VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

File Name :hidden.apk (File not down)
File Size :642818 byte
File Type : application/jar
MD5:645c8e847bf13e108dcbc4644dab761b
SHA1:b01e194c7c23c465e213ad6122d9cd276dce9cec
Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-06-20 22:54:02 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 6
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14054 10.0.1405 2017-06-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 11
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23482 0.97.5 2017-06-17 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.628, 49.628, 49.628 5.4.233 2017-06-20 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.12955 25.12955 2017-06-19 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-18 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-06-19 Found nothing 6
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-19 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 13
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-06-19 Found nothing 2
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-06-18 Found nothing 1
tws 17.47.17308 1.0.2.2108 2017-06-19 Found nothing 14
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-19 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:645c8e847bf13e108dcbc4644dab761b
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.secretogps.app
最低运行环境:Android 2.2.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000002ac
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000002ac
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe, WriteAddress = 0x7ffdd238, Size = 0x00000004 TargetPID = 0x000002ac
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000468
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000468
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffdc238, Size = 0x00000004 TargetPID = 0x00000468
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\BNSbuilder.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000a70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\BNSbuilder.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000a70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\BNSbuilder.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000a70
TargetProcess = C:\Users\Administrator\AppData\Local\Temp\temp.exe, WriteAddress = 0x00140000, Size = 0x00000020 TargetPID = 0x00000ce8
TargetProcess = C:\Users\Administrator\AppData\Local\Temp\temp.exe, WriteAddress = 0x00140020, Size = 0x00000034 TargetPID = 0x00000ce8
TargetProcess = C:\Users\Administrator\AppData\Local\Temp\temp.exe, WriteAddress = 0x7ffd6238, Size = 0x00000004 TargetPID = 0x00000ce8
行为描述: 获取TickCount值
详情信息: TickCount = 784890, SleepMilliseconds = 7000.
TickCount = 784906, SleepMilliseconds = 7000.
TickCount = 785093, SleepMilliseconds = 7000.
TickCount = 785109, SleepMilliseconds = 7000.
TickCount = 785125, SleepMilliseconds = 7000.
TickCount = 785140, SleepMilliseconds = 7000.
TickCount = 785156, SleepMilliseconds = 7000.
TickCount = 785203, SleepMilliseconds = 7000.
TickCount = 785218, SleepMilliseconds = 7000.
TickCount = 785234, SleepMilliseconds = 7000.
TickCount = 785250, SleepMilliseconds = 7000.
TickCount = 785265, SleepMilliseconds = 7000.
TickCount = 785504, SleepMilliseconds = 20.
TickCount = 785566, SleepMilliseconds = 20.
TickCount = 787187, SleepMilliseconds = 500.
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x9e094c5c, EDX = 0x00000286
EAX = 0x9e094ca8, EDX = 0x00000286
EAX = 0x8887a65e, EDX = 0x00000287
EAX = 0x8887a6aa, EDX = 0x00000287
EAX = 0xdce14d92, EDX = 0x00000287
EAX = 0xdce14dde, EDX = 0x00000287
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\UninstallString
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x000002ac
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x000002ac
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe, WriteAddress = 0x7ffdd238, Size = 0x00000004 TargetPID = 0x000002ac
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000468
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000468
TargetProcess = C:\Windows\System32\cmd.exe, WriteAddress = 0x7ffdc238, Size = 0x00000004 TargetPID = 0x00000468
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\BNSbuilder.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000a70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\BNSbuilder.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000a70
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\BNSbuilder.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000a70
TargetProcess = C:\Users\Administrator\AppData\Local\Temp\temp.exe, WriteAddress = 0x00140000, Size = 0x00000020 TargetPID = 0x00000ce8
TargetProcess = C:\Users\Administrator\AppData\Local\Temp\temp.exe, WriteAddress = 0x00140020, Size = 0x00000034 TargetPID = 0x00000ce8
TargetProcess = C:\Users\Administrator\AppData\Local\Temp\temp.exe, WriteAddress = 0x7ffd6238, Size = 0x00000004 TargetPID = 0x00000ce8
行为描述: 获取TickCount值
详情信息: TickCount = 784890, SleepMilliseconds = 7000.
TickCount = 784906, SleepMilliseconds = 7000.
TickCount = 785093, SleepMilliseconds = 7000.
TickCount = 785109, SleepMilliseconds = 7000.
TickCount = 785125, SleepMilliseconds = 7000.
TickCount = 785140, SleepMilliseconds = 7000.
TickCount = 785156, SleepMilliseconds = 7000.
TickCount = 785203, SleepMilliseconds = 7000.
TickCount = 785218, SleepMilliseconds = 7000.
TickCount = 785234, SleepMilliseconds = 7000.
TickCount = 785250, SleepMilliseconds = 7000.
TickCount = 785265, SleepMilliseconds = 7000.
TickCount = 785504, SleepMilliseconds = 20.
TickCount = 785566, SleepMilliseconds = 20.
TickCount = 787187, SleepMilliseconds = 500.
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x9e094c5c, EDX = 0x00000286
EAX = 0x9e094ca8, EDX = 0x00000286
EAX = 0x8887a65e, EDX = 0x00000287
EAX = 0x8887a6aa, EDX = 0x00000287
EAX = 0xdce14d92, EDX = 0x00000287
EAX = 0xdce14dde, EDX = 0x00000287
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\UninstallString
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Users\Administrator\AppData\Local\Temp\RarSFX1\__tmp_rar_sfx_access_check_774562
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\__tmp_rar_sfx_access_check_776421
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\Dll.bat
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\qtintf70.dll
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\rtl70.bpl
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\visualclx70.bpl
C:\Windows\System32\qtintf70.dll
C:\Windows\System32\rtl70.bpl
C:\Windows\System32\visualclx70.bpl
C:\Users\Administrator\AppData\Local\Temp\temp.exe
行为描述: 创建可执行文件
详情信息: C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\rtl70.bpl
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\visualclx70.bpl
C:\Windows\System32\rtl70.bpl
C:\Windows\System32\visualclx70.bpl
C:\Users\Administrator\AppData\Local\Temp\temp.exe
行为描述: 覆盖已有文件
详情信息: C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
行为描述: 复制文件
详情信息: qtintf70.dll ---> c:\windows\system32\qtintf70.dll
rtl70.bpl ---> c:\windows\system32\rtl70.bpl
visualclx70.bpl ---> c:\windows\system32\visualclx70.bpl
行为描述: 删除文件
详情信息: C:\Users\Administrator\AppData\Local\Temp\RarSFX1\__tmp_rar_sfx_access_check_774562
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\__tmp_rar_sfx_access_check_776421
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\Dll.bat
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\qtintf70.dll
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\rtl70.bpl
行为描述: 查找文件
详情信息: FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
FileName = C:\Users
FileName = C:\Users\ADMINI~1
FileName = C:\Users\ADMINI~1\AppData
FileName = C:\Users\ADMINI~1\AppData\Local
FileName = C:\Users\ADMINI~1\AppData\Local\Temp
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX2
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX2\dll.bat
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX2\*.*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX2\Dll.bat
FileName = qtintf70.dll
FileName = rtl70.bpl
行为描述: 修改BAT脚本文件
详情信息: C:\Users\Administrator\AppData\Local\Temp\RarSFX2\Dll.bat ---> Offset = 0
行为描述: 修改文件内容
详情信息: C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe ---> Offset = 131072
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe ---> Offset = 196608
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe ---> Offset = 231424
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe ---> Offset = 27392
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe ---> Offset = 4194045
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe ---> Offset = 4194304
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\qtintf70.dll ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\qtintf70.dll ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\qtintf70.dll ---> Offset = 131072
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\qtintf70.dll ---> Offset = 196608
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\qtintf70.dll ---> Offset = 262144
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\User_Feed_Synchronization-{DD45CED3-68D4-4258-9DB0-B2D0B36690C9}.job
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\User_Feed_Synchronization-{DD45CED3-68D4-4258-9DB0-B2D0B36690C9}.job.fp
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\UninstallString
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: IsDebuggerPresent
行为描述: 创建互斥体
详情信息: Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [&Обзор...,Button]
[Window,Class] = [C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1,ComboBox]
[Window,Class] = [C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX2,ComboBox]
[Window,Class] = [temp,QWidget]
行为描述: 打开互斥体
详情信息: DefaultTabtip-MainUI
Local\MSCTF.Asm.MutexDefault1
Global\CLR_CASOFF_MUTEX
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [EDIT,]
行为描述: 窗口信息
详情信息: Pid = 2672, Hwnd=0x1a02ee, Text = C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\bnsbuilder.exe, ClassName = ConsoleWindowClass.
Pid = 3304, Hwnd=0x901fe, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x1035a, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x10358, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x2034c, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x1034a, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x10348, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x10346, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x30342, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x5033e, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x20340, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x5033c, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x6030e, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x130186, Text = temp, ClassName = QWidget.
Pid = 3304, Hwnd=0x801aa, Text = temp, ClassName = QWidget.
行为描述: 获取TickCount值
详情信息: TickCount = 784890, SleepMilliseconds = 7000.
TickCount = 784906, SleepMilliseconds = 7000.
TickCount = 785093, SleepMilliseconds = 7000.
TickCount = 785109, SleepMilliseconds = 7000.
TickCount = 785125, SleepMilliseconds = 7000.
TickCount = 785140, SleepMilliseconds = 7000.
TickCount = 785156, SleepMilliseconds = 7000.
TickCount = 785203, SleepMilliseconds = 7000.
TickCount = 785218, SleepMilliseconds = 7000.
TickCount = 785234, SleepMilliseconds = 7000.
TickCount = 785250, SleepMilliseconds = 7000.
TickCount = 785265, SleepMilliseconds = 7000.
TickCount = 785504, SleepMilliseconds = 20.
TickCount = 785566, SleepMilliseconds = 20.
TickCount = 787187, SleepMilliseconds = 500.
行为描述: 获取光标位置
详情信息: CursorPos = (90,18467), SleepMilliseconds = 60000.
CursorPos = (6383,26500), SleepMilliseconds = 60000.
CursorPos = (19218,15724), SleepMilliseconds = 60000.
CursorPos = (11527,29358), SleepMilliseconds = 60000.
CursorPos = (27011,24464), SleepMilliseconds = 60000.
CursorPos = (5754,28145), SleepMilliseconds = 60000.
CursorPos = (23330,16827), SleepMilliseconds = 60000.
CursorPos = (10010,491), SleepMilliseconds = 60000.
CursorPos = (3044,11942), SleepMilliseconds = 60000.
CursorPos = (4876,5436), SleepMilliseconds = 60000.
CursorPos = (32440,14604), SleepMilliseconds = 60000.
CursorPos = (3951,153), SleepMilliseconds = 60000.
CursorPos = (341,12382), SleepMilliseconds = 60000.
CursorPos = (17470,18716), SleepMilliseconds = 60000.
CursorPos = (19767,19895), SleepMilliseconds = 60000.
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
MSFT.VSA.COM.DISABLE.2672
MSFT.VSA.IEC.STATUS.6c736db0
MSFT.VSA.COM.DISABLE.3304
行为描述: 调整进程token权限
详情信息: SE_AUDIT_PRIVILEGE
行为描述: 可执行文件签名信息
详情信息: C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\rtl70.bpl(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\visualclx70.bpl(签名验证: 未通过)
C:\Windows\System32\rtl70.bpl(签名验证: 未通过)
C:\Windows\System32\visualclx70.bpl(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\temp.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 7000.
[1]: MilliSeconds = -1.
[2]: MilliSeconds = 20.
[3]: MilliSeconds = 20.
[4]: MilliSeconds = 20.
[5]: MilliSeconds = 20.
[6]: MilliSeconds = 20.
[7]: MilliSeconds = 20.
[8]: MilliSeconds = 20.
[9]: MilliSeconds = 20.
[1]: MilliSeconds = 500.
[2]: MilliSeconds = 500.
[1]: MilliSeconds = 60000.
行为描述: 创建事件对象
详情信息: EventName = Global\CorDBIPCSetupSyncEvent_2672
行为描述: 可执行文件MD5
详情信息: C:\Users\Administrator\AppData\Local\Temp\RarSFX1\dll.exe ---> baa7a59e10b623d67dccce800dafd234
C:\Users\Administrator\AppData\Local\Temp\RarSFX1\BNSbuilder.exe ---> 文件过大!
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\rtl70.bpl ---> 0dcd17c9a3b135c61834c716a412a5bf
C:\Users\Administrator\AppData\Local\Temp\RarSFX2\visualclx70.bpl ---> 4327122c16790819f67ec8d00fcf7258
C:\Windows\System32\rtl70.bpl ---> 0dcd17c9a3b135c61834c716a412a5bf
C:\Windows\System32\visualclx70.bpl ---> 4327122c16790819f67ec8d00fcf7258
C:\Users\Administrator\AppData\Local\Temp\temp.exe ---> 文件过大!
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x9e094c5c, EDX = 0x00000286
EAX = 0x9e094ca8, EDX = 0x00000286
EAX = 0x8887a65e, EDX = 0x00000287
EAX = 0x8887a6aa, EDX = 0x00000287
EAX = 0xdce14d92, EDX = 0x00000287
EAX = 0xdce14dde, EDX = 0x00000287
行为描述: 加载新释放的文件
详情信息: Image: C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\dll.exe.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX1\BNSbuilder.exe.
Image: C:\Users\Administrator\AppData\Local\Temp\temp.exe.
Image: C:\Windows\System32\rtl70.bpl.
Image: C:\Windows\System32\visualclx70.bpl.
Image: C:\Windows\System32\qtintf70.dll.
Activities
VirSCANVirSCAN
活动名 类型
.Launcher android.intent.action.MAIN
.Launcher android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
java/net/URL;->openConnection 连接URL
java/net/HttpURLConnection;->connect 连接URL
启动方式
VirSCANVirSCAN
名称 信息
com.secretogps.app.AutostartReceiver 开机启动服务
com.secretogps.app.DialLaunchReceiver
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
服务列表
VirSCANVirSCAN
名称
com.secretogps.app.TrackingService
com.secretogps.app.TrackingService$HideNotificationService
文件列表
VirSCANVirSCAN
文件名 校验码
AndroidManifest.xml 0xde3798e6
res/drawable-hdpi-v4/ic_launcher.png 0xeb101a90
res/drawable-mdpi-v4/ic_launcher.png 0xc2259ec3
res/drawable-xhdpi-v4/ic_launcher.png 0xe114d91b
res/drawable-xhdpi-v4/logo.png 0xd925adda
res/drawable-xxhdpi-v4/ic_launcher.png 0xb4b420af
res/drawable-xxxhdpi-v4/ic_launcher.png 0xfcc8b59d
res/layout-v17/about.xml 0x76cd0643
res/layout/about.xml 0x7f94b79a
res/layout/status.xml 0x87897984
res/menu-v11/main.xml 0x1c2dd9ed
res/menu-v11/status.xml 0x86950f7a
res/menu/main.xml 0x6ebacb0b
res/menu/status.xml 0x1a8cf9be
res/xml-v14/preferences.xml 0x3f6517ab
res/xml/preferences.xml 0xf9daa614
resources.arsc 0x53b1cf88
classes.dex 0x70a19c58
META-INF/MANIFEST.MF 0xd6cabd46
META-INF/CERT.SF 0x6427f35d
META-INF/CERT.RSA 0x6409fe85
运行截图
VirSCANVirSCAN
VirSCAN