VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-18 18:27:40 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 7
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23569 0.97.5 2017-07-17 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 5.4.247 2017-07-18 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13424 25.13424 2017-07-18 Found nothing 14
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-07-13 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-07-17 Found nothing 4
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-07-16 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-07-17 Found nothing 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 4
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 5
thehacker 6.8.0.5 6.8.0.5 2017-07-12 Found nothing 3
tws 17.47.17308 1.0.2.2108 2017-07-17 Found nothing 16
vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-17 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.ACCESS_MOCK_LOCATION 获取模拟定位信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.VIBRATE 允许设备震动
android.permission.CAMERA 访问照相机设备
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.FLASHLIGHT 访问闪光灯
android.permission.READ_LOGS 读取系统日志
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:a2160f647b130ac05d4899652daaee80
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:jiachangdushu.com
最低运行环境:Android 2.3, 2.3.1, 2.3.2
版权:(1654222695@qq.com)
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x4c9b2392, EDX = 0x000000ba
EAX = 0x62331d5e, EDX = 0x000000ba
EAX = 0x62331daa, EDX = 0x000000ba
EAX = 0x75434839, EDX = 0x000000ba
行为描述: 获取TickCount值
详情信息: TickCount = 282187, SleepMilliseconds = 60000.
TickCount = 282218, SleepMilliseconds = 60000.
TickCount = 282234, SleepMilliseconds = 60000.
TickCount = 222365, SleepMilliseconds = 100.
TickCount = 222506, SleepMilliseconds = 100.
TickCount = 222553, SleepMilliseconds = 100.
TickCount = 222568, SleepMilliseconds = 100.
TickCount = 222584, SleepMilliseconds = 100.
TickCount = 282718, SleepMilliseconds = 60000.
TickCount = 282750, SleepMilliseconds = 60000.
TickCount = 282765, SleepMilliseconds = 60000.
TickCount = 282781, SleepMilliseconds = 60000.
TickCount = 282828, SleepMilliseconds = 60000.
TickCount = 282843, SleepMilliseconds = 60000.
TickCount = 282859, SleepMilliseconds = 60000.
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x4c9b2392, EDX = 0x000000ba
EAX = 0x62331d5e, EDX = 0x000000ba
EAX = 0x62331daa, EDX = 0x000000ba
EAX = 0x75434839, EDX = 0x000000ba
行为描述: 获取TickCount值
详情信息: TickCount = 282187, SleepMilliseconds = 60000.
TickCount = 282218, SleepMilliseconds = 60000.
TickCount = 282234, SleepMilliseconds = 60000.
TickCount = 222365, SleepMilliseconds = 100.
TickCount = 222506, SleepMilliseconds = 100.
TickCount = 222553, SleepMilliseconds = 100.
TickCount = 222568, SleepMilliseconds = 100.
TickCount = 222584, SleepMilliseconds = 100.
TickCount = 282718, SleepMilliseconds = 60000.
TickCount = 282750, SleepMilliseconds = 60000.
TickCount = 282765, SleepMilliseconds = 60000.
TickCount = 282781, SleepMilliseconds = 60000.
TickCount = 282828, SleepMilliseconds = 60000.
TickCount = 282843, SleepMilliseconds = 60000.
TickCount = 282859, SleepMilliseconds = 60000.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bang_qq_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\%temp%\pifu.jpg
C:\Documents and Settings\Administrator\Local Settings\%temp%\data\Config.ini
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\urlmon.dll
FileName = C:\WINDOWS\system32\ieframe.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\hdupdata.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\hdun.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\data\Tenio.ini
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\data\TEMP.TMP
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\data
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bang_qq_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[2]
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\pifu.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\data\Config.ini ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 打开指定IE网页
详情信息: ww****om/jiance
http://ww****om/jiance
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = ba****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ba****om, IP: **.133.40.**:80, SOCKET = 0x0000035c
URL: ba****om, IP: **.133.40.**:80, SOCKET = 0x000004ac
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
行为描述: 发送HTTP包
详情信息: GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ba****om Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: ba****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00410200
HttpOpenRequestA: ba****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: ba****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
其他行为
VirSCANVirSCAN
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 创建互斥体
详情信息: RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CritOpMutex
Local\!PrivacIE!SharedMemory!Mutex
MSIMGSIZECacheMutex
MSCTF.Shared.MUTEX.IOH
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.MBL.IC
EventName = MSCTF.SendReceiveConection.Event.MBL.IC
EventName = MSCTF.SendReceive.Event.MHL.IC
EventName = MSCTF.SendReceiveConection.Event.MHL.IC
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x4c9b2392, EDX = 0x000000ba
EAX = 0x62331d5e, EDX = 0x000000ba
EAX = 0x62331daa, EDX = 0x000000ba
EAX = 0x75434839, EDX = 0x000000ba
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [BUTTON,]
NtUserFindWindowEx: [Class,Window] = [Edit,]
NtUserFindWindowEx: [Class,Window] = [ComboBox,]
NtUserFindWindowEx: [Class,Window] = [msctls_trackbar32,]
NtUserFindWindowEx: [Class,Window] = [msctls_progress32,]
NtUserFindWindowEx: [Class,Window] = [ListBox,]
NtUserFindWindowEx: [Class,Window] = [SysListView32,]
NtUserFindWindowEx: [Class,Window] = [SysTreeView32,]
NtUserFindWindowEx: [Class,Window] = [SysIPAddress32,]
NtUserFindWindowEx: [Class,Window] = [SysDateTimePick32,]
NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
NtUserFindWindowEx: [Class,Window] = [SysHeader32,]
行为描述: 窗口信息
详情信息: Pid = 2684, Hwnd=0x303bc, Text = 您想运行或保存此文件吗?, ClassName = Static.
Pid = 2684, Hwnd=0x104f4, Text = 名称:, ClassName = Static.
Pid = 2684, Hwnd=0x104f6, Text = update.exe, ClassName = SysLink.
Pid = 2684, Hwnd=0x104f8, Text = 发行者:, ClassName = Static.
Pid = 2684, Hwnd=0x104fc, Text = 类型:, ClassName = Static.
Pid = 2684, Hwnd=0x104fe, Text = 应用程序, 358KB, ClassName = Static.
Pid = 2684, Hwnd=0x10500, Text = 从:, ClassName = Static.
Pid = 2684, Hwnd=0x10502, Text = bang.qq.com, ClassName = Static.
Pid = 2684, Hwnd=0x10504, Text = 运行(&R), ClassName = Button.
Pid = 2684, Hwnd=0x10506, Text = 保存(&S), ClassName = Button.
Pid = 2684, Hwnd=0x10508, Text = 取消, ClassName = Button.
Pid = 2684, Hwnd=0x1050a, Text = 打开此类文件前总是询问(&W), ClassName = Button(CheckBox).
Pid = 2684, Hwnd=0x10510, Text = 来自 Internet 的文件可能对您有所帮助,但此文件类型可能危害您的计算机。如果您不信任其来源,请不要运行或保存该软件。<A>有何风险?</A>, ClassName = SysLink.
Pid = 2684, Hwnd=0x203be, Text = 文件下载 - 安全警告, ClassName = #32770.
Pid = 2684, Hwnd=0x103ec, Text = 下载完毕, ClassName = Static.
行为描述: 获取TickCount值
详情信息: TickCount = 282187, SleepMilliseconds = 60000.
TickCount = 282218, SleepMilliseconds = 60000.
TickCount = 282234, SleepMilliseconds = 60000.
TickCount = 222365, SleepMilliseconds = 100.
TickCount = 222506, SleepMilliseconds = 100.
TickCount = 222553, SleepMilliseconds = 100.
TickCount = 222568, SleepMilliseconds = 100.
TickCount = 222584, SleepMilliseconds = 100.
TickCount = 282718, SleepMilliseconds = 60000.
TickCount = 282750, SleepMilliseconds = 60000.
TickCount = 282765, SleepMilliseconds = 60000.
TickCount = 282781, SleepMilliseconds = 60000.
TickCount = 282828, SleepMilliseconds = 60000.
TickCount = 282843, SleepMilliseconds = 60000.
TickCount = 282859, SleepMilliseconds = 60000.
行为描述: 获取光标位置
详情信息: CursorPos = (80,18468), SleepMilliseconds = 50.
CursorPos = (6373,26501), SleepMilliseconds = 50.
CursorPos = (19208,15725), SleepMilliseconds = 50.
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.2684
MSFT.VSA.IEC.STATUS.6c736db0
Global\crypt32LogoffEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 0.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [,_EL_CommonDlg]
[Window,Class] = [,_EL_PicBox]
[Window,Class] = [帮帮助手用户,Afx:400000:b:10011:1900015:0]
[Window,Class] = [领取帮豆,Button]
[Window,Class] = [刷新帮豆,Button]
[Window,Class] = [0,Afx:400000:b:10011:1900015:0]
[Window,Class] = [注销,Button]
[Window,Class] = [领取首月帮豆,Button]
[Window,Class] = [帮豆总值,Afx:400000:b:10011:1900015:0]
[Window,Class] = [今日帮豆,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,Afx:400000:b:10011:1900010:0]
[Window,Class] = [,SysListView32]
行为描述: 打开互斥体
详情信息: RasPbFile
ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
CtfmonInstMutexDefaultS-*
Activities
VirSCANVirSCAN
活动名 类型
com.uzmap.pkg.EntranceActivity android.intent.action.MAIN
com.uzmap.pkg.EntranceActivity android.intent.category.LAUNCHER
com.tencent.tauth.AuthActivity android.intent.action.VIEW
com.tencent.tauth.AuthActivity android.intent.category.DEFAULT
com.tencent.tauth.AuthActivity android.intent.category.BROWSABLE
危险函数
VirSCANVirSCAN
函数名称 信息
android/app/NotificationManager;->notify 信息通知栏
ContentResolver;->query 读取联系人、短信等数据库
java/net/URL;->openConnection 连接URL
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getLine1Number 获取手机号
java/net/HttpURLConnection;->connect 连接URL
HttpClient;->execute 请求远程服务器
ContentResolver;->delete 删除短信、联系人
TelephonyManager;->getSimSerialNumber 获取SIM序列号
LocationManager;->getLastKnownLocation 获取地址位置
DefaultHttpClient;->execute 发送HTTP请求
MediaRecorder;->setAudioSource 开启录音功能
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
SmsManager;->sendTextMessage 发送普通短信
启动方式
VirSCANVirSCAN
名称 信息
com.uzmap.pkg.uzapp.UPExtraBridge 开机启动服务
com.uzmap.pkg.uzapp.UPExtraBridge 网络连接改变时启动服务
com.uzmap.pkg.uzapp.UPExtraBridge 应用卸载时启动服务
com.uzmap.pkg.uzapp.UPExtraBridge 应用安装时启动服务
com.uzmap.pkg.uzapp.UPExtraBridge
com.uzmap.pkg.uzapp.UPExtraBridge
com.uzmap.pkg.uzapp.UPExtraBridge
com.uzmap.pkg.uzapp.UPExtraBridge
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.ACCESS_MOCK_LOCATION 获取模拟定位信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.VIBRATE 允许设备震动
android.permission.CAMERA 访问照相机设备
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.FLASHLIGHT 访问闪光灯
android.permission.READ_LOGS 读取系统日志
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
服务列表
VirSCANVirSCAN
名称
com.uzmap.pkg.uzsocket.UPnsService
Providers
VirSCANVirSCAN
名称 信息
com.uzmap.pkg.uzsocket.UPnsService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x6c66d4a4
META-INF/DUSHU.SF 0xd0734b63
META-INF/DUSHU.RSA 0x50a2b900
assets/uzmap/module.json 0x22e72290
assets/widget/css/font/demo.css 0x52e5c1e3
assets/widget/css/font/demo_fontclass.html 0x2f1846f3
assets/widget/css/font/demo_symbol.html 0xddf38781
assets/widget/css/font/demo_unicode.html 0x1d244567
assets/widget/css/font/iconfont.css 0xeaebec26
assets/widget/css/font/iconfont.eot 0xce527855
assets/widget/css/font/iconfont.js 0xc26efe30
assets/widget/css/font/iconfont.svg 0x510382bd
assets/widget/css/font/iconfont.ttf 0x5323f30f
assets/widget/css/font/iconfont.woff 0xd82fbb5
assets/widget/css/font/manifest.json 0x64953bab
assets/widget/css/allen.css 0x6dcbd31e
assets/widget/css/api.css 0xa44ae095
assets/widget/css/app.css 0xcdb4e6f8
assets/widget/css/aui-win.css 0xee598a0b
assets/widget/css/aui.css 0x3a2d9119
assets/widget/css/aui_iconfont.ttf 0x2bd06bf4
assets/widget/css/bofangye.css 0x54d843ab
assets/widget/css/feedback-page.css 0x6cd49cb1
assets/widget/css/head.css 0x70a52e49
assets/widget/css/home.css 0x9f5c4066
assets/widget/css/langduzhe.css 0x7501c33f
assets/widget/css/mui.css 0x20351b50
assets/widget/css/mui.min.css 0x7cf7c874
assets/widget/css/style.css 0x4e8fa359
assets/widget/css/swiper.min.css 0x58acc4d0
assets/widget/css/xiangqing.css 0xacb78a87
assets/widget/css/zhaohuimima.css 0x94792c93
assets/widget/fonts/demo.css 0x52e5c1e3
assets/widget/fonts/demo_fontclass.html 0x1f34fdd3
assets/widget/fonts/demo_symbol.html 0x1e68f14f
assets/widget/fonts/demo_unicode.html 0x2f2d7989
assets/widget/fonts/iconfont.css 0x5880e1f
assets/widget/fonts/iconfont.eot 0x7694e661
assets/widget/fonts/iconfont.js 0x50f4a929
assets/widget/fonts/iconfont.svg 0xd837e378
assets/widget/fonts/iconfont.ttf 0xc4daac51
assets/widget/fonts/iconfont.woff 0x28a480a
assets/widget/fonts/mui.ttf 0xed6ac8f3
assets/widget/html/shezhi/anquansetting.html 0x48f92993
assets/widget/html/shezhi/dingshioff.html 0x7028fe86
assets/widget/html/shezhi/qinglihuancun.html 0x3a93e772
assets/widget/html/shezhi/tongzhisetting.html 0x8554c4bc
assets/widget/html/shezhi/xiazaisetting.html 0x9b4c0424
assets/widget/html/shezhi/xiugaidenglumima.html 0x6830829a
assets/widget/html/shezhi/xiugaizhifumima.html 0x3945d52a
assets/widget/html/shezhi/ziliaoshezhi.html 0x26ec0921
assets/widget/html/bofang.html 0xa490f68
assets/widget/html/bofangye.html 0xf0ab8bc7
assets/widget/html/buy.html 0x5bee551
assets/widget/html/demo.html 0x4204f7eb
assets/widget/html/download.html 0x905f1959
assets/widget/html/forget_password.html 0x20393e4d
assets/widget/html/head.html 0x4e999ae1
assets/widget/html/home.html 0xb427d6fe
assets/widget/html/jingxuan.html 0x36897dbc
assets/widget/html/langduzhe.html 0x45b716f4
assets/widget/html/login.html 0xeae73fd7
assets/widget/html/main.html 0xe7538a36
assets/widget/html/mine.html 0x2c7bc800
assets/widget/html/mine2.html 0xe25ab514
assets/widget/html/pindao.html 0x2e0f7c29
assets/widget/html/reg.html 0xeff2de9d
assets/widget/html/roll.html 0x10b1e1e9
assets/widget/html/setting.html 0xba71e926
assets/widget/html/shaixuan.html 0xfe65562
assets/widget/html/shiyin.html 0xc218743e
assets/widget/html/shoucang.html 0xb572a0f1
assets/widget/html/shoutingjilu.html 0x55221365
assets/widget/html/shujia.html 0xe0b47f0b
assets/widget/html/toupiao.html 0x57107d8e
assets/widget/html/tuijian(00).html 0x793819bb
assets/widget/html/tuijian.html 0xe4286909
assets/widget/html/wallet.html 0x36f319be
assets/widget/html/xiangqing.html 0x26fd452f
assets/widget/html/xiaoxi.html 0x2b51ac6e
assets/widget/html/xihao.html 0xbb2dc19b
assets/widget/html/xihao2.html 0xd3716fcd
assets/widget/html/zhaohui.html 0x58e80cf5
assets/widget/html/zhexue.html 0x58535233
assets/widget/icon/icon150x150.png 0x86fee0f6
assets/widget/image/aui/demo1.png 0x9db2d17e
assets/widget/image/aui/demo2.png 0xb657ba8
assets/widget/image/aui/demo3.png 0x906432a9
assets/widget/image/aui/demo4.png 0x729f9c58
assets/widget/image/aui/demo5.png 0xc9b34d56
assets/widget/image/aui/demo6.png 0xe1f67c80
assets/widget/image/Lightbulb-48.png 0xc0bf80ab
assets/widget/image/about.png 0x61e0201e
assets/widget/image/bac-goumai.png 0xc5616a4f
assets/widget/image/bac-shouting.png 0x17a87e30
assets/widget/image/bac-shujia.png 0x4889a4fc
assets/widget/image/bac-xiazai.png 0x4e4df3f5
assets/widget/image/back.png 0x7a685743
assets/widget/image/bofang.png 0xbbf67db0
assets/widget/image/chat-48.png 0xd0afd448
assets/widget/image/dashang.png 0x67d5b3d7
assets/widget/image/eye.png 0x3c1fe709
assets/widget/image/geren.png 0x1922a031
assets/widget/image/goumai.png 0x9d0ebffd
assets/widget/image/heart-48.png 0x6abc0c2d
assets/widget/image/help.png 0xb339c331
assets/widget/image/iconfont-tianjia.png 0x3d0cd45f
assets/widget/image/jignxuanji.png 0x9b05f1d7
assets/widget/image/like.png 0xe016149a
assets/widget/image/loading_more.gif 0x9932f5cf
assets/widget/image/more.png 0x619f35a6
assets/widget/image/pinglun.png 0x80828dd4
assets/widget/image/qianbao.png 0xd865925d
assets/widget/image/qihoo.png 0xea275eaa
assets/widget/image/qq.png 0x7557aa91
assets/widget/image/share.png 0x98db8ac7
assets/widget/image/shezhi.png 0x360b3800
assets/widget/image/shoucang.png 0xcacf0a85
assets/widget/image/shoucang2.png 0xecec6dbb
assets/widget/image/shouting.png 0x284c00d1
assets/widget/image/sinaweibo.png 0x90aa26f5
assets/widget/image/t018c.png 0xa1430762
assets/widget/image/title-icon01.png 0x3c6d1573
assets/widget/image/title-icon02.png 0x3946a750
assets/widget/image/title-icon03.png 0xe8520563
assets/widget/image/title-icon05.png 0xf29c2f89
assets/widget/image/touxiang.png 0xe220dbbc
assets/widget/image/u1140.png 0xa417e43c
assets/widget/image/u1179.png 0x6095eeff
assets/widget/image/u1229.png 0x248a1ef5
assets/widget/image/u123.png 0xc32a1b17
assets/widget/image/u1326.png 0x56c2d1a2
assets/widget/image/u1328.png 0x7f5fca3f
assets/widget/image/u1336.png 0x4f110839
assets/widget/image/u1338.png 0x25c3290a
assets/widget/image/u1340.png 0xbf9c59d7
assets/widget/image/u1358.png 0x2c6d5978
assets/widget/image/u1429.png 0xc97aba64
assets/widget/image/u1444.png 0xf428ff18
assets/widget/image/u146.jpg 0xdea5f952
assets/widget/image/u16.png 0x62b12a80
assets/widget/image/u161.jpg 0x46797cfc
assets/widget/image/u1778.png 0xb4091821
assets/widget/image/u179.png 0x23aa88a0
assets/widget/image/u1792.png 0xf0455a1
assets/widget/image/u1794.png 0x66ee9a2c
assets/widget/image/u1948.png 0xe1ae41fb
assets/widget/image/u1978.png 0xfe25ef7
assets/widget/image/u2113.png 0xa6fb94bb
assets/widget/image/u2115.png 0x80b6c495
assets/widget/image/u2117.png 0xb8f42871
assets/widget/image/u22.png 0xe8520563
assets/widget/image/u24.png 0x3946a750
assets/widget/image/u257.png 0x74075923
assets/widget/image/u36.png 0x3c6d1573
assets/widget/image/u38.png 0x64f913fc
assets/widget/image/u415.png 0x1c563963
assets/widget/image/u469.jpg 0x39c5285e
assets/widget/image/u5.png 0xe86ba7ec
assets/widget/image/u543.png 0xe33811a2
assets/widget/image/u545.png 0xaef1cc6e
assets/widget/image/u688.png 0x479a333f
assets/widget/image/u722.png 0x37c3b279
assets/widget/image/u724.png 0x3a0547cd
assets/widget/image/u726.png 0x3a72cd7
assets/widget/image/u728.png 0x973ee0ac
assets/widget/image/u730.png 0x2ce1207d
assets/widget/image/u732.png 0x2bb43010
assets/widget/image/u980.png 0x110f5c33
assets/widget/image/user-photo.png 0xb7a20897
assets/widget/image/waerdenghu.png 0x7613baeb
assets/widget/image/weixin.png 0xf1cce2dd
assets/widget/image/xiayishou.png 0xcd328f10
assets/widget/image/xiazai.png 0x7888e913
assets/widget/image/zanting.png 0xa64fec2e
assets/widget/image/zhuifengzheng.png 0x9215705f
assets/widget/launch/launch1080x1920.png 0xee64c12b
assets/widget/libs/easymob-webim-sdk/easemob.im-1.0.5.js 0x5ad410b8
assets/widget/libs/easymob-webim-sdk/jquery-1.11.1.js 0xc6d1c99b
assets/widget/libs/easymob-webim-sdk/json2.js 0x492e6620
assets/widget/libs/easymob-webim-sdk/quickstart.md 0x8f3350f4
assets/widget/libs/easymob-webim-sdk/strophe-custom-2.0.0.js 0x672ef778
assets/widget/script/api.js 0xd53279c0
assets/widget/script/app.js 0x493012b7
assets/widget/script/aui-alert.js 0x823a90fd
assets/widget/script/aui-range.js 0x3c852b0d
assets/widget/script/aui-waterfall.js 0xf4bd5bb6
assets/widget/script/common.js 0x4c3fc112
assets/widget/script/doT.js 0xccb66860
assets/widget/script/fastclick.js 0xf208a37f
assets/widget/script/feedback-page.js 0xbe8d010f
assets/widget/script/feedback.js 0x3fcd8273
assets/widget/script/iscroll-lite.js 0x5eab3d5a
assets/widget/script/jquery-3.1.1.min.js 0xb7cfdbc2
assets/widget/script/mui.enterfocus.js 0xb7b74701
assets/widget/script/mui.js 0x65d09b8e
assets/widget/script/mui.locker.js 0xd6811cdf
assets/widget/script/mui.min.js 0xcade610a
assets/widget/script/mui.view.js 0x22279a03
assets/widget/script/swipe22.js 0xae1faec5
assets/widget/script/swiper.min.js 0xfa18def7
assets/widget/script/zepto.js 0xc276671e
assets/widget/config.xml 0x8e26fac7
assets/widget/index(9).html 0x26defff3
assets/widget/index.html 0x34f5521a
AndroidManifest.xml 0x36e08b1c
resources.arsc 0xaf850429
res/drawable-hdpi/uz_copyright.png 0x17b425f2
res/drawable-hdpi/uz_icon.png 0x898bcdf1
res/drawable-hdpi/uz_pull_down_refresh_arrow.png 0xc484ad92
res/drawable-hdpi/uz_splash_bg.png 0xf5e42efc
res/drawable-mdpi/uz_icon.png 0x798905e9
res/drawable-mdpi/uz_splash_bg.png 0xf5e42efc
res/drawable-xhdpi/uz_icon.png 0xecffccff
res/drawable-xhdpi/uz_splash_bg.png 0x6a4ef93f
res/drawable-xxhdpi/uz_icon.png 0xfc028247
res/drawable-xxhdpi/uz_splash_bg.png 0x29ee2e71
classes.dex 0xdc2657d1
assets/background.9.png 0x2b654113
assets/buttonNegt.png 0xbf8691b8
assets/buttonPost.png 0x6231c3b4
assets/button_green.9.png 0xab4b0557
assets/button_red.9.png 0xded221c2
assets/com.tencent.open.config.json 0xb3d4a81a
assets/com.tencent.plus.bar.png 0x5fd36d43
assets/com.tencent.plus.blue_disable.png 0xf0e0db56
assets/com.tencent.plus.blue_down.png 0xb6bdc1b
assets/com.tencent.plus.blue_normal.png 0x18382c6e
assets/com.tencent.plus.gray_disable.png 0x9375206c
assets/com.tencent.plus.gray_down.png 0xcbe30e37
assets/com.tencent.plus.gray_normal.png 0xbf8cba3
assets/com.tencent.plus.ic_error.png 0xed6b2186
assets/com.tencent.plus.ic_success.png 0x20ea665b
assets/com.tencent.plus.logo.png 0x91dff5be
assets/libwbsafeedit 0xb05a63a9
assets/libwbsafeedit_64 0xf8f2144
assets/libwbsafeedit_x86 0xfc7f4f0b
assets/libwbsafeedit_x86_64 0xf630540c
assets/yyb_appdetail_bg_floatingwindow.9.png 0x2e9abd8b
assets/yyb_appdetail_showmore.png 0xcfd41321
assets/yyb_friends.png 0xf969c41e
assets/yyb_icon_back.png 0x58d07682
assets/yyb_qq.png 0xa289050d
assets/yyb_qzone.png 0x20e15be3
assets/yyb_topbar.9.png 0x410133f6
assets/yyb_weixin.png 0x3402b818
lib/armeabi/libsec.so 0x1c8f0f4d
运行截图
VirSCANVirSCAN
VirSCAN