VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

文件信息
安全评分 :
基本信息
MD5:a9d533391b8a600d54cd32e10a834dbf
包名:com.keramidas.TitaniumBackup
最低运行环境:Android 1.5
版权:
关键行为
行为描述:直接获取CPU时钟
详情信息:EAX = 0x464a78ac, EDX = 0x000000b6
EAX = 0x464a78f8, EDX = 0x000000b6
EAX = 0x464a7944, EDX = 0x000000b6
EAX = 0x48d248cd, EDX = 0x000000b6
EAX = 0x48d24919, EDX = 0x000000b6
EAX = 0x48d24965, EDX = 0x000000b6
EAX = 0x48d249b1, EDX = 0x000000b6
EAX = 0x48d249fd, EDX = 0x000000b6
EAX = 0x48d24a49, EDX = 0x000000b6
EAX = 0x48d24a95, EDX = 0x000000b6
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00010362, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001035c, DC = 0x01010057.
Foreground window Info: HWND = 0x0001035a, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010350, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034e, DC = 0x0c0101e7.
进程行为
行为描述:创建本地线程
详情信息:TargetProcess: 城通网盘下载器.exe, InheritedFromPID = 2000, ProcessID = 2716, ThreadID = 2752, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 城通网盘下载器.exe, InheritedFromPID = 2000, ProcessID = 2716, ThreadID = 2856, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: 城通网盘下载器.exe, InheritedFromPID = 2000, ProcessID = 2716, ThreadID = 2860, StartAddress = 719CD33A, Parameter = 001A7318
网络行为
行为描述:建立到一个指定的套接字连接
详情信息:IP: **.44.145.**:22712, SOCKET = 0x00000140
注册表行为
行为描述:修改注册表
详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
其他行为
行为描述:创建互斥体
详情信息:RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
行为描述:创建事件对象
详情信息:EventName = DINPUTWINMM
行为描述:打开互斥体
详情信息:RasPbFile
ShimCacheMutex
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:打开事件
详情信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
行为描述:窗口信息
详情信息:Pid = 2716, Hwnd=0x10362, Text = 文件地址:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2716, Hwnd=0x1035e, Text = 获取下载, ClassName = Button.
Pid = 2716, Hwnd=0x1035c, Text = 例如:https://evalol.ctfile.com/fs/oiR156690553 (下载具体文件的地址,只支持单个文件下载), ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2716, Hwnd=0x1035a, Text = 电信VIP通道:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2716, Hwnd=0x10356, Text = 下载, ClassName = Button.
Pid = 2716, Hwnd=0x10354, Text = 下载, ClassName = Button.
Pid = 2716, Hwnd=0x10350, Text = 联通VIP通道:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2716, Hwnd=0x1034e, Text = 移动VIP通道:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2716, Hwnd=0x1034c, Text = 因网络传输问题,最多只能传两个, ClassName = Edit.
Pid = 2716, Hwnd=0x1034a, Text = 下载, ClassName = Button.
Pid = 2716, Hwnd=0x4033e, Text = 城通网盘VIP下载器 v1.0 BY:空丶城 www.52pojie.com, ClassName = WTWindow.
Pid = 2716, Hwnd=0x10360, Text = 123456, ClassName = Edit.
Pid = 2716, Hwnd=0x1035e, Text = 27秒后可以使用, ClassName = Button.
Pid = 2716, Hwnd=0x10358, Text = 123456, ClassName = Edit.
Pid = 2716, Hwnd=0x10352, Text = 123456, ClassName = Edit.
行为描述:获取窗口截图信息
详情信息:Foreground window Info: HWND = 0x00010362, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x0001035c, DC = 0x01010057.
Foreground window Info: HWND = 0x0001035a, DC = 0x0c0101e7.
Foreground window Info: HWND = 0x00010350, DC = 0x01010057.
Foreground window Info: HWND = 0x0001034e, DC = 0x0c0101e7.
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [,_EL_ClientSock]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [,Comet.Shadow]
行为描述:直接获取CPU时钟
详情信息:EAX = 0x464a78ac, EDX = 0x000000b6
EAX = 0x464a78f8, EDX = 0x000000b6
EAX = 0x464a7944, EDX = 0x000000b6
EAX = 0x48d248cd, EDX = 0x000000b6
EAX = 0x48d24919, EDX = 0x000000b6
EAX = 0x48d24965, EDX = 0x000000b6
EAX = 0x48d249b1, EDX = 0x000000b6
EAX = 0x48d249fd, EDX = 0x000000b6
EAX = 0x48d24a49, EDX = 0x000000b6
EAX = 0x48d24a95, EDX = 0x000000b6
Activities
活动名类型
.MainActivityandroid.intent.action.MAIN
.MainActivityandroid.intent.category.LAUNCHER
.MainActivityandroid.intent.category.MULTIWINDOW_LAUNCHER
.MyWidgetConfigureandroid.appwidget.action.APPWIDGET_CONFIGURE
.MyDataProfileWidgetConfigureandroid.appwidget.action.APPWIDGET_CONFIGURE
.ImportBackupActivityandroid.intent.action.VIEW
.ImportBackupActivityandroid.intent.category.DEFAULT
.ImportBackupActivityandroid.intent.category.BROWSABLE
.cloud.OAuth2ResponseHandlerandroid.intent.action.VIEW
.cloud.OAuth2ResponseHandlerandroid.intent.category.BROWSABLE
.cloud.OAuth2ResponseHandlerandroid.intent.category.DEFAULT
com.dropbox.core.android.AuthActivityandroid.intent.action.VIEW
com.dropbox.core.android.AuthActivityandroid.intent.category.BROWSABLE
com.dropbox.core.android.AuthActivityandroid.intent.category.DEFAULT
.apiBackupRestore.DummyActivityandroid.intent.action.SEND
.apiBackupRestore.DummyActivityandroid.intent.action.SENDTO
.apiBackupRestore.DummyActivityandroid.intent.category.DEFAULT
.apiBackupRestore.DummyActivityandroid.intent.category.BROWSABLE
危险函数
函数名称信息
java/net/URL;->openConnection连接URL
启动方式
名称信息
com.keramidas.TitaniumBackup.MyWidget更新应用小部件时启动服务
com.keramidas.TitaniumBackup.MyDataProfileWidget更新应用小部件时启动服务
com.keramidas.TitaniumBackup.schedules.BootReceiver开机启动服务
com.keramidas.TitaniumBackup.schedules.BootReceiver
com.keramidas.TitaniumBackup.schedules.BootReceiver
com.keramidas.TitaniumBackup.schedules.BootReceiver
com.keramidas.TitaniumBackup.PackageEventsReceiver应用安装时启动服务
com.keramidas.TitaniumBackup.PackageEventsReceiver应用卸载时启动服务
com.keramidas.TitaniumBackup.PackageEventsReceiver
o.dj
com.keramidas.TitaniumBackup.apiBackupRestore.DummyReceiver
com.keramidas.TitaniumBackup.apiBackupRestore.DummyReceiver
权限列表
许可名称信息
android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.READ_MEDIA_STORAGE
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.INTERNET连接网络(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.VIBRATE允许设备震动
android.permission.READ_PHONE_STATE读取电话状态
android.permission.GET_ACCOUNTS访问账户列表
android.permission.USE_CREDENTIALS获取认证令牌
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
com.android.browser.permission.READ_HISTORY_BOOKMARKS读取浏览器书签
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS写浏览器书签
android.permission.READ_CALL_LOG读取通话记录
android.permission.WRITE_CALL_LOG写入通话记录
com.android.voicemail.permission.ADD_VOICEMAIL允许添加声音邮件
com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL
android.permission.READ_CONTACTS读取联系人信息
android.permission.WRITE_CONTACTS写入联系人信息
android.permission.READ_SMS读取短信
android.permission.WRITE_SMS写短信
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
android.permission.ACCESS_SUPERUSER
android.permission.BROADCAST_SMS收到短信时广播
android.permission.BROADCAST_WAP_PUSHWAP PUSH广播
服务列表
名称
o.dv
o.dg
o.bT
com.keramidas.TitaniumBackup.apiBackupRestore.DummyService
文件列表
文件名 校验码
META-INF/MANIFEST.MF 0xf0f7756f
META-INF/CERT.SF 0x5e6b0c5e
META-INF/CERT.RSA 0x4bf25dbd
A 0xc243e93f
AndroidManifest.xml 0x80547d8f
B 0x94591a84
C 0xc2f5c854
D 0xbbf4c55f
E 0x9b90e605
F 0x2ad8c087
G 0x9a4a7976
H 0x10341501
I 0x3792020f
J 0xf25e45a3
K 0xa791556b
L 0xe90681c7
M 0x35466d0f
N 0x27213ea8
O 0x34d15d91
P 0x97ca1d3d
Q 0x5023ed55
R 0x7f08ce65
S 0xc51520d0
T 0xbf819522
U 0xc34bf350
V 0x27e8b677
W 0x5521d266
X 0xf4c151da
Y 0x99e4f19
Z 0xb528f4a1
a 0x2c09e7a6
a.xml 0x1876b504
aA 0x6c6fb0e5
aB 0x93ee66b8
aC 0x7ba48f45
aD 0x79cb1cec
aE 0x4b26c6bf
aF 0xf38531df
aG 0x5e894d48
aH 0xe7ea70a2
aI 0x5ae87ffe
aJ 0xbd7d8bd
aK 0xeaa91012
aL 0x2e62619b
aM 0xa1334c63
aN 0xb7f4e6e3
aO 0xbf3ac077
aP 0x1953b3dc
aQ 0xd68d2b89
aR 0x9ad0f781
aS 0x3cc62dfc
aT 0xda23dbbd
aU 0xa769ef80
aV 0x8030c8bc
aW 0xd3f12f2
aX 0xf373fe17
aY 0xb9446299
aZ 0x10b7c992
aa 0x23afdd2d
ab 0x8854b6aa
ac 0x6ea8134e
ad 0x48d00a52
ae 0x6582161d
af 0x9b1358b
ag 0x15f1d27a
ah 0x18cc8c64
ai 0xe01a463d
aj 0xbffa8bc7
ak 0xf76697a
al 0x168de6f0
am 0xa52be2f1
an 0xc4ecb4
ao 0xd8cecbcc
ap 0xa60b82fb
aq 0x9694bc1
ar 0x6ce308c1
as 0x9bdafd3e
assets/MarketUpdateHelper.apk 0x731b3f2d
assets/busybox.armeabi 0x326fc899
assets/busybox.armeabi.pie 0x3b0cab12
assets/busybox.mips 0xf6f06461
assets/busybox.mips.pie 0xe9937d3a
assets/busybox.x86 0x95e1b7d8
assets/busybox.x86.pie 0xa82bc289
assets/dexopt-wrapper.armeabi 0x10c55eba
assets/dexopt-wrapper.armeabi.pie 0x34c0e9e0
assets/dexopt-wrapper.mips 0x4ba8e2f
assets/dexopt-wrapper.mips.pie 0x972fab58
assets/dexopt-wrapper.x86 0xb8d50d77
assets/dexopt-wrapper.x86.pie 0x572f1b9f
assets/reboot.armeabi 0xbc3a6539
assets/reboot.armeabi.pie 0xf6c7f4a5
assets/reboot.mips 0x42fd8d0e
assets/reboot.mips.pie 0x69c631c0
assets/reboot.x86 0x629e83ee
assets/reboot.x86.pie 0xcc397aeb
assets/sqlite3.armeabi 0x3bedc65f
assets/sqlite3.armeabi.pie 0xa5795655
assets/sqlite3.mips 0xcf764e5b
assets/sqlite3.mips.pie 0x412de539
assets/sqlite3.x86 0x2af55b2d
assets/sqlite3.x86.pie 0xf7f72df3
assets/update-binary.armeabi 0xdbc73334
at 0x78f9ff8a
au 0xa80cbe30
av 0xce94185
aw 0x9faef805
ax 0x3caa2850
ay 0xaf1c252f
az 0xb664ba94
b 0xfe4b4fee
b.xml 0xe5dd67f3
bA 0x3df42d9f
bB 0xaf531790
bC 0x86d11de6
bD 0xc4da9745
bE 0xa9bec63f
bF 0x2104e9b9
bG 0xc13dcb62
bH 0x1c5b88be
bI 0xf5937ecf
bJ 0xbe15c3d0
bK 0xe046a774
bL 0x4fa55be6
bM 0xabc5af66
bN 0x4f6774af
bO 0x6bf25816
bP 0xed19f642
bQ 0x127b8d74
bR 0xa054b590
bS 0xbccdc269
bT 0xa473dcd6
bU 0x80f58931
bV 0x6c455a50
bW 0xb3560fe3
bX 0xab5d57a3
bY 0xd2f50cf5
bZ 0xd8a52762
ba 0x4a309d18
bb 0x7c804ba5
bc 0x8f29c05f
bd 0xf540c3db
be.png 0xe6c933d6
bf 0x72b1d94f
bg 0x2f734cc7
bh 0x86ff183f
bi 0x32f911f9
bj 0x97e479a7
bk 0xdf4f5573
bl 0xfd4624d6
bm 0xda83958d
bn 0xc24e7162
bo 0x95aaca0
bp 0x4bc6fb1b
bq 0x48e6a233
br 0xe64a9a19
bs 0x2f0b4d8a
bt 0x5d1cd3d9
bu 0x72654fc2
bv 0x275089d8
bw 0xc0900204
bx 0xa6e9651c
by 0xc7bf7050
bz 0x5bfbb8ef
c 0x7b76a7db
c.xml 0xccb1950e
ca 0x8bc66b40
cb 0x71372168
cc 0xbb205dad
cd 0x97356fad
ce 0xff599c8
cf 0xb36ffdb8
cg 0x4220c909
ch 0x59b27685
ci 0x1c3b68df
classes.dex 0x60bc1aaf
com/google/api/client/googleapis/google.jks 0xbfb6615b
d 0xd13c8c66
d.xml 0x693617ab
e 0x419cdf2c
e.xml 0xef0ee749
f 0xe10793e
f.xml 0xe886d300
g 0x9e61299e
g.xml 0xddf6ee42
h 0x6aa4c1b1
h.xml 0xc7825dce
i 0x4050d28f
i.xml 0x1b71cab7
j 0xb12bdbdf
j.xml 0xd4d216fd
k 0xaf71df1
k.xml 0x7d4ca047
l 0xa1d6bdad
l.xml 0xdf96b3ff
lib/arm64-v8a/libtitanium.so 0x48e088b
lib/armeabi/libtitanium.so 0x8e02cf3d
lib/mips/libtitanium.so 0x421f6b8c
lib/x86/libtitanium.so 0x3ebdf321
m 0xa38c5ca0
n 0xbc4cad3
o 0xde2b8fbc
org/apache/http/entity/mime/version.properties 0x6ef9dd91
p 0xc8b731bb
q 0xb9d3bb84
r 0xf665a11f
resources.arsc 0x3c3b0410
s 0xb7bd6bc8
sdk-version.txt 0x9b9b5aa0
t 0xf28f04ac
trusted-certs.raw 0x1e64d4da
u 0x957495f5
v 0x304a2c7a
w 0xe48dde67
x 0x99508c28
y 0xd50c6eb1
z 0xed66bb29
运行截图
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号