VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:9e6e815b7019ddee7edb083aff779f00
Package names:com.mian.vip
Minimum operating environment:Android 4.2, 4.2.2
copyright:DZ
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010344, Text = 马赛克去除器, ClassName = #32770.
hWnd = 0x00050336, Text = 注册, ClassName = #32770.
hWnd = 0x00010376, Text = 注册, ClassName = #32770.
Process behavior
Behavior description:创建进程
details:[0x00000290]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat, CmdLine = .\data\data.dat
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat ---> Offset = 1048576
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat ---> Offset = 1114112
Behavior description:查找文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: cr****om, IP: **.133.40.**:80, SOCKET = 0x000000c8
URL: so****om, IP: **.133.40.**:80, SOCKET = 0x000000c8
Behavior description:发送HTTP包
details:GET /Mod1.dat HTTP/1.1
GET /Mod.dat HTTP/1.1
Behavior description:按名称获取主机地址
details:gethostbyname: cr****om
gethostbyname: so****om
Other behavior
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
AMResourceMutex2
VideoRenderer
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MJC
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceiveConection.Event.MJC.IC
EventName = MSCTF.SendReceive.Event.MJC.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 656, Hwnd=0x10348, Text = 稍后, ClassName = Button.
Pid = 656, Hwnd=0x1034c, Text = 立即注册, ClassName = Button.
Pid = 656, Hwnd=0x1034e, Text = 欢迎选用 Video Enhancer! 您可通过使用 Video Enhancer 增加您视频的分辨率以极大的提升其品质,它可以调用绝大多数 VirtualDub 滤镜及任意编解码器进行重压缩处理。 此程序是共享软件,您可免费试用 30 天。之后如需继续试用,则必须注册。, ClassName = Static.
Pid = 656, Hwnd=0x10350, Text = 天数剩余:, ClassName = Static.
Pid = 656, Hwnd=0x10352, Text = 0, ClassName = Static.
Pid = 656, Hwnd=0x10344, Text = 马赛克去除器, ClassName = #32770.
Pid = 656, Hwnd=0x10358, Text = 获取注册码, ClassName = Button.
Pid = 656, Hwnd=0x1035e, Text = 确定, ClassName = Button.
Pid = 656, Hwnd=0x10360, Text = 取消, ClassName = Button.
Pid = 656, Hwnd=0x10362, Text = 购买时所用的邮箱(区分大小写!):, ClassName = Static.
Pid = 656, Hwnd=0x10364, Text = 注册码:, ClassName = Static.
Pid = 656, Hwnd=0x10366, Text = 步骤 1, ClassName = Button(GroupBox).
Pid = 656, Hwnd=0x10368, Text = 步骤 2, ClassName = Button(GroupBox).
Pid = 656, Hwnd=0x1036a, Text = 购买产品以获取注册码, ClassName = Static.
Pid = 656, Hwnd=0x1036c, Text = 输入您的信息于下:, ClassName = Static.
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00010344, Text = 马赛克去除器, ClassName = #32770.
hWnd = 0x00050336, Text = 注册, ClassName = #32770.
hWnd = 0x00010376, Text = 注册, ClassName = #32770.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
Behavior description:修改后的可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 600000.
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:修改后的可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\data\data.dat ---> dfebffebea25c693df3dcb16acc3970c
Activities
Activity nameTypes of
com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
com.e4a.runtime.android.StartActivityandroid.intent.category.LAUNCHER
com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
com.tencent.tauth.AuthActivityandroid.intent.action.VIEW
com.tencent.tauth.AuthActivityandroid.intent.category.DEFAULT
com.tencent.tauth.AuthActivityandroid.intent.category.BROWSABLE
Permission list
License nameinformation
android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.SEND_SMS发送短信
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.WRITE_SMS写短信
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.RECEIVE_SMS监控接收短信
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
android.permission.READ_PHONE_STATE读取电话状态
android.permission.READ_SMS读取短信
android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
android.permission.INTERNET连接网络(2G或3G)
android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
android.permission.CHANGE_NETWORK_STATE变更网络状态
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
File List
file name Check code
META-INF/MANIFEST.MF 0x7fff5899
META-INF/DZWLTD.SF 0xe9d2904
META-INF/DZWLTD.RSA 0x9eb5d863
AndroidManifest.xml 0x3f6dfa49
assets/ 0x0
assets/libwbsafeedit_64 0xf8f2144
assets/libwbsafeedit 0xb05a63a9
assets/libwbsafeedit_x86_64 0xf630540c
assets/images/ 0x0
assets/images/img_daohang04.png 0x88ba4164
assets/images/img_daohang03.png 0x305c850f
assets/images/img_drop.jpg 0x52abfb02
assets/images/img_daohang06.png 0x29f37549
assets/images/img_daohang01.png 0x2275047
assets/images/img_daohang05.png 0xfe953d6a
assets/images/img_zuixin.png 0xa72b49a6
assets/images/img_daohang02.png 0x314cbef4
assets/libjiagu.so 0x21226f38
assets/img_fenxiang_01.png 0x6f4834fe
assets/libwbsafeedit_x86 0xfc7f4f0b
assets/admin.ini 0x928320b4
assets/img_app.png 0xaef1bde4
assets/img_yanzheng_01.png 0x2d979591
assets/img_fenxiang_03.png 0x358e38c0
assets/img_fenxiang_02.png 0xcfaba1f8
assets/img_zip.png 0x7982c64c
assets/libjiagu_x86.so 0x9b8b8652
assets/img_yanzheng_02.png 0x3eaea2bb
assets/.appkey 0x840f091d
assets/com.tencent.open.config.json 0xb3d4a81a
classes.dex 0xe0a5f199
lib/ 0x0
lib/armeabi/ 0x0
lib/armeabi/libjiagu_art.so 0x0
res/ 0x0
res/drawable/ 0x0
res/drawable/img_drop_5.xml 0xd3b76245
res/drawable/img_zuozhe_03.png 0x31281470
res/drawable/img_zuozhe_04.png 0x10e6c221
res/drawable/img_drop_1.xml 0xafb97cb5
res/drawable/cehngse_xiaoyuan.xml 0xd427dcdf
res/drawable/img_zuozhe_02.png 0x1c278451
res/drawable/icon.png 0x77259f4
res/drawable/img_drop_pictures.xml 0x46ada577
res/drawable/e4alistview_new_message.png 0x1cdc5409
res/drawable/img_drop_2.xml 0x8dc60f01
res/drawable/img_shurukuang.xml 0xd2d7c39
res/drawable/img_zuozhe_01.png 0x9784045f
res/drawable/img_button_1.xml 0x347d022
res/drawable/banner.png 0x300b4c81
res/drawable/img_drop_6.xml 0xbd97444a
res/drawable/img_drop_3.xml 0x3583678a
res/drawable/img_drop_4.xml 0x85b791b6
res/layout/ 0x0
res/layout/ok_qie_dibu.xml 0x83af7da2
resources.arsc 0x21ac2053
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号