VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:b637642770d38e926f08668273383044
Package names:com.dreamstep.wCellPhoneSpy
Minimum operating environment:Android 2.1.x
copyright:BestToolbars
Key behavior
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00020346, Text = Setup - MP3 Cutter, ClassName = TWizardForm.
hWnd = 0x00020338, Text = Setup, ClassName = TApplication.
Behavior description:获取TickCount值
details:TickCount = 250218, SleepMilliseconds = 250.
Process behavior
Behavior description:创建新文件进程
details:[0x00000a64]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-9TFCP.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-9TFCP.tmp\996E.tmp" /SL5="$40336,15301311,167936,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp ---> Offset = 262144
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-9TFCP.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-9TFCP.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-PDP0Q.tmp\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-PDP0Q.tmp\_isetup\*
Other behavior
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IGK
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IGK.IC
EventName = MSCTF.SendReceiveConection.Event.IGK.IC
Behavior description:窗口信息
details:Pid = 2660, Hwnd=0x1036a, Text = Welcome to the MP3 Cutter Setup Wizard , ClassName = TNewStaticText.
Pid = 2660, Hwnd=0x10368, Text = This will install MP3 Cutter 4.3 on your computer. It is recommended that you close all other applications before continuing. Click Next to continue, or Cancel to exit Setup., ClassName = TNewStaticText.
Pid = 2660, Hwnd=0x20350, Text = DirEdit, ClassName = TEdit.
Pid = 2660, Hwnd=0x10364, Text = &Next >, ClassName = TNewButton.
Pid = 2660, Hwnd=0x10362, Text = Cancel, ClassName = TNewButton.
Pid = 2660, Hwnd=0x20346, Text = Setup - MP3 Cutter, ClassName = TWizardForm.
Pid = 2660, Hwnd=0x20420, Text = 是(&Y), ClassName = Button.
Pid = 2660, Hwnd=0x10422, Text = 否(&N), ClassName = Button.
Pid = 2660, Hwnd=0x10426, Text = Setup is not complete. If you exit now, the program will not be installed. You may run Setup again at another time to complete the installation. Exit Setup?, ClassName = Static.
Pid = 2660, Hwnd=0x8041e, Text = Exit Setup, ClassName = #32770.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:获取TickCount值
details:TickCount = 250218, SleepMilliseconds = 250.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:屏蔽窗口关闭消息
details:hWnd = 0x00020346, Text = Setup - MP3 Cutter, ClassName = TWizardForm.
hWnd = 0x00020338, Text = Setup, ClassName = TApplication.
Behavior description:枚举窗口
details:N/A
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 50.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
[5]: MilliSeconds = 250.
[6]: MilliSeconds = 250.
[7]: MilliSeconds = 250.
[8]: MilliSeconds = 250.
[9]: MilliSeconds = 250.
[10]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Setup - MP3 Cutter,TWizardForm]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-9TFCP.tmp\996E.tmp ---> 882cfaccedc51e1e8cc2f247871c6525
Behavior description:打开互斥体
details:ShimCacheMutex
Activities
Activity nameTypes of
.MainNavigationActivityandroid.intent.action.MAIN
.MainNavigationActivityandroid.intent.category.LAUNCHER
.MainNavigationActivityandroid.intent.category.DEFAULT
Dangerous function
Function nameinformation
HttpClient;->execute请求远程服务器
LocationManager;->getLastKnownLocation获取地址位置
java/net/URL;->openConnection连接URL
android/app/NotificationManager;->notify信息通知栏
Startup mode
nameinformation
com.google.android.c2dm.C2DMBroadcastReceiver
com.google.android.c2dm.C2DMBroadcastReceiver
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.webkit.permission.PLUGIN
com.dreamstep.wCellPhoneSpy.permission.C2D_MESSAGE
com.google.android.c2dm.permission.RECEIVE
Service list
name
com.dreamstep.wCellPhoneSpy.Server.C2DMClientReceiver
File List
file name Check code
META-INF/MANIFEST.MF 0x415510fb
META-INF/DESKTOPI.SF 0x961d0a0b
META-INF/DESKTOPI.RSA 0x8be0102b
res/drawable/about.png 0xf98dedfd
res/drawable/about_background.png 0xef6def49
res/drawable/about_bt.png 0x156086c1
res/drawable/active_tab_background.xml 0xf5976d4d
res/drawable/background.png 0x2979a2ed
res/drawable/deactive_tab_background.xml 0xddbf7e7b
res/drawable/icon.png 0x9ac2a667
res/drawable/menu_bar.png 0x19cd2a1b
res/drawable/more_apps.png 0x150cced3
res/drawable/more_apps_bt.png 0x8fc79b50
res/drawable/progressbar_close.png 0x2f4475a6
res/drawable/progressbar_close_button.xml 0x3ffcc7ed
res/drawable/rate.png 0xa0b66a51
res/drawable/rate_bt.png 0xd1c786b3
res/drawable/share.png 0xfba9f24c
res/drawable/share_bt.png 0x5d7a25aa
res/drawable/star.png 0xe6675f2
res/drawable/transparent_backgr.png 0x4f8d8781
res/drawable/widget_background.png 0x244c681b
res/layout/connection_error_dialog.xml 0x211579cf
res/layout/custom_dialog.xml 0x9b278123
res/layout/http_authentication.xml 0x724d2eba
res/layout/main.xml 0xbaef6a6b
res/layout/message_viewer.xml 0x762dd2b8
res/layout/tab_tag.xml 0xc940dde9
res/layout/video_loading_progress.xml 0x1fb4f47d
res/layout/web_content.xml 0xeb16e0db
res/menu/webapp_menu.xml 0x30ea0012
res/raw/configuration.xml 0xb36747f1
res/raw/flashplayer_not_exist.html 0x56e5213e
res/raw/index.html 0xa701e365
res/raw/insuffient_sdk_version.html 0xa3abb156
AndroidManifest.xml 0xf58d95a7
resources.arsc 0x54812c6
classes.dex 0x3ba9af1a
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号