VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:54bc7a8fb184884a26e4cce74697d3a5
Package names:com.tutusw.onekeyvpn
Minimum operating environment:Android 1.5
copyright:
Key behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Local\PrimaryWord12SharedMemoryArea_S-*
MSCTF.GCompartListSFM.DefaultS-*
DfSharedHeap3D4479
DFMap0-4015236
\WINDOWS\system32\zh-cn\wshom.ocx.mui
MSCTF.MarshalInterface.FileMap.IKI..AIPGH
MSCTF.MarshalInterface.FileMap.IKI.B.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.C.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.D.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.E.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.F.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.G.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.H.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.I.AKPGH
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ThunderRT6Main]
Process behavior
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
Local\PrimaryWord12SharedMemoryArea_S-*
MSCTF.GCompartListSFM.DefaultS-*
DfSharedHeap3D4479
DFMap0-4015236
\WINDOWS\system32\zh-cn\wshom.ocx.mui
MSCTF.MarshalInterface.FileMap.IKI..AIPGH
MSCTF.MarshalInterface.FileMap.IKI.B.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.C.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.D.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.E.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.F.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.G.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.H.AKPGH
MSCTF.MarshalInterface.FileMap.IKI.I.AKPGH
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm---> Offset = 0
Behavior description:查找文件
details:FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office 2007
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\Program Files\Microsoft Office 2007\Office12\Normal.dotm
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\q,0
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\ProductFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\2052
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\1033
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\WORDFiles
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\;30
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\;50
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\860
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\x60
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\d60
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\#70
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\b70
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\;30
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\;50
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\860
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\x60
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\d60
\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\#70
Other behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [mspim_wnd32,]
NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ThunderRT6Main]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.GCompartListMUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IKI
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Dangerous behavior
Behavior description:执行系统命令
details:[u'su']
Dynamic list behavior
Behavior description:访问网络
details:host:127.0.0.1 port:43182
Behavior description:启动服务
details:{"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.tutusw.onekeyvpn\/com.tutusw.onekeyvpn.service.OpenVpnService}"}
{"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.tutusw.onekeyvpn\/com.tutusw.onekeyvpn.service.OpenVpnService}"}
Behavior description:读取文件
details:path:/data/data/com.tutusw.onekeyvpn/shared_prefs/com.tutusw.onekeyvpn_preferences.xml length:261
path:/proc/mounts length:69
path:/proc/mounts length:5
Behavior description:注册广播接收器
details:[u'com.tutusw.onekeyvpn.DaemonEnabler$1@415ab078', u'android.content.IntentFilter@415ab100']
[u'com.tutusw.onekeyvpn.util.NetworkConnectivityListener$ConnectivityBroadcastReceiver@41530508', u'android.content.IntentFilter@41524ef8']
Behavior description:初始化IntentFilter
details:[u'com.tutusw.onekeyvpn.Intents.DAEMON_STATE_CHANGED']
Behavior description:获取root权限
details:su
Behavior description:窗口信息
details:{"text": "请授权", "class": "android.widget.TextView"}
{"text": "一键翻墙需要root权限才能运行,请在授权管理中对一键翻墙进行授权,完成授权后,请重新启动一键翻墙软件!", "class": "android.widget.TextView"}
{"text": "确认", "class": "android.widget.Button"}
Behavior description:缓冲区读取一行数据
details:rootfs / rootfs rw 0 0
tmpfs /dev tmpfs rw,nosuid,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
none /acct cgroup rw,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,cpu 0 0
/dev/block/mtdblock0 /system yaffs2 rw 0 0
/dev/block/mtdblock1 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock2 /cache yaffs2 rw,nosuid,nodev 0 0
null
Behavior description:添加View
details:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414ec288', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#8020002 pfl=0x8 fmt=-2 wanim=0x1030002}', u'android.view.CompatibilityInfoHolder@414af930']
[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414b4560', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#8010100 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414af930']
[u'com.android.internal.policy.impl.PhoneWindow$DecorView@415aa528', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#8020002 pfl=0x8 fmt=-2 wanim=0x1030002}', u'android.view.CompatibilityInfoHolder@414af930']
Behavior description:初始化Intent
details:[u'com.tutusw.onekeyvpn.OpenVpnSettings@414cf5d8', u'class com.tutusw.onekeyvpn.service.OpenVpnService']
[u'android.os.Parcel@414ad1a8']
[u'com.tutusw.onekeyvpn.OpenVpnSettings@414cf5d8', u'class com.tutusw.onekeyvpn.service.OpenVpnService']
[u'android.os.Parcel@414ad168']
[u'android.os.Parcel@414ad168']
[u'com.tutusw.onekeyvpn.Intents.OPEN_VPN_SERVICE_STARTED']
[u'android.os.Parcel@414ad168']
[u'android.os.Parcel@414ad168']
[u'android.app.ReceiverRestrictedContext@4159b190', u'class com.tutusw.onekeyvpn.service.OpenVpnService']
[u'android.os.Parcel@414ad1a8']
Behavior description:执行系统命令
details:[u'su']
Behavior description:发送广播
details:{"ACTION":"com.tutusw.onekeyvpn.Intents.OPEN_VPN_SERVICE_STARTED","FLAG":0}
Behavior description:root权限检测
details:/system/bin/su
/system/xbin/su
Behavior description:写入文件
details:path:/data/data/com.tutusw.onekeyvpn/shared_prefs/com.tutusw.onekeyvpn_preferences.xml length:261
path:/data/data/com.tutusw.onekeyvpn/shared_prefs/com.tutusw.onekeyvpn_preferences.xml length:32
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/02.pem length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/02.pem length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/02.pem length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/02.pem length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/ca.crt length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/ca.crt length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/client.ovpn length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.crt length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.crt length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.crt length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.crt length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.csr length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.key length:69
path:/data/data/com.tutusw.onekeyvpn/files/openvpn/ta.key length:69
Activities
Activity nameTypes of
OpenVpnSettingsandroid.intent.action.MAIN
OpenVpnSettingsandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
android/app/NotificationManager;->notify信息通知栏
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
Startup mode
nameinformation
com.tutusw.onekeyvpn.util.BootCompletedReceiver开机启动服务
Permission list
License nameinformation
android.permission.READ_PHONE_STATE读取电话状态
android.permission.INTERNET连接网络(2G或3G)
android.permission.BROADCAST_STICKY发送持久广播
Service list
name
com.tutusw.onekeyvpn.service.OpenVpnService
File List
file name Check code
assets/config/02.pem 0x1c5f229
assets/config/ca.crt 0xe12630a6
assets/config/client.ovpn 0xf5ec6814
assets/config/client1.crt 0x1c5f229
assets/config/client1.csr 0xde54e1c3
assets/config/client1.key 0xc0fa4882
assets/config/ta.key 0x3f214b77
assets/WebView.db.init 0xa5418f8d
assets/busybox 0xb74bad33
assets/com.tutusw.onekeyvpn_preferences.xml 0x9ee79312
assets/openvpn 0xfbb1a580
res/drawable/ic_menu_refresh.png 0x2ad6de0b
res/drawable/logo.png 0xc52ee465
res/drawable/vpn_connected.png 0x732dde87
res/drawable/vpn_disconnected.png 0xd28b8c8d
res/drawable/vpn_disconnected_attention.png 0x99dee966
res/layout/config_list_item.xml 0xe21ca877
res/layout/edit_config.xml 0xc30a3f75
res/layout/enter_passphrase.xml 0x61f11d67
res/layout/enter_user_password.xml 0x2cf7c74c
res/layout/import_files.xml 0x59b5f45e
res/layout/listview.xml 0x9b529db7
res/layout/monitor.xml 0x8245f9b2
res/menu/settings_menu.xml 0x83d59fb3
res/xml/advanced_settings.xml 0x2da211c8
res/xml/empty.xml 0x369077fa
res/xml/openvpn_settings.xml 0x3b262a26
AndroidManifest.xml 0x3c16efd4
resources.arsc 0x1d646918
classes.dex 0x7aedefa2
META-INF/MANIFEST.MF 0xf125115a
META-INF/CERT.SF 0x3a765835
META-INF/CERT.RSA 0x884c0b42
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号