VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:71ee06f3063c6afba10d8b6b76effb6d
Package names:com.evilsunflower.reader.evilRenxing10
Minimum operating environment:Android 1.6
copyright:jiemai-tech
Key behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Behavior description:获取TickCount值
details:TickCount = 230906, SleepMilliseconds = 1000.
TickCount = 230953, SleepMilliseconds = 1000.
TickCount = 230968, SleepMilliseconds = 1000.
TickCount = 231015, SleepMilliseconds = 1000.
TickCount = 231031, SleepMilliseconds = 1000.
TickCount = 231046, SleepMilliseconds = 1000.
TickCount = 231078, SleepMilliseconds = 1000.
TickCount = 231093, SleepMilliseconds = 1000.
TickCount = 290156, SleepMilliseconds = 60000.
TickCount = 231250, SleepMilliseconds = 1000.
TickCount = 231265, SleepMilliseconds = 1000.
TickCount = 231312, SleepMilliseconds = 1000.
TickCount = 231343, SleepMilliseconds = 1000.
TickCount = 231375, SleepMilliseconds = 1000.
TickCount = 231390, SleepMilliseconds = 1000.
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:直接调用系统关键API
details:Index = 0x00000025, Name: NtCreateFile, Instruction Address = 0x00595C4A
Index = 0x000000E0, Name: NtSetInformationFile, Instruction Address = 0x00595B59
Index = 0x000000B7, Name: NtReadFile, Instruction Address = 0x00595BE2
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2580, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2636, StartAddress = 0053C0C4, Parameter = 03330AB8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2640, StartAddress = 0053C0C4, Parameter = 03330B2C
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2644, StartAddress = 0053C0C4, Parameter = 03330B8C
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2648, StartAddress = 0053C0C4, Parameter = 03330BEC
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2652, StartAddress = 0053C0C4, Parameter = 03330B2C
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2712, StartAddress = 77E56C7D, Parameter = 01FA60E0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2724, StartAddress = 769AE43B, Parameter = 01F9CCC8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2732, StartAddress = 769AE43B, Parameter = 01F94F88
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2760, StartAddress = 77E56C7D, Parameter = 01FB95E0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2836, StartAddress = 00625214, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2844, StartAddress = 0053C0C4, Parameter = 03341888
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2848, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2568, ThreadID = 2852, StartAddress = 7C930230, Parameter = 00000000
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\00000000
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb3.tmp
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\00000000 ---> Offset = 0
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\
FileName = C:\DOCUME~1\ADMINI~1\
FileName = C:\DOCUME~1\
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = c:\documents and settings
FileName = c:\Documents and Settings\administrator
FileName = c:\Documents and Settings\Administrator\local settings
FileName = c:\Documents and Settings\Administrator\Local Settings\temp
FileName = c:\Documents and Settings\Administrator\Local Settings\%temp%
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = **.105.78.**, PORT = 8888, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0004
Behavior description:建立到一个指定的套接字连接
details:IP: **.105.78.**:8888, SOCKET = 0x00000340
Behavior description:读取网络文件
details:hFile = 0x00cc000c, BytesToRead =102400, BytesRead = 102400.
Behavior description:发送HTTP包
details:GET /1.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: **.105.78.**:8888 Cache-Control: no-cache
Behavior description:打开HTTP请求
details:HttpOpenRequestA: **.105.78.**:8888/1.txt, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x84000000
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Enigma Protector\D98C1DD404B2008F-980980E97E42F8EC\D98C1DD404B2008F-980980E97E42F8EC\00000000
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:探测 Virtual PC是否存在
details:N/A
Behavior description:创建互斥体
details:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = EVB_E7F1E295053EC4EE_00000A08
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2568
MSFT.VSA.IEC.STATUS.6c736db0
\INSTALLATION_SECURITY_HOLD
Global\SvcctrlStartEvent_A3752DX
Behavior description:直接调用系统关键API
details:Index = 0x00000025, Name: NtCreateFile, Instruction Address = 0x00595C4A
Index = 0x000000E0, Name: NtSetInformationFile, Instruction Address = 0x00595B59
Index = 0x000000B7, Name: NtReadFile, Instruction Address = 0x00595BE2
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\SICE
\??\NTICE
Behavior description:获取TickCount值
details:TickCount = 230906, SleepMilliseconds = 1000.
TickCount = 230953, SleepMilliseconds = 1000.
TickCount = 230968, SleepMilliseconds = 1000.
TickCount = 231015, SleepMilliseconds = 1000.
TickCount = 231031, SleepMilliseconds = 1000.
TickCount = 231046, SleepMilliseconds = 1000.
TickCount = 231078, SleepMilliseconds = 1000.
TickCount = 231093, SleepMilliseconds = 1000.
TickCount = 290156, SleepMilliseconds = 60000.
TickCount = 231250, SleepMilliseconds = 1000.
TickCount = 231265, SleepMilliseconds = 1000.
TickCount = 231312, SleepMilliseconds = 1000.
TickCount = 231343, SleepMilliseconds = 1000.
TickCount = 231375, SleepMilliseconds = 1000.
TickCount = 231390, SleepMilliseconds = 1000.
Behavior description:获取光标位置
details:CursorPos = (80,18468), SleepMilliseconds = 1000.
Behavior description:枚举窗口
details:N/A
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 1000.
Behavior description:打开互斥体
details:RasPbFile
ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
Behavior description:查找反病毒常用工具窗口
details:NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Activities
Activity nameTypes of
com.evilsunflower.reader.FBReaderandroid.intent.action.MAIN
com.evilsunflower.reader.FBReaderandroid.intent.action.SEARCH
com.evilsunflower.reader.FBReaderandroid.intent.category.LAUNCHER
com.evilsunflower.reader.BookmarksActivityandroid.intent.action.SEARCH
Dangerous function
Function nameinformation
HttpClient;->execute请求远程服务器
DefaultHttpClient;->execute发送HTTP请求
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getLine1Number获取手机号
java/net/URL;->openConnection连接URL
java/net/HttpURLConnection;->connect连接URL
TelephonyManager;->getSimSerialNumber获取SIM序列号
java/net/URLConnection;->connect连接URL
android/app/NotificationManager;->notify信息通知栏
LocationManager;->getLastKnownLocation获取地址位置
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
ContentResolver;->query读取联系人、短信等数据库
ContentResolver;->delete删除短信、联系人
Startup mode
nameinformation
com.evilsunflower.reader.control.Receiver
com.evilsunflower.reader.control.Receiver
com.evilsunflower.reader.control.Receiver开机启动服务
Advertising information
nameinformation
com.adwo.adsdk安沃
com.vpon.adonVpon
com.millennialmedia.androidMillennialMedia
net.youmi有米广告
com.google.adsAdMob
cn.domob.android多盟
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.READ_PHONE_STATE读取电话状态
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.READ_SMS读取短信
android.permission.WRITE_SMS写短信
com.android.browser.permission.READ_HISTORY_BOOKMARKS读取浏览器书签
Service list
name
com.evilsunflower.reader.control.UpdateService
File List
file name Check code
assets/default/tapzones/down.xml 0xfc0c99f0
assets/default/tapzones/left_to_right.xml 0xf32d258
assets/default/tapzones/right_to_left.xml 0xc27c9b62
assets/default/tapzones/up.xml 0x5bbad609
assets/default/keymap.xml 0x7ce4f8b0
assets/default/styles.xml 0xa72616c9
assets/encodings/Encodings.xml 0xbf63c3da
assets/formats/fb2/fb2genres.xml 0x66237dbe
assets/formats/xhtml/xhtml-lat1.ent 0xfa9ff2cc
assets/formats/xhtml/xhtml-special.ent 0x35a74ff4
assets/formats/xhtml/xhtml-symbol.ent 0xc21fd9de
assets/languagePatterns/en_tmp 0x0
assets/languagePatterns/zh_tmp 0x0
assets/resources/application/en.xml 0xd949b5e
assets/resources/application/zh.xml 0xe37f96d7
assets/resources/zlibrary/en.xml 0x4420d1e4
assets/resources/zlibrary/zh.xml 0xd70095a
assets/wallpapers/leather.jpg 0xf4ef91d5
assets/wallpapers/sepia.jpg 0x7cc4ad79
assets/wallpapers/wood.jpg 0xdb7778a9
assets/WebView.db.init 0x338cb05b
assets/mybook.epub.101 0x221ac914
res/drawable/ic_list_group_closed.png 0x37a7c630
res/drawable/ic_list_group_empty.png 0x8f628c70
res/drawable/ic_list_group_open.png 0x8de41924
res/drawable/ic_list_plus.png 0xcdf0b822
res/drawable/ic_menu_day.png 0xeaab5f9b
res/drawable/ic_menu_decrease.png 0x49befbfa
res/drawable/ic_menu_increase.png 0x4fea9e2c
res/drawable/ic_menu_navigate.png 0xa984ff35
res/drawable/ic_menu_night.png 0xbfe82dc8
res/drawable/ic_menu_refresh.png 0x17bf749c
res/drawable/ic_menu_search.png 0x231b5171
res/drawable/reader.png 0xc46bcf75
res/drawable/text_search_close.xml 0xa6104e36
res/drawable/text_search_close_active.png 0x75660c8a
res/drawable/text_search_close_default.png 0xaedb4480
res/drawable/text_search_next.xml 0x2b7fe8f3
res/drawable/text_search_next_active.png 0x7b1f898d
res/drawable/text_search_next_default.png 0x64e47e41
res/drawable/text_search_next_disabled.png 0xe35b2c8a
res/drawable/text_search_previous.xml 0xc7633a20
res/drawable/text_search_previous_active.png 0xa5f95654
res/drawable/text_search_previous_default.png 0x3a310df8
res/drawable/text_search_previous_disabled.png 0xdecd110c
res/layout/bookmark_item.xml 0x826762a7
res/layout/bookmarks.xml 0xeb59ac15
res/layout/bug_report_view.xml 0xc4f6a6a
res/layout/cancel_item.xml 0x907b4fd3
res/layout/color_dialog.xml 0xb5f3a6e3
res/layout/control_panel.xml 0x990e55b9
res/layout/edit_bookmark.xml 0xb4193465
res/layout/main.xml 0xa5af10dd
res/layout/navigate.xml 0xfab4a983
res/layout/plugin_dialog.xml 0xa0892f47
res/layout/starter.xml 0x3bbc9943
res/layout/toc_tree_item.xml 0x118f2267
res/xml/searchable.xml 0x6fb57a83
AndroidManifest.xml 0x28a75da6
resources.arsc 0x61655943
res/drawable-hdpi/ic_menu_add.png 0xd0d38917
res/drawable-hdpi/ic_menu_bookmarks.png 0x29203ae5
res/drawable-hdpi/ic_menu_day.png 0x7dc1763c
res/drawable-hdpi/ic_menu_languages.png 0x20f63a79
res/drawable-hdpi/ic_menu_library.png 0xd2775913
res/drawable-hdpi/ic_menu_networklibrary.png 0x6702bf87
res/drawable-hdpi/ic_menu_night.png 0xdbcd381b
res/drawable-hdpi/ic_menu_refresh.png 0x6008ded5
res/drawable-hdpi/ic_menu_search.png 0x629c83c
res/drawable-hdpi/ic_menu_toc.png 0x8a76b4e3
classes.dex 0xa88327b4
I/I.gif 0xce4fd68b
assets/wooboo_btn.png 0x19dde463
assets/wooboo_logo.png 0x1850c46d
assets/wooboo_ua.properties 0x95033788
assets/millennial_close.png 0x4734bab2
assets/millennial_close_disabled.png 0xc9f67a6b
assets/millennial_left_arrow.png 0x54827195
assets/millennial_left_arrow_disabled.png 0xd869e5b
assets/millennial_right_arrow.png 0xb16b8854
assets/millennial_right_arrow_disabled.png 0x46f5984e
res/values/attrs.xml 0xeb761285
assets/adwo_close.png 0xa08e1be
assets/adwo_left_arrow.png 0x54827195
assets/adwo_logo.png 0x220dc9de
assets/adwo_right_arrow.png 0xb16b8854
assets/t1.png 0x84341ac5
assets/t10.png 0xe9251ca8
assets/t12.png 0xc9111b9e
assets/t13.png 0x523b0a20
assets/t3.png 0x175c3378
assets/t8.png 0x7bbc78fa
assets/t9.png 0x86363427
res/__local_cache.json 0xa0f2ccac
res/__sdk_bg 0x6453bb20
res/__sdk_click 0x61ab90f4
res/__sdk_click2 0xb05250c3
res/__sdk_corner 0x5c0bedcf
res/__sdk_download 0xa14f2587
res/__sdk_download2 0x658680c8
res/__sdk_phone 0xd473b0f7
res/__sdk_phone2 0xf89b8a70
assets/ad_320.html 0x689ab8d8
assets/ad_480.html 0x2d2a80eb
assets/adimg_320.html 0xe4332672
assets/adimg_480.html 0x8737ca08
javadoc/allclasses-frame.html 0xef5ca145
javadoc/allclasses-noframe.html 0x334ca5ee
javadoc/com/vpon/adon/android/AdDisplay.html 0x161b3cc4
javadoc/com/vpon/adon/android/AdListener.html 0x48a11d09
javadoc/com/vpon/adon/android/AdManager.html 0x5e0391b8
javadoc/com/vpon/adon/android/AdView.html 0xfdb1fbb5
javadoc/com/vpon/adon/android/WebInApp.html 0xeb88e8b5
javadoc/com/vpon/adon/android/class-use/AdDisplay.html 0xbe7d3c07
javadoc/com/vpon/adon/android/class-use/AdListener.html 0xe3aa1cdc
javadoc/com/vpon/adon/android/class-use/AdManager.html 0xcff932e8
javadoc/com/vpon/adon/android/class-use/AdView.html 0xe98e7643
javadoc/com/vpon/adon/android/class-use/WebInApp.html 0x52367fac
javadoc/com/vpon/adon/android/package-frame.html 0x19903bc1
javadoc/com/vpon/adon/android/package-summary.html 0xe06860ef
javadoc/com/vpon/adon/android/package-tree.html 0x670d1e00
javadoc/com/vpon/adon/android/package-use.html 0x20ccdc99
javadoc/constant-values.html 0x5cd0e00b
javadoc/deprecated-list.html 0x26f43700
javadoc/help-doc.html 0x9e3e95a
javadoc/index-files/index-1.html 0xfb986d8c
javadoc/index-files/index-10.html 0x6c734d3
javadoc/index-files/index-11.html 0xbd7dea6b
javadoc/index-files/index-12.html 0x8fb52cea
javadoc/index-files/index-2.html 0x67523159
javadoc/index-files/index-3.html 0x93cf1d31
javadoc/index-files/index-4.html 0x997d9d86
javadoc/index-files/index-5.html 0xa48a0c9b
javadoc/index-files/index-6.html 0xb2593593
javadoc/index-files/index-7.html 0x93dd7381
javadoc/index-files/index-8.html 0x1eb0fb81
javadoc/index-files/index-9.html 0x57bc8f67
javadoc/index.html 0xad2aec5b
javadoc/overview-tree.html 0x84ef9bff
javadoc/package-list 0xc611c2c5
javadoc/resources/inherit.gif 0x83fc4d1b
javadoc/stylesheet.css 0x4df7f23f
close50.png 0x99a32a65
close75.png 0x2396627
server.properties 0x98409eca
properties/Debug_FW/server.properties 0xd1df8f80
properties/Debug_RC/server.properties 0xf6a6e969
properties/Release/server.properties 0x98409eca
lib/armeabi/libDeflatingDecompressor.so 0x1f73673f
lib/armeabi/libLineBreak.so 0x2c1e366c
lib/armeabi-v7a/libDeflatingDecompressor.so 0xfda33500
lib/armeabi-v7a/libLineBreak.so 0x55a46690
META-INF/MANIFEST.MF 0x1da471e1
META-INF/CERT.SF 0x3a83b31c
META-INF/CERT.RSA 0xf16be147
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号