VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:34ae367c609fcbd75450ed8d38588b3d
Package names:com.qqxsdcdcc.ddcxcdex
Minimum operating environment:Android 2.2.x
copyright:Android
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MBB..IBJGH
MSCTF.MarshalInterface.FileMap.MBB.B.IBJGH
MSCTF.MarshalInterface.FileMap.MBB.C.IBJGH
MSCTF.MarshalInterface.FileMap.MBB.D.IBJGH
MSCTF.MarshalInterface.FileMap.MBB.E.HCJGH
MSCTF.MarshalInterface.FileMap.MBB.F.HCJGH
MSCTF.MarshalInterface.FileMap.MBB.G.HCJGH
MSCTF.Shared.SFM.MBB
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MBB..IBJGH
MSCTF.MarshalInterface.FileMap.MBB.B.IBJGH
MSCTF.MarshalInterface.FileMap.MBB.C.IBJGH
MSCTF.MarshalInterface.FileMap.MBB.D.IBJGH
MSCTF.MarshalInterface.FileMap.MBB.E.HCJGH
MSCTF.MarshalInterface.FileMap.MBB.F.HCJGH
MSCTF.MarshalInterface.FileMap.MBB.G.HCJGH
MSCTF.Shared.SFM.MBB
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015082520150826\*.*
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = nrop19.com, PORT = 80
Behavior description:读取网络文件
details:hFile = 0x00000694, BytesToRead =1024, BytesRead = 1024.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: nrop19.com:80/get.php?page=0&type=normal, hConnect = 0x00000690
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Classes\yeguang\
\REGISTRY\MACHINE\SOFTWARE\Classes\yeguang\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\yeguang\shell\open\command\
Behavior description:修改注册表_URL协议关联
details:\REGISTRY\MACHINE\SOFTWARE\Classes\yeguang\URL Protocol
Other behavior
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 784, Hwnd=0x202c2, Text = 确定, ClassName = Button.
Pid = 784, Hwnd=0x202c4, Text = 安装成功!, ClassName = Static.
Pid = 784, Hwnd=0x202d8, Text = 成功, ClassName = #32770.
Pid = 784, Hwnd=0x202d6, Text = 文件大小, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 784, Hwnd=0x302dc, Text = 下载速度:0Kb/s, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 784, Hwnd=0x302bc, Text = 等候下载……, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 784, Hwnd=0x202a8, Text = nrop19 小高教学网宅男福利, ClassName = WTWindow.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Afx:400000:8:10011:1900015:0]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MBB
Behavior description:获取TickCount值
details:TickCount = 506796, SleepMilliseconds = 250.
TickCount = 506812, SleepMilliseconds = 250.
TickCount = 506890, SleepMilliseconds = 250.
TickCount = 506984, SleepMilliseconds = 250.
TickCount = 507046, SleepMilliseconds = 250.
TickCount = 507109, SleepMilliseconds = 250.
TickCount = 507125, SleepMilliseconds = 250.
TickCount = 507187, SleepMilliseconds = 250.
TickCount = 507203, SleepMilliseconds = 250.
Dynamic list behavior
Behavior description:传递附加信息
details:android.app.extra.DEVICE_ADMIN:ComponentInfo{com.qqxsdcdcc.ddcxcdex/cn.sadsxcds.sdaopwe309ss.DeviceReceiver}
android.app.extra.ADD_EXPLANATION:设备管理器
Behavior description:读取手机短信
details:[u'content://sms/inbox', u'null', u'null', u'null', u'_id desc']
Behavior description:启动服务
details:{"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.qqxsdcdcc.ddcxcdex\/cn.sadsxcds.sdaopwe309ss.SmSserver}"}
Behavior description:隐藏桌面快捷图标
details:[u'ComponentInfo{com.qqxsdcdcc.ddcxcdex/cn.sadsxcds.sdaopwe309ss.MainActivity}', u'2', u'1']
Behavior description:解析通用资源标识符
details:content://sms/
content://sms/inbox
Behavior description:注册广播接收器
details:[u'cn.sadsxcds.sdaopwe309ss.SmSReceiver@4151ea60', u'android.content.IntentFilter@41536898', u'android.permission.BROADCAST_SMS', u'null']
[u'cn.sadsxcds.sdaopwe309ss.SmSReceiver@4154c6e8', u'android.content.IntentFilter@4154c700']
Behavior description:查询App共享数据
details:[u'content://sms/inbox', u'null', u'null', u'null', u'_id desc']
Behavior description:设置组件属性
details:[u'ComponentInfo{com.qqxsdcdcc.ddcxcdex/cn.sadsxcds.sdaopwe309ss.MainActivity}', u'2', u'1']
Behavior description:初始化IntentFilter
details:[u'com.yfm.send']
Behavior description:注册ContentObserver
details:URI=content://sms/
Behavior description:激活ActivityForResult
details:{"ACTION":"android.app.action.ADD_DEVICE_ADMIN","FLAG":0,"EXTRAS":{"android.app.extra.DEVICE_ADMIN":"ComponentInfo{com.qqxsdcdcc.ddcxcdex\/cn.sadsxcds.sdaopwe309ss.DeviceReceiver}","android.app.extra.ADD_EXPLANATION":"设备管理器"}}
Behavior description:Toast->makeText弹出提示
details:text:程序启动成功 duration:1
Behavior description:添加View
details:[u'android.widget.LinearLayout@414f97e0', u'WM.LayoutParams{(0,128)(wrapxwrap) gr=#51 ty=2005 fl=#98 fmt=-3 wanim=0x1030004}']
Behavior description:初始化Intent
details:[u'cn.sadsxcds.sdaopwe309ss.MainActivity@4153f608', u'class cn.sadsxcds.sdaopwe309ss.SmSserver']
[u'android.os.Parcel@414ad238']
[u'android.app.action.ADD_DEVICE_ADMIN']
[]
[u'android.os.Parcel@414ad238']
[u'android.os.Parcel@414ad278']
[u'android.os.Parcel@414ad238']
Behavior description:获取运行service
details:[u'40']
Behavior description:发送多份短信
details:number:13417701157 messages:[手机已安装软件,回复com#false关闭com#true开启, 版本16 sdk]
number:13417701157 messages:[服务已经启动,程序使用到期时间 2018-11-01 00:00:00]
Activities
Activity nameTypes of
cn.sadsxcds.sdaopwe309ss.MainActivityandroid.intent.action.MAIN
cn.sadsxcds.sdaopwe309ss.MainActivityandroid.intent.category.LAUNCHER
cn.sadsxcds.sdaopwe309ss.UninstallerActivityandroid.intent.action.VIEW
cn.sadsxcds.sdaopwe309ss.UninstallerActivityandroid.intent.action.DELETE
cn.sadsxcds.sdaopwe309ss.UninstallerActivityandroid.intent.category.DEFAULT
Dangerous function
Function nameinformation
ContentResolver;->query读取联系人、短信等数据库
ContentResolver;->delete删除短信、联系人
SmsManager;->sendMultipartTextMessage发送彩信
Startup mode
nameinformation
cn.sadsxcds.sdaopwe309ss.BootReceiver监控短信(收到短信)启动服务
cn.sadsxcds.sdaopwe309ss.BootReceiver开机启动服务
cn.sadsxcds.sdaopwe309ss.BootReceiver屏幕解锁启动服务
cn.sadsxcds.sdaopwe309ss.SmSReceiver监控短信(收到短信)启动服务
Permission list
License nameinformation
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.RECEIVE_USER_PRESENT
android.permission.RECEIVE_SMS监控接收短信
android.permission.SEND_SMS发送短信
android.permission.READ_PHONE_STATE读取电话状态
android.permission.BROADCAST_SMS收到短信时广播
android.permission.READ_SMS读取短信
android.permission.WRITE_SMS写短信
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.CAMERA访问照相机设备
android.permission.INTERNET连接网络(2G或3G)
android.permission.READ_LOGS读取系统日志
Service list
name
cn.sadsxcds.sdaopwe309ss.SmSserver
File List
file name Check code
META-INF/MANIFEST.MF 0x7c006093
META-INF/CERT.SF 0x9ad3ccb
META-INF/CERT.RSA 0x9b6f0346
apkprotect.com/readme.txt 0x4eec3826
AndroidManifest.xml 0xdef2918a
apkprotect.com/key.dat 0x747cb177
res/drawable-hdpi/ic_launcher.jpg 0xd3f297d0
res/layout/activity_main.xml 0x3ba3db3f
resources.arsc 0x71f45db
classes.dex 0x80088823
res/drawable-hdpi/icon.png 0xac8b5a00
res/xml/lock_screen.xml 0xeab2c16b
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号