VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:594b0a92e820b1a960aef0b747d35877
Package names:com.Box
Minimum operating environment:Android 2.2.x
copyright:XXBox
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00020352, Text = Setup - NetCrunch WMI Tool, ClassName = TWizardForm.
hWnd = 0x0001034a, Text = Setup, ClassName = TApplication.
Behavior description:查找PE资源信息
details:(FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
Behavior description:获取TickCount值
details:TickCount = 247409, SleepMilliseconds = 50.
TickCount = 247471, SleepMilliseconds = 50.
TickCount = 247534, SleepMilliseconds = 50.
TickCount = 247596, SleepMilliseconds = 50.
TickCount = 247659, SleepMilliseconds = 50.
TickCount = 247721, SleepMilliseconds = 50.
TickCount = 247784, SleepMilliseconds = 50.
TickCount = 247846, SleepMilliseconds = 50.
TickCount = 247909, SleepMilliseconds = 50.
TickCount = 247971, SleepMilliseconds = 50.
TickCount = 248034, SleepMilliseconds = 50.
TickCount = 248096, SleepMilliseconds = 50.
TickCount = 248159, SleepMilliseconds = 50.
TickCount = 248221, SleepMilliseconds = 50.
TickCount = 248284, SleepMilliseconds = 50.
Process behavior
Behavior description:创建新文件进程
details:[0x00000b14]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp\996E.tmp" /SL5="$4033C,8853798,498688,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-VEC06.tmp\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-VEC06.tmp\_isetup\*
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IBL
Behavior description:隐藏指定窗口
details:[Window,Class] = [Setup,TApplication]
Behavior description:窗口信息
details:Pid = 2836, Hwnd=0x1037a, Text = Welcome to the NetCrunch WMI Tool Setup Wizard , ClassName = TNewStaticText.
Pid = 2836, Hwnd=0x10378, Text = This will install NetCrunch WMI Tool version 8.0 on your computer. It is recommended that you close all other applications before continuing. Click Next to continue, or Cancel to exit Setup., ClassName = TNewStaticText.
Pid = 2836, Hwnd=0x1036c, Text = LICENSE: AdRem Software hereby grants you a non-exclusive license to use its accompanying software product ("Software") for u, ClassName = TRichEditViewer.
Pid = 2836, Hwnd=0x2035c, Text = DirEdit, ClassName = TEdit.
Pid = 2836, Hwnd=0x10374, Text = &Next >, ClassName = TNewButton.
Pid = 2836, Hwnd=0x10372, Text = Cancel, ClassName = TNewButton.
Pid = 2836, Hwnd=0x20352, Text = Setup - NetCrunch WMI Tool, ClassName = TWizardForm.
Pid = 2836, Hwnd=0x50444, Text = 是(&Y), ClassName = Button.
Pid = 2836, Hwnd=0x20446, Text = 否(&N), ClassName = Button.
Pid = 2836, Hwnd=0x1044a, Text = Setup is not complete. If you exit now, the program will not be installed. You may run Setup again at another time to complete the installation. Exit Setup?, ClassName = Static.
Pid = 2836, Hwnd=0x503e8, Text = Exit Setup, ClassName = #32770.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:获取TickCount值
details:TickCount = 247409, SleepMilliseconds = 50.
TickCount = 247471, SleepMilliseconds = 50.
TickCount = 247534, SleepMilliseconds = 50.
TickCount = 247596, SleepMilliseconds = 50.
TickCount = 247659, SleepMilliseconds = 50.
TickCount = 247721, SleepMilliseconds = 50.
TickCount = 247784, SleepMilliseconds = 50.
TickCount = 247846, SleepMilliseconds = 50.
TickCount = 247909, SleepMilliseconds = 50.
TickCount = 247971, SleepMilliseconds = 50.
TickCount = 248034, SleepMilliseconds = 50.
TickCount = 248096, SleepMilliseconds = 50.
TickCount = 248159, SleepMilliseconds = 50.
TickCount = 248221, SleepMilliseconds = 50.
TickCount = 248284, SleepMilliseconds = 50.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00020352, Text = Setup - NetCrunch WMI Tool, ClassName = TWizardForm.
hWnd = 0x0001034a, Text = Setup, ClassName = TApplication.
Behavior description:枚举窗口
details:N/A
Behavior description:查找PE资源信息
details:(FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
[3]: MilliSeconds = 50.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 50.
[7]: MilliSeconds = 50.
[8]: MilliSeconds = 50.
[9]: MilliSeconds = 50.
[10]: MilliSeconds = 50.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
[5]: MilliSeconds = 250.
[6]: MilliSeconds = 250.
Behavior description:创建事件对象
details:EventName = MSCTF.SendReceive.Event.IBL.IC
EventName = MSCTF.SendReceiveConection.Event.IBL.IC
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> e6a8fc9b6315327875beb7c408d8771d
C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
Behavior description:打开互斥体
details:ShimCacheMutex
Activities
Activity nameTypes of
com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
com.e4a.runtime.android.StartActivityandroid.intent.category.LAUNCHER
com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
Dangerous function
Function nameinformation
ContentResolver;->query读取联系人、短信等数据库
Permission list
License nameinformation
com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
android.permission.READ_PHONE_STATE读取电话状态
android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
android.permission.INTERNET连接网络(2G或3G)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
File List
file name Check code
META-INF/MANIFEST.MF 0x898e46b3
META-INF/XIAOXUAN.SF 0x3ea84e86
META-INF/XIAOXUAN.RSA 0xb88cdb5
assets/1.png 0xf76e9415
assets/2.png 0xf69028fd
assets/3.png 0xae6a5384
assets/4.png 0x7577a49e
assets/5.png 0x4ed60a25
assets/6.png 0x4d90768d
assets/beijing.png 0x3b008654
assets/biaoti.png 0x24fa7d63
assets/bj.png 0x1616fe97
assets/dt.png 0x38280550
assets/gg.png 0x305c2319
assets/gy.png 0x8e23f261
assets/hez.png 0xf8d44b8e
assets/hz.png 0x3ff7077c
assets/ip.png 0xf4fb7ff7
assets/jianbian.jpg 0x87c52543
assets/jx.png 0x1bfa22ce
assets/kf.png 0x62d9f101
assets/lqq.png 0x2e5fac71
assets/lszt.png 0xbf1e10f8
assets/mb.jpg 0xcb0a34bd
assets/ofo.jpg 0xb7c89919
assets/q.txt 0x762ae69
assets/qq.txt 0x81dbf80e
assets/qqq.png 0xf8d44b8e
assets/qqq.txt 0x58d10359
assets/stick.gif 0x7cc00403
assets/stick_stand.png 0x795450f8
assets/tb.png 0x64997e56
assets/tx.jpg 0xa03d6345
assets/wl.png 0x83424da8
assets/wy.png 0x42e748db
assets/yj.png 0x4d5d160e
res/anim/dialog_scale_in.xml 0xd1205a18
res/anim/dialog_scale_out.xml 0xe4110112
res/anim/error_frame_in.xml 0xd0b84e8
res/anim/error_x_in.xml 0x75ae2b72
res/anim/success_bow_roate.xml 0x868ab202
res/anim/success_mask_layout.xml 0x803af484
res/drawable/aa_dialog_bg.xml 0xf44a03ba
res/drawable/beijing.png 0x177042a8
res/drawable/blue_button_background.xml 0xb79d34e1
res/drawable/dialog_background.xml 0x9003702f
res/drawable/e4alistview_new_message.png 0x1cdc5409
res/drawable/error_center_x.xml 0x445372ef
res/drawable/error_circle.xml 0xdc8e58f9
res/drawable/gray_button_background.xml 0x47f8b966
res/drawable/icon.png 0x5201868a
res/drawable/menu_shape_bg.xml 0x3c272e65
res/drawable/red_button_background.xml 0x3b459b27
res/drawable/success_bow.xml 0x95388dfa
res/drawable/success_circle.xml 0x1b7a3cc4
res/drawable/tb_munion_icon.xml 0x3c4bbb89
res/drawable/tb_munion_item_selector.xml 0xf1544202
res/drawable/umeng_common_gradient_green.xml 0x962bb903
res/drawable/umeng_common_gradient_orange.xml 0xd5106ae2
res/drawable/umeng_common_gradient_red.xml 0x133ade08
res/drawable/umeng_update_button_cancel_bg_focused.xml 0xe15186e2
res/drawable/umeng_update_button_cancel_bg_normal.xml 0x7f247f01
res/drawable/umeng_update_button_cancel_bg_selector.xml 0xa1e18dd6
res/drawable/umeng_update_button_cancel_bg_tap.xml 0x8b9edc3
res/drawable/umeng_update_button_check_selector.xml 0x88df2f4b
res/drawable/umeng_update_button_close_bg_selector.xml 0xed19a512
res/drawable/umeng_update_button_ok_bg_focused.xml 0xca9ec970
res/drawable/umeng_update_button_ok_bg_normal.xml 0xafd26ea2
res/drawable/umeng_update_button_ok_bg_selector.xml 0xdf945dd7
res/drawable/umeng_update_button_ok_bg_tap.xml 0x2b2a0e55
res/drawable/umeng_update_dialog_bg.xml 0x565551a3
res/drawable/umeng_update_title_bg.xml 0x9173f89e
res/drawable/umeng_update_wifi_disable.png 0xe635e071
res/drawable/warning_circle.xml 0xaf66bb8a
res/drawable/warning_sigh.xml 0xfac8fec6
res/layout/alert_dialog.xml 0x17249650
res/layout/layout_dialog_wz.xml 0x7855b043
res/layout/oklianyi_bujv.xml 0xed4a2d2e
res/layout/tb_munion_aditem.xml 0xea92cdd3
res/layout/umeng_common_download_notification.xml 0x102359e4
res/layout/umeng_update_dialog.xml 0x9d42bc26
AndroidManifest.xml 0xd054e34
resources.arsc 0x2d83deb7
res/layout-v14/left_drawer_fragment.xml 0xd906f155
res/layout-v14/profile_drawer_right.xml 0x1d756642
res/layout-v14/slidingmenumain.xml 0xc4c4cae0
res/layout-v9/umeng_common_download_notification.xml 0x54663881
res/drawable-hdpi/custom_img.jpg 0x5180fa2a
res/drawable-hdpi/umeng_update_btn_check_off_focused_holo_light.png 0x63f5fdb0
res/drawable-hdpi/umeng_update_btn_check_off_holo_light.png 0x9dd19bd9
res/drawable-hdpi/umeng_update_btn_check_off_pressed_holo_light.png 0x3f0df474
res/drawable-hdpi/umeng_update_btn_check_on_focused_holo_light.png 0x3a86058e
res/drawable-hdpi/umeng_update_btn_check_on_holo_light.png 0x54ca4df0
res/drawable-hdpi/umeng_update_btn_check_on_pressed_holo_light.png 0xc6e0029f
res/drawable-hdpi/umeng_update_close_bg_normal.png 0xfbb3a5d2
res/drawable-hdpi/umeng_update_close_bg_tap.png 0xa852b3ec
res/drawable-xhdpi/shadow.xml 0xfa069760
res/drawable-xhdpi/shadowright.xml 0x34918384
classes.dex 0x17b3f7da
lib/armeabi/libbspatch.so 0x6333ecec
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号