VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Scanner(s) (0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-09-20 12:55:20 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 9
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 6
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
baidusd 1.0 1.0 2017-03-22 Found nothing 7
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23849 0.97.5 2017-09-18 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
fortinet 1.000, 51.764, 51.597, 51.621 5.4.247 2017-09-20 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.14248 25.14248 2017-09-20 Found nothing 22
ikarus 3.02.09 V1.32.31.0 2017-09-19 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-09-19 Found nothing 4
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-09-19 Found nothing 12
mcafee 8620 5400.1158 2017-08-12 Found nothing 60
nod32 6100 3.0.21 2017-09-18 Found nothing 60
panda 9.05.01 9.05.01 2017-09-19 Found nothing 6
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-09-19 Found nothing 10
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 37
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 13
thehacker 6.8.0.5 6.8.0.5 2017-09-16 Found nothing 17
tws 17.47.17308 1.0.2.2108 2017-09-19 Found nothing 34
vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-19 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.VIBRATE 允许设备震动
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.READ_LOGS 读取系统日志
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:4b45944c30e51e191c14faba4526affa
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.o17edd0493815fb78fd5eab9efce7e5ee
最低运行环境:Android 4.0, 4.0.1, 4.0.2
版权:Unknown
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x793cb082, EDX = 0x000000b7
EAX = 0x793cb0ce, EDX = 0x000000b7
EAX = 0x793cb11a, EDX = 0x000000b7
EAX = 0x793cb166, EDX = 0x000000b7
EAX = 0x793cb1b2, EDX = 0x000000b7
EAX = 0x793cb1fe, EDX = 0x000000b7
EAX = 0x793cb24a, EDX = 0x000000b7
EAX = 0x793cb296, EDX = 0x000000b7
EAX = 0x793cb2e2, EDX = 0x000000b7
EAX = 0x793cb32e, EDX = 0x000000b7
行为描述: 获取TickCount值
详情信息: TickCount = 283046, SleepMilliseconds = 60000.
TickCount = 283062, SleepMilliseconds = 60000.
TickCount = 283078, SleepMilliseconds = 60000.
TickCount = 283093, SleepMilliseconds = 60000.
TickCount = 283109, SleepMilliseconds = 60000.
TickCount = 223256, SleepMilliseconds = 100.
TickCount = 223271, SleepMilliseconds = 100.
TickCount = 223287, SleepMilliseconds = 100.
TickCount = 223318, SleepMilliseconds = 100.
TickCount = 223334, SleepMilliseconds = 100.
TickCount = 223350, SleepMilliseconds = 100.
TickCount = 223365, SleepMilliseconds = 100.
TickCount = 223459, SleepMilliseconds = 100.
TickCount = 283359, SleepMilliseconds = 60000.
TickCount = 283375, SleepMilliseconds = 60000.
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x793cb082, EDX = 0x000000b7
EAX = 0x793cb0ce, EDX = 0x000000b7
EAX = 0x793cb11a, EDX = 0x000000b7
EAX = 0x793cb166, EDX = 0x000000b7
EAX = 0x793cb1b2, EDX = 0x000000b7
EAX = 0x793cb1fe, EDX = 0x000000b7
EAX = 0x793cb24a, EDX = 0x000000b7
EAX = 0x793cb296, EDX = 0x000000b7
EAX = 0x793cb2e2, EDX = 0x000000b7
EAX = 0x793cb32e, EDX = 0x000000b7
行为描述: 获取TickCount值
详情信息: TickCount = 283046, SleepMilliseconds = 60000.
TickCount = 283062, SleepMilliseconds = 60000.
TickCount = 283078, SleepMilliseconds = 60000.
TickCount = 283093, SleepMilliseconds = 60000.
TickCount = 283109, SleepMilliseconds = 60000.
TickCount = 223256, SleepMilliseconds = 100.
TickCount = 223271, SleepMilliseconds = 100.
TickCount = 223287, SleepMilliseconds = 100.
TickCount = 223318, SleepMilliseconds = 100.
TickCount = 223334, SleepMilliseconds = 100.
TickCount = 223350, SleepMilliseconds = 100.
TickCount = 223365, SleepMilliseconds = 100.
TickCount = 223459, SleepMilliseconds = 100.
TickCount = 283359, SleepMilliseconds = 60000.
TickCount = 283375, SleepMilliseconds = 60000.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\dp1.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EXMLParser.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\commobj.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shell.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\BmpOperate.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\mp3.run
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\wa[1].html
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\dp1.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\internet.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\eAPI.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EXMLParser.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\commobj.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shell.fne
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\BmpOperate.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\mp3.run
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\urlmon.dll
FileName = C:\WINDOWS\system32\ieframe.dll
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Program Files\Common Files\Adobe\Acrobat
FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
FileName = C:\Program Files\Java
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\wa[1].html
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8FAD.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9CE4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\yuyehk_cn[1]
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8DA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF373F.tmp
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\dp1.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\internet.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\eAPI.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EXMLParser.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\commobj.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shell.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\BmpOperate.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\mp3.run ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://ww****om/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 打开指定IE网页
详情信息: http://yu****cn/
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = yu****cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = yu****cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000000
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
WinHttpConnect: ServerName = pa****om, PORT = 443, UserName = , Password = , hSession = 0x04603100, hConnect = 0x04603200, Flags = 0x00000000
WinHttpConnect: ServerName = pa****om, PORT = 443, UserName = , Password = , hSession = 0x04603100, hConnect = 0x04603300, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0010
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x04603100
行为描述: 建立到一个指定的套接字连接
详情信息: URL: yu****cn, IP: **.133.40.**:80, SOCKET = 0x00000364
URL: yu****cn, IP: **.133.40.**:80, SOCKET = 0x00000450
URL: yu****cn, IP: **.133.40.**:80, SOCKET = 0x00000454
URL: yu****cn, IP: **.133.40.**:80, SOCKET = 0x00000458
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000044c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000564
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000424
URL: yu****cn, IP: **.133.40.**:80, SOCKET = 0x000004f4
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x00000590
URL: pa****om, IP: **.133.40.**:443, SOCKET = 0x00000540
URL: pa****om, IP: **.133.40.**:443, SOCKET = 0x0000053c
URL: yu****cn, IP: **.133.40.**:80, SOCKET = 0x00000530
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x0000059c
URL: pa****om, IP: **.133.40.**:443, SOCKET = 0x00000584
URL: pa****om, IP: **.133.40.**:443, SOCKET = 0x00000588
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
hFile = 0x00cc0018, BytesToRead =102400, BytesRead = 102400.
hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0018, BytesToRead =4095, BytesRead = 4095.
行为描述: 发送HTTP包
详情信息: GET /wa.html HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: yu****cn Connection: Keep-Alive
GET /gx.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: yu****cn Cache-Control: no-cache
GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: ww****om Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: yu****cn Connection: Keep-Alive
GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: yu****cn Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: yu****cn:80/wa.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: yu****cn:80/wa.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: yu****cn:80/gx.txt, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x84000000
HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: ww****om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
HttpOpenRequestA: yu****cn:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=00%2blxcv8ulh/irhc2xobvw%3d%3d&msurs-patented-lock=wtrazygdwv0%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
WinHttpOpenRequest: pa****om:443/login?fid=8347&refer=http://i.mooc.chaoxing.com, hConnect = 0x04603200, hRequest = 0x04650000, Verb: GET, Referer: , Flags = 0x00800080
WinHttpOpenRequest: pa****om:443/num/code?1505887203836, hConnect = 0x04603300, hRequest = 0x04650000, Verb: GET, Referer: , Flags = 0x00800080
HttpOpenRequestA: yu****cn:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=0rycugqtp5jjwk/o0cp%2bpg%3d%3d&msurs-patented-lock=gypho9buvio%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
WinHttpOpenRequest: pa****om:443/num/code?1505887205946, hConnect = 0x04603300, hRequest = 0x04650000, Verb: GET, Referer: , Flags = 0x00800080
WinHttpOpenRequest: pa****om:443/num/code?1505887207961, hConnect = 0x04603300, hRequest = 0x04650000, Verb: GET, Referer: , Flags = 0x00800080
WinHttpOpenRequest: pa****om:443/num/code?1505887209493, hConnect = 0x04603300, hRequest = 0x04650000, Verb: GET, Referer: , Flags = 0x00800080
WinHttpOpenRequest: pa****om:443/num/code?1505887211524, hConnect = 0x04603300, hRequest = 0x04650000, Verb: GET, Referer: , Flags = 0x00800080
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: yu****cn
GetAddrInfoW: ww****om
GetAddrInfoW: ur****om
GetAddrInfoW: pa****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{04D13EC2-9DC9-11E7-91C0-7B****28}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{04E6B3EC-9DC9-11E7-91C0-7B****28}
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Window_Placement
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
其他行为
VirSCANVirSCAN
行为描述: 获取光标位置
详情信息: CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
CursorPos = (27001,24465), SleepMilliseconds = 60000.
CursorPos = (5744,28146), SleepMilliseconds = 60000.
CursorPos = (23320,16828), SleepMilliseconds = 60000.
CursorPos = (10000,492), SleepMilliseconds = 60000.
CursorPos = (3034,11943), SleepMilliseconds = 60000.
CursorPos = (4866,5437), SleepMilliseconds = 60000.
CursorPos = (32430,14605), SleepMilliseconds = 60000.
CursorPos = (3941,154), SleepMilliseconds = 60000.
CursorPos = (331,12383), SleepMilliseconds = 60000.
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\c:!documents and settings!administrator!ietldcache!
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Local\!PrivacIE!SharedMemory!Mutex
CritOpMutex
MSIMGSIZECacheMutex
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IML.IC
EventName = MSCTF.SendReceiveConection.Event.IML.IC
EventName = Isolation Signal Registry Event (04D13EBF-9DC9-11E7-91C0-7B****28, 0)
EventName = Isolation Signal Registry Event (04E6B3E9-9DC9-11E7-91C0-7B****28, 0)
EventName = IE_EarlyTabStart_0xc48
EventName = Isolation Signal Registry Event (04D13EC0-9DC9-11E7-91C0-7B****28, 0)
EventName = IE_EarlyTabStart_0xc40
EventName = Isolation Signal Registry Event (04E6B3EA-9DC9-11E7-91C0-7B****28, 0)
EventName = Local\RSS Eventing Event Event 00000c44
EventName = Local\RSS Eventing Event Event 00000c3c
EventName = Local\IEDDEExecuteEvent
EventName = Local\ca4_29
EventName = IEFrame.EventCheckDefaultBrowser
行为描述: 打开互斥体
详情信息: ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\c:!documents and settings!administrator!ietldcache!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
CtfmonInstMutexDefaultS-*
Local\!BrowserEmulation!SharedMemory!Mutex
Local\RSS Eventing Connection Database Mutex 00000c44
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [,Microsoft Internet Explorer]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [IEFrame,]
行为描述: 窗口信息
详情信息: Pid = 2752, Hwnd=0x10408, Text = 您想运行或保存此文件吗?, ClassName = Static.
Pid = 2752, Hwnd=0x1040c, Text = 名称:, ClassName = Static.
Pid = 2752, Hwnd=0x1040e, Text = update.exe, ClassName = SysLink.
Pid = 2752, Hwnd=0x10410, Text = 发行者:, ClassName = Static.
Pid = 2752, Hwnd=0x10414, Text = 类型:, ClassName = Static.
Pid = 2752, Hwnd=0x10416, Text = 应用程序, 358KB, ClassName = Static.
Pid = 2752, Hwnd=0x10418, Text = 从:, ClassName = Static.
Pid = 2752, Hwnd=0x1041a, Text = yuyehk.cn, ClassName = Static.
Pid = 2752, Hwnd=0x1041c, Text = 运行(&R), ClassName = Button.
Pid = 2752, Hwnd=0x1041e, Text = 保存(&S), ClassName = Button.
Pid = 2752, Hwnd=0x10420, Text = 取消, ClassName = Button.
Pid = 2752, Hwnd=0x10422, Text = 打开此类文件前总是询问(&W), ClassName = Button(CheckBox).
Pid = 2752, Hwnd=0x10428, Text = 来自 Internet 的文件可能对您有所帮助,但此文件类型可能危害您的计算机。如果您不信任其来源,请不要运行或保存该软件。<A>有何风险?</A>, ClassName = SysLink.
Pid = 2752, Hwnd=0x10406, Text = 文件下载 - 安全警告, ClassName = #32770.
Pid = 2752, Hwnd=0x103b2, Text = 下载完毕, ClassName = Static.
行为描述: 获取TickCount值
详情信息: TickCount = 283046, SleepMilliseconds = 60000.
TickCount = 283062, SleepMilliseconds = 60000.
TickCount = 283078, SleepMilliseconds = 60000.
TickCount = 283093, SleepMilliseconds = 60000.
TickCount = 283109, SleepMilliseconds = 60000.
TickCount = 223256, SleepMilliseconds = 100.
TickCount = 223271, SleepMilliseconds = 100.
TickCount = 223287, SleepMilliseconds = 100.
TickCount = 223318, SleepMilliseconds = 100.
TickCount = 223334, SleepMilliseconds = 100.
TickCount = 223350, SleepMilliseconds = 100.
TickCount = 223365, SleepMilliseconds = 100.
TickCount = 223459, SleepMilliseconds = 100.
TickCount = 283359, SleepMilliseconds = 60000.
TickCount = 283375, SleepMilliseconds = 60000.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.2752
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Isolation Signal Registry Event (04D13EBF-9DC9-11E7-91C0-7B****28, 0)
Isolation Signal Registry Event (04E6B3E9-9DC9-11E7-91C0-7B****28, 0)
Isolation Signal Registry Event (04D13EC0-9DC9-11E7-91C0-7B****28, 0)
IE_EarlyTabStart_0xc48
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\dp1.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\internet.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\eAPI.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EXMLParser.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\commobj.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shell.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\BmpOperate.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\mp3.run(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 2000.
[10]: MilliSeconds = 60000.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,_EL_Timer]
[Window,Class] = [,Button]
[Window,Class] = [,Afx:16c0000:b:10011:1900010:0]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [http://www.yixun.com/ - Windows Internet Explorer,IEFrame]
[Window,Class] = [,UniversalSearchBand]
[Window,Class] = [,TravelBand]
[Window,Class] = [,CommandBarClass]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\krnln.fnr ---> b3b09f4a3a6704000c3a0c6acc825e9d
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\spec.fne ---> bd6eef5ea9a52a412a8f57490d8bd8e4
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\iext.fnr ---> 856495a1605bfc7f62086d482b502c6f
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\dp1.fne ---> 07201b1fd5f8925dd49a4556ac3b5bab
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EThread.fne ---> 206396257b97bd275a90ce6c2c0c37fd
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\internet.fne ---> 7b129c5916896c845752f93b9635fc4c
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\eAPI.fne ---> 7c1ff88991f5eafab82b1beaefc33a42
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\HtmlView.fne ---> c38e1e3465b444affe243bbbcfa4eab5
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\EXMLParser.fne ---> 1a4d03ebc83a1fc3150c4bc9fd597b45
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\commobj.fne ---> 2b86ad8cd1903916ae5a3cd7ec2f1b9e
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\shell.fne ---> 98174c8c2995000efbda01e1b86a1d4d
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\BmpOperate.fnr ---> 935460394f18a04cd02331690f74096a
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N60005\mp3.run ---> aa877ef4d7d30b733c275c8d9b5a5588
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x793cb082, EDX = 0x000000b7
EAX = 0x793cb0ce, EDX = 0x000000b7
EAX = 0x793cb11a, EDX = 0x000000b7
EAX = 0x793cb166, EDX = 0x000000b7
EAX = 0x793cb1b2, EDX = 0x000000b7
EAX = 0x793cb1fe, EDX = 0x000000b7
EAX = 0x793cb24a, EDX = 0x000000b7
EAX = 0x793cb296, EDX = 0x000000b7
EAX = 0x793cb2e2, EDX = 0x000000b7
EAX = 0x793cb32e, EDX = 0x000000b7
行为描述: 加载新释放的文件
详情信息: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\krnln.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\iext.fnr.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\HtmlView.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\internet.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\eAPI.fne.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N60005\EThread.fne.
Activities
VirSCANVirSCAN
活动名 类型
com.tongmo.octopus.helper.biz.activity.SplashActivity android.intent.action.MAIN
com.tongmo.octopus.helper.biz.activity.SplashActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
android/app/NotificationManager;->notify 信息通知栏
java/net/URL;->openConnection 连接URL
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.VIBRATE 允许设备震动
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.READ_LOGS 读取系统日志
服务列表
VirSCANVirSCAN
名称
com.tongmo.octopus.helper.biz.service.BackService
com.tongmo.octopus.helper.biz.floating.FloatWindowService
com.tongmo.octopus.api.OctopusService
com.tongmo.octopus.api.OctopusIME
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x5d059870
META-INF/ANDROID_.SF 0xa9eed6c7
META-INF/ANDROID_.RSA 0xab51e319
assets/oct_style/oct_drawable/robot_arrow_down.png 0x60398d1c
assets/oct_style/oct_drawable/robot_checkbox_checked.png 0xfddaff12
assets/oct_style/oct_drawable/robot_checkbox_unchecked.png 0x2295fd61
assets/oct_style/oct_drawable/robot_icon_tick.png 0x4d2a15f6
assets/oct_style/oct_style.xml 0xca75ec4b
assets/app_config 0x0
assets/declare.txt 0x933b9ea5
assets/ninegameclient.apk 0x13ca2b8a
assets/octopus_sdk.apk 0x779bd2f5
assets/octopus_sdk.zip 0x94060244
assets/script.zip 0x6cf8f8d5
res/anim/animation_loading.xml 0x6e8f279f
res/drawable/btn_bg_green_left_selector.xml 0x1a244a83
res/drawable/btn_bg_green_right_selector.xml 0x1292705c
res/drawable/btn_bg_green_selector.xml 0xd0871355
res/drawable/btn_nav_back_selector.xml 0xa0dbae26
res/drawable/btn_nav_settings_selector.xml 0xd1fb3ba0
res/drawable/dark_gray_corner.xml 0xf7ab879e
res/drawable/dark_green_corner.xml 0xbb4865e8
res/drawable/dark_green_left_corner.xml 0xf7f072b1
res/drawable/dark_green_right_bottom_corner.xml 0xbb9c4dcb
res/drawable/dark_green_right_corner.xml 0xa45d57c2
res/drawable/green_bottom_corner.xml 0x7ff39ce6
res/drawable/green_corner.xml 0x63b9ef6e
res/drawable/green_left_bottom_corner.xml 0x1eed6e28
res/drawable/green_left_corner.xml 0x19dca256
res/drawable/green_right_corner.xml 0x4a718725
res/drawable/switch_thumb_selector.xml 0xe3c5bef8
res/drawable/switch_track_selector.xml 0xf807aadf
res/drawable/white_corner.xml 0x2f5a0d18
res/layout/activity_main.xml 0x3fa5f585
res/layout/activity_runtips.xml 0xa7689898
res/layout/activity_settings.xml 0x3302145d
res/layout/custom_switch.xml 0x4af82cdd
res/layout/dialog_app_install.xml 0xcdf0a1b4
res/layout/dialog_declare.xml 0xa2fad08
res/layout/notification.xml 0xe976f620
res/layout/window_floating_control.xml 0x963ecbbc
res/xml/methods.xml 0xce407943
res/xml/settings.xml 0x8fcfca14
AndroidManifest.xml 0x8ee35735
resources.arsc 0x18929882
res/drawable-xhdpi/btn_confirm.png 0x9418067a
res/drawable-xhdpi/btn_goback.png 0xd62d6504
res/drawable-xhdpi/checkbox_checked.png 0x7192a441
res/drawable-xhdpi/checkbox_unchecked.png 0xba42d717
res/drawable-xhdpi/default_splash_image.png 0x33b70d73
res/drawable-xhdpi/delete.png 0x2bf27224
res/drawable-xhdpi/delete_pressed.png 0x64c15a5e
res/drawable-xhdpi/ic_file.png 0x6b69a8fd
res/drawable-xhdpi/ic_find_game.png 0x47b78b81
res/drawable-xhdpi/ic_logo.png 0xcfc54967
res/drawable-xhdpi/ic_quit.png 0xf004a18
res/drawable-xhdpi/icon_9game.png 0xd015f089
res/drawable-xhdpi/line_h.png 0x21abfd59
res/drawable-xhdpi/loading_48.png 0xb0534318
res/drawable-xhdpi/nav_icon_back.png 0xc5d8c256
res/drawable-xhdpi/nav_icon_back_press.png 0x5765b55d
res/drawable-xhdpi/nav_icon_settings.png 0x1b9fc5cc
res/drawable-xhdpi/nav_icon_settings_press.png 0xec64e925
res/drawable-xhdpi/robot_icon_play_press.png 0x2307a4e8
res/drawable-xhdpi/robot_icon_stop_press.png 0xde5862e9
res/drawable-xhdpi/switch_thumb_checked.png 0x15274921
res/drawable-xhdpi/switch_thumb_uncheck.png 0x4161b8e3
res/drawable-xhdpi/switch_track_checked.png 0x9af0a5e9
res/drawable-xhdpi/switch_track_uncheck.png 0xf6472a02
classes.dex 0x38b85ff8
lib/armeabi/libcrashlog.so 0x3a764ac4
运行截图
VirSCANVirSCAN
VirSCAN