 10.0.1405 2017-06-26 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23503 0.97.5 2017-06-24 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.820, 49.820, 49.820 5.4.233 2017-06-29 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13102 25.13102 2017-06-29 Found nothing 16
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-27 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-06-28 Found nothing 4
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-27 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-06-28 Found nothing 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 4
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2017-06-25 Found nothing 3
tws 17.47.17308 1.0.2.2108 2017-06-28 Found nothing 15
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-28 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:d0a913221ecd663b36dd3e1de2d97612
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.loo
最低运行环境:Android 2.2.x
版权:E4A
关键行为
VirSCANVirSCAN
行为描述: 对比可疑进程名
详情信息: lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ORvxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: uihcthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: OCVpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ORvxTray.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ctfmon.exe <------> avp.exe Des: 卡巴斯基
行为描述: 搜索可疑进程名
详情信息: strstr: avp.exe <------> Des: 卡巴斯基
行为描述: 获取TickCount值
详情信息: TickCount = 5428956, SleepMilliseconds = 50.
TickCount = 5428971, SleepMilliseconds = 50.
TickCount = 5429690, SleepMilliseconds = 50.
TickCount = 5429706, SleepMilliseconds = 50.
TickCount = 5429721, SleepMilliseconds = 50.
TickCount = 5430206, SleepMilliseconds = 50.
TickCount = 5430360, SleepMilliseconds = 1.
TickCount = 5430407, SleepMilliseconds = 1.
TickCount = 5430547, SleepMilliseconds = 1.
TickCount = 5430579, SleepMilliseconds = 1.
TickCount = 5430721, SleepMilliseconds = 50.
TickCount = 5430737, SleepMilliseconds = 50.
TickCount = 5430753, SleepMilliseconds = 50.
TickCount = 5430815, SleepMilliseconds = 50.
TickCount = 5430831, SleepMilliseconds = 50.
行为描述: 创建系统服务
详情信息: [服务创建成功]: DcomLauncherq, C:\WINDOWS\System\lsass.exe
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\History
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
C:\Documents and Settings\LocalService\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xebc215f2, EDX = 0x00001198
EAX = 0xfea7108e, EDX = 0x00001198
EAX = 0xfea710da, EDX = 0x00001198
EAX = 0x11b73b69, EDX = 0x00001199
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\WINDOWS\System\lsass.exe
进程行为
VirSCANVirSCAN
行为描述: 对比可疑进程名
详情信息: lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ORvxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: uihcthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: OCVpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ORvxTray.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ctfmon.exe <------> avp.exe Des: 卡巴斯基
行为描述: 搜索可疑进程名
详情信息: strstr: avp.exe <------> Des: 卡巴斯基
行为描述: 获取TickCount值
详情信息: TickCount = 5428956, SleepMilliseconds = 50.
TickCount = 5428971, SleepMilliseconds = 50.
TickCount = 5429690, SleepMilliseconds = 50.
TickCount = 5429706, SleepMilliseconds = 50.
TickCount = 5429721, SleepMilliseconds = 50.
TickCount = 5430206, SleepMilliseconds = 50.
TickCount = 5430360, SleepMilliseconds = 1.
TickCount = 5430407, SleepMilliseconds = 1.
TickCount = 5430547, SleepMilliseconds = 1.
TickCount = 5430579, SleepMilliseconds = 1.
TickCount = 5430721, SleepMilliseconds = 50.
TickCount = 5430737, SleepMilliseconds = 50.
TickCount = 5430753, SleepMilliseconds = 50.
TickCount = 5430815, SleepMilliseconds = 50.
TickCount = 5430831, SleepMilliseconds = 50.
行为描述: 创建系统服务
详情信息: [服务创建成功]: DcomLauncherq, C:\WINDOWS\System\lsass.exe
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\History
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
C:\Documents and Settings\LocalService\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xebc215f2, EDX = 0x00001198
EAX = 0xfea7108e, EDX = 0x00001198
EAX = 0xfea710da, EDX = 0x00001198
EAX = 0x11b73b69, EDX = 0x00001199
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\WINDOWS\System\lsass.exe
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\WINDOWS\system\lsass.exe
C:\6360.vbs
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DQRCL6J\wpad[1].dat
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DQRCL6J\cgi_get_portrait[1].fcg
行为描述: 创建可执行文件
详情信息: C:\WINDOWS\system\lsass.exe
行为描述: 复制文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\WINDOWS\System\lsass.exe
行为描述: 删除文件
详情信息: C:\6360.vbs
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DQRCL6J\wpad[1].dat
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DQRCL6J\cgi_get_portrait[1].fcg
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\6360.vbs
FileName = C:\WINDOWS
FileName = C:\WINDOWS\System32
FileName = C:\WINDOWS\System32\WScript.exe
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\wscript.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\*.*
行为描述: 修改BAT脚本文件
详情信息: C:\6360.vbs ---> Offset = 0
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\History
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
C:\Documents and Settings\LocalService\Cookies
行为描述: 修改文件内容
详情信息: C:\WINDOWS\system\lsass.exe ---> Offset = 0
C:\WINDOWS\system\lsass.exe ---> Offset = 4096
C:\WINDOWS\system\lsass.exe ---> Offset = 8192
C:\WINDOWS\system\lsass.exe ---> Offset = 12288
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://us****om/fcg-bin/cgi_get_portrait.fcg?uins=www.zuimihu.cn, hInternet = 0x00cc0004, Flags = 0x00000001
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0008, Flags = 0x00000010
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x00000010
InternetConnectA: ServerName = us****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000001
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0008
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ww****cn, IP: **.133.40.**:303, SOCKET = 0x000000e8
URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000003ac
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x00000318
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x000003b4
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x000003a8
行为描述: 读取网络文件
详情信息: hFile = 0x00cc0010, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
行为描述: 发送HTTP包
详情信息: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET /fcg-bin/cgi_get_portrait.fcg?uins=www.zuimihu.cn HTTP/1.1 Host: us****om
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: us****om:80/fcg-bin/cgi_get_portrait.fcg?uins=www.zuimihu.cn, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00000001
行为描述: 按名称获取主机地址
详情信息: gethostbyname: ww****cn
GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: us****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\DcomLauncherq\MarkTime
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\DcomLauncherq\Description
\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\Version
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\System32\WScript.exe
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\NT Directory\DEBUG\Trace Level
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\NT Directory\DEBUG\Trace Level
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\WINDOWS\System\lsass.exe
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
SHIMLIB_LOG_MUTEX
303
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-18
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
行为描述: 直接获取CPU时钟
详情信息: EAX = 0xebc215f2, EDX = 0x00001198
EAX = 0xfea7108e, EDX = 0x00001198
EAX = 0xfea710da, EDX = 0x00001198
EAX = 0x11b73b69, EDX = 0x00001199
行为描述: 对比可疑进程名
详情信息: lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ORvxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: uihcthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: OCVpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ORvxTray.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: ctfmon.exe <------> avp.exe Des: 卡巴斯基
行为描述: 搜索可疑进程名
详情信息: strstr: avp.exe <------> Des: 卡巴斯基
行为描述: 启动系统服务
详情信息: [服务启动成功]: LocalSystem, DCOM Server Process Launcherr, C:\WINDOWS\System\lsass.exe
行为描述: 获取TickCount值
详情信息: TickCount = 5428956, SleepMilliseconds = 50.
TickCount = 5428971, SleepMilliseconds = 50.
TickCount = 5429690, SleepMilliseconds = 50.
TickCount = 5429706, SleepMilliseconds = 50.
TickCount = 5429721, SleepMilliseconds = 50.
TickCount = 5430206, SleepMilliseconds = 50.
TickCount = 5430360, SleepMilliseconds = 1.
TickCount = 5430407, SleepMilliseconds = 1.
TickCount = 5430547, SleepMilliseconds = 1.
TickCount = 5430579, SleepMilliseconds = 1.
TickCount = 5430721, SleepMilliseconds = 50.
TickCount = 5430737, SleepMilliseconds = 50.
TickCount = 5430753, SleepMilliseconds = 50.
TickCount = 5430815, SleepMilliseconds = 50.
TickCount = 5430831, SleepMilliseconds = 50.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2520
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
\INSTALLATION_SECURITY_HOLD
怴
行为描述: 可执行文件签名信息
详情信息: C:\WINDOWS\system\lsass.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 50.
[1]: MilliSeconds = 0.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 0.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述: 可执行文件MD5
详情信息: C:\WINDOWS\system\lsass.exe ---> cbc8f1be78297e0d201e6e87125113b3
行为描述: 打开互斥体
详情信息: Local\!IETld!Mutex
ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!localservice!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!localservice!cookies!
Local\c:!documents and settings!localservice!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetProxyRegistryMutex
RasPbFile
行为描述: 创建系统服务
详情信息: [服务创建成功]: DcomLauncherq, C:\WINDOWS\System\lsass.exe
Activities
VirSCANVirSCAN
活动名 类型
com.e4a.runtime.android.StartActivity android.intent.action.MAIN
com.e4a.runtime.android.StartActivity android.intent.category.DEFAULT
com.stub.stub01.Stub01 android.intent.action.MAIN
com.stub.stub01.Stub01 android.intent.category.LAUNCHER
com.e4a.runtime.android.mainActivity android.intent.action.MAIN
com.e4a.runtime.android.mainActivity android.intent.category.DEFAULT
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity android.intent.action.VIEW
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity android.intent.category.DEFAULT
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity android.intent.category.BROWSABLE
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2 android.intent.action.VIEW
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2 android.intent.category.DEFAULT
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2 android.intent.category.BROWSABLE
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4 android.intent.action.VIEW
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4 android.intent.category.DEFAULT
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4 android.intent.category.BROWSABLE
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
权限列表
VirSCANVirSCAN
许可名称 信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
服务列表
VirSCANVirSCAN
名称
com.stub.stub01.Stub03
com.stub.stub02.Stub02
com.stub.stub02.Stub03
com.stub.stub05.Stub02
Providers
VirSCANVirSCAN
名称 信息
com.stub.stub01.Stub03
com.stub.stub02.Stub02
com.stub.stub02.Stub03
com.stub.stub05.Stub02
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x7c03a58
META-INF/MYKEY.SF 0xb53c6a8f
META-INF/MYKEY.RSA 0xbc680cd5
assets/.appkey 0xba1db9d0
assets/a.txt 0xf8d36b04
assets/a1.png 0x39227bdf
assets/a2.png 0x118e863a
assets/a3.png 0x1e7c3c6f
assets/a4.png 0xb7929627
assets/a5.png 0x112c269b
assets/a6.png 0x99048dfa
assets/a7.jpg 0x7eff3ce7
assets/aaa.png 0x35cebd84
assets/b.txt 0x88c7d651
assets/c.txt 0x3e4a897a
assets/d.txt 0x5872c685
assets/dl9.jpg 0x1836a969
assets/e.txt 0x857e6743
assets/f.txt 0xd637d04b
assets/libjiagu.so 0x14467135
assets/libjiagu_ls.so 0x2f8ff7b4
assets/libjiagu_x86.so 0x81c9aaab
assets/q11.png 0x66ad5fbc
assets/s1.png 0x334e4649
classes.dex 0xc615ca5b
lib/armeabi/libcyberplayer-core.so 0xb98484e0
lib/armeabi/libcyberplayer.so 0x2350af82
res/anim/ok_caidan_item_duang_show.xml 0x73c897f5
res/anim/ok_caidan_item_duang_show2.xml 0x5efc839b
res/anim/rv_layout_animation.xml 0x52a6a06b
res/drawable-hdpi/cyberplayer_listbtn_normal.png 0xa2be03dc
res/drawable-hdpi/cyberplayer_listbtn_pressed.png 0x21de95cb
res/drawable-hdpi/cyberplayer_next_play.png 0x4dbc08ae
res/drawable-hdpi/cyberplayer_next_play_disable.png 0xd9509e6a
res/drawable-hdpi/cyberplayer_next_play_pressed.png 0xecd2fb3a
res/drawable-hdpi/cyberplayer_play_media.png 0x7825fccf
res/drawable-hdpi/cyberplayer_play_media_disable.png 0xd06ad4ea
res/drawable-hdpi/cyberplayer_play_media_pressed.png 0x754abc4d
res/drawable-hdpi/cyberplayer_retreat_media.png 0xc1863e71
res/drawable-hdpi/cyberplayer_retreat_media_disable.png 0x105d69ea
res/drawable-hdpi/cyberplayer_retreat_media_pressed.png 0x107d406d
res/drawable-hdpi/cyberplayer_seekbar_background.png 0x470141ee
res/drawable-hdpi/cyberplayer_seekbar_background_normal.9.png 0xb682f96c
res/drawable-hdpi/cyberplayer_seekbar_background_process.9.png 0x525e50fe
res/drawable-hdpi/cyberplayer_seekbar_background_sound_normal.9.png 0xf670f95b
res/drawable-hdpi/cyberplayer_seekbar_background_sound_process.9.png 0x5e8b1ec9
res/drawable-hdpi/cyberplayer_seekbar_cache.png 0x273eb0ec
res/drawable-hdpi/cyberplayer_seekbar_normal.png 0x60b412f3
res/drawable-hdpi/cyberplayer_seekbar_ratio.png 0x8ec16bd1
res/drawable-hdpi/cyberplayer_seekbar_ratio_white.png 0xa7a8ded9
res/drawable-hdpi/cyberplayer_stop_media.png 0x6395a790
res/drawable-hdpi/cyberplayer_stop_media_disable.png 0xbaafc338
res/drawable-hdpi/cyberplayer_stop_media_pressed.png 0x520b1252
res/drawable-hdpi/cyberplayer_subtitle_setting.png 0xdd3621e6
res/drawable-hdpi/cyberplayer_subtitle_setting_disable.png 0xcb77113f
res/drawable-hdpi/cyberplayer_subtitle_setting_pressed.png 0x9a0a6625
res/drawable-hdpi/cyberplayer_switch_subtitle.png 0xe91d219b
res/drawable-hdpi/cyberplayer_switch_subtitle_disable.png 0x4f852d8c
res/drawable-hdpi/cyberplayer_switch_subtitle_pressed.png 0xf6580cd6
res/drawable-hdpi/cyberplayer_take_snapshot.png 0xab8e7fd5
res/drawable-hdpi/cyberplayer_take_snapshot_disable.png 0x234d73be
res/drawable-hdpi/cyberplayer_take_snapshot_pressed.png 0x241205e
res/drawable-hdpi/cyberplayer_textbtn_background_blue.9.png 0x84105c73
res/drawable-hdpi/cyberplayer_titlebar_return.png 0xaafad296
res/drawable-hdpi/cyberplayer_volumebar_background.9.png 0xd4992489
res/drawable-hdpi/ic_episode_titlebar_videoplayer.png 0xc4f1ae6b
res/drawable-hdpi/ic_episode_titlebar_videoplayer_disable.png 0xaba89ad2
res/drawable-hdpi/ic_episode_titlebar_videoplayer_pressed.png 0x4b8d08e3
res/drawable-hdpi/ic_next_play.png 0x719162df
res/drawable-hdpi/ic_next_play_pressed.png 0x1da89f5
res/drawable-hdpi/ic_play_media.png 0xe1efa842
res/drawable-hdpi/ic_play_media_disable.png 0xd06ad4ea
res/drawable-hdpi/ic_play_media_pressed.png 0x369158f9
res/drawable-hdpi/ic_retreat_media.png 0x62ad09c7
res/drawable-hdpi/ic_retreat_media_disable.png 0x105d69ea
res/drawable-hdpi/ic_retreat_media_pressed.png 0x9e62fb86
res/drawable-hdpi/ic_stop_media.png 0x5e106da4
res/drawable-hdpi/ic_stop_media_pressed.png 0x101fb9db
res/drawable-hdpi/ic_zoom_in_btn_videoplayer.png 0x986da792
res/drawable-hdpi/ic_zoom_in_btn_videoplayer_disable.png 0x590e0a34
res/drawable-hdpi/ic_zoom_in_btn_videoplayer_pressed.png 0xea9b5ca1
res/drawable-hdpi/ic_zoom_out_btn_videoplayer.png 0xa25660f0
res/drawable-hdpi/ic_zoom_out_btn_videoplayer_disable.png 0x1489a84c
res/drawable-hdpi/ic_zoom_out_btn_videoplayer_pressed.png 0x722558a6
res/drawable-xhdpi/bookmark_expand_icon.png 0x6639221b
res/drawable-xhdpi/bookmark_icon_folder.png 0xae8b5d6b
res/drawable-xhdpi/bookmark_unexpand_icon.png 0xf6e40be6
res/drawable-xhdpi/btn_style_alert_dialog_button_normal.9.png 0x19f80729
res/drawable-xhdpi/btn_style_alert_dialog_button_pressed.9.png 0xca61388e
res/drawable-xhdpi/btn_style_alert_dialog_cancel_normal.9.png 0x2baa5f01
res/drawable-xhdpi/btn_style_alert_dialog_special_normal.9.png 0xfb7979e3
res/drawable-xhdpi/btn_style_alert_dialog_special_pressed.9.png 0x4d13cbda
res/drawable-xhdpi/download_bookmark_toolbar_delete.png 0x3a7249be
res/drawable-xhdpi/download_toolbar_backward.png 0xa3e23cfd
res/drawable-xhdpi/ic_action_search.png 0x3294aee3
res/drawable-xhdpi/menu_exit.png 0x2983d8b8
res/drawable-xhdpi/mo_shang.png 0x509c65a3
res/drawable-xhdpi/mo_xia.png 0x509c65a3
res/drawable-xhdpi/mo_zhong.png 0x7694836b
res/drawable-xhdpi/ok_win10_1.png 0x3f2da75e
res/drawable-xhdpi/ok_win10_10.png 0xf1b2f71e
res/drawable-xhdpi/ok_win10_11.png 0xbb91fe35
res/drawable-xhdpi/ok_win10_12.png 0x8e59419e
res/drawable-xhdpi/ok_win10_13.png 0x583476b6
res/drawable-xhdpi/ok_win10_14.png 0x7e6d87da
res/drawable-xhdpi/ok_win10_15.png 0x9c5fd291
res/drawable-xhdpi/ok_win10_16.png 0xda091058
res/drawable-xhdpi/ok_win10_17.png 0xabd11b0b
res/drawable-xhdpi/ok_win10_18.png 0x7d50df6d
res/drawable-xhdpi/ok_win10_19.png 0xedd4f106
res/drawable-xhdpi/ok_win10_2.png 0x8c31996e
res/drawable-xhdpi/ok_win10_20.png 0xc2062a6
res/drawable-xhdpi/ok_win10_21.png 0x7b988fc4
res/drawable-xhdpi/ok_win10_22.png 0xb429d99c
res/drawable-xhdpi/ok_win10_23.png 0x8e25fefa
res/drawable-xhdpi/ok_win10_24.png 0x8f107ff3
res/drawable-xhdpi/ok_win10_25.png 0x23650567
res/drawable-xhdpi/ok_win10_26.png 0x7c5fadae
res/drawable-xhdpi/ok_win10_27.png 0xf9812dff
res/drawable-xhdpi/ok_win10_28.png 0x353d2aef
res/drawable-xhdpi/ok_win10_29.png 0xd6403544
res/drawable-xhdpi/ok_win10_3.png 0x30d49bea
res/drawable-xhdpi/ok_win10_30.png 0x4fd184fe
res/drawable-xhdpi/ok_win10_31.png 0xae4fcca7
res/drawable-xhdpi/ok_win10_32.png 0x1811001f
res/drawable-xhdpi/ok_win10_33.png 0xf1647bbe
res/drawable-xhdpi/ok_win10_34.png 0xee51f09b
res/drawable-xhdpi/ok_win10_35.png 0xd4560822
res/drawable-xhdpi/ok_win10_36.png 0xf2f61c5
res/drawable-xhdpi/ok_win10_37.png 0x8c34a715
res/drawable-xhdpi/ok_win10_38.png 0x54f98dd1
res/drawable-xhdpi/ok_win10_39.png 0x5b69bac3
res/drawable-xhdpi/ok_win10_4.png 0x9042ed2
res/drawable-xhdpi/ok_win10_40.png 0x5204a48e
res/drawable-xhdpi/ok_win10_41.png 0x562d4ca1
res/drawable-xhdpi/ok_win10_42.png 0xfbb04908
res/drawable-xhdpi/ok_win10_43.png 0x96e3309e
res/drawable-xhdpi/ok_win10_44.png 0x583476b6
res/drawable-xhdpi/ok_win10_45.png 0x5af76e72
res/drawable-xhdpi/ok_win10_46.png 0xdf187d2f
res/drawable-xhdpi/ok_win10_47.png 0x72bf0510
res/drawable-xhdpi/ok_win10_48.png 0x8c77307a
res/drawable-xhdpi/ok_win10_49.png 0x7d50df6d
res/drawable-xhdpi/ok_win10_5.png 0x1e969f02
res/drawable-xhdpi/ok_win10_50.png 0x93a5e64e
res/drawable-xhdpi/ok_win10_51.png 0x84db4127
res/drawable-xhdpi/ok_win10_52.png 0xf2b97805
res/drawable-xhdpi/ok_win10_53.png 0x9816bea0
res/drawable-xhdpi/ok_win10_54.png 0xa397d7dd
res/drawable-xhdpi/ok_win10_55.png 0x8f107ff3
res/drawable-xhdpi/ok_win10_56.png 0x5819d596
res/drawable-xhdpi/ok_win10_57.png 0xb37a1fd1
res/drawable-xhdpi/ok_win10_58.png 0xd02da4a6
res/drawable-xhdpi/ok_win10_59.png 0x353d2aef
res/drawable-xhdpi/ok_win10_6.png 0xf8a63f04
res/drawable-xhdpi/ok_win10_60.png 0xf3901052
res/drawable-xhdpi/ok_win10_61.png 0xb7a2ff0e
res/drawable-xhdpi/ok_win10_62.png 0xdc899480
res/drawable-xhdpi/ok_win10_63.png 0x1811001f
res/drawable-xhdpi/ok_win10_64.png 0x89777e6b
res/drawable-xhdpi/ok_win10_65.png 0x6ec37229
res/drawable-xhdpi/ok_win10_66.png 0xd849beaa
res/drawable-xhdpi/ok_win10_67.png 0x3bad2405
res/drawable-xhdpi/ok_win10_68.png 0x726b7b15
res/drawable-xhdpi/ok_win10_69.png 0xe59993a2
res/drawable-xhdpi/ok_win10_7.png 0xb5d1e2f4
res/drawable-xhdpi/ok_win10_70.png 0xd1b58aa5
res/drawable-xhdpi/ok_win10_71.png 0xa97f2961
res/drawable-xhdpi/ok_win10_72.png 0xb79aa5b7
res/drawable-xhdpi/ok_win10_73.png 0xbec3199d
res/drawable-xhdpi/ok_win10_74.png 0xf52b6e9b
res/drawable-xhdpi/ok_win10_75.png 0xc4a38d7f
res/drawable-xhdpi/ok_win10_8.png 0xb6af5baf
res/drawable-xhdpi/ok_win10_9.png 0x90a86d8c
res/drawable-xhdpi/round_48px_1071539_easyicon.png 0xc24a6722
res/drawable-xhdpi/yanse_baise.png 0xc1df8226
res/drawable-xhdpi/yanse_baisu.png 0x1da031d2
res/drawable-xhdpi/yanse_huhuise.png 0xbf5ef6c1
res/drawable-xhdpi/yanse_huise.png 0xd8256c99
res/drawable/a.png 0x644f2b6b
res/drawable/ad_indicator_selected.png 0x3c90412a
res/drawable/btn_style_alert_dialog_button.xml 0x3056879b
res/drawable/btn_style_alert_dialog_cancel.xml 0x844a00d5
res/drawable/btn_style_alert_dialog_special.xml 0x8eb64404
res/drawable/caidan_btn_style.xml 0xe7d7fc0b
res/drawable/caidian_lie_style.xml 0xa3e3b0d5
res/drawable/caidian_lies_style.xml 0x3db6e9fa
res/drawable/e4alistview_new_message.png 0x1cdc5409
res/drawable/emoticon_pager_select_normal.png 0xd4b3274c
res/drawable/fancircle_banner_cover.png 0x635e2d55
res/drawable/hou.png 0x356ecd7c
res/drawable/ic_slider_line.xml 0x2892eeb0
res/drawable/icon.png 0x4b12763e
res/drawable/indicator.xml 0xa711db05
res/drawable/indicator_normal.xml 0xd73aa0e9
res/drawable/indicator_select.xml 0x597811d7
res/drawable/lv_white_to_gray.xml 0x7d561f8b
res/drawable/moren.png 0x8a1f4b00
res/drawable/next_btn_style.xml 0x56f341f4
res/drawable/ok_win10.xml 0xa0426ac9
res/drawable/ound_easyicon.png 0x9d7c819f
res/drawable/pause_btn_style.xml 0x2217285d
res/drawable/play_btn_style.xml 0x1b2c8cce
res/drawable/player_landscape_more_normal.png 0xcf66ec96
res/drawable/player_landscape_more_press.png 0x38397897
res/drawable/pre_btn_style.xml 0x8add4b6a
res/drawable/qcloud_player_icon_audio_vol.png 0x73be6b62
res/drawable/qcloud_player_icon_brightness.png 0x3e7ba87b
res/drawable/qian.png 0xf69d578
res/drawable/seekbar_define_style.xml 0xb0cf15e4
res/drawable/seekbar_thumb.xml 0x3a062da2
res/drawable/vive_yuanxing.xml 0x5426a086
res/drawable/zidingyi_anniu_style.xml 0x6bbc0d0b
res/drawable/zidingyi_anniu_style1.xml 0x24027def
res/drawable/zidingyi_anniu_style2.xml 0x369003ba
res/layout/canduanxiang.xml 0xc0ebd719
res/layout/controllerplaying.xml 0x30d3919e
res/layout/controllerplayinging.xml 0x316b9a52
res/layout/controllerplayingok.xml 0x6d0ffd3c
res/layout/item_horizon_rv.xml 0x51551306
res/layout/item_vertical_rv.xml 0x771b44e9
res/layout/layout_custom_sweet.xml 0xaf62b51e
res/layout/layout_custom_view.xml 0x70c8a60
res/layout/layout_grid_menu.xml 0xb893383b
res/layout/layout_rv_sweet.xml 0xb0224f88
res/layout/layout_vp_sweet.xml 0x8236e94a
res/layout/loading_dialog.xml 0x4b43d016
resources.arsc 0xbc186250
AndroidManifest.xml 0x4afa61aa
assets/.channel 0xdf365950
运行截图
VirSCANVirSCAN
VirSCAN