VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:3307394be3b6c21edfa854314f877899
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:com.kjezt.inbb.vb
Minimum operating environment:Android 4.2, 4.2.2
copyright:"Shinecore Technology Co.

Process behavior

Behavior description: 创建本地线程
details: TargetProcess: EXCEL.EXE, InheritedFromPID = 2000, ProcessID = 2448, ThreadID = 2556, StartAddress = 77E56C7D, Parameter = 001B21A0
TargetProcess: EXCEL.EXE, InheritedFromPID = 2000, ProcessID = 2448, ThreadID = 2560, StartAddress = 769AE43B, Parameter = 001B52C8

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\~DFABB5.tmp
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temp\~DFABB5.tmp
Behavior description: 查找文件
details: FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Excel\XLSTART\*.*
FileName = C:\Program Files\Microsoft Office\OFFICE11\xlstart\*.*
FileName = C:/Documents and Settings/Administrator/Local Settings/Temp/EB93A6/%temp%\****.xls
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.xls

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\G
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\MTTF
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\MTTA
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery\34DD4\34DD4
Behavior description: 删除注册表键
details: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\G

Other behavior

Behavior description: 创建互斥体
details: Local\Mutex_MSOSharedMem
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EJJ
Behavior description: 创建事件对象
details: EventName = Local\MsoTestEvent_dd9a5010-2abc-4b3b-bd39-1c2b9136482b
EventName = MSCTF.SendReceive.Event.EJJ.IC
EventName = MSCTF.SendReceiveConection.Event.EJJ.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
Behavior description: 窗口信息
details: Pid = 2448, Hwnd=0x2036e, Text = 密码, ClassName = bosa_sdm_XL9.
Pid = 2448, Hwnd=0x10368, Text = 格式, ClassName = MsoCommandBar.
Pid = 2448, Hwnd=0x10366, Text = 常用, ClassName = MsoCommandBar.
Pid = 2448, Hwnd=0x10364, Text = 工作表菜单栏, ClassName = MsoCommandBar.
Pid = 2448, Hwnd=0x1033e, Text = Microsoft Excel, ClassName = XLMAIN.
Pid = 2448, Hwnd=0x1035c, Text = 123456, ClassName = ComboBox.
Pid = 2448, Hwnd=0x10360, Text = 123456, ClassName = Edit.
Pid = 2448, Hwnd=0x1035c, Text = 6, ClassName = ComboBox.
Pid = 2448, Hwnd=0x10360, Text = 6, ClassName = Edit.
Pid = 2448, Hwnd=0x1035c, Text = 3456, ClassName = ComboBox.
Pid = 2448, Hwnd=0x10360, Text = 3456, ClassName = Edit.
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 打开事件
details: Global\MsoTestEvent_dd9a5010-2abc-4b3b-bd39-1c2b9136482b
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2448
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
Behavior description: 打开互斥体
details: ShimCacheMutex
Local\Mutex_MSOSharedMem
Local\Mso97SharedDg19211108221Mutex
CtfmonInstMutexDefaultS-*
Local\Mso97SharedDg20321108221Mutex
Local\MU_ACBPIDS08
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex

Activities

com.crypte.app.MainActivity android.intent.action.MAIN
com.crypte.app.MainActivity android.intent.category.LAUNCHER
com.cpkg.push.kernel.activities.StubActivity com.ryg.dynamicload.proxy.activity.VIEW
com.cpkg.push.kernel.activities.StubActivity android.intent.category.DEFAULT

Startup mode

com.csharp.core.shell.receiver.BootReceiver 开机启动服务
com.csharp.core.shell.receiver.SecretCodeReceiver

Permission list

android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.ACCESS_FIND_LOCATION
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS 访问额外的定位指令
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.WRITE_SECURE_SETTINGS 读写系统敏感设置
android.permission.MODIFY_PHONE_STATE 修改电话状态
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.VIBRATE 允许设备震动
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
com.android.alarm.permission.SET_ALARM 设置闹铃提醒
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
com.lenovo.launcher.permission.READ_SETTINGS
com.android.launcher2.permission.READ_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher2.permission.WRITE_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.REAL_GET_TASKS
android.permission.INSTALL_PACKAGES 安装应用
android.permission.DELETE_PACKAGES 删除应用
android.permission.WRITE_MEDIA_STORAGE
android.permission.READ_FRAME_BUFFER 屏幕截图
android.permission.DEVICE_POWER 电源管理
android.permission.PACKAGE_USAGE_STATS

Service list

com.csharp.core.shell.service.ShellService
com.cpkg.push.kernel.service.StubService
com.cpkg.push.kernel.service.CoreService
com.crypte.app.ShellService

File List

AndroidManifest.xml
META-INF/CERT.RSA
META-INF/CERT.SF
META-INF/MANIFEST.MF
assets/font.ttf
assets/lazy.so
classes.dex
res/mipmap-hdpi-v4/ic_launcher.png
res/mipmap-hdpi-v4/ic_launcher_round.png
res/mipmap-mdpi-v4/ic_launcher.png
res/mipmap-mdpi-v4/ic_launcher_round.png
res/mipmap-xhdpi-v4/ic_launcher.png
res/mipmap-xhdpi-v4/ic_launcher_round.png
res/mipmap-xxhdpi-v4/ic_launcher.png
res/mipmap-xxhdpi-v4/ic_launcher_round.png
res/mipmap-xxxhdpi-v4/ic_launcher.png
res/mipmap-xxxhdpi-v4/ic_launcher_round.png
resources.arsc