VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :
基本信息
MD5:5bc3ab8c57f61a38ba0991a9bce4baa0
包名:com.bd.dalu.highspeed
最低运行环境:Android 2.3, 2.3.1, 2.3.2
版权:hz
关键行为
行为描述:跨进程写入数据
详情信息:TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [LOL英雄联盟角色数据查询 makeBy:Bill,Ex_DirectUI]
行为描述:按名称获取主机地址
详情信息:fget-career.com
google.com
行为描述:内存映射方式修改可执行文件
详情信息:\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述:跨进程写代码段数据
详情信息:C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.MFF..NMKGH
MSCTF.MarshalInterface.FileMap.MFF.B.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.C.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.D.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.E.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.F.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.G.NNKGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
行为描述:在根目录创建自运行文件
详情信息:C:\DiskX\autorun.inf
行为描述:设置特殊文件夹属性
详情信息:C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505
行为描述:修改注册表_启动项
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
进程行为
行为描述:创建进程
详情信息:ImagePath = C:\Program Files\Internet Explorer\IEXPLORE.EXE, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
行为描述:跨进程写入数据
详情信息:TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445107752.257008.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询Srv.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445107752.257008.exe_7zdump\【LOL英雄联盟数据查询】【
ImagePath = C:\Program Files\Microsoft\DesktopLayer.exe, CmdLine = "C:\Program Files\Microsoft\DesktopLayer.exe"
行为描述:枚举进程
详情信息:N/A
行为描述:跨进程写代码段数据
详情信息:C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
文件行为
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445107752.246525.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询Srv.exe
C:\Program Files\Microsoft\DesktopLayer.exe
C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe
行为描述:查找文件
详情信息:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\*.*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.*
FileName = C:\DiskX\*.*
FileName = C:\DiskX\RECYCLER\*.*
行为描述:内存映射方式修改可执行文件
详情信息:\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述:修改原系统的可执行文件
详情信息:C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll---> Offset = 376832
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.MFF..NMKGH
MSCTF.MarshalInterface.FileMap.MFF.B.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.C.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.D.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.E.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.F.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.G.NNKGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
行为描述:在根目录创建自运行文件
详情信息:C:\DiskX\autorun.inf
行为描述:设置特殊文件夹属性
详情信息:C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505
行为描述:修改文件内容
详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0
C:\Program Files\Microsoft\px4.tmp---> Offset = 0
C:\Program Files\Internet Explorer\dmlconf.dat---> Offset = 0
C:\DiskX\autorun.inf---> Offset = 7322
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 39547
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 5201
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html---> Offset = 12867
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html---> Offset = 0
行为描述:修改新生成的可执行文件
详情信息:C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe---> Offset = 53248
C:\Documents and Settings\Administrator\Local Settings\%temp%\1445107754.249405.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询.exe---> Offset = 1347584
C:\Documents and Settings\Administrator\Local Settings\%temp%\1445107754.252949.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询Srv.exe---> Offset = 53248
网络行为
行为描述:发送一个已连接的套接字数据
详情信息:SOCKET = 0x000000d8, TotalSize = 6, Offset = 0, ReadSize = 6.
行为描述:建立到一个指定的套接字连接
详情信息:219.133.40.1:443
219.133.40.1:80
行为描述:按名称获取主机地址
详情信息:fget-career.com
google.com
注册表行为
行为描述:修改注册表_启动项
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
其他行为
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [LOL英雄联盟角色数据查询 makeBy:Bill,Ex_DirectUI]
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
KyUffThOkYwRRtgPP
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MFF
行为描述:内联HOOK
详情信息:C:\WINDOWS\system32\ntdll.dll--->ZwWriteVirtualMemory Offset = 0x0
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:窗口信息
详情信息:Pid = 416, Hwnd=0x202b4, Text = LOL英雄联盟角色数据查询 makeBy:Bill, ClassName = Ex_DirectUI.
危险行为
行为描述:执行系统命令
详情信息:[u'getprop ro.product.cpu.abi']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art.20']
[u'[su, -c, /data/data/com.bd.dalu.highspeed/lib/libdaemon.so com.bd.dalu.highspeed]']
动态列表行为
行为描述:调用哈希算法
详情信息:MD5
SHA1
行为描述:读取文件
详情信息:path:/data/dalvik-cache/data@app@com.bd.dalu.highspeed-1.apk@classes.dex length:69
path:/data/dalvik-cache/data@app@com.bd.dalu.highspeed-1.apk@classes.dex length:5
path:unknown length:17
path:/data/app/com.bd.dalu.highspeed-1.apk length:9
path:/data/app/com.bd.dalu.highspeed-1.apk length:23
path:/data/app/com.bd.dalu.highspeed-1.apk length:68
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:/data/app/com.bd.dalu.highspeed-1.apk length:7
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:/data/app/com.bd.dalu.highspeed-1.apk length:65
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:/data/app/com.bd.dalu.highspeed-1.apk length:63
path:/data/app/com.bd.dalu.highspeed-1.apk length:66
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:unknown length:5
行为描述:加载链接库文件
详情信息:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so
行为描述:获取加密实例
详情信息:[u'DES']
行为描述:注册广播接收器
详情信息:[u'com.dalu.highspeed.bd.BulldogService$1@41578e98', u'android.content.IntentFilter@41959c10']
行为描述:执行系统命令
详情信息:[u'getprop ro.product.cpu.abi']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art.20']
[u'[su, -c, /data/data/com.bd.dalu.highspeed/lib/libdaemon.so com.bd.dalu.highspeed]']
行为描述:类加载
详情信息:path:/data/data/com.bd.dalu.highspeed/.cache/classes.dex
行为描述:窗口信息
详情信息:{"text": "音乐播放器", "class": "android.widget.TextView"}
{"text": "应用序列号:6100BDC91B8B", "class": "android.widget.TextView"}
{"text": "请输入有效注册码", "class": "android.widget.EditText"}
{"text": "普通", "class": "android.widget.RadioButton"}
{"text": "快速", "class": "android.widget.RadioButton"}
{"text": "急速", "class": "android.widget.RadioButton"}
{"text": "启动加速器", "class": "android.widget.Button"}
行为描述:缓冲区读取一行数据
详情信息:armeabi-v7a
行为描述:添加View
详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@4153a9c0', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810100 pfl=0x8 wanim=0x10302e0}', u'android.view.CompatibilityInfoHolder@414afae0']
行为描述:写入文件
详情信息:path:/data/data/com.bd.dalu.highspeed/.md5 length:37
path:/data/data/com.bd.dalu.highspeed/.sec_version length:12
path:/data/data/com.bd.dalu.highspeed/.cache/libsecexe.so length:69
path:/data/data/com.bd.dalu.highspeed/.cache/libsecexe.so length:65
path:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so length:69
path:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so length:63
path:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so length:66
path:/data/data/com.bd.dalu.highspeed/.cache/libsecpreload.so length:69
path:/data/data/com.bd.dalu.highspeed/shared_prefs/bmob_sp.xml length:187
行为描述:初始化Intent
详情信息:[u'android.os.Parcel@414ad228']
行为描述:获取设备ID
详情信息:357143040944263
Activities
活动名类型
com.dalu.highspeed.bd.HotActivityandroid.intent.action.MAIN
com.dalu.highspeed.bd.HotActivityandroid.intent.category.LAUNCHER
危险函数
函数名称信息
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
权限列表
许可名称信息
android.permission.READ_PHONE_STATE读取电话状态
android.permission.INTERNET连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
android.permission.ACCESS_SUPERUSER
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.READ_LOGS读取系统日志
cn.bmob.permission.push
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.VIBRATE允许设备震动
android.permission.RECEIVE_USER_PRESENT
服务列表
名称
com.dalu.highspeed.bd.ServiceProxy
文件列表
文件名 校验码
META-INF/MANIFEST.MF 0x9779fd97
META-INF/CERT.SF 0x3068ae16
META-INF/CERT.RSA 0xa7c538cd
assets/meta-data/manifest.mf 0xc92616fe
assets/meta-data/rsa.pub 0xe9b48482
assets/meta-data/rsa.sig 0x2c48fc83
AndroidManifest.xml 0x24eb4ff4
assets/bangcle_classes.jar 0xf0d89f87
assets/com.bd.dalu.highspeed 0xa40c066f
assets/com.bd.dalu.highspeed.L 0x333fe636
assets/com.bd.dalu.highspeed.art 0x18ee04b
assets/com.bd.dalu.highspeed.art.20 0xc443b8b3
assets/com.bd.dalu.highspeed.x86 0x79a90b7f
assets/com.bd.dalu.highspeed.x86.L 0x8bff740
assets/libsecexe.so 0x990580de
assets/libsecexe.x86.so 0x9b72c27f
assets/libsecmain.so 0x4f94a5e9
assets/libsecmain.x86.so 0x6009f9f4
assets/libsecpreload.so 0xe2d73746
assets/libsecpreload.x86.so 0x4993f73
classes.dex 0x5bd21da8
lib/armeabi/libdaemon.so 0xd0ad790d
lib/armeabi/libgg_time.so 0x89990ec0
res/drawable-hdpi/bmob_update_btn_check_off_focused_holo_light.png 0x63f5fdb0
res/drawable-hdpi/bmob_update_btn_check_off_holo_light.png 0x9dd19bd9
res/drawable-hdpi/bmob_update_btn_check_off_pressed_holo_light.png 0x3f0df474
res/drawable-hdpi/bmob_update_btn_check_on_focused_holo_light.png 0x3a86058e
res/drawable-hdpi/bmob_update_btn_check_on_holo_light.png 0x54ca4df0
res/drawable-hdpi/bmob_update_btn_check_on_pressed_holo_light.png 0xc6e0029f
res/drawable-hdpi/bmob_update_close_bg_normal.png 0xfbb3a5d2
res/drawable-hdpi/bmob_update_close_bg_tap.png 0xa852b3ec
res/drawable-hdpi/ic_btn_back.png 0x189f49d7
res/drawable-hdpi/ic_btn_refresh.png 0xe59f711
res/drawable-hdpi/ic_launcher.png 0xc63a3a0b
res/drawable-hdpi/tab_selected.9.png 0xde4361d6
res/drawable-hdpi/tab_unselected.9.png 0x667f69a9
res/drawable-mdpi/bar.xml 0xa9d82694
res/drawable-mdpi/tab_bottom.xml 0xb1da276f
res/drawable-xhdpi/bg.png 0x8e430ffe
res/drawable/bmob_update_button_cancel_bg_focused.xml 0x3a2a7521
res/drawable/bmob_update_button_cancel_bg_normal.xml 0xa5123acb
res/drawable/bmob_update_button_cancel_bg_selector.xml 0x21f3bcb6
res/drawable/bmob_update_button_cancel_bg_tap.xml 0x9ebb6970
res/drawable/bmob_update_button_check_selector.xml 0xdba00aa5
res/drawable/bmob_update_button_close_bg_selector.xml 0xef966cf6
res/drawable/bmob_update_button_ok_bg_focused.xml 0xe9376f5e
res/drawable/bmob_update_button_ok_bg_normal.xml 0xc191aa60
res/drawable/bmob_update_button_ok_bg_selector.xml 0xe1cc388f
res/drawable/bmob_update_button_ok_bg_tap.xml 0x868a391e
res/drawable/bmob_update_dialog_bg.xml 0xcecaeba7
res/drawable/bmob_update_wifi_disable.png 0xe635e071
res/drawable/btn_bg2.9.png 0x16065334
res/drawable/ic_btn_back.png 0x8a59c22e
res/drawable/ic_btn_refresh.png 0x5b3150dc
res/drawable/ic_media_ff.png 0x5563fef5
res/drawable/ic_media_rew.png 0xe5a13035
res/drawable/ic_menu_conf.png 0xb42581b0
res/drawable/ic_menu_mem_list.png 0x98fdbc76
res/drawable/ic_menu_save.png 0x4dbb9fde
res/drawable/ic_menu_search.png 0x9d8f9a3c
res/drawable/login_click.xml 0xf9e8c588
res/drawable/login_press_shape.xml 0x349094cf
res/drawable/login_unpress_shape.xml 0xa19d96af
res/drawable/tab_selected.9.png 0xc3d6fdbc
res/drawable/tab_unselected.9.png 0x64ff21ba
res/drawable/txt_bg.9.png 0xa0c84eee
res/layout/activity_hot.xml 0x81d3d6cf
res/layout/bmob_update_dialog.xml 0xf23bec18
res/layout/hot_point_location_config.xml 0xbb749847
res/layout/hot_point_view.xml 0xd02fea89
res/layout/main.xml 0x9cf64542
res/layout/service_address_item.xml 0x648e7d8b
res/layout/service_address_item_edit.xml 0xe9803b
res/layout/service_address_item_save.xml 0x587e8164
res/layout/service_busy_dialog.xml 0x843af36e
res/layout/service_config.xml 0xfbf5359f
res/layout/service_dialog.xml 0xac4deb1
res/layout/service_fuzzy_search.xml 0xc2214e97
res/layout/service_fuzzy_search_start.xml 0x64f225ec
res/layout/service_number_search.xml 0x5023e724
res/layout/service_opacity_config.xml 0xe918c02f
res/layout/service_saved_item.xml 0xdd9023e1
res/layout/service_saved_item_edit.xml 0x343df62e
res/layout/service_search_range_config.xml 0x968003df
res/layout/service_vanish_config.xml 0x1a27d44c
res/layout/speed_conf.xml 0x8ed2fb87
res/layout/temp_path_config.xml 0xb36f56c3
resources.arsc 0x83be1bf3
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号