VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-12-22 11:25:40 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 161221-0 4.7.4 2016-12-21 Found nothing 60
avg 2109/13100 10.0.1405 2016-12-16 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 22739 0.97.5 2016-12-19 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2016-12-09 Found nothing 60
fortinet 41.578, 41.578, 41.578 5.4.233 2016-12-22 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.9667 25.9667 2016-12-22 Found nothing 10
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2016-12-19 Found nothing 41
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Found nothing 27
mcafee 8254 5400.1158 2016-08-11 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2016-12-21 Found nothing 4
pcc 13.108.07 9.500-1005 2016-12-21 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2016-12-21 Found nothing 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2016-12-19 Found nothing 2
tws 17.47.17308 1.0.2.2108 2016-12-21 Found nothing 14
vba 3.12.29.3 beta 3.12.29.3 beta 2016-12-15 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:26c5b899dc5f1bdfa0183f5eb9cdd6eb
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:net.dingd.vpn
最低运行环境:Android 4.0, 4.0.1, 4.0.2
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe, WriteAddress = 0x00050000, Size = 0x00000020
TargetProcess = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe, WriteAddress = 0x00050020, Size = 0x00000034
TargetProcess = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe, WriteAddress = 0x7ffdc238, Size = 0x00000004
TargetProcess = C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe, WriteAddress = 0x00170000, Size = 0x00000020
TargetProcess = C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe, WriteAddress = 0x00170020, Size = 0x00000034
TargetProcess = C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe, WriteAddress = 0x7ffde238, Size = 0x00000004
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050000, Size = 0x00000020
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050020, Size = 0x00000034
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffdb238, Size = 0x00000004
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffd4238, Size = 0x00000004
行为描述: 查找杀软驱动文件
详情信息: FileName = \\?\C:\Windows\System32\360Safe.exe (360安全卫士)
FileName = C:\Windows\System32\360Safe.exe (360安全卫士)
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\system32\drivers\LcScience.sys
\??\C:\Windows\system32\drivers\WaNdFilter.sys
行为描述: 获取TickCount值
详情信息: TickCount = 825062, SleepMilliseconds = 60000.
TickCount = 825078, SleepMilliseconds = 60000.
TickCount = 825093, SleepMilliseconds = 60000.
TickCount = 825109, SleepMilliseconds = 60000.
TickCount = 825125, SleepMilliseconds = 60000.
TickCount = 825140, SleepMilliseconds = 60000.
TickCount = 825156, SleepMilliseconds = 60000.
TickCount = 825171, SleepMilliseconds = 60000.
TickCount = 825187, SleepMilliseconds = 60000.
TickCount = 825203, SleepMilliseconds = 60000.
TickCount = 825218, SleepMilliseconds = 60000.
TickCount = 825281, SleepMilliseconds = 60000.
TickCount = 825296, SleepMilliseconds = 60000.
TickCount = 769010, SleepMilliseconds = 10.
TickCount = 769025, SleepMilliseconds = 10.
行为描述: 自删除
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0x41010a3b.
Foreground window Info: HWND = 0x00000000, DC = 0xfc0108c5.
Foreground window Info: HWND = 0x00000000, DC = 0xc301028f.
Foreground window Info: HWND = 0x00000000, DC = 0xfe010a48.
Foreground window Info: HWND = 0x00000000, DC = 0x8b010a17.
Foreground window Info: HWND = 0x00000000, DC = 0xa2010a5c.
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 创建系统服务
详情信息: [服务创建成功]: LcScience, C:\Windows\system32\drivers\LcScience.sys
[服务创建成功]: WaNdFilter, C:\Windows\system32\drivers\WaNdFilter.sys
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe, WriteAddress = 0x00050000, Size = 0x00000020
TargetProcess = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe, WriteAddress = 0x00050020, Size = 0x00000034
TargetProcess = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe, WriteAddress = 0x7ffdc238, Size = 0x00000004
TargetProcess = C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe, WriteAddress = 0x00170000, Size = 0x00000020
TargetProcess = C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe, WriteAddress = 0x00170020, Size = 0x00000034
TargetProcess = C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe, WriteAddress = 0x7ffde238, Size = 0x00000004
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050000, Size = 0x00000020
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00050020, Size = 0x00000034
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffdb238, Size = 0x00000004
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffd4238, Size = 0x00000004
行为描述: 查找杀软驱动文件
详情信息: FileName = \\?\C:\Windows\System32\360Safe.exe (360安全卫士)
FileName = C:\Windows\System32\360Safe.exe (360安全卫士)
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\system32\drivers\LcScience.sys
\??\C:\Windows\system32\drivers\WaNdFilter.sys
行为描述: 获取TickCount值
详情信息: TickCount = 825062, SleepMilliseconds = 60000.
TickCount = 825078, SleepMilliseconds = 60000.
TickCount = 825093, SleepMilliseconds = 60000.
TickCount = 825109, SleepMilliseconds = 60000.
TickCount = 825125, SleepMilliseconds = 60000.
TickCount = 825140, SleepMilliseconds = 60000.
TickCount = 825156, SleepMilliseconds = 60000.
TickCount = 825171, SleepMilliseconds = 60000.
TickCount = 825187, SleepMilliseconds = 60000.
TickCount = 825203, SleepMilliseconds = 60000.
TickCount = 825218, SleepMilliseconds = 60000.
TickCount = 825281, SleepMilliseconds = 60000.
TickCount = 825296, SleepMilliseconds = 60000.
TickCount = 769010, SleepMilliseconds = 10.
TickCount = 769025, SleepMilliseconds = 10.
行为描述: 自删除
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0x41010a3b.
Foreground window Info: HWND = 0x00000000, DC = 0xfc0108c5.
Foreground window Info: HWND = 0x00000000, DC = 0xc301028f.
Foreground window Info: HWND = 0x00000000, DC = 0xfe010a48.
Foreground window Info: HWND = 0x00000000, DC = 0x8b010a17.
Foreground window Info: HWND = 0x00000000, DC = 0xa2010a5c.
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 创建系统服务
详情信息: [服务创建成功]: LcScience, C:\Windows\system32\drivers\LcScience.sys
[服务创建成功]: WaNdFilter, C:\Windows\system32\drivers\WaNdFilter.sys
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_2f8e854c-b3b2-42a4-9df2-1e8ea361c12c
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite-journal
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\dtmp.zd
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\dtmp.z
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\npJuziPlugin.dll
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe
C:\Users\Administrator\AppData\LocalLow\JuziPlugin\1.0.0.1020\npjuziplugin.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\Encrypt.7z
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\Decrypt.7z
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\HSoftDoloEx.exe
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime64.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience.sys
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience64.sys
行为描述: 查找杀软驱动文件
详情信息: FileName = \\?\C:\Windows\System32\360Safe.exe (360安全卫士)
FileName = C:\Windows\System32\360Safe.exe (360安全卫士)
行为描述: 创建可执行文件
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\npJuziPlugin.dll
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe
C:\Users\Administrator\AppData\LocalLow\JuziPlugin\1.0.0.1020\npjuziplugin.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\HSoftDoloEx.exe
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime64.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience.sys
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience64.sys
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter.sys
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter64.sys
C:\Windows\System32\drivers\LcScience.sys
C:\Windows\System32\drivers\WaNdFilter.sys
C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe
C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\bime.dll
C:\Users\Administrator\AppData\Roaming\Temp\-1586472857.tmp
行为描述: 复制文件
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\npJuziPlugin.dll ---> C:\Users\Administrator\AppData\LocalLow\JuziPlugin\1.0.0.1020\npjuziplugin.dll
C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\LcScience.sys ---> C:\Windows\system32\drivers\LcScience.sys
C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\WaNdFilter.sys ---> C:\Windows\system32\drivers\WaNdFilter.sys
C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\HSoftDoloEx.exe ---> C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe
C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\bime.dll ---> C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\bime.dll
C:\Users\Administrator\AppData\Roaming\Temp\-1552109052.tmp ---> C:\Users\Administrator\AppData\Roaming\Temp\-1552109052.tmp.png
行为描述: 删除文件
详情信息: C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite-journal
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\dtmp.zd
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\dtmp.z
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime64.dll
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\Decrypt.7z
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\Encrypt.7z
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\HSoftDoloEx.exe
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience.sys
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience64.sys
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter.sys
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter64.sys
C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\countly.sqlite-journal
C:\Users\Administrator\AppData\Roaming\Temp\-1586472857.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1573998435.tmp
行为描述: 查找文件
详情信息: FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\*
FileName = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\\*.*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Roaming
FileName = C:\Users\Administrator\AppData\Roaming\Temp
FileName = C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\*.sys
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\*.exe
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\*.dll
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\nvMultitasking\*.dat
FileName = C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\*.*
FileName = \\?\C:\Users
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 修改文件内容
详情信息: C:\Users\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-*\a18ca4003deb042bbee7a40f15e1970b_2f8e854c-b3b2-42a4-9df2-1e8ea361c12c ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite-journal ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite ---> Offset = 1024
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite-journal ---> Offset = 512
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite-journal ---> Offset = 516
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite-journal ---> Offset = 1540
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite ---> Offset = 2048
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\dtmp.zd ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\dtmp.z ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\dtmp.z ---> Offset = 1376256
C:\Users\Administrator\AppData\Local\%temp%\countly.sqlite-journal ---> Offset = 1544
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\npJuziPlugin.dll ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe ---> Offset = 0
C:\Users\Administrator\AppData\LocalLow\JuziPlugin\1.0.0.1020\npjuziplugin.dll ---> Offset = 0
行为描述: 自删除
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe
网络行为
VirSCANVirSCAN
行为描述: 下载文件
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\-1586472857.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1573998435.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1563010257.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1552109052.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1552109052.tmp.png
C:\Users\Administrator\AppData\Roaming\Temp\-1564080773.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1586158488.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1604560792.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1579222034.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1603438482.tmp
C:\Users\Administrator\AppData\Local\Temp\dhC648.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1493922372.tmp
C:\Users\Administrator\AppData\Roaming\Temp\-1530162921.tmp
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = se****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = up****et, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = so****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000000
InternetConnectA: ServerName = or****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = up****et, PORT = 80, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000000
InternetConnectA: ServerName = lo****et, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = to****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), hSession = 0x00cc0010
行为描述: 建立到一个指定的套接字连接
详情信息: URL: se****om, IP: **.133.40.**:80, SOCKET = 0x00000320
URL: se****om, IP: **.133.40.**:80, SOCKET = 0x0000031c
URL: up****et, IP: **.133.40.**:80, SOCKET = 0x000003b0
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x000003c8
URL: or****om, IP: **.133.40.**:80, SOCKET = 0x000003cc
URL: se****om, IP: **.133.40.**:80, SOCKET = 0x0000012c
URL: up****et, IP: **.133.40.**:80, SOCKET = 0x0000012c
URL: lo****et, IP: **.133.40.**:80, SOCKET = 0x0000012c
URL: to****om, IP: **.133.40.**:80, SOCKET = 0x00000308
URL: se****om, IP: **.133.40.**:80, SOCKET = 0x0000038c
URL: se****om, IP: **.133.40.**:80, SOCKET = 0x000001e4
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =32768, BytesRead = 32768.
hFile = 0x00cc0018, BytesToRead =32768, BytesRead = 32768.
行为描述: 发送HTTP包
详情信息: GET /i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&sdk_version=16.02&begin_session=1&metrics=%7b%0a%22_os%22%3a%22Windows%207%22%2c%0a%22_device%22%3a%22PC%22%2c%0a%22_resolution%22%3a%221920x973%22%2c%0a%22_carrier%22%3a%22Free%22%2c%0a%22_app_version%22%3a%221.0.0.8%22%0a%7d HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: se****om Connection: Close
GET /i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&session_duration=300000 HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: se****om Connection: Close
GET /ntflp.php HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: up****et Connection: Close
GET /uploads/preview/soft/f4/30906/26b75e7f03a3c4b1af22b8bac7519b40.png HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: so****om Connection: Close
GET /common/cmsone?cms=soft_dl&keys=class_soft_task HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: or****om Connection: Close
GET /i?app_key=b6b8c04109716276048a7ab0c2908f7becedf903&device_id=00004a4f00004f0800006d43000022cf00005126&sdk_version=16.02&begin_session=1&metrics=%7b%0a%22_os%22%3a%22Windows%207%22%2c%0a%22_device%22%3a%22PC%22%2c%0a%22_resolution%22%3a%221920x973%22%2c%0a%22_carrier%22%3a%22Free%22%2c%0a%22_app_version%22%3a%223.2.0.1%22%0a%7d HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: se****om Connection: Close
GET /update.php?genre=tsKdx&type=tsKdx_updateCheck&ver=3.2.0.1&cid=&umid=A2FB81A58527C329A5CA83ABD10353DF&os=3&safe=0&ie=8&flash=11.1&ck=254AA6EEB697480F6E1E8E87252C55D5 HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: up****et Connection: Close
GET /i?app_key=b6b8c04109716276048a7ab0c2908f7becedf903&device_id=00004a4f00004f0800006d43000022cf00005126&session_duration=300000 HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: se****om Connection: Close
GET /log.php?type=tsKdx_updateEnd&ver=3.2.0.1&cid=&umid=A2FB81A58527C329A5CA83ABD10353DF&i=6&ir=0&iec=503&os=3&safe=0&ie=8&flash=11.1&ck=10EF64749FA3085607FD1730E113AEC1 HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lo****et Connection: Close
GET /images/track.gif?pn=jz&tn=&os=3&uuid=C_0-D_42563032363963623731652d3837646230372035-M_080027488980-V_30FD04F0-T_20161222112801&version=3.2.0.1&query=active&set_default=0&interbar=0&type=client&firlaunch=1&frolaunch=0_3 HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: to****om Connection: Close
GET /i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&events=%5b%7b%0a%20%20%22timestamp%22%3a%20%221482377336013%22%2c%0a%20%20%22key%22%3a%20%22Safe_0%22%2c%0a%20%20%22count%22%3a%201%0a%7d%5d HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: se****om Connection: Close
GET /i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&end_session=1 HTTP/1.1 Accept: */* Pragma: no-cache Cache-Control: no-cache Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: se****om Connection: Close
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: se****om:80/i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&sdk_version=16.02&begin_session=1&metrics=%7b%0a%22_os%22%3a%22windows%207%22%2c%0a%22_device%22%3a%22pc%22%2c%0a%22_resolution%22%3a%, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: se****om:80/i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&session_duration=300000, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: up****et:80/ntflp.php, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: so****om:80/uploads/preview/soft/f4/30906/26b75e7f03a3c4b1af22b8bac7519b40.png, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: se****om:80/i?app_key=b6b8c04109716276048a7ab0c2908f7becedf903&device_id=00004a4f00004f0800006d43000022cf00005126&sdk_version=16.02&begin_session=1&metrics=%7b%0a%22_os%22%3a%22windows%207%22%2c%0a%22_device%22%3a%22pc%22%2c%0a%22_resolution%22%3a%, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: or****om:80/common/cmsone?cms=soft_dl&keys=class_soft_task, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: up****et:80/update.php?genre=tskdx&type=tskdx_updatecheck&ver=3.2.0.1&cid=&umid=a2fb81a58527c329a5ca83abd10353df&os=3&safe=0&ie=8&flash=11.1&ck=254aa6eeb697480f6e1e8e87252c55d5, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: se****om:80/i?app_key=b6b8c04109716276048a7ab0c2908f7becedf903&device_id=00004a4f00004f0800006d43000022cf00005126&session_duration=300000, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: lo****et:80/log.php?type=tskdx_updateend&ver=3.2.0.1&cid=&umid=a2fb81a58527c329a5ca83abd10353df&i=6&ir=0&iec=503&os=3&safe=0&ie=8&flash=11.1&ck=10ef64749fa3085607fd1730e113aec1, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: to****om:80/images/track.gif?pn=jz&tn=&os=3&uuid=c_0-d_42563032363963623731652d3837646230372035-m_080027488980-v_30fd04f0-t_20161222112801&version=3.2.0.1&query=active&set_default=0&interbar=0&type=client&firlaunch=1&frolaunch=0_3, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8408c300
HttpOpenRequestA: se****om:80/i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&events=%5b%7b%0a%20%20%22timestamp%22%3a%20%221482377336013%22%2c%0a%20%20%22key%22%3a%20%22safe_0%22%2c%0a%20%20%22count%22%3a%201%0a, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
HttpOpenRequestA: se****om:80/i?app_key=e131e8b51bc9c4bb395446794bfdcef9e115b082&device_id=0000246f00005eb500001ebe00007cc400000842&end_session=1, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x8400c300
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: se****om
GetAddrInfoW: up****et
GetAddrInfoW: so****om
GetAddrInfoW: or****om
GetAddrInfoW: lo****et
GetAddrInfoW: to****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\HDwnld\
\REGISTRY\USER\S-*\Software\HDwnld\lastldtime
\REGISTRY\USER\S-*_CLASSES\CLSID\{F552F265-6686-4422-84E5-C695E35D863A}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{F552F265-6686-4422-84E5-C695E35D863A}\InprocServer32\ThreadingModel
\REGISTRY\USER\S-*_CLASSES\JuziAgent.Agent\CLSID\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F552F265-6686-4422-84E5-C695E35D863A}\iexplore\Type
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F552F265-6686-4422-84E5-C695E35D863A}\iexplore\Flags
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F552F265-6686-4422-84E5-C695E35D863A}\iexplore\AllowedDomains\baidu.com\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F552F265-6686-4422-84E5-C695E35D863A}\iexplore\AllowedDomains\hao123.com\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F552F265-6686-4422-84E5-C695E35D863A}\iexplore\AllowedDomains\123juzi.com\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TabProcConfig\baidu.com
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TabProcConfig\hao123.com
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\TabProcConfig\123juzi.com
\REGISTRY\USER\S-*\Software\JuziPlugin\cid
\REGISTRY\USER\S-*\Software\MozillaPlugins\@123juzi.com/npJuziAgent\Path
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\User_Feed_Synchronization-{DD45CED3-68D4-4258-9DB0-B2D0B36690C9}.job
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\User_Feed_Synchronization-{DD45CED3-68D4-4258-9DB0-B2D0B36690C9}.job.fp
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 创建互斥体
详情信息: {B5D66703-1AFE-4CBC-910E-7C1191D55777}
RasPbFile
{9A815E77-CE99-4395-BAFB-D139010AC596}
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\system32\drivers\LcScience.sys
\??\C:\Windows\system32\drivers\WaNdFilter.sys
行为描述: 启动系统服务
详情信息: [服务启动成功]: , LcScience, \??\C:\Windows\system32\drivers\LcScience.sys
[服务启动成功]: , WaNdFilter, \??\C:\Windows\system32\drivers\WaNdFilter.sys
行为描述: 窗口信息
详情信息: Pid = 572, Hwnd=0x1c0116, Text = Hao123一键安装器, ClassName = jDownloaderMainFrame.
行为描述: 获取TickCount值
详情信息: TickCount = 825062, SleepMilliseconds = 60000.
TickCount = 825078, SleepMilliseconds = 60000.
TickCount = 825093, SleepMilliseconds = 60000.
TickCount = 825109, SleepMilliseconds = 60000.
TickCount = 825125, SleepMilliseconds = 60000.
TickCount = 825140, SleepMilliseconds = 60000.
TickCount = 825156, SleepMilliseconds = 60000.
TickCount = 825171, SleepMilliseconds = 60000.
TickCount = 825187, SleepMilliseconds = 60000.
TickCount = 825203, SleepMilliseconds = 60000.
TickCount = 825218, SleepMilliseconds = 60000.
TickCount = 825281, SleepMilliseconds = 60000.
TickCount = 825296, SleepMilliseconds = 60000.
TickCount = 769010, SleepMilliseconds = 10.
TickCount = 769025, SleepMilliseconds = 10.
行为描述: 调整进程token权限
详情信息: SE_INC_BASE_PRIORITY_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
SE_AUDIT_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.572
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
MSFT.VSA.COM.DISABLE.428
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00000000, DC = 0x41010a3b.
Foreground window Info: HWND = 0x00000000, DC = 0xfc0108c5.
Foreground window Info: HWND = 0x00000000, DC = 0xc301028f.
Foreground window Info: HWND = 0x00000000, DC = 0xfe010a48.
Foreground window Info: HWND = 0x00000000, DC = 0x8b010a17.
Foreground window Info: HWND = 0x00000000, DC = 0xa2010a5c.
行为描述: 可执行文件签名信息
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\npJuziPlugin.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe(签名验证: 通过)
C:\Users\Administrator\AppData\LocalLow\JuziPlugin\1.0.0.1020\npjuziplugin.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\HSoftDoloEx.exe(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime64.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience64.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter64.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter.sys(签名验证: 通过)
C:\Windows\System32\drivers\LcScience.sys(签名验证: 通过)
C:\Windows\System32\drivers\WaNdFilter.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe(签名验证: 通过)
C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\bime.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Roaming\Temp\-1586472857.tmp(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 10.
[4]: MilliSeconds = 10.
[2]: MilliSeconds = 60000.
[5]: MilliSeconds = 10.
[6]: MilliSeconds = 10.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 0.
[7]: MilliSeconds = 10.
[8]: MilliSeconds = 10.
[9]: MilliSeconds = 10.
[10]: MilliSeconds = 60000.
行为描述: 可执行文件MD5
详情信息: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\npJuziPlugin.dll ---> 214e19f5877d25e04b6fb5107bca3e55
C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe ---> 0f8e2fb9a4e33542d46acb93857d9b99
C:\Users\Administrator\AppData\LocalLow\JuziPlugin\1.0.0.1020\npjuziplugin.dll ---> 214e19f5877d25e04b6fb5107bca3e55
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\HSoftDoloEx.exe ---> c7ffa14362cba4dd25f353d12d8e11c1
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime.dll ---> 20b47c01a9208860f092b10571643e6c
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\bime64.dll ---> 5eed52d21167aaed8b4b0c7a245587f8
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience.sys ---> 610b50111b8f5601a8eab45dc1b1d916
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\LcScience64.sys ---> 7d67ce19947d890dd2515d9ade051f2d
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter64.sys ---> df9cb6061cc59efbe628a7dd3f4543c5
C:\Users\Administrator\AppData\Local\Temp\nvMultitasking\WaNdFilter.sys ---> a93a159323537a15c24e6388b9a8c435
C:\Windows\System32\drivers\LcScience.sys ---> 610b50111b8f5601a8eab45dc1b1d916
C:\Windows\System32\drivers\WaNdFilter.sys ---> a93a159323537a15c24e6388b9a8c435
C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe ---> c7ffa14362cba4dd25f353d12d8e11c1
C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\bime.dll ---> 20b47c01a9208860f092b10571643e6c
C:\Users\Administrator\AppData\Roaming\Temp\-1586472857.tmp ---> d0966601ecd6239a9ce0241c9aa21571
行为描述: 打开互斥体
详情信息: Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
Local\MSCTF.Asm.MutexDefault1
行为描述: 创建系统服务
详情信息: [服务创建成功]: LcScience, C:\Windows\system32\drivers\LcScience.sys
[服务创建成功]: WaNdFilter, C:\Windows\system32\drivers\WaNdFilter.sys
行为描述: 加载新释放的文件
详情信息: Image: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\npJuziPlugin.dll.
Image: C:\Users\Administrator\AppData\Roaming\Temp\{B518B0F4-A50F-431A-83D9-88FE89F0E2E9}\nvMultitask.exe.
Image: C:\Users\Administrator\AppData\Roaming\HSoftDoloEx\HSoftDoloEx.exe.
Activities
VirSCANVirSCAN
活动名 类型
net.openvpn.openvpn.OpenVPNAttachmentReceiver android.intent.action.VIEW
net.openvpn.openvpn.OpenVPNAttachmentReceiver android.intent.category.BROWSABLE
net.openvpn.openvpn.OpenVPNAttachmentReceiver android.intent.category.DEFAULT
net.openvpn.openvpn.splash android.intent.action.MAIN
net.openvpn.openvpn.splash android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
java/net/URL;->openConnection 连接URL
java/net/HttpURLConnection;->connect 连接URL
启动方式
VirSCANVirSCAN
名称 信息
net.openvpn.openvpn.OpenVPNRebootReceiver 开机启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
服务列表
VirSCANVirSCAN
名称
net.openvpn.openvpn.OpenVPNService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x51a1d038
META-INF/CERT.SF 0xaa878539
META-INF/CERT.RSA 0x2bd4c521
AndroidManifest.xml 0x67f12e73
assets/btn_login.xml 0xc94f50c2
assets/error.html 0xa5b1820a
assets/help/default/index.html 0x55e96f0
classes.dex 0x414a0692
lib/arm64-v8a/libovpncli.so 0xc6b8a8d9
lib/armeabi-v7a/libovpncli.so 0x77c5da1c
lib/armeabi/libovpncli.so 0xe3e69f9e
res/drawable-hdpi-v4/icon.png 0xa0392608
res/drawable-hdpi-v4/info.png 0x129bf99d
res/drawable-hdpi-v4/openvpn_connected.png 0x33fdfbf9
res/drawable-hdpi-v4/openvpn_connecting.png 0x8dc08640
res/drawable-hdpi-v4/openvpn_disconnected.png 0x3990b5d3
res/drawable-mdpi-v4/icon.png 0xa0392608
res/drawable-mdpi-v4/info.png 0x116cb01c
res/drawable-mdpi-v4/openvpn_connected.png 0x33fdfbf9
res/drawable-mdpi-v4/openvpn_connecting.png 0x8dc08640
res/drawable-mdpi-v4/openvpn_disconnected.png 0x3990b5d3
res/drawable-xhdpi-v4/icon.png 0xa0392608
res/drawable-xhdpi-v4/openvpn_connected.png 0x33fdfbf9
res/drawable-xhdpi-v4/openvpn_connecting.png 0x8dc08640
res/drawable-xhdpi-v4/openvpn_disconnected.png 0x3990b5d3
res/drawable/blue_bg.png 0xe40e968a
res/drawable/blue_help.png 0x2901293c
res/drawable/blue_line.png 0xbe697845
res/drawable/blue_more.png 0x4212a6f0
res/drawable/blue_shop.png 0xaa322302
res/drawable/bt_add.png 0xe39e4ef1
res/drawable/bt_help.png 0x14857c65
res/drawable/bt_info.png 0x5c0b908e
res/drawable/bt_line.png 0x6c2054ce
res/drawable/bt_more.png 0xc00aa099
res/drawable/bt_shop.png 0x9aa9ea40
res/drawable/btn.png 0x32943724
res/drawable/btn_accept_install.xml 0x301e961f
res/drawable/btn_back_on.png 0x51723e9e
res/drawable/btn_cancel_install.xml 0xd9a24884
res/drawable/btn_login.xml 0x88bba1a0
res/drawable/btn_on.png 0xd0a0bbe5
res/drawable/btn_on_xml.xml 0x11b8dd5f
res/drawable/btn_reg.xml 0x2b535a27
res/drawable/btns_on_xml.xml 0xcd0e0b
res/drawable/connected.png 0xafb0da2b
res/drawable/connecting.png 0xdcd34189
res/drawable/data_icon.png 0xb74aab53
res/drawable/date_icon.png 0x47cc886
res/drawable/delete.png 0xc4c89b8d
res/drawable/dingd.png 0x3dd45b02
res/drawable/disconnected.png 0xc4c89b8d
res/drawable/dk.png 0xc10e99a4
res/drawable/edit.png 0xe0a890f0
res/drawable/error.png 0xc4c89b8d
res/drawable/file_dialog_file.png 0xd340b637
res/drawable/file_dialog_folder.png 0x32c78696
res/drawable/file_dialog_icon.png 0x99a4f90b
res/drawable/gg.png 0x9e84ceaf
res/drawable/hs.png 0x46904973
res/drawable/info.png 0xdcd34189
res/drawable/info_box.xml 0xa3ae0df8
res/drawable/line.png 0x35c083f5
res/drawable/link_icon.png 0xccddd60
res/drawable/main_bg.jpg 0xde337232
res/drawable/my_bg.jpg 0x93a53602
res/drawable/pass.png 0xaa5858d1
res/drawable/pause.png 0x35463b1c
res/drawable/profile_box.xml 0x4cc276a6
res/drawable/progress_bar_states.xml 0xbc2dd259
res/drawable/pt.png 0xc66d03df
res/drawable/reload.png 0x4fb410c6
res/drawable/rightarrow.png 0xafb0da2b
res/drawable/shap.xml 0xbf6ede4
res/drawable/shap2.xml 0x4c798596
res/drawable/shape_progressbar_bg.xml 0x71ebd399
res/drawable/shape_progressbar_mini.xml 0xd67d890e
res/drawable/splash.jpg 0x81b9454f
res/drawable/stats_box.xml 0xca691a9b
res/drawable/user.png 0x96b1c0e8
res/drawable/user_center.png 0xf7550bf4
res/drawable/ws.png 0xbae796f3
res/layout-land/cert_warn.xml 0xbcad2270
res/layout/about.xml 0x5880d0d0
res/layout/activity_main.xml 0x2b7f58db
res/layout/activity_reg.xml 0xc6ab4ee3
res/layout/activity_splash.xml 0xdff6f9c9
res/layout/activity_update.xml 0x38cfd093
res/layout/add_proxy.xml 0x281b051e
res/layout/add_shortcut.xml 0xffcb9ee5
res/layout/attachment_receiver.xml 0x41eb11c1
res/layout/cert_warn.xml 0x5f2dedd2
res/layout/cr_dialog.xml 0x3a0d4fe7
res/layout/create_shortcut_dialog.xml 0xf0080b74
res/layout/file_dialog_main.xml 0xc2fc40cf
res/layout/file_dialog_row.xml 0x31dfbc4e
res/layout/form.xml 0xb7631a0c
res/layout/import_profile.xml 0xc6dc6d6f
res/layout/import_server_item.xml 0x4aa50903
res/layout/log.xml 0xb205a07a
res/layout/login.xml 0x425f8c63
res/layout/proxy_creds.xml 0x63c5c5cc
res/layout/rename_profile_dialog.xml 0x34e1b9c1
res/layout/stats.xml 0xed7b389a
res/menu/menu.xml 0x3d5fc920
res/raw/disconnect.wav 0xd00e64b8
res/xml/preferences.xml 0x98da62d9
resources.arsc 0xc46316f2
运行截图
VirSCANVirSCAN
VirSCAN