VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:35b8050db26495d1ff9cf57f63ea7b19
Package names:com.shiopvo.rogends
Minimum operating environment:Android 2.3, 2.3.1, 2.3.2
copyright:xcvfhdth
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000014D, Name: NtSetInformationProcess, Instruction Address = 0x01363B13
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00040138, DC = 0x1b01092f.
Foreground window Info: HWND = 0x00040180, DC = 0x090108c0.
Foreground window Info: HWND = 0x00040180, DC = 0x390108be.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 512
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 516
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1540
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1544
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 1024
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Roaming\Adobe
FileName = C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat
FileName = C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Compare.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DVA.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\eBook.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\IA32.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\HLS.api
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\bLastExitNormal
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SYSTEM\Acrobatviewercpp304\
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:2AC1A572DB6944B0A65C38C4140AF2F4adc6D117134
Acrobat Instance Mutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Acrobat Viewer]
[Window,Class] = [,Edit]
[Window,Class] = [AVNullDocView,AVL_AVView]
[Window,Class] = [AVSplitterView,AVL_AVView]
[Window,Class] = [,ScrollBar]
[Window,Class] = [AVRulerView,AVL_AVView]
[Window,Class] = [AVTabStripView,AVL_AVView]
[Window,Class] = [AVTableContainerView,AVL_AVView]
[Window,Class] = [AVToolBarView,AVL_AVView]
[Window,Class] = [AVDockableHostView,AVL_AVView]
Behavior description:直接调用系统关键API
details:Index = 0x0000014D, Name: NtSetInformationProcess, Instruction Address = 0x01363B13
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [AdobeAcrobatSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [AdobeReaderSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [Acrobat Instance Window Class,Acrobat Instance Window]
NtUserFindWindowEx: [Class,Window] = [Acrobat Viewer,]
NtUserFindWindowEx: [Class,Window] = [JFWUI2,]
NtUserFindWindowEx: [Class,Window] = [AcrobatTimerWnd,]
Behavior description:窗口信息
details:Pid = 2780, Hwnd=0x70204, Text = AVToolBarHostView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x701f6, Text = AVTabStripView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x40162, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x50176, Text = AVSplitationPageView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0xc01ca, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x3013c, Text = AVScrolledPageView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0xd01ba, Text = AVScrollView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x8019c, Text = AVTableContainerView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x4013a, Text = 21.587 x 27.937 厘米, ClassName = Static.
Pid = 2780, Hwnd=0x40138, Text = AVPageView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x501e0, Text = AVNullDocView, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x40196, Text = AVToolBarEasel, ClassName = AVL_AVView.
Pid = 2780, Hwnd=0x601e4, Text = 90.2%, ClassName = Edit.
Pid = 2780, Hwnd=0x901d2, Text = 1, ClassName = Edit.
Pid = 2780, Hwnd=0x40180, Text = %temp%\****.pdf - Adobe Reader, ClassName = AcrobatSDIWindow.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2780
MSFT.VSA.IEC.STATUS.6c736db0
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00040138, DC = 0x1b01092f.
Foreground window Info: HWND = 0x00040180, DC = 0x090108c0.
Foreground window Info: HWND = 0x00040180, DC = 0x390108be.
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Activities
Activity nameTypes of
org.cocos2dx.app.BaseActivityandroid.intent.action.MAIN
org.cocos2dx.app.BaseActivityandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
java/net/URL;->openConnection连接URL
java/net/HttpURLConnection;->connect连接URL
Startup mode
nameinformation
com.lmstwh.sfu.receiver.NetworkReceiver网络连接改变时启动服务
com.lmstwh.sfu.receiver.InSmsReceiver监控短信(收到短信)启动服务
com.yf.jar.pay.InSmsReceiver监控短信(收到短信)启动服务
com.mn.kt.rs.RsRe监控短信(收到短信)启动服务
com.mn.kt.rs.RsRe网络连接改变时启动服务
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe开机启动服务
com.mn.kt.rs.RsRe
com.mn.kt.rs.RsRe屏幕解锁启动服务
a.n.f.m.MadCst网络连接改变时启动服务
a.n.f.m.MadCst
a.n.f.m.MadCst
a.n.f.m.MadCst
a.n.f.m.MadCst
a.n.f.m.MadCst监控短信(收到短信)启动服务
Permission list
License nameinformation
android.permission.READ_LOGS读取系统日志
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE读取电话状态
android.permission.INTERNET连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
android.permission.SEND_SMS发送短信
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.READ_SMS读取短信
android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.CHANGE_NETWORK_STATE变更网络状态
android.permission.RECEIVE_SMS监控接收短信
android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
android.permission.WRITE_SMS写短信
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
android.permission.DISABLE_KEYGUARD禁用键盘锁
android.permission.READ_CALL_LOG读取通话记录
android.permission.WRITE_SETTINGS读写系统设置项
Service list
name
com.lmstwh.sfu.services.SmsStatusService
com.lmstwh.sfu.services.SmsDataService
com.yf.jar.pay.SmsServices
com.yf.sms.service.InitService
com.wyzf.service.InitService
com.a.a.b
com.mn.kt.rs.RsSe
a.n.f.m.MadSec
a.n.f.m.DouAdSec
File List
file name Check code
META-INF/MANIFEST.MF 0x34d49e8e
META-INF/VOKSTAS.SF 0x2e3936d
META-INF/VOKSTAS.RSA 0x343d16e2
assets/bgs_first.jpg 0xa28e4b56
assets/bgs_game.jpg 0xe974ac49
assets/config.ini 0x9d4294b1
assets/dERlZG 0xc6e46af2
assets/lang_chs.xml 0xb39c3f8b
assets/mainui.plist 0xdd00d7ff
assets/mainui.png 0x6e4a47df
assets/mainuisp.plist 0xcd1b0f8f
assets/mainuisp.png 0xd98ab6ac
assets/menu.plist 0x65f5b133
assets/menu.png 0x48b60019
assets/msf3uy.data 0x3ae6c394
assets/number_1.png 0x920bb8be
assets/number_2.png 0x31ebc54e
assets/number_3.png 0xc5cb990f
assets/particle/blue_bum.png 0xd595ed8a
assets/particle/diabomb.png 0x571bfd9c
assets/particle/diamond_bomb.plist 0x67a06a4
assets/particle/fire.png 0xbb6b0f1
assets/particle/fire02.png 0x19e19c4e
assets/particle/firework.plist 0x1a37ab45
assets/particle/firework_1.plist 0xd914d0dc
assets/particle/firework_1.png 0xfbd0b63d
assets/particle/firework_sp.plist 0x39b060b
assets/particle/fireworks.png 0xbbcc86cf
assets/particle/flash.plist 0x2fe431c0
assets/particle/green_bum.png 0xe79c90f6
assets/particle/purple_bum.png 0x4a69f11f
assets/particle/red_bum.png 0x8815f32
assets/particle/stars01.png 0xdc41f985
assets/particle/xx.png 0x380dbdda
assets/particle/yellow_bum.png 0xb17fb03c
assets/pri_pic/load 0x55d95eb1
assets/pri_pic/load01.png 0x98f80f52
assets/pri_pic/load02.png 0x584feaeb
assets/pri_pic/load03.png 0x5695231c
assets/pri_pic/load04.png 0x9c02c211
assets/pri_pic/load05.png 0xfb517d18
assets/pri_pic/load06.png 0x8afb198
assets/pri_pic/load07.png 0xd859f72c
assets/pri_pic/load08.png 0x8afb198
assets/pri_pic/load09.png 0x28db504b
assets/pri_pic/load10.png 0x9560e26b
assets/pri_pic/load11.png 0x3547cd19
assets/pri_pic/load12.png 0xcd48c3a
assets/pri_pic/load13.png 0x3c9b16e7
assets/pri_pic/load14.png 0x868712f7
assets/pri_pic/load15.png 0xc61098ba
assets/pri_pic/load16.png 0xae014448
assets/pri_pic/load17.png 0x7f84fa1e
assets/pri_pic/loadbig 0xc293953a
assets/pri_pic/loadsmall 0x8157dd91
assets/sounds/bg.mp3 0xcc31f124
assets/sounds/combo_1.mp3 0xe2312b95
assets/sounds/combo_2.mp3 0x231f8756
assets/sounds/combo_3.mp3 0x6c30ca48
assets/sounds/desktop.ini 0x2f88cdeb
assets/sounds/diamond.mp3 0x9f3ce38b
assets/sounds/fail.mp3 0x2decf4dc
assets/sounds/pop.mp3 0x9ae0011b
assets/sounds/readygo.ogg 0x5ef555bc
assets/sounds/reward.mp3 0xfdf9a535
assets/sounds/win.mp3 0x91951c40
assets/tguo.plist 0x2af17cf9
assets/tguo.png 0x1b4ca44e
assets/u_shader/exposure.fsh 0x9aed7180
assets/u_shader/gray.fsh 0xbe11d448
assets/u_shader/gray.vsh 0xc778cd4c
assets/wyzf/res.bin 0x714d16e4
assets/yf.conf 0x6df4add4
classes.dex 0x25c746e9
lib/armeabi/libeoths.so 0x39c88880
lib/armeabi/libshella-2.10.5.7.so 0xdcf00ce
lib/armeabi/libshellx-2.10.5.7.so 0x88fd97a0
lib/armeabi/mix.dex 0xa3517ce0
lib/armeabi/mixz.dex 0xa67045c7
res/drawable-xhdpi-v4/icon.png 0xf9cbb025
resources.arsc 0x68ebc338
tencent_stub 0x7b002aae
AndroidManifest.xml 0xd059f25c
lib/armeabi/libBugly.so 0x1ddd8547
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号