VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:7bac62f08a78033e826b293aa9da0f6f
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:cn.TSeniclng
Minimum operating environment:
copyright:Android

Key behavior

Behavior description: 设置启动项
details: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\csrcp3.exe
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 按名称获取主机地址
details: www.google.com
Behavior description: 修改注册表_UAC关键设置
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
Behavior description: 创建可执行文件
details: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\csrcp3.exe
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 设置启动项
details: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\csrcp3.exe

Network behavior

Behavior description: 联网打开网址
details: InternetOpenUrlA: http://www.flordeliskm26.com.br/templateFINAL/painel/skin-avant/plugins/token/token.html hInternet = 0x000006a0
InternetOpenUrlA: http://www.we677uyruweyhfwehgfgwefwef25fwef.com/templateFINAL/token/token.html hInternet = 0x000006a0
InternetOpenUrlA: http://www.kkkoajdettuyegwef545gwegew.com/templateFINAL/token/token.html hInternet = 0x000006a0
Behavior description: 按名称获取主机地址
details: www.google.com

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorAdmin
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ConsentPromptBehaviorUser
Behavior description: 修改注册表_UAC关键设置
details: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
JSJIJIHG00-93849389438-HHD74774
Behavior description: 枚举窗口
details: N/A

Dangerous behavior

Behavior description: 发送短信
details: number:18776326268 data:message:6&

Dynamic list behavior

Behavior description: 传递附加信息
details: android.app.extra.DEVICE_ADMIN:ComponentInfo{cn.TSeniclng/cn.TSeniclng.Dx}
android.app.extra.ADD_EXPLANATION:
Behavior description: 获取本机电话号码
details: 18501353180
Behavior description: 解析通用资源标识符
details: content://sms/
content://com.android.contacts
Behavior description: 注册ContentObserver
details: URI=content://sms/
Behavior description: 输出数据流写入数据
details: no result!
Behavior description: 设置组件属性
details: [u'ComponentInfo{cn.TSeniclng/cn.TSeniclng.ClientActivity}', u'2', u'1']
Behavior description: 缓冲区读取一行数据
details: text/html;; x-java-content-handler=com.sun.mail.handlers.text_html
text/xml;; x-java-content-handler=com.sun.mail.handlers.text_xml
text/plain;; x-java-content-handler=com.sun.mail.handlers.text_plain
multipart/*;; x-java-content-handler=com.sun.mail.handlers.multipart_mixed
message/rfc822;; x-java-content-handler=com.sun.mail.handlers.message_rfc822
Behavior description: 启动服务
details: Intent { cmp=cn.TSeniclng/.MyService }
Behavior description: 发送短信
details: number:18776326268 data:message:6&
Behavior description: 初始化Intent
details: [u'cn.TSeniclng.ClientActivity@41531dc0', u'class cn.TSeniclng.MyService']
[u'android.os.Parcel@414aed78']
[u'android.app.action.ADD_DEVICE_ADMIN']
[u'cn.TSeniclng.MyService@4151a378', u'class cn.TSeniclng.AlarmReceiver']
[u'android.app.ReceiverRestrictedContext@414b90f8', u'class cn.TSeniclng.MyService']
[u'android.os.Parcel@414aed38']
Behavior description: 激活Activity
details: Intent { act=android.app.action.ADD_DEVICE_ADMIN (has extras) }
Behavior description: 初始化文件读取
details: [u'/.mailcap']
[u'/system/lib/mailcap']
Behavior description: 查询App共享数据
details: [u'content://sms/', u'[_id, address, person, body, date, type]', u'null', u'null', u'date desc']
[u'content://com.android.contacts/contacts', u'null', u'null', u'null', u'null']

Activities

cn.TSeniclng.UninActivity android.intent.action.DELETE
cn.TSeniclng.UninActivity android.intent.action.VIEW
cn.TSeniclng.UninActivity android.intent.category.DEFAULT
cn.TSeniclng.UninstallerActivity android.intent.action.DELETE
cn.TSeniclng.UninstallerActivity android.intent.action.VIEW
cn.TSeniclng.UninstallerActivity android.intent.category.DEFAULT
cn.TSeniclng.ClientActivity android.intent.action.MAIN
cn.TSeniclng.ClientActivity android.intent.category.LAUNCHER

Dangerous function

SmsManager;->sendTextMessage 发送普通短信
TelephonyManager;->getLine1Number 获取手机号
ContentResolver;->query 读取联系人、短信等数据库
ContentResolver;->delete 删除短信、联系人
java/net/URL;->openConnection 连接URL

Startup mode

cn.TSeniclng.Dx
cn.TSeniclng.XReceiver 监控短信(收到短信)启动服务
cn.TSeniclng.BootReceiver 开机启动服务
cn.TSeniclng.AlarmReceiver 开机启动服务

Permission list

android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_SMS 读取短信
android.permission.SEND_SMS 发送短信
android.permission.CALL_PHONE 拨打电话
android.permission.READ_CALL_LOG 读取通话记录
android.permission.WRITE_CALL_LOG 写入通话记录
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.VIBRATE 允许设备震动
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.WRITE_SMS 写短信
android.permission.READ_CONTACTS 读取联系人信息

Service list

cn.TSeniclng.MyService

File List

META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA
res/layout/dialog.xml
resources.arsc
classes.dex
res/layout/uninstall_progress.xml
res/layout/x.xml
res/layout/main.xml
res/layout/app_details.xml
AndroidManifest.xml
res/drawable-ldpi/action_bar_background.xml
res/drawable-ldpi/iocn.png
res/layout/op_progress.xml
res/layout/uninstall_confirm.xml
res/drawable-mdpi/iocn.png
res/xml/ds.xml
res/layout/activity_main.xml
res/drawable-mdpi/un_icon.png