VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:5bc3ab8c57f61a38ba0991a9bce4baa0
Package names:com.bd.dalu.highspeed
Minimum operating environment:Android 2.3, 2.3.1, 2.3.2
copyright:hz
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
Behavior description:隐藏指定窗口
details:[Window,Class] = [LOL英雄联盟角色数据查询 makeBy:Bill,Ex_DirectUI]
Behavior description:按名称获取主机地址
details:fget-career.com
google.com
Behavior description:内存映射方式修改可执行文件
details:\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
Behavior description:跨进程写代码段数据
details:C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.MFF..NMKGH
MSCTF.MarshalInterface.FileMap.MFF.B.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.C.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.D.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.E.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.F.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.G.NNKGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
Behavior description:在根目录创建自运行文件
details:C:\DiskX\autorun.inf
Behavior description:设置特殊文件夹属性
details:C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Process behavior
Behavior description:创建进程
details:ImagePath = C:\Program Files\Internet Explorer\IEXPLORE.EXE, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Behavior description:跨进程写入数据
details:TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445107752.257008.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询Srv.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445107752.257008.exe_7zdump\【LOL英雄联盟数据查询】【
ImagePath = C:\Program Files\Microsoft\DesktopLayer.exe, CmdLine = "C:\Program Files\Microsoft\DesktopLayer.exe"
Behavior description:枚举进程
details:N/A
Behavior description:跨进程写代码段数据
details:C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445107752.246525.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询Srv.exe
C:\Program Files\Microsoft\DesktopLayer.exe
C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\*.*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.*
FileName = C:\DiskX\*.*
FileName = C:\DiskX\RECYCLER\*.*
Behavior description:内存映射方式修改可执行文件
details:\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
Behavior description:修改原系统的可执行文件
details:C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll---> Offset = 376832
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
MSCTF.MarshalInterface.FileMap.MFF..NMKGH
MSCTF.MarshalInterface.FileMap.MFF.B.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.C.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.D.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.E.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.F.NNKGH
MSCTF.MarshalInterface.FileMap.MFF.G.NNKGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
Behavior description:在根目录创建自运行文件
details:C:\DiskX\autorun.inf
Behavior description:设置特殊文件夹属性
details:C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT---> Offset = 0
C:\Program Files\Microsoft\px4.tmp---> Offset = 0
C:\Program Files\Internet Explorer\dmlconf.dat---> Offset = 0
C:\DiskX\autorun.inf---> Offset = 7322
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 39547
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 5201
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html---> Offset = 12867
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html---> Offset = 0
Behavior description:修改新生成的可执行文件
details:C:\DiskX\RECYCLER\S-0-6-42-2046537670-2800121216-567165604-1505\WhksKBpO.exe---> Offset = 53248
C:\Documents and Settings\Administrator\Local Settings\%temp%\1445107754.249405.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询.exe---> Offset = 1347584
C:\Documents and Settings\Administrator\Local Settings\%temp%\1445107754.252949.exe_7zdump\【LOL英雄联盟数据查询】【2015.10.18】\LOL英雄联盟数据查询Srv.exe---> Offset = 53248
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x000000d8, TotalSize = 6, Offset = 0, ReadSize = 6.
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:443
219.133.40.1:80
Behavior description:按名称获取主机地址
details:fget-career.com
google.com
Registry behavior
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Other behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [LOL英雄联盟角色数据查询 makeBy:Bill,Ex_DirectUI]
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
KyUffThOkYwRRtgPP
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MFF
Behavior description:内联HOOK
details:C:\WINDOWS\system32\ntdll.dll--->ZwWriteVirtualMemory Offset = 0x0
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 416, Hwnd=0x202b4, Text = LOL英雄联盟角色数据查询 makeBy:Bill, ClassName = Ex_DirectUI.
Dangerous behavior
Behavior description:执行系统命令
details:[u'getprop ro.product.cpu.abi']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art.20']
[u'[su, -c, /data/data/com.bd.dalu.highspeed/lib/libdaemon.so com.bd.dalu.highspeed]']
Dynamic list behavior
Behavior description:调用哈希算法
details:MD5
SHA1
Behavior description:读取文件
details:path:/data/dalvik-cache/data@app@com.bd.dalu.highspeed-1.apk@classes.dex length:69
path:/data/dalvik-cache/data@app@com.bd.dalu.highspeed-1.apk@classes.dex length:5
path:unknown length:17
path:/data/app/com.bd.dalu.highspeed-1.apk length:9
path:/data/app/com.bd.dalu.highspeed-1.apk length:23
path:/data/app/com.bd.dalu.highspeed-1.apk length:68
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:/data/app/com.bd.dalu.highspeed-1.apk length:7
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:/data/app/com.bd.dalu.highspeed-1.apk length:65
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:/data/app/com.bd.dalu.highspeed-1.apk length:63
path:/data/app/com.bd.dalu.highspeed-1.apk length:66
path:/data/app/com.bd.dalu.highspeed-1.apk length:69
path:unknown length:5
Behavior description:加载链接库文件
details:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so
Behavior description:获取加密实例
details:[u'DES']
Behavior description:注册广播接收器
details:[u'com.dalu.highspeed.bd.BulldogService$1@41578e98', u'android.content.IntentFilter@41959c10']
Behavior description:执行系统命令
details:[u'getprop ro.product.cpu.abi']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art']
[u'chmod 755 /data/data/com.bd.dalu.highspeed/.cache/com.bd.dalu.highspeed.art.20']
[u'[su, -c, /data/data/com.bd.dalu.highspeed/lib/libdaemon.so com.bd.dalu.highspeed]']
Behavior description:类加载
details:path:/data/data/com.bd.dalu.highspeed/.cache/classes.dex
Behavior description:窗口信息
details:{"text": "音乐播放器", "class": "android.widget.TextView"}
{"text": "应用序列号:6100BDC91B8B", "class": "android.widget.TextView"}
{"text": "请输入有效注册码", "class": "android.widget.EditText"}
{"text": "普通", "class": "android.widget.RadioButton"}
{"text": "快速", "class": "android.widget.RadioButton"}
{"text": "急速", "class": "android.widget.RadioButton"}
{"text": "启动加速器", "class": "android.widget.Button"}
Behavior description:缓冲区读取一行数据
details:armeabi-v7a
Behavior description:添加View
details:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@4153a9c0', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810100 pfl=0x8 wanim=0x10302e0}', u'android.view.CompatibilityInfoHolder@414afae0']
Behavior description:写入文件
details:path:/data/data/com.bd.dalu.highspeed/.md5 length:37
path:/data/data/com.bd.dalu.highspeed/.sec_version length:12
path:/data/data/com.bd.dalu.highspeed/.cache/libsecexe.so length:69
path:/data/data/com.bd.dalu.highspeed/.cache/libsecexe.so length:65
path:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so length:69
path:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so length:63
path:/data/data/com.bd.dalu.highspeed/.cache/libsecmain.so length:66
path:/data/data/com.bd.dalu.highspeed/.cache/libsecpreload.so length:69
path:/data/data/com.bd.dalu.highspeed/shared_prefs/bmob_sp.xml length:187
Behavior description:初始化Intent
details:[u'android.os.Parcel@414ad228']
Behavior description:获取设备ID
details:357143040944263
Activities
Activity nameTypes of
com.dalu.highspeed.bd.HotActivityandroid.intent.action.MAIN
com.dalu.highspeed.bd.HotActivityandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
Permission list
License nameinformation
android.permission.READ_PHONE_STATE读取电话状态
android.permission.INTERNET连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
android.permission.ACCESS_SUPERUSER
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.READ_LOGS读取系统日志
cn.bmob.permission.push
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.VIBRATE允许设备震动
android.permission.RECEIVE_USER_PRESENT
Service list
name
com.dalu.highspeed.bd.ServiceProxy
File List
file name Check code
META-INF/MANIFEST.MF 0x9779fd97
META-INF/CERT.SF 0x3068ae16
META-INF/CERT.RSA 0xa7c538cd
assets/meta-data/manifest.mf 0xc92616fe
assets/meta-data/rsa.pub 0xe9b48482
assets/meta-data/rsa.sig 0x2c48fc83
AndroidManifest.xml 0x24eb4ff4
assets/bangcle_classes.jar 0xf0d89f87
assets/com.bd.dalu.highspeed 0xa40c066f
assets/com.bd.dalu.highspeed.L 0x333fe636
assets/com.bd.dalu.highspeed.art 0x18ee04b
assets/com.bd.dalu.highspeed.art.20 0xc443b8b3
assets/com.bd.dalu.highspeed.x86 0x79a90b7f
assets/com.bd.dalu.highspeed.x86.L 0x8bff740
assets/libsecexe.so 0x990580de
assets/libsecexe.x86.so 0x9b72c27f
assets/libsecmain.so 0x4f94a5e9
assets/libsecmain.x86.so 0x6009f9f4
assets/libsecpreload.so 0xe2d73746
assets/libsecpreload.x86.so 0x4993f73
classes.dex 0x5bd21da8
lib/armeabi/libdaemon.so 0xd0ad790d
lib/armeabi/libgg_time.so 0x89990ec0
res/drawable-hdpi/bmob_update_btn_check_off_focused_holo_light.png 0x63f5fdb0
res/drawable-hdpi/bmob_update_btn_check_off_holo_light.png 0x9dd19bd9
res/drawable-hdpi/bmob_update_btn_check_off_pressed_holo_light.png 0x3f0df474
res/drawable-hdpi/bmob_update_btn_check_on_focused_holo_light.png 0x3a86058e
res/drawable-hdpi/bmob_update_btn_check_on_holo_light.png 0x54ca4df0
res/drawable-hdpi/bmob_update_btn_check_on_pressed_holo_light.png 0xc6e0029f
res/drawable-hdpi/bmob_update_close_bg_normal.png 0xfbb3a5d2
res/drawable-hdpi/bmob_update_close_bg_tap.png 0xa852b3ec
res/drawable-hdpi/ic_btn_back.png 0x189f49d7
res/drawable-hdpi/ic_btn_refresh.png 0xe59f711
res/drawable-hdpi/ic_launcher.png 0xc63a3a0b
res/drawable-hdpi/tab_selected.9.png 0xde4361d6
res/drawable-hdpi/tab_unselected.9.png 0x667f69a9
res/drawable-mdpi/bar.xml 0xa9d82694
res/drawable-mdpi/tab_bottom.xml 0xb1da276f
res/drawable-xhdpi/bg.png 0x8e430ffe
res/drawable/bmob_update_button_cancel_bg_focused.xml 0x3a2a7521
res/drawable/bmob_update_button_cancel_bg_normal.xml 0xa5123acb
res/drawable/bmob_update_button_cancel_bg_selector.xml 0x21f3bcb6
res/drawable/bmob_update_button_cancel_bg_tap.xml 0x9ebb6970
res/drawable/bmob_update_button_check_selector.xml 0xdba00aa5
res/drawable/bmob_update_button_close_bg_selector.xml 0xef966cf6
res/drawable/bmob_update_button_ok_bg_focused.xml 0xe9376f5e
res/drawable/bmob_update_button_ok_bg_normal.xml 0xc191aa60
res/drawable/bmob_update_button_ok_bg_selector.xml 0xe1cc388f
res/drawable/bmob_update_button_ok_bg_tap.xml 0x868a391e
res/drawable/bmob_update_dialog_bg.xml 0xcecaeba7
res/drawable/bmob_update_wifi_disable.png 0xe635e071
res/drawable/btn_bg2.9.png 0x16065334
res/drawable/ic_btn_back.png 0x8a59c22e
res/drawable/ic_btn_refresh.png 0x5b3150dc
res/drawable/ic_media_ff.png 0x5563fef5
res/drawable/ic_media_rew.png 0xe5a13035
res/drawable/ic_menu_conf.png 0xb42581b0
res/drawable/ic_menu_mem_list.png 0x98fdbc76
res/drawable/ic_menu_save.png 0x4dbb9fde
res/drawable/ic_menu_search.png 0x9d8f9a3c
res/drawable/login_click.xml 0xf9e8c588
res/drawable/login_press_shape.xml 0x349094cf
res/drawable/login_unpress_shape.xml 0xa19d96af
res/drawable/tab_selected.9.png 0xc3d6fdbc
res/drawable/tab_unselected.9.png 0x64ff21ba
res/drawable/txt_bg.9.png 0xa0c84eee
res/layout/activity_hot.xml 0x81d3d6cf
res/layout/bmob_update_dialog.xml 0xf23bec18
res/layout/hot_point_location_config.xml 0xbb749847
res/layout/hot_point_view.xml 0xd02fea89
res/layout/main.xml 0x9cf64542
res/layout/service_address_item.xml 0x648e7d8b
res/layout/service_address_item_edit.xml 0xe9803b
res/layout/service_address_item_save.xml 0x587e8164
res/layout/service_busy_dialog.xml 0x843af36e
res/layout/service_config.xml 0xfbf5359f
res/layout/service_dialog.xml 0xac4deb1
res/layout/service_fuzzy_search.xml 0xc2214e97
res/layout/service_fuzzy_search_start.xml 0x64f225ec
res/layout/service_number_search.xml 0x5023e724
res/layout/service_opacity_config.xml 0xe918c02f
res/layout/service_saved_item.xml 0xdd9023e1
res/layout/service_saved_item_edit.xml 0x343df62e
res/layout/service_search_range_config.xml 0x968003df
res/layout/service_vanish_config.xml 0x1a27d44c
res/layout/speed_conf.xml 0x8ed2fb87
res/layout/temp_path_config.xml 0xb36f56c3
resources.arsc 0x83be1bf3
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号