VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:263e0c8528041935b57622fee972b878
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:com.DlxTV
Minimum operating environment:Android 2.2.x
copyright:E4A

Process behavior

Behavior description: 创建本地线程
details: TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2612, StartAddress = 77E56C7D, Parameter = 001BAC30
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2616, StartAddress = 769AE43B, Parameter = 001BD578
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2636, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2668, StartAddress = 30D5F014, Parameter = 0027C648
TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2712, StartAddress = 30072FB7, Parameter = 30AEA990

File behavior

Behavior description: 查找文件
details: FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Program Files\Microsoft Office\OFFICE11\Normal.dot
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Normal.dot
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:/Documents and Settings/Administrator/Local Settings/Temp/EB93A6/%temp%\****.exe_7zdump\手机语言设置为中文繁体俄罗斯正在立法禁止 VPN,民众们起来反抗了.doc
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\//Documents%20and%20Settings/Administrator/Local%20Settings/Temp/EB93A6/%temp%\****.exe_7zdump/手机语言设置为中文繁体俄罗斯正在立法禁止%20VPN,民众们起来反抗了.doc
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\STARTUP\*.*
FileName = C:\Program Files\Microsoft Office\OFFICE11\STARTUP\*.*
Behavior description: 复制文件
details: C:\Program Files\Microsoft Office\OFFICE11\opa11.bak ---> C:\Program Files\Microsoft Office\OFFICE11\opa11.dat

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\I
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\]L
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTF
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTA
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\N
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\oN
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\mN
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\KO
\REGISTRY\USER\S-*\Software\Microsoft\Office\Common\Assistant\CurrAsstState
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\]L
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\N
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\oN
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\mN
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\KO
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\I
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\WordName
Behavior description: 删除注册表键
details: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\

Other behavior

Behavior description: 创建互斥体
details: Local\Mutex_MSOSharedMem
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
MSCTF.GCompartListMUTEX.DefaultS-*
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
MSCTF.Shared.MUTEX.IOH
Local\Mso97SharedDg19541108221Mutex
OfficeAssistantStateMutex
Behavior description: 创建事件对象
details: EventName = Local\MsoTestEvent_7a1d6cd8-ffd9-4547-902a-bb76d8f7cf0e
EventName = PrimaryWord11Mutex
EventName = MSCTF.SendReceive.Event.AMJ.IC
EventName = MSCTF.SendReceiveConection.Event.AMJ.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
Behavior description: 窗口信息
details: Pid = 2492, Hwnd=0x3034e, Text = MsoDockTop, ClassName = MsoCommandBarDock.
Pid = 2492, Hwnd=0x1035a, Text = 格式, ClassName = MsoCommandBar.
Pid = 2492, Hwnd=0x10356, Text = 常用, ClassName = MsoCommandBar.
Pid = 2492, Hwnd=0x1035c, Text = 菜单栏, ClassName = MsoCommandBar.
Pid = 2492, Hwnd=0x2034a, Text = 文档 1, ClassName = _WwB.
Pid = 2492, Hwnd=0x1036c, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2492, Hwnd=0x10370, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2492, Hwnd=0x20366, Text = Microsoft Word 文档, ClassName = _WwG.
Pid = 2492, Hwnd=0x20342, Text = 文档 1 - Microsoft Word, ClassName = OpusApp.
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 打开事件
details: Global\MsoTestEvent_7a1d6cd8-ffd9-4547-902a-bb76d8f7cf0e
MSFT.VSA.COM.DISABLE.2492
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ThunderRT6Main]
Behavior description: 打开互斥体
details: ShimCacheMutex
Local\Mutex_MSOSharedMem
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
Local\MU_ACBPIDS08
CtfmonInstMutexDefaultS-*
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
Local\Mso97SharedDg19541108221Mutex
OfficeAssistantStateMutex

Activities

com.e4a.runtime.android.StartActivity android.intent.action.MAIN
com.e4a.runtime.android.StartActivity android.intent.category.DEFAULT
com.stub.stub01.Stub01 android.intent.action.MAIN
com.stub.stub01.Stub01 android.intent.category.LAUNCHER
com.e4a.runtime.android.mainActivity android.intent.action.MAIN
com.e4a.runtime.android.mainActivity android.intent.category.DEFAULT
com.tencent.smtt.sdk.VideoActivity com.tencent.smtt.tbs.video.PLAY
com.tencent.smtt.sdk.VideoActivity android.intent.category.DEFAULT

Dangerous function

getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令

Startup mode

net.youmi.android.AdReceiver 应用安装时启动服务
net.youmi.android.AdReceiver

Advertising information

net.youmi 有米广告

Permission list

com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
ACCESS_WIFI_STATE
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.READ_SETTINGS
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.PACKAGE_USAGE_STATS

Service list

com.stub.stub01.Stub03
com.stub.stub02.Stub02
com.stub.stub02.Stub03
com.stub.stub05.Stub02
net.youmi.android.AdService
net.youmi.android.ExpService

name

com.stub.stub02.Stub04
android.support.v4.content.FileProvider

File List

META-INF/MANIFEST.MF
META-INF/MYKEY.SF
META-INF/MYKEY.RSA
AndroidManifest.xml
assets/.appkey
assets/10.png
assets/121.png
assets/123.png
assets/552cc1903424d_64.png
assets/adpay_play_bg.png
assets/app_common_ui_img_icon_top_channel_pic_s.png
assets/app_core_navigation_assets_nav_back_normal.png
assets/back.png
assets/baise.png
assets/baisesearch.png
assets/bgm.jpg
assets/bgm1.jpg
assets/bm.jpg
assets/btn_locked_active.png
assets/btn_locked_normal.png
assets/btn_orange_nor.png
assets/btn_orange_on.png
assets/btn_white_nor.png
assets/btn_white_on.png
assets/cate_8196.png
assets/dlxtv.png
assets/download.png
assets/emoji_1f60a.png
assets/filling.png
assets/five.png
assets/fx.png
assets/gb.png
assets/huohuohuo.png
assets/ic_user_setting.png
assets/ic_vip.png
assets/ic_vipsmall.png
assets/leso_icon.png
assets/libjiagu.so
assets/libjiagu_a64.so
assets/libjiagu_ls.so
assets/libjiagu_x64.so
assets/libjiagu_x86.so
assets/login_bg_nor.png
assets/login_bg_on.png
assets/logo.png
assets/lsj.jpg
assets/main_tab_channel_normal_mz.png
assets/main_tab_channel_pressed_mz.png
assets/main_tab_recommend_normal_mz.png
assets/main_tab_recommend_pressed_mz.png
assets/main_tab_search_normal.png
assets/main_tab_search_pressed.png
assets/main_tab_trump_normal.png
assets/main_tab_trump_pressed.png
assets/main_tab_user_center_normal.png
assets/main_tab_user_center_pressed.png
assets/more.png
assets/mp.jpg
assets/nh.jpg
assets/pc.png
assets/sb.png
assets/scan_line.png
assets/search.png
assets/search_no_search_result.png
assets/search_pressed.png
assets/sgoAlD0ZhKPmNsM6
assets/six.png
assets/sixsixsixsix.png
assets/sss.jpg
assets/sx6.jpg
assets/trust.png
assets/xx.png
assets/yy.png
classes.dex
lib/arm64-v8a/libabcdefgh.so
lib/armeabi-v7a/libabcdefgh.so
lib/armeabi/libabcdefgh.so
lib/armeabi/libbspatch.so
lib/armeabi/liblbs.so
lib/mips/libabcdefgh.so
lib/mips64/libabcdefgh.so
lib/x86/libabcdefgh.so
lib/x86_64/libabcdefgh.so
res/anim/dialog_scale_in.xml
res/anim/dialog_scale_out.xml
res/anim/error_frame_in.xml
res/anim/error_x_in.xml
res/anim/pull_arrow_down.xml
res/anim/pull_arrow_up.xml
res/anim/success_bow_roate.xml
res/anim/success_mask_layout.xml
res/anim/update_loading_progressbar_anim.xml
res/anim/youmi_anim_splash_enter.xml
res/drawable-hdpi/custom_img.jpg
res/drawable-hdpi/umeng_update_btn_check_off_focused_holo_light.png
res/drawable-hdpi/umeng_update_btn_check_off_holo_light.png
res/drawable-hdpi/umeng_update_btn_check_off_pressed_holo_light.png
res/drawable-hdpi/umeng_update_btn_check_on_focused_holo_light.png
res/drawable-hdpi/umeng_update_btn_check_on_holo_light.png
res/drawable-hdpi/umeng_update_btn_check_on_pressed_holo_light.png
res/drawable-hdpi/umeng_update_close_bg_normal.png
res/drawable-hdpi/umeng_update_close_bg_tap.png
res/drawable/blue_button_background.xml
res/drawable/dialog_background.xml
res/drawable/e4alistview_new_message.png
res/drawable/error_center_x.xml
res/drawable/error_circle.xml
res/drawable/gray_button_background.xml
res/drawable/icon.png
res/drawable/jc_back.png
res/drawable/jc_backward_icon.png
res/drawable/jc_click_error_selector.xml
res/drawable/jc_click_pause_selector.xml
res/drawable/jc_click_play_selector.xml
res/drawable/jc_dialog_progress.xml
res/drawable/jc_dialog_progress_bg.xml
res/drawable/jc_enlarge.png
res/drawable/jc_error_normal.png
res/drawable/jc_error_pressed.png
res/drawable/jc_forward_icon.png
res/drawable/jc_loading.xml
res/drawable/jc_loading_bg.png
res/drawable/jc_pause_normal.png
res/drawable/jc_pause_pressed.png
res/drawable/jc_play_normal.png
res/drawable/jc_play_pressed.png
res/drawable/jc_progress.xml
res/drawable/jc_seek_progress.xml
res/drawable/jc_seek_thumb.xml
res/drawable/jc_seek_thumb_normal.xml
res/drawable/jc_seek_thumb_pressed.xml
res/drawable/jc_shrink.png
res/drawable/jc_title_bg.xml
res/drawable/jc_volume_icon.png
res/drawable/jc_volume_progress_bg.xml
res/drawable/jzsb.png
res/drawable/jzz.png
res/drawable/last.png
res/drawable/next.png
res/drawable/pulltorefresh_arrow.png
res/drawable/red_button_background.xml
res/drawable/sd.xml
res/drawable/share_normal.png
res/drawable/share_pressed.png
res/drawable/share_selector.xml
res/drawable/success_bow.xml
res/drawable/success_circle.xml
res/drawable/tb_munion_icon.xml
res/drawable/tb_munion_item_selector.xml
res/drawable/umeng_common_gradient_green.xml
res/drawable/umeng_common_gradient_orange.xml
res/drawable/umeng_common_gradient_red.xml
res/drawable/umeng_update_button_cancel_bg_focused.xml
res/drawable/umeng_update_button_cancel_bg_normal.xml
res/drawable/umeng_update_button_cancel_bg_selector.xml
res/drawable/umeng_update_button_cancel_bg_tap.xml
res/drawable/umeng_update_button_check_selector.xml
res/drawable/umeng_update_button_close_bg_selector.xml
res/drawable/umeng_update_button_ok_bg_focused.xml
res/drawable/umeng_update_button_ok_bg_normal.xml
res/drawable/umeng_update_button_ok_bg_selector.xml
res/drawable/umeng_update_button_ok_bg_tap.xml
res/drawable/umeng_update_dialog_bg.xml
res/drawable/umeng_update_title_bg.xml
res/drawable/umeng_update_wifi_disable.png
res/drawable/warning_circle.xml
res/drawable/warning_sigh.xml
res/drawable/xsearch_loading.png
res/drawable/xsearch_msg_pull_arrow_down.png
res/drawable/youmi_background.png
res/drawable/youmi_bg_divider.png
res/layout-v9/umeng_common_download_notification.xml
res/layout/alert_dialog.xml
res/layout/jc_layout_base.xml
res/layout/jc_layout_standard.xml
res/layout/jc_progress_dialog.xml
res/layout/jc_volume_dialog.xml
res/layout/loadmore_footer.xml
res/layout/myvideoplayer.xml
res/layout/ok_liubujv.xml
res/layout/pull_to_load_footer.xml
res/layout/pull_to_refresh_header.xml
res/layout/tb_munion_aditem.xml
res/layout/umeng_common_download_notification.xml
res/layout/umeng_update_dialog.xml
res/layout/youmi_activity_splashym.xml
res/xml/file_provider.xml
resources.arsc