VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

  Main Menu
VirSCAN  HOME VirSCAN  go Virscan.org VirSCAN  Report VirSCAN  Virus report VirSCAN  Behavior report VirSCAN  Help VirSCAN VirSCAN  Submit Bugs VirSCAN  Contact us
  Powered By
a-squared
a-squared
a-squared
 
File information
Safety rating:
Behavior list
Basic Information
MD5:89c313f28b63ad9ac35cef1112139313
Package names:com.lanyou.andrdesktop
Minimum operating environment:Android 2.2.x
copyright:Lanyou
Key behavior
Behavior description:写权限映射文件
details:Global\Cor_Private_IPCBlock_v4_416
Global\Cor_SxSPublic_IPCBlock_416
CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
Global\Cor_Private_IPCBlock_v4_2140
Global\Cor_SxSPublic_IPCBlock_2140
AtlDebugAllocator_FileMappingNameStatic3_fd0
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\5cd8f17f4086744065eb0992a09e05a2
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5cd8f17f4086744065eb0992a09e05a2
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = netsh firewall add allowedprogram "c:\documents and settings\administrator\local settings\temp\trojan.exe" "trojan.exe" enable
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = netsh firewall add allowedprogram "C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe" "Trojan.exe" ENABLE
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Trojan.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Trojan.exe"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:写权限映射文件
details:Global\Cor_Private_IPCBlock_v4_416
Global\Cor_SxSPublic_IPCBlock_416
CiceroSharedMemDefaultS-*
Local\UrlZonesSM_Administrator
Global\Cor_Private_IPCBlock_v4_2140
Global\Cor_SxSPublic_IPCBlock_2140
AtlDebugAllocator_FileMappingNameStatic3_fd0
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe
Behavior description:查找文件
details:FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445021557.161763.exe
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996E.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Trojan.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\LogSessionName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Active
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\ControlFlags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\LogSessionName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\Active
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\ControlFlags
Behavior description:修改注册表_系统环境变量
details:\REGISTRY\USER\S-*\Environment\SEE_MASK_NOZONECHECKS
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Temp\Trojan.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\5cd8f17f4086744065eb0992a09e05a2
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5cd8f17f4086744065eb0992a09e05a2
Other behavior
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 30000.
[2]: MilliSeconds = -1.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
5cd8f17f4086744065eb0992a09e05a2
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
RasPbFile
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:获取TickCount值
details:TickCount = 516234, SleepMilliseconds = 30000.
TickCount = 516312, SleepMilliseconds = 30000.
TickCount = 516515, SleepMilliseconds = 30000.
TickCount = 516578, SleepMilliseconds = 30000.
TickCount = 516593, SleepMilliseconds = 30000.
TickCount = 516687, SleepMilliseconds = 30000.
TickCount = 516703, SleepMilliseconds = 30000.
TickCount = 516718, SleepMilliseconds = 30000.
TickCount = 516953, SleepMilliseconds = 30000.
TickCount = 487218, SleepMilliseconds = 250.
TickCount = 516953, SleepMilliseconds = 250.
TickCount = 487234, SleepMilliseconds = 250.
TickCount = 487004, SleepMilliseconds = 20.
TickCount = 487020, SleepMilliseconds = 20.
TickCount = 487051, SleepMilliseconds = 20.
Dynamic list behavior
Behavior description:窗口信息
details:{"text": "远程桌面连接", "class": "android.widget.TextView"}
{"text": "添加远程计算机", "class": "android.widget.TextView"}
{"text": "添加远程计算机", "class": "android.widget.TextView"}
Behavior description:添加View
details:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@415573a8', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810100 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414b8750']
Behavior description:获取网络状态信息[*]
details:[NetworkInfo: type: mobile[UMTS], state: DISCONNECTED/DISCONNECTED, reason: dataDisabled, extra: epc.tmobile.com, roaming: false, failover: false, isAvailable: true, NetworkInfo: type: wifi[], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, NetworkInfo: type: mobile_mms[UMTS], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, NetworkInfo: type: mobile_supl[UMTS], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, NetworkInfo: type: mobile_hipri[UMTS], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, NetworkInfo: type: mobile_fota[UMTS], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, NetworkInfo: type: mobile_ims[UMTS], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, NetworkInfo: type: mobile_cbs[UMTS], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, NetworkInfo: type: wifi_p2p[], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false]
Behavior description:执行SQL查询
details:[u'SELECT * FROM pcInfo where loginAccount = ? order by date desc', u'[administrator]']
Activities
Activity nameTypes of
com.lanyou.ui.Activity_Mainandroid.intent.action.MAIN
com.lanyou.ui.Activity_Mainandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
ContentResolver;->query读取联系人、短信等数据库
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
Permission list
License nameinformation
android.permission.READ_SMS读取短信
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.INTERNET连接网络(2G或3G)
android.permission.READ_PHONE_STATE读取电话状态
android.permission.WRITE_SETTINGS读写系统设置项
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
File List
file name Check code
assets/keymaps/ar 0x41752737
assets/keymaps/da 0xe63951bb
assets/keymaps/de 0xb2884a4b
assets/keymaps/en-gb 0x18405358
assets/keymaps/en-us 0x397bb0fc
assets/keymaps/es 0x40761dfd
assets/keymaps/fi 0x6e5412d0
assets/keymaps/fr 0x7674046e
assets/keymaps/fr-be 0xa08f662b
assets/keymaps/hr 0x1fe342d5
assets/keymaps/it 0xb43da4e2
assets/keymaps/ja 0xf75f2b31
assets/keymaps/lt 0x6afa0967
assets/keymaps/lv 0xcf497cca
assets/keymaps/mk 0x49c2e186
assets/keymaps/no 0x3c381f28
assets/keymaps/pl 0x1bfd426f
assets/keymaps/pt 0x53ecc7b3
assets/keymaps/pt-br 0xf68d1bdc
assets/keymaps/ru 0x8e3fed3f
assets/keymaps/sl 0x4a2e1b88
assets/keymaps/sv 0x1013f2d2
assets/keymaps/tk 0xef3b3d69
assets/keymaps/tr 0xb53a26bf
assets/w 0x5e381ce8
res/drawable/bg_linux_btn.xml 0x3a896002
res/drawable/bg_lv.xml 0xe95e651
res/drawable/bg_on.xml 0xa5162174
res/drawable/bg_radio_bt.xml 0xf09fdaaf
res/drawable/bg_tab_radio_off.xml 0xdf84997c
res/drawable/bg_tab_radio_on.xml 0x42de2a42
res/drawable/bg_text_colo.xml 0xd69df3b8
res/drawable/bg_tm.xml 0x14015bc2
res/drawable/btn_login.xml 0x8614f7df
res/drawable/btn_white.xml 0x340d5441
res/drawable/rb_btn_selector.xml 0xdfca3b0a
res/layout/activity_adddevice.xml 0x3a9f5a
res/layout/activity_iphelp.xml 0xbd744b57
res/layout/activity_linux.xml 0x39d40344
res/layout/activity_main.xml 0x459d9bf5
res/layout/activity_pcnamehelp.xml 0x6ac34c03
res/layout/activity_pcsetting.xml 0x77771efc
res/layout/fragment_win7.xml 0xf4e56834
res/layout/fragment_winxp.xml 0x1047686f
res/layout/item_linux.xml 0x397ab94c
res/layout/item_pc.xml 0x4ff72d9f
res/layout/lv_foot_et.xml 0xdb92f458
res/layout/myprogressdialog.xml 0xe9e4b5b2
res/menu/device_list.xml 0xd55c6bf7
AndroidManifest.xml 0x1015cea6
resources.arsc 0xdbd5ce7d
res/drawable-hdpi/add_bg.9.png 0x222229c6
res/drawable-hdpi/add_icon.png 0x803401e1
res/drawable-hdpi/back.png 0x270c8778
res/drawable-hdpi/del.png 0xe3541440
res/drawable-hdpi/help_pcname.jpg 0x8ca2449
res/drawable-hdpi/ic_down.png 0x84bcd3a6
res/drawable-hdpi/ic_help.png 0xedbb04f2
res/drawable-hdpi/ic_linux.png 0xad457c87
res/drawable-hdpi/ic_send.png 0xf81c7036
res/drawable-hdpi/ic_session.png 0xf1a9e4ff
res/drawable-hdpi/ic_up.png 0xfc10eb82
res/drawable-hdpi/ic_windows.png 0x4d31f9d0
res/drawable-hdpi/icon.png 0x7f0d8e1f
res/drawable-hdpi/iphelp_1.jpg 0x979b125a
res/drawable-hdpi/iphelp_2.jpg 0xd2de162
res/drawable-hdpi/iphelp_3.jpg 0x5589917e
res/drawable-hdpi/iphelp_4.jpg 0x29be2624
res/drawable-hdpi/iphelp_5.jpg 0x5d11376b
res/drawable-hdpi/iphelp_6.jpg 0x4fafc8af
res/drawable-hdpi/item_bg.9.png 0xb0573edf
res/drawable-hdpi/mouse.png 0x3f397d41
res/drawable-hdpi/offline.png 0x1d20b6e7
res/drawable-hdpi/online.png 0x3d57736
res/drawable-hdpi/search_btn.png 0xffd1591d
res/drawable-hdpi/setting_list_bg.9.png 0xfc9c9b07
res/drawable-hdpi/setting_list_bg_blue.9.png 0xbefa180f
res/drawable-hdpi/tltle_bg.9.png 0xfb6a594c
res/drawable-hdpi/update.png 0x2ac03b10
res/drawable-hdpi/xila.png 0xbdef353c
res/drawable-hdpi/xp_yindao.jpg 0x7df0e8c3
res/drawable-xhdpi/ic_launcher.png 0xa227fc8a
res/drawable-xhdpi/icon.png 0x15588d28
res/drawable-xxhdpi/ic_launcher.png 0x2a4a99d1
classes.dex 0x90ed9bcc
gnu/getopt/buildx.xml 0xb76bea6d
gnu/getopt/ChangeLog 0xb62d10a7
gnu/getopt/COPYING.LIB 0x62d26742
gnu/getopt/gnu.getopt.Getopt.html 0xd8318782
gnu/getopt/gnu.getopt.LongOpt.html 0x612f5915
gnu/getopt/LANGUAGES 0xc58f86e9
gnu/getopt/Makefile 0x9ef60aba
gnu/getopt/MessagesBundle.properties 0x5671b764
gnu/getopt/MessagesBundle_chs.properties 0x77203bb8
gnu/getopt/MessagesBundle_cht.properties 0x954afd61
gnu/getopt/MessagesBundle_cs.properties 0xfa4e03e5
gnu/getopt/MessagesBundle_de.properties 0x3a9c1fde
gnu/getopt/MessagesBundle_es.properties 0x9e1b6909
gnu/getopt/MessagesBundle_fr.properties 0x3fa4d13c
gnu/getopt/MessagesBundle_hu.properties 0x6ce1cf3d
gnu/getopt/MessagesBundle_it.properties 0xa19a5340
gnu/getopt/MessagesBundle_ja.properties 0x6b2de805
gnu/getopt/MessagesBundle_nl.properties 0x3de2e8b9
gnu/getopt/MessagesBundle_no.properties 0x9b1d339a
gnu/getopt/MessagesBundle_pl.properties 0x1bb26b27
gnu/getopt/MessagesBundle_ro.properties 0x92790c81
gnu/getopt/README 0x98d49162
META-INF/MANIFEST.MF 0xba3be92d
META-INF/CERT.SF 0xd8a75325
META-INF/CERT.RSA 0xae80c9b9
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

 pol

京公网安备 11010802020746号