VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:3aaea8e8a81b9c0b29679106b617deba
Package names:com.getmusic
Minimum operating environment:Android 2.2.x
copyright:E4A
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x0000014D, Name: NtSetInformationProcess, Instruction Address = 0x01363B13
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00040138, DC = 0x070106d1.
Foreground window Info: HWND = 0x00070204, DC = 0x070106d1.
Foreground window Info: HWND = 0x00070204, DC = 0x06010871.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 512
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 516
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1540
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal ---> Offset = 1544
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents ---> Offset = 1024
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Roaming\Adobe
FileName = C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat
FileName = C:\Users\Administrator\AppData\Roaming\Adobe\Acrobat\9.0
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Compare.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\DVA.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\eBook.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\IA32.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
FileName = C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\HLS.api
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Adobe\Acrobat Reader\9.0\AVGeneral\bLastExitNormal
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SYSTEM\Acrobatviewercpp304\
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:2AC1A572DB6944B0A65C38C4140AF2F4ab46D117134
Acrobat Instance Mutex
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Acrobat Viewer]
[Window,Class] = [,Edit]
[Window,Class] = [AVNullDocView,AVL_AVView]
[Window,Class] = [AVSplitterView,AVL_AVView]
[Window,Class] = [,ScrollBar]
[Window,Class] = [AVRulerView,AVL_AVView]
[Window,Class] = [AVTabStripView,AVL_AVView]
[Window,Class] = [AVTableContainerView,AVL_AVView]
[Window,Class] = [AVToolBarView,AVL_AVView]
[Window,Class] = [AVDockableHostView,AVL_AVView]
Behavior description:直接调用系统关键API
details:Index = 0x0000014D, Name: NtSetInformationProcess, Instruction Address = 0x01363B13
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [AdobeAcrobatSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [AdobeReaderSpeedLaunchCmdWnd,]
NtUserFindWindowEx: [Class,Window] = [Acrobat Instance Window Class,Acrobat Instance Window]
NtUserFindWindowEx: [Class,Window] = [Acrobat Viewer,]
NtUserFindWindowEx: [Class,Window] = [JFWUI2,]
NtUserFindWindowEx: [Class,Window] = [AcrobatTimerWnd,]
Behavior description:窗口信息
details:Pid = 2740, Hwnd=0x501b2, Text = AVToolBarHostView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x701f6, Text = AVTabStripView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x40162, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x50176, Text = AVSplitationPageView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0xc01ca, Text = AVSplitterView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x3013c, Text = AVScrolledPageView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0xd01ba, Text = AVScrollView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x8019c, Text = AVTableContainerView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x4013a, Text = 27.513 x 19.048 厘米, ClassName = Static.
Pid = 2740, Hwnd=0x40138, Text = AVPageView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x501e0, Text = AVNullDocView, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x40196, Text = AVToolBarEasel, ClassName = AVL_AVView.
Pid = 2740, Hwnd=0x601e4, Text = 70.7%, ClassName = Edit.
Pid = 2740, Hwnd=0x901d2, Text = 1, ClassName = Edit.
Pid = 2740, Hwnd=0x70204, Text = %temp%\****.pdf - Adobe Reader, ClassName = AcrobatSDIWindow.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2740
MSFT.VSA.IEC.STATUS.6c736db0
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00040138, DC = 0x070106d1.
Foreground window Info: HWND = 0x00070204, DC = 0x070106d1.
Foreground window Info: HWND = 0x00070204, DC = 0x06010871.
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Activities
Activity nameTypes of
com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
com.stub.stub01.Stub01android.intent.action.MAIN
com.stub.stub01.Stub01android.intent.category.LAUNCHER
com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
com.tencent.smtt.sdk.VideoActivitycom.tencent.smtt.tbs.video.PLAY
com.tencent.smtt.sdk.VideoActivityandroid.intent.category.DEFAULT
Dangerous function
Function nameinformation
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
Permission list
License nameinformation
com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
android.permission.READ_PHONE_STATE读取电话状态
android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
android.permission.INTERNET连接网络(2G或3G)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
android.permission.READ_SETTINGS
android.permission.WRITE_SETTINGS读写系统设置项
android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
Service list
name
com.stub.stub01.Stub03
com.stub.stub02.Stub02
com.stub.stub02.Stub03
com.stub.stub05.Stub02
Providers
nameinformation
com.stub.stub02.Stub04
File List
file name Check code
META-INF/MANIFEST.MF 0xec52382d
META-INF/IO_GETMU.SF 0x4cb50909
META-INF/IO_GETMU.RSA 0x413a6eb1
AndroidManifest.xml 0x7da8c3be
assets/.appkey 0xfeb3afeb
assets/123321123.png 0xe28b62d7
assets/48.png 0xd6a79643
assets/FileDialog/1.png 0x78686c7a
assets/FileDialog/2.png 0x7e93bac3
assets/FileDialog/3.png 0x4608dc7e
assets/FileDialog/4.png 0xae74269b
assets/FileDialog/5.png 0x67adec41
assets/FileDialog/6.png 0xcd055e6c
assets/FileDialog/7.png 0x446d8c59
assets/FileDialog/8.png 0x46c0be08
assets/FileDialog/9.png 0xbdadc5b1
assets/ann.png 0xfdc4eca2
assets/ann_meitu_1.jpg 0x3675bb85
assets/backs.png 0x7c501fa8
assets/bt.png 0xda0b8857
assets/dq.png 0x5b794d70
assets/fx.png 0xfe12434a
assets/ic_back.png 0x7306c187
assets/libjiagu.so 0x33ed92f2
assets/libjiagu_ls.so 0xcc92cf74
assets/libjiagu_x86.so 0xa0bd9b30
assets/qq.png 0xbcd8671b
assets/rw.png 0x8d9aabac
assets/s2.png 0x5747ff6b
assets/s4.png 0x13a9e7ac
assets/s6.png 0x96053b42
assets/ssk.png 0x360ea481
assets/user.png 0x76929af7
assets/xz.png 0x370d3126
classes.dex 0xa0026ca5
lib/armeabi/liblbs.so 0xbe8edb00
res/anim/spinner.xml 0xf6e71d9d
res/drawable-hdpi/background_toast.xml 0x178e945c
res/drawable-hdpi/default_toast.xml 0x7a23122d
res/drawable-hdpi/error_toast.xml 0x868e74ab
res/drawable-hdpi/info_toast.xml 0xcfbefc80
res/drawable-hdpi/progress_custom_bg.xml 0x9444c7
res/drawable-hdpi/success_toast.xml 0x810563ca
res/drawable-hdpi/warning_toast.xml 0xd235369d
res/drawable-xhdpi/flicker.png 0x5f27cafb
res/drawable/e4alistview_new_message.png 0x1cdc5409
res/drawable/icon.png 0xf1983642
res/drawable/progress_custom_bg.xml 0x9444c7
res/drawable/spinner_1.png 0x3ced7ec2
res/drawable/spinner_10.png 0x467437da
res/drawable/spinner_11.png 0x8221323d
res/drawable/spinner_12.png 0xa695d39b
res/drawable/spinner_2.png 0xb3d08bb5
res/drawable/spinner_3.png 0xfaa5365b
res/drawable/spinner_4.png 0x50c9309b
res/drawable/spinner_5.png 0x113a2b04
res/drawable/spinner_6.png 0x32024394
res/drawable/spinner_7.png 0xd4414c95
res/drawable/spinner_8.png 0x31039f6
res/drawable/spinner_9.png 0x191cc91e
res/layout/default_toast_layout.xml 0x3a76e3b8
res/layout/error_toast_layout.xml 0x35e50c88
res/layout/info_toast_layout.xml 0x73a2e399
res/layout/progress_custom.xml 0x23eb7a0c
res/layout/success_toast_layout.xml 0xff32f8c0
res/layout/warning_toast_layout.xml 0x22d25bb4
resources.arsc 0xc9ba4986
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号