VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:92b1dad744be995bcfcd38adaa6f6a07
Package names:com.safesys.viruskiller
Minimum operating environment:Android 1.5
copyright:
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0001033c, Text = 客户端2019-6-10, ClassName = WTWindow.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010342, DC = 0x01010055.
Foreground window Info: HWND = 0x00010388, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010348, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010342, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010388, DC = 0x01010057.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2612, ThreadID = 2688, StartAddress = 719CD33A, Parameter = 0022AF50
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = **.89.19.**, PORT = 80, UserName = , Password = , hSession = 0x01743100, hConnect = 0x01743200, Flags = 0x00000000
WinHttpConnect: ServerName = **.89.19.**, PORT = 80, UserName = , Password = , hSession = 0x01743100, hConnect = 0x01743300, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01743100
Behavior description:建立到一个指定的套接字连接
details:IP: **.89.19.**:2007, SOCKET = 0x000000cc
IP: **.89.19.**:80, SOCKET = 0x00000184
IP: **.89.19.**:80, SOCKET = 0x00000194
IP: **.89.19.**:80, SOCKET = 0x00000180
Behavior description:发送HTTP包
details:GET /tonggao.txt HTTP/1.1 Accept: */* Referer: http://118.89.19.73/tonggao.txt Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: **.89.19.** Connection: Keep-Alive
POST /niuniu.php HTTP/1.1 Accept: */* Referer: http://118.89.19.73/niuniu.php Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Content-Length: 23 Host: **.89.19.** Connection: Keep-Alive DATA=GETRAND?1560102122
POST /niuniu.php HTTP/1.1 Accept: */* Referer: http://118.89.19.73/niuniu.php Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Content-Length: 341 Host: **.89.19.** Connection: Keep-Alive DATA=3246303A48512B10100A7178145045BFB5E5F08DEEC5644D300F51BC95F4A5BD0F5F150E4C9289C277F87496978F637049118ABAA86B87AFE601321BA70D391DACE05E9B1FDF8A46D0E75431170B56A9F15DF5982938115B4426629C632EE44ABB6D5114555C3005AFE3DC84139F4837601E6CA27DEB50AEB7DF2B88CF9C5171BBE25CCF78F20AFD58ACD7A8A6F2D1BB15C1631051ADA3EE1EB668CBC78DBFC995B4C858709DB870
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: **.89.19.**:80/tonggao.txt, hConnect = 0x01743200, hRequest = 0x01790000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: **.89.19.**:80/niuniu.php, hConnect = 0x01743300, hRequest = 0x01790000, Verb: POST, Referer: , Flags = 0x00000080
WinHttpOpenRequest: **.89.19.**:80/niuniu.php, hConnect = 0x01743200, hRequest = 0x01790000, Verb: POST, Referer: , Flags = 0x00000080
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IDK
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = 牛牛客户端niuniu
EventName = MSCTF.SendReceive.Event.IDK.IC
EventName = MSCTF.SendReceiveConection.Event.IDK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
牛牛客户端niuniu
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x0001033c, Text = 客户端2019-6-10, ClassName = WTWindow.
Behavior description:窗口信息
details:Pid = 2612, Hwnd=0x10418, Text = 极少数直接复制的账号信息无法正常查课,另存记事本编码为Ansi 或 手动输入账号即可, ClassName = _EL_Label.
Pid = 2612, Hwnd=0x10416, Text = 直接第二行输[学校 学号 密码]或[手机 密码]查课,中间空格隔开,校名不对先搜索学校, ClassName = _EL_Label.
Pid = 2612, Hwnd=0x10414, Text = 若不清楚校名,可输入关键词下拉选择, ClassName = _EL_Label.
Pid = 2612, Hwnd=0x1040c, Text = 查 课, ClassName = Button.
Pid = 2612, Hwnd=0x10408, Text = 所需费用 ▼, ClassName = _EL_Label.
Pid = 2612, Hwnd=0x103fe, Text = 开始挂课, ClassName = Button.
Pid = 2612, Hwnd=0x103fa, Text = 账号信息:, ClassName = _EL_Label.
Pid = 2612, Hwnd=0x103f8, Text = 搜索学校:, ClassName = _EL_Label.
Pid = 2612, Hwnd=0x10572, Text = NEP专本衔接, ClassName = Button.
Pid = 2612, Hwnd=0x10570, Text = 知识产权教育, ClassName = Button.
Pid = 2612, Hwnd=0x10568, Text = iSmart·外语, ClassName = Button.
Pid = 2612, Hwnd=0x10566, Text = 我要安全培训, ClassName = Button.
Pid = 2612, Hwnd=0x10564, Text = 人 卫 慕 课, ClassName = Button.
Pid = 2612, Hwnd=0x1055c, Text = 卓越网课4.0, ClassName = Button.
Pid = 2612, Hwnd=0x10554, Text = 冷 门 备 用, ClassName = Button.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00010342, DC = 0x01010055.
Foreground window Info: HWND = 0x00010388, DC = 0x0a010375.
Foreground window Info: HWND = 0x00010348, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010342, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010388, DC = 0x01010057.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [用户帐号:,_EL_Label]
[Window,Class] = [,Edit]
[Window,Class] = [原始密码:,_EL_Label]
[Window,Class] = [新 密 码:,_EL_Label]
[Window,Class] = [重新密码:,_EL_Label]
[Window,Class] = [修 改 密 码,Button]
[Window,Class] = [,_EL_ClientSock]
[Window,Class] = [118.89.19.236,_EL_Label]
[Window,Class] = [20190610,_EL_Label]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [ 1、软件被杀软误报属正常现象,软件被误删解决办法:病毒查杀→隔离区→勾选被删文件→点恢复→勾选添加进信任区→点确定(以电脑管家为例)。 2、超星大量查课容易出现验证码导致查课数据缺失,请尽量使用校园网,若使用校外网推荐使用手机热点,勤换IP以避免验证码。小技巧:当确保自己手机流量足够时,打开手机热点连接电脑,当IP被封时将打开手机飞行模式后关闭飞行模式并重连即可切换IP。 3、若极少数订单出现异常,请勤检查[订单反馈]系统,并及时处理,待处理完毕点右键标记
[Window,Class] = [下线代理帐号:,_EL_Label]
[Window,Class] = [下线代理密码:,_EL_Label]
[Window,Class] = [开户卡号:,_EL_Label]
Behavior description:打开互斥体
details:ShimCacheMutex
Activities
Activity nameTypes of
.MainActivityandroid.intent.action.MAIN
.MainActivityandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
HttpClient;->execute请求远程服务器
DefaultHttpClient;->execute发送HTTP请求
WifiManager;->setWifiEnabled变更WIFI状态
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getLine1Number获取手机号
java/net/URL;->openConnection连接URL
java/net/HttpURLConnection;->connect连接URL
TelephonyManager;->getSimSerialNumber获取SIM序列号
LocationManager;->getLastKnownLocation获取地址位置
android/app/NotificationManager;->notify信息通知栏
Startup mode
nameinformation
com.google.update.Receiver
com.google.update.Receiver
com.google.update.Receiver开机启动服务
com.safesys.viruskiller.ScanningReciever开机启动服务
com.safesys.viruskiller.ScanPackageBroadcast应用安装时启动服务
com.safesys.viruskiller.ScanPackageBroadcast应用卸载时启动服务
com.safesys.viruskiller.ScanPackageBroadcast
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.CHANGE_NETWORK_STATE变更网络状态
android.permission.READ_LOGS读取系统日志
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.GET_PACKAGE_SIZE获取应用大小
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
android.permission.READ_PHONE_STATE读取电话状态
android.permission.READ_SMS读取短信
android.permission.WRITE_SMS写短信
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
Service list
name
com.google.update.UpdateService
com.safesys.viruskiller.ScanningManagerService
com.safesys.viruskiller.DownloadManageService
File List
file name Check code
META-INF/MANIFEST.MF 0x6d9bb093
META-INF/SEXY_COM.SF 0x6920a587
META-INF/SEXY_COM.RSA 0x28eb28b4
assets/db.init 0x92c96d6d
assets/myicon 0xaaa6e076
assets/secbino 0xb94f88d5
assets/starter 0x5fcc6fc6
lib/armeabi/libScanController.so 0x456e352a
lib/armeabi/libScanVirus.so 0x308a582
lib/armeabi/libVirusBackRunner.so 0x7163515f
lib/armeabi/libnative.so 0xb84e347f
lib/armeabi/libopenterm.so 0xf790cb13
res/anim/popup_enter.xml 0xe5332761
res/anim/popup_exit.xml 0x3b7b4b07
res/drawable/background_focused.9.png 0x8ec346a5
res/drawable/background_introduce.png 0xaafc5120
res/drawable/background_pressed.9.png 0x5b00bb0
res/drawable/background_segregate_bottom.png 0xb4c668eb
res/drawable/background_word.xml 0xc5145dd8
res/drawable/bg_in_small_processbar.9.png 0x604eeeb3
res/drawable/bg_out_small_processbar.9.png 0x9c278adf
res/drawable/btn_donation_minus.xml 0xdd017b49
res/drawable/btn_donation_minus_no.png 0xcb1959bf
res/drawable/btn_donation_minus_pressed.png 0x4c98ff27
res/drawable/btn_donation_plus.xml 0x1e73f4ea
res/drawable/btn_donation_plus_no.png 0xd6d87a08
res/drawable/btn_donation_plus_pressed.png 0x49458aa4
res/drawable/btn_donation_return.xml 0x5b2c0247
res/drawable/btn_donation_return_no.png 0xfe1e99e2
res/drawable/btn_donation_return_pressed.png 0x89f5ac34
res/drawable/btn_item_background.xml 0x5fd912ec
res/drawable/btn_item_background_no.png 0x5e25db80
res/drawable/btn_item_background_pressed.png 0x1c855977
res/drawable/btn_recovery.xml 0xe53ec679
res/drawable/btn_recovery_no.png 0x7affdb6b
res/drawable/btn_recovery_pressed.png 0xfedc1
res/drawable/btn_seg_back.xml 0x24d0beb
res/drawable/btn_seg_back_no.png 0x8a5b9adf
res/drawable/btn_seg_back_pressed.png 0x6663724b
res/drawable/btn_seg_delete.xml 0xf92118e1
res/drawable/btn_seg_delete_no.png 0x68b94897
res/drawable/btn_seg_delete_pressed.png 0x5a2d4a87
res/drawable/btn_trust_delete.xml 0x88f2e6b1
res/drawable/btn_trust_delete_no.png 0xa8e24ae4
res/drawable/btn_trust_delete_pressed.png 0x3c6bd154
res/drawable/donation_background.png 0x4094235f
res/drawable/donation_count_background.png 0x26e75c99
res/drawable/fun_autoupdate.png 0x16fda641
res/drawable/fun_autoupdate_pressed.png 0x47d48b6
res/drawable/fun_defense.png 0xca4eca67
res/drawable/fun_defense_pressed.png 0xe020a5b5
res/drawable/fun_killing.png 0x17ae150f
res/drawable/fun_killing_pressed.png 0x7e21418b
res/drawable/fun_poweredup.png 0xa1bab423
res/drawable/fun_poweredup_pressed.png 0x306f37ab
res/drawable/icon.png 0x1ba2c36b
res/drawable/info.png 0xf831ec53
res/drawable/list_item_background.png 0x81997083
res/drawable/main_background.png 0x18c09f1e
res/drawable/main_bottom_background.png 0x65986de
res/drawable/main_button_back.xml 0x3a30f5e9
res/drawable/main_button_back_no.png 0x31785763
res/drawable/main_button_back_pressed.png 0x9847cb22
res/drawable/main_button_donation.xml 0x664a2bec
res/drawable/main_button_donation_no.png 0xed0f0c30
res/drawable/main_button_donation_pressed.png 0xbb07a6e4
res/drawable/main_button_global.xml 0x3e68c691
res/drawable/main_button_global_no.png 0xa79f814e
res/drawable/main_button_global_p.xml 0x51aaf59d
res/drawable/main_button_global_pressed.png 0x8264b2a7
res/drawable/main_button_rapid.xml 0x85956af8
res/drawable/main_button_rapid_no.png 0xcc71bb52
res/drawable/main_button_rapid_p.xml 0xea5759f4
res/drawable/main_button_rapid_pressed.png 0x873557c5
res/drawable/main_button_segregate.xml 0x5a110ce0
res/drawable/main_button_segregate_no.png 0xf2fbe6cc
res/drawable/main_button_segregate_p.xml 0x35d33fec
res/drawable/main_button_segregate_pressed.png 0xf9c1c897
res/drawable/main_button_super.xml 0xf6a544e4
res/drawable/main_button_super_no.png 0x42c1fb28
res/drawable/main_button_super_p.xml 0x996777e8
res/drawable/main_button_super_pressed.png 0x59c44947
res/drawable/main_button_trust.xml 0xf767217c
res/drawable/main_button_trust_no.png 0xe4a8abd1
res/drawable/main_button_trust_pressed.png 0x47cf535
res/drawable/main_point_no.png 0xf9c03c73
res/drawable/main_point_yes.png 0x16c8e872
res/drawable/main_scan_believe.xml 0x1c8678ba
res/drawable/main_scan_believe_no.png 0xf3cb9961
res/drawable/main_scan_believe_pressed.png 0xafff0357
res/drawable/main_scan_filecheck.png 0x9588b4be
res/drawable/main_scan_handle.xml 0x519f2b71
res/drawable/main_scan_handle_no.png 0x89717017
res/drawable/main_scan_handle_pressed.png 0xf21b16
res/drawable/main_scan_not.png 0x3cf9bcc9
res/drawable/main_scan_pause.xml 0x69a09641
res/drawable/main_scan_pause_no.png 0x6d786f4
res/drawable/main_scan_pause_pressed.png 0x68edafe3
res/drawable/main_scan_quit.xml 0x18736811
res/drawable/main_scan_quit_no.png 0xa7d239b
res/drawable/main_scan_quit_pressed.png 0xfd6652c8
res/drawable/main_scaned_warning.png 0x91a0ecb3
res/drawable/main_scanning_list_background.png 0xd99d5e26
res/drawable/main_title_background.png 0xb2785702
res/drawable/mk_recommend.png 0x68a9468b
res/drawable/sign_choice.png 0x6982c86a
res/drawable/sign_choice_no.png 0x6b5779a5
res/layout/main.xml 0x1c0712aa
res/layout/payment.xml 0x4fb4bdf2
res/layout/quarantine_row.xml 0xd0be5e6d
res/layout/scan_result_row.xml 0x6d535ac8
res/raw/mycfg 0xfcc7107c
res/raw/myvr 0x4e89d6c4
res/raw/vrcore 0xe450b061
AndroidManifest.xml 0xa2f406cc
classes.dex 0xb169999d
resources.arsc 0x50538526
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号