VirSCAN VirSCAN

1, Vous pouvez ENVOYER tout fichier mais il y a une limite de 20 Mo par fichier.
2, VirSCAN supporte la décompression Rar/Zip mais il doit y avoir moins de 20 fichiers.
3, VirSCAN peut détecter un fichier compressé avec le mot de passe 'infected' ou 'virus'.

La langue
Charge du serveur
Server Load

Informations sur les fichiers
Cote de sécurité:
Liste de comportement
Informations de base
MD5:36037489fed6a4e2648d3d8079e64250
Nom du paquet:com.hd.zhibo
Environnement d'exploitation minimum:Android 4.0, 4.0.1, 4.0.2
Droit d'auteur:supertv
Comportement clé
Description du comportement:设置特殊文件夹属性
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Description du comportement:直接获取CPU时钟
Détails:EAX = 0x28436adb, EDX = 0x000000be
EAX = 0x3b286577, EDX = 0x000000be
EAX = 0x3b2865c3, EDX = 0x000000be
EAX = 0x4e0d605f, EDX = 0x000000be
Description du comportement:获取TickCount值
Détails:TickCount = 228643, SleepMilliseconds = 50.
TickCount = 228987, SleepMilliseconds = 50.
TickCount = 229003, SleepMilliseconds = 50.
TickCount = 229128, SleepMilliseconds = 50.
TickCount = 229159, SleepMilliseconds = 50.
TickCount = 229190, SleepMilliseconds = 50.
TickCount = 229206, SleepMilliseconds = 50.
TickCount = 229221, SleepMilliseconds = 50.
TickCount = 229253, SleepMilliseconds = 50.
TickCount = 229268, SleepMilliseconds = 50.
TickCount = 229284, SleepMilliseconds = 50.
TickCount = 229315, SleepMilliseconds = 50.
TickCount = 229331, SleepMilliseconds = 50.
TickCount = 229346, SleepMilliseconds = 50.
TickCount = 229612, SleepMilliseconds = 50.
Comportement du processus
Description du comportement:创建本地线程
Détails:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2448, ThreadID = 2812, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2448, ThreadID = 2900, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2448, ThreadID = 2904, StartAddress = 7C930230, Parameter = 00000000
Description du comportement:枚举进程
Détails:N/A
Comportement du fichier
Description du comportement:设置特殊文件夹属性
Détails:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Description du comportement:查找文件
Détails:FileName =
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\*.*
Comportement du réseau
Description du comportement:连接指定站点
Détails:InternetConnectA: ServerName = ap****rg, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ug****ru, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = su****ru, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Description du comportement:打开HTTP连接
Détails:InternetOpenA: UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko, hSession = 0x00cc0004
Description du comportement:建立到一个指定的套接字连接
Détails:URL: ap****rg, IP: **.133.40.**:80, SOCKET = 0x0000027c
URL: ug****ru, IP: **.133.40.**:80, SOCKET = 0x00000280
URL: su****ru, IP: **.133.40.**:80, SOCKET = 0x00000280
URL: ug****ru, IP: **.133.40.**:80, SOCKET = 0x00000284
URL: su****ru, IP: **.133.40.**:80, SOCKET = 0x00000284
URL: ug****ru, IP: **.133.40.**:80, SOCKET = 0x0000028c
URL: su****ru, IP: **.133.40.**:80, SOCKET = 0x0000028c
URL: ug****ru, IP: **.133.40.**:80, SOCKET = 0x00000294
URL: su****ru, IP: **.133.40.**:80, SOCKET = 0x00000294
URL: ug****ru, IP: **.133.40.**:80, SOCKET = 0x0000029c
URL: su****ru, IP: **.133.40.**:80, SOCKET = 0x0000029c
URL: ug****ru, IP: **.133.40.**:80, SOCKET = 0x000002a4
URL: su****ru, IP: **.133.40.**:80, SOCKET = 0x000002a4
URL: ug****ru, IP: **.133.40.**:80, SOCKET = 0x000002ac
URL: su****ru, IP: **.133.40.**:80, SOCKET = 0x000002ac
Description du comportement:读取网络文件
Détails:hFile = 0x00cc000c, BytesToRead =32, BytesRead = 32.
Description du comportement:发送HTTP包
Détails:GET / HTTP/1.1 Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: ap****rg Cache-Control: no-cache
504F5354202F342F666F72756D2E70687020485454502F312E310D0A4163636570743A202A2F2A0D0A436F6E74656E742D547970653A206170706C69636174696F6E2F782D7777772D666F726D2D75726C656E636F6465640D0A557365722D4167656E743A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E313B2057696E36343B207836343B2054726964656E742F372E303B2072763A31312E3029206C696B65204765636B6F0D0A486F73743A207567687365646C697474726F702E72750D0A436F6E74656E742D4C656E6774683A203130350D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D0A475549443D3137363030323338373735313337393237313736264255494C443D3234706F72303926494E464F3D434F4D5055544552204020434F4D50555445525C41646D696E6973747261746F722649503D4D5A9026545950453D312657494E3D352E31287833322900
504F5354202F342F666F72756D2E70687020485454502F312E310D0A4163636570743A202A2F2A0D0A436F6E74656E742D547970653A206170706C69636174696F6E2F782D7777772D666F726D2D75726C656E636F6465640D0A557365722D4167656E743A204D6F7A696C6C612F352E30202857696E646F7773204E5420362E313B2057696E36343B207836343B2054726964656E742F372E303B2072763A31312E3029206C696B65204765636B6F0D0A486F73743A20737570736974646F776E68696E2E72750D0A436F6E74656E742D4C656E6774683A203130350D0A43616368652D436F6E74726F6C3A206E6F2D63616368650D0A0D0A475549443D3137363030323338373735313337393237313736264255494C443D3234706F72303926494E464F3D434F4D5055544552204020434F4D50555445525C41646D696E6973747261746F722649503D4D5A9026545950453D312657494E3D352E31287833322900
Description du comportement:打开HTTP请求
Détails:HttpOpenRequestA: ug****ru:80/4/forum.php, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0x84080100
HttpOpenRequestA: su****ru:80/4/forum.php, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0x84080100
Description du comportement:按名称获取主机地址
Détails:GetAddrInfoW: ap****rg
GetAddrInfoW: ug****ru
GetAddrInfoW: su****ru
Comportement du registre
Description du comportement:修改注册表
Détails:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Description du comportement:删除注册表键值
Détails:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\996E\DEBUG\Trace Level
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Autre comportement
Description du comportement:创建互斥体
Détails:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
RasPbFile
Description du comportement:创建事件对象
Détails:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Description du comportement:打开互斥体
Détails:DBWinMutex
RasPbFile
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Description du comportement:生成会话密钥
Détails:[CryptDeriveKey] Algorithm: CALG_RC4 (0x00006801) Flags: 0x00280011
Description du comportement:获取TickCount值
Détails:TickCount = 228643, SleepMilliseconds = 50.
TickCount = 228987, SleepMilliseconds = 50.
TickCount = 229003, SleepMilliseconds = 50.
TickCount = 229128, SleepMilliseconds = 50.
TickCount = 229159, SleepMilliseconds = 50.
TickCount = 229190, SleepMilliseconds = 50.
TickCount = 229206, SleepMilliseconds = 50.
TickCount = 229221, SleepMilliseconds = 50.
TickCount = 229253, SleepMilliseconds = 50.
TickCount = 229268, SleepMilliseconds = 50.
TickCount = 229284, SleepMilliseconds = 50.
TickCount = 229315, SleepMilliseconds = 50.
TickCount = 229331, SleepMilliseconds = 50.
TickCount = 229346, SleepMilliseconds = 50.
TickCount = 229612, SleepMilliseconds = 50.
Description du comportement:打开事件
Détails:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Description du comportement:调用Sleep函数
Détails:[1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
Description du comportement:直接获取CPU时钟
Détails:EAX = 0x28436adb, EDX = 0x000000be
EAX = 0x3b286577, EDX = 0x000000be
EAX = 0x3b2865c3, EDX = 0x000000be
EAX = 0x4e0d605f, EDX = 0x000000be
Description du comportement:解密数据
Détails:[CryptDecrypt] Data: 0x001A9D50, CipherTextLen: 8192, PlainTextLen: 8192, Flags: 0x00000000
Activities
Nom de l'activitéType
com.zhibo.media.channel_maincom.supertv.zhibo.play
com.zhibo.media.channel_mainandroid.intent.action.MAIN
com.zhibo.media.channel_mainandroid.intent.action.VIEW
com.zhibo.media.channel_mainandroid.intent.category.LAUNCHER
com.zhibo.media.channel_mainandroid.intent.category.DEFAULT
com.zhibo.media.channel_mainandroid.intent.category.LEANBACK_LAUNCHER
Fonction dangereuse
Nom de la fonctionInformation
java/net/URL;->openConnection连接URL
HttpClient;->execute请求远程服务器
DefaultHttpClient;->execute发送HTTP请求
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
java/net/HttpURLConnection;->connect连接URL
LocationManager;->getLastKnownLocation获取地址位置
Mode de démarrage
NomInformation
com.zhibo.media.channel_receiver开机启动服务
com.zhibo.media.channel_receiver网络连接改变时启动服务
com.zhibo.media.channel_receiver
com.zhibo.media.channel_receiver
com.zhibo.media.channel_receiver
com.zhibo.media.channel_receiver
com.zhibo.media.channel_receiver
com.zhibo.media.channel_receiver
com.zhibo.media.channel_receiver
com.zhibo.media.channel_receiver
com.dangbei.euthenia.receiver.NetworkChangeReceiver网络连接改变时启动服务
Liste d'autorisation
Nom de la licenceInformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.READ_LOGS读取系统日志
android.permission.READ_PHONE_STATE读取电话状态
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
Liste de services
Nom
com.dangbei.downloader.core.DownloadService
Liste de fichiers
Nom du fichier Code de vérification
assets/db_backtip.png 0x822876d
assets/db_icon_bg.png 0x5134a92b
assets/db_icon_skip.png 0x17f40fec
assets/db_icon_splash.png 0x7ac400f9
assets/db_loading.png 0x5c48e636
res/drawable/btn_selector.xml 0x450a8a2e
res/drawable/control_bar.xml 0xef4fdef0
res/drawable/db_update_app_list_focus.png 0xee12c5a6
res/drawable/db_update_app_popup_bg.png 0xd623fee8
res/drawable/db_update_app_popup_bt.png 0x4369d1cb
res/drawable/db_update_app_popup_bt_focus.png 0xd06662d3
res/drawable/db_update_app_progress1.png 0xbee416e1
res/drawable/db_update_app_progress2.png 0xc373688f
res/drawable/db_update_app_pulldown_1.png 0x327c9651
res/drawable/db_update_app_pulldown_2.png 0xc92d4aeb
res/drawable/db_update_app_pulldown_3.png 0x67077ffe
res/drawable/db_update_app_skip_bt.png 0x67f03f96
res/drawable/db_update_app_skip_bt_focus.png 0xed0f35a0
res/drawable/db_update_bg_update_btn.xml 0x42ab0ef3
res/drawable/db_update_bg_update_btn_gone.xml 0x58c4d471
res/drawable/db_update_progress_color_horizontal.xml 0x426f9198
res/drawable/db_update_pull_down_bg.xml 0x1470cf39
res/drawable/db_update_scrollbar.xml 0xa6b63e2b
res/drawable/empty_frame_bg.xml 0x5452675f
res/drawable/frame_load.xml 0x81b2896d
res/drawable/huikan_selected.xml 0x113543a4
res/drawable/item_selected.xml 0x5165758c
res/drawable/menu_selector.xml 0x78c37fc8
res/drawable/popup_vlist.xml 0xcef22acd
res/drawable/popup_window.xml 0xe52737bb
res/layout/db_update_dialog_update.xml 0x444fdf56
res/layout/live_activity.xml 0x6cfce3d3
res/layout/live_back.xml 0x799b9b89
res/layout/live_chlist.xml 0x41ea5814
res/layout/live_gonggao.xml 0xa3440bbe
res/layout/live_items.xml 0x155fd071
res/layout/live_menu.xml 0xa57ade07
res/layout/live_plist.xml 0xf8ccf556
res/layout/live_qrcode.xml 0x93be3d08
res/layout/live_title.xml 0x6818abec
res/layout/live_update.xml 0xc0f25149
res/layout/live_vitem.xml 0xc865d697
res/xml/db_update_paths.xml 0x41cb51af
AndroidManifest.xml 0x37e34c43
resources.arsc 0x10a08977
res/drawable-hdpi/arrow_left_normal.png 0x97736d07
res/drawable-hdpi/arrow_left_pressed.png 0xfb8ac5f2
res/drawable-hdpi/arrow_right_normal.png 0x27b79a33
res/drawable-hdpi/arrow_right_pressed.png 0x8a1b6d42
res/drawable-hdpi/background.jpg 0x6551d79d
res/drawable-hdpi/frame_load1.png 0x9ed60451
res/drawable-hdpi/frame_load10.png 0x7235739b
res/drawable-hdpi/frame_load11.png 0x36793d89
res/drawable-hdpi/frame_load12.png 0x710c30e0
res/drawable-hdpi/frame_load13.png 0x483fae5b
res/drawable-hdpi/frame_load14.png 0xbfc1843d
res/drawable-hdpi/frame_load15.png 0xbb015619
res/drawable-hdpi/frame_load16.png 0xb4e9e873
res/drawable-hdpi/frame_load17.png 0xcb341a6
res/drawable-hdpi/frame_load2.png 0xc1ee73e5
res/drawable-hdpi/frame_load3.png 0xb3e75f93
res/drawable-hdpi/frame_load4.png 0x1d7fd887
res/drawable-hdpi/frame_load5.png 0x6acf01c1
res/drawable-hdpi/frame_load6.png 0xfb47144d
res/drawable-hdpi/frame_load7.png 0xf23917ad
res/drawable-hdpi/frame_load8.png 0x233f01f7
res/drawable-hdpi/frame_load9.png 0xba66a5c0
res/drawable-hdpi/ic_launcher.png 0xecfcc77f
res/drawable-hdpi/icon_back.png 0xb7df96bd
res/drawable-hdpi/icon_fav.png 0xcfd7ea30
res/drawable-hdpi/progress_bar_comm.png 0xec2960c4
res/drawable-hdpi/radio.jpg 0xc863978a
res/drawable-ldpi/ic_launcher.png 0xecfcc77f
res/drawable-mdpi/ic_launcher.png 0xecfcc77f
res/drawable-mdpi/progress_bar_bg.9.png 0xd8855ec0
res/drawable-mdpi/progress_bar_full.9.png 0x9e0801f7
res/drawable-nodpi/btn_focused.9.png 0x59cb8ed6
res/drawable-nodpi/btn_nomal.9.png 0xe3877c2c
res/drawable-nodpi/chinfo_bg.png 0x58a606a0
res/drawable-nodpi/ic_launcher.png 0xecfcc77f
res/drawable-nodpi/item_left.png 0x25cfae66
res/drawable-nodpi/item_right.png 0xe5db6f03
res/drawable-nodpi/menu_icon.png 0x2e7cda1e
res/drawable-nodpi/menu_ok.png 0xd82066c4
res/drawable-xhdpi/ic_launcher.png 0xecfcc77f
classes.dex 0xe288beb7
lib/armeabi-v7a/libeuthenia-lib.so 0x8672d4f3
lib/armeabi-v7a/libkooffmpeg.so 0x370897fd
lib/armeabi-v7a/libkooplayer.so 0xbe72659b
lib/armeabi-v7a/libkoosdl.so 0xf916b19c
lib/armeabi-v7a/libp2pcore.so 0x7c345369
lib/armeabi-v7a/libsupertv.so 0x6a85ef2f
lib/armeabi-v7a/libvjplayer.so 0x38724f1c
META-INF/MANIFEST.MF 0x1fb82aa
META-INF/CERT.SF 0xac9c5672
META-INF/CERT.RSA 0x1396d1b8
Exécuter une capture d'écran
VirSCAN

Au sujet de VirSCAN | Politique de confidentialité | Contacts | Lien amical | Aider VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号