VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:3c46b3c2a445cac107d8fb4fc88b78ce
Package names:com.iapp.i258263
Minimum operating environment:Android 2.2.x
copyright:Android
Key behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Process behavior
Behavior description:创建本地线程
details:TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2816, StartAddress = 77E56C7D, Parameter = 001A6640
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2820, StartAddress = 769AE43B, Parameter = 001A8F08
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2824, StartAddress = 77E56C7D, Parameter = 001AA5B8
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2880, StartAddress = 326138F8, Parameter = 03FCC4E0
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2908, StartAddress = 3BE7617C, Parameter = 00000000
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 2924, StartAddress = 3264B7DB, Parameter = 00000000
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 3140, StartAddress = 314AB3EA, Parameter = 320FDEB0
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2704, ThreadID = 3252, StartAddress = 314AB3EA, Parameter = 320FDEB0
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{417AA1B6-F90F-4E07-99D7-18677A17F45C}.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe.dump\~$安装说明.docx
C:\Documents and Settings\Administrator\Local Settings\Temp\mso3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{A9A6A8AC-A2D4-4952-8307-2C83F1A654CD}.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{D1E1FB62-9458-4638-A573-E12A60B2176D}.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\安装说明.docx.LNK
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\%temp%\****.exe.dump.LNK
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{018C7440-37A9-433A-A30C-870A4A47D07B}.tmp
C:\Documents and Settings\Administrator\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\mso3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp
Behavior description:查找文件
details:FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office 2007
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\Program Files\Microsoft Office 2007\Office12\Normal.dotm
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\mso3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp
Behavior description:复制文件
details:C:\Program Files\Microsoft Office 2007\Office12\OPA12.BAK ---> C:\Program Files\Microsoft Office 2007\Office12\opa12.dat
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm ---> Offset = 54
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{417AA1B6-F90F-4E07-99D7-18677A17F45C}.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe.dump\~$安装说明.docx ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe.dump\~$安装说明.docx ---> Offset = 54
C:\Documents and Settings\Administrator\Local Settings\Temp\mso3.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{D1E1FB62-9458-4638-A573-E12A60B2176D}.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\mso4.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\安装说明.docx.LNK ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat ---> Offset = 28
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\%temp%\****.exe.dump.LNK ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex ---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\&i-
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\ProductFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\2052
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\1033
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\WORDFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\5s-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\!w-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\hx-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\fx-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\~y-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\|z-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\:z-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\ReviewCycle\ReviewToken
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\5s-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\!w-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\hx-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\fx-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\~y-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\|z-
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Max Display
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 2
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 3
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 4
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 5
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 6
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 7
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 8
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.GCompartListMUTEX.DefaultS-*
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
MSCTF.Shared.MUTEX.IOH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.EJK
Behavior description:创建事件对象
details:EventName = Local\PrimaryWord12Mutex_S-*
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EJK.IC
EventName = MSCTF.SendReceiveConection.Event.EJK.IC
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
MSFT.VSA.COM.DISABLE.2704
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [mspim_wnd32,]
NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
Behavior description:窗口信息
details:Pid = 2704, Hwnd=0x10356, Text = MsoDockTop, ClassName = MsoCommandBarDock.
Pid = 2704, Hwnd=0x1035c, Text = Ribbon, ClassName = MsoCommandBar.
Pid = 2704, Hwnd=0x1035a, Text = MsoDockBottom, ClassName = MsoCommandBarDock.
Pid = 2704, Hwnd=0x1035e, Text = 状态栏, ClassName = MsoCommandBar.
Pid = 2704, Hwnd=0x1036c, Text = 状态栏, ClassName = MsoWorkPane.
Pid = 2704, Hwnd=0x20346, Text = 安装说明.docx, ClassName = _WwB.
Pid = 2704, Hwnd=0x10376, Text = Microsoft Word 文档, ClassName = _WwG.
Pid = 2704, Hwnd=0x10378, Text = 垂直, ClassName = NUIScrollbar.
Pid = 2704, Hwnd=0x1037e, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2704, Hwnd=0x10380, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2704, Hwnd=0x1034c, Text = MsoWorkPane, ClassName = MsoWorkPane.
Pid = 2704, Hwnd=0x10360, Text = MsoWorkPane, ClassName = MsoWorkPane.
Pid = 2704, Hwnd=0x2033e, Text = 安装说明.docx - Microsoft Word, ClassName = OpusApp.
Pid = 2704, Hwnd=0x10392, Text = Ribbon, ClassName = MsoWorkPane.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ThunderRT6Main]
[Window,Class] = [,_WwB]
Behavior description:打开互斥体
details:ShimCacheMutex
Local\MU_ACBPIDS09_S-1-5-5-0-52227
CtfmonInstMutexDefaultS-*
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\!IETld!Mutex
Activities
Activity nameTypes of
com.yougaile.app.logoActivityandroid.intent.action.MAIN
com.yougaile.app.logoActivityandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
SmsManager;->sendTextMessage发送普通短信
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getLine1Number获取手机号
ActivityManager;->killBackgroundProcesses中断进程,可用于关闭杀软
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
java/net/URL;->openConnection连接URL
HttpClient;->execute请求远程服务器
DefaultHttpClient;->execute发送HTTP请求
android/app/NotificationManager;->notify信息通知栏
WifiManager;->setWifiEnabled变更WIFI状态
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE读取电话状态
File List
file name Check code
META-INF/MANIFEST.MF 0x9899a6e3
META-INF/CERT.SF 0x37400abb
META-INF/CERT.RSA 0x9324afc4
assets/131_LiBai_actorInfo_D006A409C63982D5.assetbundle 0xbd9745b2
assets/123_LvBu_skillEffect.assetbundle 0xbc2f11be
res/drawable/hy_xml_ui_user_t.xml 0x922ae719
res/drawable/hy_xml_ui_user_it52.xml 0xddb306ac
res/drawable-hdpi/ic_arrow_left.png 0xede5ec62
res/drawable/list_itemshighlighted_translucent.xml 0xfa3fa5f8
assets/154_HuaMuLan_actorInfo_8907AC1466556CDE.assetbundle 0xa97f2689
resources.arsc 0xc7805d2
assets/Userimg/hggjf.png 0x18f55462
assets/128_CaoCao_skillEffect_0C1F042AB9515E0C.assetbundle 0x57691a6a
assets/ma.zip 0x48f35fda
res/layout/activity_webview.xml 0x70fdd1aa
AndroidManifest.xml 0xb41fdeb0
assets/130_GongBenWuZang_skillEffect_E8B0B022475EA1AB.assetbundle 0x553dda04
assets/133_DiRenJie_actorInfo_9B756A2AC53DA580.assetbundle 0x150ab1ab
assets/hx.zip 0xe81fe4db
res/drawable/hy_xml_ui_user_itt2.xml 0x4254e2fc
assets/mian.iyu 0xedd8e8a8
assets/130_GongBenWuZang_skillEffect.assetbundle 0x3556aa5a
res/drawable/hy_xml_ui_user_it32.xml 0xa68cb5cb
assets/131_LiBai_skillEffecthy.assetbundle 0xb80232a0
res/drawable-hdpi/notice_down_icon.png 0x13e56a9c
assets/107_Zhaoyun_actorInfo_D23409176DEC8FC8.assetbundle 0xb31d5ff4
assets/146_HongFu_actorInfo_B2ACFF35F6943473.assetbundle 0xdf0be868
assets/131_LiBai_skillEffect.assetbundle 0x5f7dc01
assets/xxx.zip 0x8b8638f5
assets/hz.zip 0xac7c6c64
assets/106_XiaoQiao_skillEffect.assetbundle 0xeb3ec6d5
assets/167_WuKong_skillEffect_8D80DE7406043D88.assetbundle 0x2d42b288
assets/mian22.iyu 0x3801f526
assets/109_DaJi_skillEffect_128FF641538FD61A.assetbundle 0xf4047939
classes.dex 0xb5f50533
assets/xian.zip 0x20fa5872
assets/150_HanXin_skillEffect.assetbundle 0x8af3be19
assets/106_XiaoQiao_skillEffect_3820BF529348681A.assetbundle 0xe14a07a4
assets/cc.zip 0x368d944f
assets/128_CaoCao_skillEffect_06252B7EDC674431.assetbundle 0x1ee84c2e
assets/lvbu.zip 0xd5e34236
res/layout/activity_main.xml 0x72ddba6c
assets/133_DiRenJie_skillEffect.assetbundle 0x27fd4041
res/drawable-hdpi/icon.png 0x7ff55f03
res/drawable/hy_xml_ui_user_itt.xml 0xe02f3873
assets/123_LvBu_skillEffecthy.assetbundle 0x89e33df3
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号