VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-12-16 13:25:33 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
avast 161215-0 4.7.4 2016-12-15 Found nothing 60
avg 2109/13090 10.0.1405 2016-12-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 10
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 22721 0.97.5 2016-12-15 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2016-12-09 Found nothing 60
fortinet 41.435, 41.435, 41.435 5.4.233 2016-12-16 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.8610 25.8610 2016-10-12 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2016-12-14 Found nothing 42
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Found nothing 4
mcafee 8254 5400.1158 2016-08-11 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2016-12-15 Found nothing 4
pcc 12.962.07 9.500-1005 2016-12-15 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2016-12-15 Found nothing 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 4
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 6
thehacker 6.8.0.5 6.8.0.5 2016-12-14 Found nothing 2
tws 17.47.17308 1.0.2.2108 2016-12-15 Found nothing 15
vba 3.12.29.3 beta 3.12.29.3 beta 2016-12-15 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_MOCK_LOCATION 获取模拟定位信息
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_GPS
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.CAMERA 访问照相机设备
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
android.permission.VIBRATE 允许设备震动
android.permission.FLASHLIGHT 访问闪光灯
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:a92c4c2ebaf41f15a99f76d8aa54f2a6
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:cn.zhongkai.jupiter
最低运行环境:Android 2.3, 2.3.1, 2.3.2
版权:
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0xf60102bb.
行为描述: 获取TickCount值
详情信息: TickCount = 5496484, SleepMilliseconds = 60000.
TickCount = 5496500, SleepMilliseconds = 60000.
TickCount = 5496515, SleepMilliseconds = 60000.
TickCount = 5496531, SleepMilliseconds = 60000.
TickCount = 5496562, SleepMilliseconds = 60000.
TickCount = 5496593, SleepMilliseconds = 60000.
TickCount = 5436771, SleepMilliseconds = 100.
TickCount = 5436818, SleepMilliseconds = 100.
TickCount = 5436896, SleepMilliseconds = 100.
TickCount = 5496859, SleepMilliseconds = 60000.
TickCount = 5496906, SleepMilliseconds = 60000.
TickCount = 5496968, SleepMilliseconds = 60000.
TickCount = 5497062, SleepMilliseconds = 60000.
TickCount = 5497078, SleepMilliseconds = 60000.
TickCount = 5497265, SleepMilliseconds = 60000.
行为描述: 在桌面创建文件
详情信息: C:\Documents and Settings\Administrator\桌面\无赦★单职业[激情荡漾].lnk
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0xf60102bb.
行为描述: 获取TickCount值
详情信息: TickCount = 5496484, SleepMilliseconds = 60000.
TickCount = 5496500, SleepMilliseconds = 60000.
TickCount = 5496515, SleepMilliseconds = 60000.
TickCount = 5496531, SleepMilliseconds = 60000.
TickCount = 5496562, SleepMilliseconds = 60000.
TickCount = 5496593, SleepMilliseconds = 60000.
TickCount = 5436771, SleepMilliseconds = 100.
TickCount = 5436818, SleepMilliseconds = 100.
TickCount = 5436896, SleepMilliseconds = 100.
TickCount = 5496859, SleepMilliseconds = 60000.
TickCount = 5496906, SleepMilliseconds = 60000.
TickCount = 5496968, SleepMilliseconds = 60000.
TickCount = 5497062, SleepMilliseconds = 60000.
TickCount = 5497078, SleepMilliseconds = 60000.
TickCount = 5497265, SleepMilliseconds = 60000.
行为描述: 在桌面创建文件
详情信息: C:\Documents and Settings\Administrator\桌面\无赦★单职业[激情荡漾].lnk
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\tongji[1].html
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\%temp%\MirGomConfig.ini
C:\Documents and Settings\Administrator\Local Settings\%temp%\Zlib.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\GameOfMir.Skin
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\bg
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\Config.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gbyx1
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gbyx2
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\Zlib.dll
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\urlmon.dll
FileName = C:\WINDOWS\system32\ieframe.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\222234347\\*.*
FileName = C:\Documents and Settings\Administrator\桌面\无赦★单职业[激情荡漾].lnk
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\tongji[1].html
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\bg
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\Config.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gbyx1
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gbyx2
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gbyx3
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gfwz1
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gfwz2
行为描述: 在桌面创建文件
详情信息: C:\Documents and Settings\Administrator\桌面\无赦★单职业[激情荡漾].lnk
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\navcancl[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\MirGomConfig.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\Zlib.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\GameOfMir.Skin ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\bg ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\bg ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\bg ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\Config.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\222234347\gbyx1 ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = **.0.0.**, PORT = 99, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0010
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000360
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000458
URL: , IP: **.0.0.**:99, SOCKET = 0x000004d4
URL: , IP: **.0.0.**:99, SOCKET = 0x000004d8
URL: , IP: **.0.0.**:99, SOCKET = 0x000004e4
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
hFile = 0x00cc0018, BytesToRead =102400, BytesRead = 102400.
行为描述: 发送HTTP包
详情信息: GET /tongji.html HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
GET /123.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: **.0.0.**:99 Cache-Control: no-cache
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: ww****om:80/tongji.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: ww****om:80/tongji.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: **.0.0.**:99/123.txt, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x84000000
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: ww****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\MirGomSoft\mutex\dba0523307a3746b8c63217f8d2448f6
\REGISTRY\USER\S-*\Software\MirGomSoft\ClinetPath
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
VirSCANVirSCAN
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 创建互斥体
详情信息: RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
CritOpMutex
Local\!PrivacIE!SharedMemory!Mutex
无赦★单职业[激情荡漾]
MSCTF.Shared.MUTEX.ELH
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述: 窗口信息
详情信息: Pid = 896, Hwnd=0x30410, Text = 您想运行或保存此文件吗?, ClassName = Static.
Pid = 896, Hwnd=0x30414, Text = 名称:, ClassName = Static.
Pid = 896, Hwnd=0x30416, Text = update.exe, ClassName = SysLink.
Pid = 896, Hwnd=0x30418, Text = 发行者:, ClassName = Static.
Pid = 896, Hwnd=0x3041e, Text = 类型:, ClassName = Static.
Pid = 896, Hwnd=0x30420, Text = 应用程序, 358KB, ClassName = Static.
Pid = 896, Hwnd=0x30422, Text = 从:, ClassName = Static.
Pid = 896, Hwnd=0x30424, Text = www.mirgom.com, ClassName = Static.
Pid = 896, Hwnd=0x30426, Text = 运行(&R), ClassName = Button.
Pid = 896, Hwnd=0x30428, Text = 保存(&S), ClassName = Button.
Pid = 896, Hwnd=0x3042c, Text = 取消, ClassName = Button.
Pid = 896, Hwnd=0x3042e, Text = 打开此类文件前总是询问(&W), ClassName = Button(CheckBox).
Pid = 896, Hwnd=0x3045c, Text = 来自 Internet 的文件可能对您有所帮助,但此文件类型可能危害您的计算机。如果您不信任其来源,请不要运行或保存该软件。<A>有何风险?</A>, ClassName = SysLink.
Pid = 896, Hwnd=0x3040e, Text = 文件下载 - 安全警告, ClassName = #32770.
Pid = 896, Hwnd=0x703b6, Text = 下载完毕, ClassName = Static.
行为描述: 获取TickCount值
详情信息: TickCount = 5496484, SleepMilliseconds = 60000.
TickCount = 5496500, SleepMilliseconds = 60000.
TickCount = 5496515, SleepMilliseconds = 60000.
TickCount = 5496531, SleepMilliseconds = 60000.
TickCount = 5496562, SleepMilliseconds = 60000.
TickCount = 5496593, SleepMilliseconds = 60000.
TickCount = 5436771, SleepMilliseconds = 100.
TickCount = 5436818, SleepMilliseconds = 100.
TickCount = 5436896, SleepMilliseconds = 100.
TickCount = 5496859, SleepMilliseconds = 60000.
TickCount = 5496906, SleepMilliseconds = 60000.
TickCount = 5496968, SleepMilliseconds = 60000.
TickCount = 5497062, SleepMilliseconds = 60000.
TickCount = 5497078, SleepMilliseconds = 60000.
TickCount = 5497265, SleepMilliseconds = 60000.
行为描述: 获取光标位置
详情信息: CursorPos = (96,18500), SleepMilliseconds = 60000.
CursorPos = (6389,26533), SleepMilliseconds = 60000.
CursorPos = (19224,15757), SleepMilliseconds = 60000.
CursorPos = (11533,29391), SleepMilliseconds = 60000.
CursorPos = (27017,24497), SleepMilliseconds = 60000.
CursorPos = (5760,28178), SleepMilliseconds = 60000.
CursorPos = (23336,16860), SleepMilliseconds = 60000.
CursorPos = (10016,524), SleepMilliseconds = 60000.
CursorPos = (3050,11975), SleepMilliseconds = 60000.
CursorPos = (4882,5469), SleepMilliseconds = 60000.
CursorPos = (32446,14637), SleepMilliseconds = 60000.
CursorPos = (3957,186), SleepMilliseconds = 60000.
CursorPos = (347,12415), SleepMilliseconds = 60000.
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.896
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0xf60102bb.
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\Zlib.dll(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 60000.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [,_EL_ClientSock]
[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,Afx:400000:b:10011:1900010:0]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [正在获取远程列表...,ComboBox]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\Zlib.dll ---> 4efaa53c545f4ffb1ee0ed1709c15ea7
行为描述: 打开互斥体
详情信息: RasPbFile
ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
CtfmonInstMutexDefaultS-*
Activities
VirSCANVirSCAN
活动名 类型
.MainActivity2 android.intent.action.MAIN
.MainActivity2 android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
ContentResolver;->query 读取联系人、短信等数据库
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
getRuntime 获取命令行环境
java/net/URL;->openConnection 连接URL
HttpClient;->execute 请求远程服务器
java/net/HttpURLConnection;->connect 连接URL
LocationManager;->getLastKnownLocation 获取地址位置
Camera;->open 开启相机
广告信息
VirSCANVirSCAN
名称 信息
com.baidu 百度
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_MOCK_LOCATION 获取模拟定位信息
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_GPS
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.CAMERA 访问照相机设备
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
android.permission.VIBRATE 允许设备震动
android.permission.FLASHLIGHT 访问闪光灯
服务列表
VirSCANVirSCAN
名称
com.baidu.location.f
文件列表
VirSCANVirSCAN
文件名 校验码
assets/faq/faq.html 0xf57958c9
assets/faq/wapa.css 0xee565807
assets/faq/wapb.css 0xb5a9c682
assets/marker1.png 0xdeb569d1
assets/marker2.png 0x98b31e17
assets/marker3.png 0x2a305593
res/anim/pop_exit.xml 0x6e5547fe
res/anim/pop_show.xml 0x9307c7
res/color/date_picker_selector.xml 0x12a4fed9
res/color/date_picker_year_selector.xml 0x544d589b
res/color/done_text_color.xml 0x97524dc8
res/drawable/progress_holo_light.xml 0x9d136c62
res/drawable/public_checkbox.xml 0xcdf6418e
res/drawable/public_imagebutton_selector.xml 0x30569029
res/drawable/public_item_selector.xml 0x55d05118
res/drawable/release_action_frequency_select.xml 0x2b5e3e1f
res/drawable/signuprecord_checkbox.xml 0xa15a5623
res/layout/activity_changepass.xml 0x77783789
res/layout/activity_excellent.xml 0x200ad3e8
res/layout/activity_excellent_message.xml 0x60b5870f
res/layout/activity_faq.xml 0x217ee596
res/layout/activity_geometry.xml 0x299e5cec
res/layout/activity_login.xml 0xfedc24db
res/layout/activity_main2.xml 0x59224288
res/layout/activity_mapcontrol.xml 0x16a0460
res/layout/activity_mapproject.xml 0xb929f7e5
res/layout/activity_mapselect.xml 0x869528f1
res/layout/activity_message.xml 0xddcfa27a
res/layout/activity_myactionactivity.xml 0x591b0a2b
res/layout/activity_networkimageview.xml 0xa1392582
res/layout/activity_personal.xml 0x3a45c3d0
res/layout/activity_privacy.xml 0x31d7507
res/layout/activity_qrcodescan.xml 0x60ce961c
res/layout/activity_qrcodeshow.xml 0x484cf660
res/layout/activity_register.xml 0xa19ed37a
res/layout/activity_register_verify.xml 0x441841aa
res/layout/activity_release_action.xml 0xc432e72
res/layout/activity_signinoff_record.xml 0xcaaf31ef
res/layout/activity_signrecord.xml 0xd86c0c50
res/layout/bottom_bar.xml 0x85021240
res/layout/date_picker_dialog.xml 0x3f88f1e3
res/layout/date_picker_done_button.xml 0xeeea9e9c
res/layout/date_picker_header_view.xml 0xea258e3
res/layout/date_picker_selected_date.xml 0xcd8d1d59
res/layout/date_picker_view_animator.xml 0x63c5d71a
res/layout/download_notification_layout.xml 0x3e8d0891
res/layout/index_bottom_bar_discovery.xml 0x18178f10
res/layout/index_bottom_bar_index.xml 0xae75d668
res/layout/index_bottom_bar_mine.xml 0x80f2743a
res/layout/index_bottom_bar_setttings.xml 0x4d53cba1
res/layout/listitem_excellent.xml 0x9cbd61a5
res/layout/listitem_main_tab_01.xml 0xf65f2808
res/layout/listitem_myaction.xml 0x62bff511
res/layout/listitem_mydialog2_multiselect.xml 0xf26e3af6
res/layout/listitem_mydialog_content.xml 0x44823f7
res/layout/listitem_public_imageitem.xml 0xb6b6ba70
res/layout/listitem_public_lastitem.xml 0xf607ecfb
res/layout/listitem_signinoff_record.xml 0x72b362fd
res/layout/listitem_signrecord.xml 0x536c1097
res/layout/main.xml 0x2a6e75fb
res/layout/main_tab_01.xml 0xb1762035
res/layout/main_tab_02.xml 0x7b5cc995
res/layout/main_tab_03.xml 0xcf28521e
res/layout/main_tab_04.xml 0xc128dc50
res/layout/mydialog.xml 0xd218ba3a
res/layout/mydialog2.xml 0x850fcbe8
res/layout/mydialog3.xml 0xcb4cdfa0
res/layout/release_action_line.xml 0x5dc24d55
res/layout/time_header_label.xml 0x25baa0ad
res/layout/time_picker_dialog.xml 0x423512de
res/layout/title_bar_0.xml 0x400cae6
res/layout/title_bar_1.xml 0x4719897e
res/layout/title_bar_2.xml 0x9d8e9945
res/layout/title_bar_3.xml 0x9383be82
res/layout/title_bar_4.xml 0x716d04af
res/layout/title_bar_5.xml 0x7632ec53
res/layout/title_bar_6.xml 0x53df7d96
res/layout/update.xml 0x33175222
res/layout/year_label_text_view.xml 0x6e48264b
res/raw/beep.ogg 0xc2805e07
AndroidManifest.xml 0xcb4842ff
resources.arsc 0x759ef928
res/drawable-hdpi/bottom_bar_1234.9.png 0xb07ac3f8
res/drawable-hdpi/detail_icon_schedule_ball.png 0x8170ad7e
res/drawable-hdpi/discovery_map.png 0x74023ec7
res/drawable-hdpi/discovery_show.png 0x2bf6bc7d
res/drawable-hdpi/excellent_photo.jpg 0x5dad0cc4
res/drawable-hdpi/ic_action_search.png 0x64275be8
res/drawable-hdpi/ic_launcher.png 0x684a15ce
res/drawable-hdpi/icon.png 0xe39193be
res/drawable-hdpi/index_bottom_discovery.png 0x4a57f134
res/drawable-hdpi/index_bottom_discovery_pressed.png 0x34d03c35
res/drawable-hdpi/index_bottom_index.png 0xfc1db0c
res/drawable-hdpi/index_bottom_index_pressed.png 0x84be74f4
res/drawable-hdpi/index_bottom_mine.png 0xe9c53e72
res/drawable-hdpi/index_bottom_mine_pressed.png 0x66d8854a
res/drawable-hdpi/index_bottom_settings.png 0xa1969685
res/drawable-hdpi/index_bottom_settings_pressed.png 0xb073e1a9
res/drawable-hdpi/index_main_search.png 0x1a9769e
res/drawable-hdpi/index_search_bg.png 0xc13db838
res/drawable-hdpi/index_title_add.png 0x46045c98
res/drawable-hdpi/index_title_charity_card.png 0xde145a2e
res/drawable-hdpi/login_introduce_background.png 0x1ac742a5
res/drawable-hdpi/main_tab_03_more_btn.png 0xd1b03a92
res/drawable-hdpi/message_address.png 0xc9d88d5b
res/drawable-hdpi/message_applicant.png 0xb6a0e8af
res/drawable-hdpi/message_record.png 0x5b7775a9
res/drawable-hdpi/message_tel.png 0x6a5b82f4
res/drawable-hdpi/newlogin_bg.png 0x24c9011a
res/drawable-hdpi/person_upload.png 0xf4b74309
res/drawable-hdpi/person_upload_fail.png 0x382923fe
res/drawable-hdpi/person_uploading.png 0xf68f6964
res/drawable-hdpi/personal_edit.png 0x4e5b49c5
res/drawable-hdpi/public_checkbox_check.png 0x7fbeb259
res/drawable-hdpi/public_checkbox_uncheck.png 0xdd93b1d4
res/drawable-hdpi/public_drop_down_btn.png 0x1e27c043
res/drawable-hdpi/public_input_required.png 0x8b8495be
res/drawable-hdpi/public_title_back_btn.png 0xcdfa7c44
res/drawable-hdpi/qrcode.png 0x48f5ef23
res/drawable-hdpi/release_action_btn.png 0xbb480182
res/drawable-hdpi/release_action_continue.png 0x95fb67b1
res/drawable-hdpi/release_action_one_time.png 0xfd8fd594
res/drawable-hdpi/release_action_pick_address_btn.png 0xc9d88d5b
res/drawable-hdpi/setting_help.png 0x41e1ca35
res/drawable-hdpi/setting_info.png 0x321f7d07
res/drawable-hdpi/setting_password.png 0x69e308a
res/drawable-hdpi/setting_version.png 0xe12f72e2
res/drawable-hdpi/sign_cancel_button.png 0xa466b857
res/drawable-hdpi/sign_in_button.png 0x33e71825
res/drawable-hdpi/sign_out_button.png 0x4d7caeca
res/drawable-hdpi/signrecord_authorize_n.png 0x9c25bf4e
res/drawable-hdpi/signrecord_authorize_p.png 0x6d290922
res/drawable-hdpi/signrecord_man.png 0x5c3e28df
res/drawable-hdpi/signrecord_woman.png 0xfacee319
res/drawable-hdpi/tab_address_normal.png 0x20eaf44f
res/drawable-hdpi/tab_address_pressed.png 0x79a9280c
res/drawable-hdpi/tab_bg2.png 0x8c52568b
res/drawable-hdpi/tab_find_frd_normal.png 0x5499b856
res/drawable-hdpi/tab_find_frd_pressed.png 0x34dd73a1
res/drawable-hdpi/tab_settings_normal.png 0xfc973b08
res/drawable-hdpi/tab_settings_pressed.png 0xc46d4861
res/drawable-hdpi/tab_weixin_normal.png 0xf67ac940
res/drawable-hdpi/tab_weixin_pressed.png 0xec8dd062
res/drawable-hdpi/title_bar.9.png 0xbdadc4fd
res/drawable-hdpi/ucbackground.jpg 0x85706a60
res/drawable-hdpi/volumn_bg.9.png 0x2bf72b75
res/drawable-hdpi/volumn_front.9.png 0x6e3aea97
res/drawable-hdpi/volumn_primary.9.png 0x5a06f6a7
res/drawable-ldpi/ic_launcher.png 0xca927822
res/drawable-mdpi/ic_action_search.png 0xb4091fdc
res/drawable-mdpi/ic_launcher.png 0x4af1713b
res/drawable-xhdpi/common_bg_bottom.png 0xa3111ff2
res/drawable-xhdpi/ic_action_search.png 0x3294aee3
res/drawable-xhdpi/ic_launcher.png 0x979dd5a5
res/drawable-xhdpi/public_button.xml 0xfcecee82
res/drawable-xhdpi/public_button_e.png 0xa3ae10cf
res/drawable-xhdpi/public_button_n.png 0x5ec421b0
res/drawable-xhdpi/public_button_p.png 0xe9d35076
res/layout-land/date_picker_dialog.xml 0xd9d4a090
res/layout-land/time_picker_dialog.xml 0x34f28003
res/layout-w270dp-h560dp/date_picker_dialog.xml 0x4838532b
res/layout-sw600dp/date_picker_dialog.xml 0x4838532b
res/layout-sw600dp-land/date_picker_dialog.xml 0xd9d4a090
classes.dex 0xc7b818c4
assets/CMRequire.dat 0x83035f9d
assets/Icon_bus_station.png 0x84ccde13
assets/Icon_end.png 0xa007a87d
assets/Icon_line_node.png 0x6503be71
assets/Icon_mark1.png 0x7e46dd9d
assets/Icon_mark10.png 0x67409be5
assets/Icon_mark2.png 0x4cce7c46
assets/Icon_mark3.png 0x6589f797
assets/Icon_mark4.png 0xdf346bc3
assets/Icon_mark5.png 0x35c5c139
assets/Icon_mark6.png 0xcb5b42cf
assets/Icon_mark7.png 0xee6aa423
assets/Icon_mark8.png 0x9833a43b
assets/Icon_mark9.png 0x73cc757f
assets/Icon_start.png 0x4166ff90
assets/Icon_subway_station.png 0x3c460c1b
assets/Icon_walk_route.png 0xaf233846
assets/VerDatset.dat 0xe5a60edf
assets/cfg/a/ResPack.cfg 0xb87098dd
assets/cfg/a/mapstyle.sty 0x7b25c2ef
assets/cfg/a/satellitestyle.sty 0xea314336
assets/cfg/a/trafficstyle.sty 0xdac5f9ad
assets/cfg/h/DVDirectory.cfg 0xa57b0f21
assets/cfg/h/DVHotMap.cfg 0x2aad1b46
assets/cfg/h/DVHotcity.cfg 0x5ccac71b
assets/cfg/h/DVVersion.cfg 0x6d57bd5e
assets/cfg/l/DVDirectory.cfg 0x6de8b254
assets/cfg/l/DVHotMap.cfg 0x9bebb17c
assets/cfg/l/DVHotcity.cfg 0x74f8de31
assets/cfg/l/DVVersion.cfg 0x6d57bd5e
assets/icon_scale.9.png 0x41b95abd
assets/logo_h.png 0xcfe13e69
assets/logo_l.png 0xd9bd90a4
assets/place/arrow.png 0x4e2f81f5
assets/place/iconphone.png 0xbf359880
assets/place/star_gray.png 0xcd11573a
assets/place/star_light.png 0xde8f4927
assets/sapi_cert.cer 0x530a23fc
lib/armeabi/libBaiduMapSDK_v3_2_0_15.so 0x3e4e856
lib/armeabi/liblocSDK3.so 0xbbfb08a6
META-INF/MANIFEST.MF 0xae7518d4
META-INF/CERT.SF 0xd488856d
META-INF/CERT.RSA 0xcec1bccb
运行截图
VirSCANVirSCAN
VirSCAN