VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:45f533cff22dfa3f844e9b4417c524db
Package names:com.live.android.live
Minimum operating environment:Android 2.3.3, 2.3.4
copyright:Unknown
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0064A687
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x005A757D
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00618841
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:直接获取CPU时钟
details:EAX = 0x04af6d45, EDX = 0x000000b7
EAX = 0x04af6d91, EDX = 0x000000b7
EAX = 0x04af6ddd, EDX = 0x000000b7
EAX = 0x04af6e29, EDX = 0x000000b7
EAX = 0x04af6e75, EDX = 0x000000b7
EAX = 0x04af6ec1, EDX = 0x000000b7
EAX = 0x04af6f0d, EDX = 0x000000b7
EAX = 0x04af6f59, EDX = 0x000000b7
EAX = 0x04af6fa5, EDX = 0x000000b7
EAX = 0x04af6ff1, EDX = 0x000000b7
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2872, StartAddress = 005A80B5, Parameter = 001B60F8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2876, StartAddress = 005A80B5, Parameter = 001B60F8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2880, StartAddress = 005A80B5, Parameter = 001B60F8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2912, StartAddress = 005A80B5, Parameter = 001B60F8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2916, StartAddress = 005A80B5, Parameter = 001B8FD8
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*_CLASSES\Interface\{8224C668-8596-82A8-83DC-806E31AE4817}\
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x0064A687
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x005A757D
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00618841
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IGK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IGK.IC
EventName = MSCTF.SendReceiveConection.Event.IGK.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:窗口信息
details:Pid = 2660, Hwnd=0x10362, Text = 1.1, ClassName = _EL_Label.
Pid = 2660, Hwnd=0x10360, Text = 连接数据库, ClassName = Button.
Pid = 2660, Hwnd=0x10356, Text = 权限, ClassName = _EL_Label.
Pid = 2660, Hwnd=0x10354, Text = 0, ClassName = Edit.
Pid = 2660, Hwnd=0x10350, Text = 元宝, ClassName = _EL_Label.
Pid = 2660, Hwnd=0x1034e, Text = 密码, ClassName = _EL_Label.
Pid = 2660, Hwnd=0x1034c, Text = 账号, ClassName = _EL_Label.
Pid = 2660, Hwnd=0x10348, Text = 生成, ClassName = Button.
Pid = 2660, Hwnd=0x1035e, Text = 123456, ClassName = Edit.
Pid = 2660, Hwnd=0x1035c, Text = 123456, ClassName = Edit.
Pid = 2660, Hwnd=0x1035a, Text = 123456, ClassName = Edit.
Pid = 2660, Hwnd=0x10352, Text = 123456, ClassName = Edit.
Pid = 2660, Hwnd=0x1034a, Text = 123456, ClassName = Edit.
Pid = 2660, Hwnd=0x10346, Text = 123456, ClassName = Edit.
Pid = 2660, Hwnd=0x10344, Text = 123456, ClassName = Edit.
Behavior description:直接获取CPU时钟
details:EAX = 0x04af6d45, EDX = 0x000000b7
EAX = 0x04af6d91, EDX = 0x000000b7
EAX = 0x04af6ddd, EDX = 0x000000b7
EAX = 0x04af6e29, EDX = 0x000000b7
EAX = 0x04af6e75, EDX = 0x000000b7
EAX = 0x04af6ec1, EDX = 0x000000b7
EAX = 0x04af6f0d, EDX = 0x000000b7
EAX = 0x04af6f59, EDX = 0x000000b7
EAX = 0x04af6fa5, EDX = 0x000000b7
EAX = 0x04af6ff1, EDX = 0x000000b7
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Activities
Activity nameTypes of
.Mainandroid.intent.action.MAIN
.Mainandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
java/net/URL;->openConnection连接URL
HttpClient;->execute请求远程服务器
DefaultHttpClient;->execute发送HTTP请求
Startup mode
nameinformation
com.live.android.live.wr屏幕解锁启动服务
com.live.android.live.wr
com.live.android.live.wr
com.live.android.live.wr
com.live.android.live.wr
com.live.android.live.wr
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$ap
com.live.android.live.wr$as开机启动服务
com.live.android.live.wr$as网络连接改变时启动服务
com.live.android.live.wr$as应用安装时启动服务
com.live.android.live.wr$as
com.live.android.live.wr$as应用卸载时启动服务
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE读取电话状态
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.CHANGE_COMPONENT_ENABLED_STATE变更组件状态
android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
android.permission.DUMP转存系统信息
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.BROADCAST_STICKY发送持久广播
android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
android.permission.FORCE_STOP_PACKAGES
android.permission.PACKAGE_USAGE_STATS
android.permission.RESTART_PACKAGES重启其他程序
android.permission.BATTERY_STATS电量统计
android.permission.GET_APP_OPS_STATS
android.permission.UPDATE_APP_OPS_STATS
android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
com.android.updater.permission.RECEIVE_BROADCAST
android.permission.BROADCAST_PACKAGE_ADDED添加应用时广播
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_INSTALL
android.permission.BROADCAST_PACKAGE_REPLACED
com.live.android.live.permission.MIPUSH_RECEIVE
android.permission.CHANGE_WIFI_MULTICAST_STATE变更WIFI多播状态
com.meizu.flyme.push.permission.RECEIVE
com.meizu.c2dm.permission.RECEIVE
Service list
name
com.live.android.live.ms
com.live.android.live.hs
com.live.android.live.js
File List
file name Check code
META-INF/MANIFEST.MF 0xdf918f35
META-INF/CERT.SF 0x2690ca3e
META-INF/CERT.RSA 0x7b4332cd
AndroidManifest.xml 0x80c0bfd0
assets/armeabi-v7a/Dn 0xb4f4c878
assets/armeabi/Dn 0xe3724edd
assets/mips/Dn 0x33c42e82
assets/w 0x4e82063b
assets/x86/Dn 0x6c04e916
classes.dex 0x1f4f0c69
lib/armeabi-v7a/libDa0.so 0x8d4af81
lib/armeabi-v7a/libDa1.so 0x5b781a23
lib/armeabi/libDa0.so 0xa25939
lib/armeabi/libDa1.so 0x843cae61
lib/mips/libDa0.so 0x591cd894
lib/mips/libDa1.so 0x8c3fe85b
lib/x86/libDa0.so 0xb2f63f40
lib/x86/libDa1.so 0x21ec33b6
resources.arsc 0xaf125df6
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号