VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:d45db4aec301ac8165560f3d7d4ffcaf
Package names:com.rainbow.Dizz
Minimum operating environment:Android 1.0
copyright:Android
Key behavior
Behavior description:篡改父进程
details:Child: svchost.exe, Parent: svchost.exe(True) ---> DllLoader.exe(Fake)
Process behavior
Behavior description:创建本地线程
details:ProcessId = 2260, ThreadId = 1308.
ProcessId = 2260, ThreadId = 3876.
ProcessId = 2260, ThreadId = 3084.
ProcessId = 2260, ThreadId = 1332.
ProcessId = 2260, ThreadId = 4020.
Behavior description:篡改父进程
details:Child: svchost.exe, Parent: svchost.exe(True) ---> DllLoader.exe(Fake)
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DllLoader.exe_4c2ac18f7ceb312223ebba3225b638c6338eb92_b3295a47_cab_08cddbc0\WERD99E.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DllLoader.exe_4c2ac18f7ceb312223ebba3225b638c6338eb92_b3295a47_cab_08cddbc0\WERDB26.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DllLoader.exe_4c2ac18f7ceb312223ebba3225b638c6338eb92_b3295a47_cab_08cddbc0\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DllLoader.exe_4c2ac18f7ceb312223ebba3225b638c6338eb92_b3295a47_cab_08cddbc0\Report.wer
Behavior description:覆盖已有文件
details:C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml
Behavior description:复制文件
details:C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt ---> C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DllLoader.exe_4c2ac18f7ceb312223ebba3225b638c6338eb92_b3295a47_cab_08cddbc0\WERD99E.tmp.appcompat.txt
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml ---> C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DllLoader.exe_4c2ac18f7ceb312223ebba3225b638c6338eb92_b3295a47_cab_08cddbc0\WERDB26.tmp.WERInternalMetadata.xml
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml
Behavior description:查找文件
details:FileName = C:\Users
FileName = C:\Users\ADMINI~1
FileName = C:\Users\ADMINI~1\AppData
FileName = C:\Users\ADMINI~1\AppData\Local
FileName = C:\Users\ADMINI~1\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Windows\system32\kernel32.dll
FileName = C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_*_4c2ac18f7ceb312223ebba3225b638c6338eb92_*_cab_*
FileName = C:\ProgramData\Microsoft\Windows\WER\ReportArchive\*_*_*_b3295a47_cab_*
FileName = C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_*_4c2ac18f7ceb312223ebba3225b638c6338eb92_*_cab_*
FileName = C:\ProgramData\Microsoft\Windows\WER\ReportQueue\*_*_*_b3295a47_cab_*
FileName = C:\Windows\system32\drivers\*.mrk
FileName = C:\ProgramData\Microsoft\Windows\WER\ReportQueue\*_*_*_*_*
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp ---> Offset = 4096
C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp ---> Offset = 28672
C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\WAXD98D.tmp ---> Offset = 53248
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt ---> Offset = 2
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt ---> Offset = 108
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt ---> Offset = 228
C:\Users\Administrator\AppData\Local\Temp\WERD99E.tmp.appcompat.txt ---> Offset = 2248
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml ---> Offset = 2
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml ---> Offset = 80
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml ---> Offset = 84
C:\Users\Administrator\AppData\Local\Temp\WERDB26.tmp.WERInternalMetadata.xml ---> Offset = 122
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\ExceptionRecord
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles\CheckingForSolutionDialog
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles\CheckingForSolutionDialog
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LastRateLimitedDumpGenerationTime
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles\CloseDialog
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles\CloseDialog
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:Local\WERReportingForProcess2116
Global\e06b47ff-8d33-11e9-8b8b-080027cb969f
Local\SessionImmersiveColorMutex
Behavior description:创建事件对象
details:EventName = Local\WERReportingForProcessComplete2116
EventName = DbgEngEvent_000008D4
EventName = Local\WerDumpGenerationThrottle
Behavior description:打开事件
details:2116-AppRecorderEnabled
\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.2260
MSFT.VSA.IEC.STATUS.6c736db0
\KernelObjects\LowMemoryCondition
\KernelObjects\HighCommitCondition
\KernelObjects\MemoryErrors
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:隐藏指定窗口
details:[Window,Class] = [,CtrlNotifySink]
Activities
Activity nameTypes of
.Dizandroid.intent.action.MAIN
.Dizandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
java/net/URL;->openConnection连接URL
SmsManager;->sendTextMessage发送普通短信
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getSimSerialNumber获取SIM序列号
TelephonyManager;->getLine1Number获取手机号
java/net/HttpURLConnection;->connect连接URL
Startup mode
nameinformation
com.sjhi.client.zjReceiver开机启动服务
com.sjhi.client.zjReceiver监控短信(收到短信)启动服务
com.sjhi.client.zjReceiver
com.sjhi.client.zjReceiver
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.READ_PHONE_STATE读取电话状态
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.RECEIVE_SMS监控接收短信
android.permission.READ_SMS读取短信
android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.DELETE_PACKAGES删除应用
android.permission.INSTALL_PACKAGES安装应用
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
Service list
name
com.sjhi.client.zjService
File List
file name Check code
META-INF/MANIFEST.MF 0xddf531ba
META-INF/CERT.SF 0x9a042810
META-INF/CERT.RSA 0xc47bd79d
res/drawable/t0.png 0x7007ab4a
res/drawable/bg.png 0x6a0d00ca
res/drawable/t2.png 0x1b08bffc
res/drawable/bc.png 0x6111275f
res/drawable/t1.png 0xb2cb66db
res/drawable/pp.png 0x2e44c227
resources.arsc 0x9ecdf319
AndroidManifest.xml 0xce1a4d07
res/drawable/pb.png 0xaf13f495
res/drawable/b2.png 0xd787ce30
res/layout/helptxt.xml 0x983520ab
res/drawable/t4.png 0xa9f6230a
res/drawable/jp.png 0x67d39bc6
res/drawable/k2.png 0x93428727
assets/wooboo_logo.png 0x1850c46d
res/raw/click.wav 0xcd626c23
res/drawable/kuang.png 0xe7ad0b65
res/drawable/cp.png 0x428fa444
res/layout/main3.xml 0x8c2304dc
res/drawable/guo.png 0xd787ce30
res/drawable/t3.png 0x105a90e4
res/drawable/re.png 0xec0d67eb
classes.dex 0xe73ad686
res/layout/main.xml 0xb85d96d4
res/drawable/main.jpg 0x7a5908ff
res/drawable/bj.png 0x28dea585
assets/wooboo_ua.properties 0x7e6abad3
res/drawable/icon.png 0x94b0428a
res/drawable/pb2.png 0x7cf4dc5d
res/drawable/del.png 0x5471875f
assets/wooboo_btn.png 0x19dde463
res/drawable/b3.jpg 0xc2b099fd
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号