VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:303ef1f1899da82fd28e5ff75ecae1db
Package names:com.r56641989.bza
Minimum operating environment:Android 2.3, 2.3.1, 2.3.2
copyright:(56641989@qq.com)
Key behavior
Behavior description:检测自身是否被调试
details:N/A
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2120, ThreadID = 2160, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2120, ThreadID = 2180, StartAddress = 00436E15, Parameter = 01022F60
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\license.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\help.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\aut50.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\Aris.jpg
C:\Documents and Settings\Administrator\Local Settings\Temp\aut51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\Banner.jpg
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut50.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut51.tmp
Behavior description:复制文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut50.tmp ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp\Aris.jpg
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut4C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut50.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut51.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp\license.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp\help.txt
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp\7z.exe
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp\7z.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp\Banner.jpg
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AbUSB_temp\Aris.jpg
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\aut4C.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\license.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4D.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\help.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4E.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe ---> Offset = 147456
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4F.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4F.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4F.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4F.tmp ---> Offset = 196608
Other behavior
Behavior description:检测自身是否被调试
details:N/A
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 2120, Hwnd=0x1002c8, Text = 确定, ClassName = Button.
Pid = 2120, Hwnd=0x1802fe, Text = Unable to open file., ClassName = Static.
Pid = 2120, Hwnd=0xd035e, Text = Error, ClassName = #32770.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.dll(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [AutoIt v3,AutoIt v3]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.exe ---> 93c7b7a3e3051bbb9630e41425cfdb3c
C:\Documents and Settings\Administrator\Local Settings\Temp\AbUSB_temp\7z.dll ---> ca41d56630191e61565a343c59695ca1
Behavior description:打开互斥体
details:ShimCacheMutex
Activities
Activity nameTypes of
com.uzmap.pkg.EntranceActivityandroid.intent.action.MAIN
com.uzmap.pkg.EntranceActivityandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
android/app/NotificationManager;->notify信息通知栏
ContentResolver;->query读取联系人、短信等数据库
java/net/URL;->openConnection连接URL
MediaRecorder;->setAudioSource开启录音功能
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
TelephonyManager;->getLine1Number获取手机号
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
ContentResolver;->delete删除短信、联系人
HttpClient;->execute请求远程服务器
SmsManager;->sendTextMessage发送普通短信
java/net/HttpURLConnection;->connect连接URL
Startup mode
nameinformation
com.uzmap.pkg.uzapp.UPExtraBridge开机启动服务
com.uzmap.pkg.uzapp.UPExtraBridge网络连接改变时启动服务
com.uzmap.pkg.uzapp.UPExtraBridge应用卸载时启动服务
com.uzmap.pkg.uzapp.UPExtraBridge应用安装时启动服务
com.uzmap.pkg.uzapp.UPExtraBridge
com.uzmap.pkg.uzapp.UPExtraBridge
com.uzmap.pkg.uzapp.UPExtraBridge
com.uzmap.pkg.uzapp.UPExtraBridge
Permission list
License nameinformation
android.permission.INTERNET连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.ACCESS_MOCK_LOCATION获取模拟定位信息
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
android.permission.VIBRATE允许设备震动
android.permission.CAMERA访问照相机设备
android.permission.READ_PHONE_STATE读取电话状态
android.permission.RECORD_AUDIO录音(使用AudioRecord)
android.permission.FLASHLIGHT访问闪光灯
android.permission.READ_LOGS读取系统日志
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.BLUETOOTH_ADMIN搜寻蓝牙设备
android.permission.BLUETOOTH连接蓝牙设备
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
Service list
name
com.uzmap.pkg.uzsocket.UPnsService
Providers
nameinformation
com.uzmap.pkg.uzapp.UProvider
File List
file name Check code
META-INF/MANIFEST.MF 0x138eb5cf
META-INF/Y5664198.SF 0x84dad504
META-INF/Y5664198.RSA 0xd41180c6
assets/uzmap/module.json 0xbc4b68e5
assets/widget/css/api.css 0x392130df
assets/widget/css/common.css 0x30eb47ca
assets/widget/html/main.html 0x5a1ed9ca
assets/widget/icon/icon150x150.png 0x86fee0f6
assets/widget/image/loading_more.gif 0x9932f5cf
assets/widget/launch/launch1080x1920.png 0xee64c12b
assets/widget/script/api.js 0x1233c29f
assets/widget/config.xml 0xcb86fd48
assets/widget/index.html 0xb67086a2
res/drawable/uz_thumb_hor.png 0x3411781d
res/drawable/uz_thumb_ver.9.png 0x6c91fbb8
AndroidManifest.xml 0xaa3acdd3
resources.arsc 0x2fb7439
res/drawable-hdpi/uz_copyright.png 0x17b425f2
res/drawable-hdpi/uz_icon.png 0x1ca28aef
res/drawable-hdpi/uz_pull_down_refresh_arrow.png 0xc484ad92
res/drawable-hdpi/uz_splash_bg.png 0x40cd31c7
res/drawable-mdpi/uz_icon.png 0x7de43aa8
res/drawable-mdpi/uz_splash_bg.png 0x40cd31c7
res/drawable-xhdpi/uz_icon.png 0x2044e2fc
res/drawable-xhdpi/uz_splash_bg.png 0x9f73bce9
res/drawable-xxhdpi/uz_icon.png 0xeb0ed7c9
res/drawable-xxhdpi/uz_splash_bg.png 0xa4324d76
classes.dex 0xb0367b3a
lib/armeabi/libsec.so 0x23d4f4ff
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号