1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.
| Behavior list |
| Behavior analysis report: Habo file analysis |
| MD5:81462495893ccce88ecfd6a49e88f9a7 |
| 文件大小:5.58MB |
| 上传时间: 2014-09-22 10:36:30 (CST) |
| Package names:com.sugen.ipcall |
| Minimum operating environment:Android 2.2.x |
| copyright:sugen |
| Behavior description: | 打开注册表_检测虚拟机相关 |
| details: | \REGISTRY\USER\S-*\Software\VMware, Inc. |
| Behavior description: | 跨进程写入数据 |
| details: | TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00400000, Size = 0x00000400 |
| TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00401000, Size = 0x00010c00 | |
| TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00412000, Size = 0x00000200 | |
| TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x7ffd5008, Size = 0x00000004 | |
| Behavior description: | 获取TickCount值 |
| details: | TickCount = 5349688, SleepMilliseconds = 1. |
| Behavior description: | 通过内存映射跨进程修改内存 |
| details: | TargetProcess = svchost.exe |
| Behavior description: | 设置线程上下文 |
| details: | C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe |
| Behavior description: | 创建进程 |
| details: | ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe" |
| ImagePath = C:\WINDOWS\system32\svchost.exe, CmdLine = svchost.exe | |
| Behavior description: | 创建本地线程 |
| details: | TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2040, ThreadID = 672, StartAddress = 4F4039E0, Parameter = 00000000 |
| TargetProcess: svchost.exe, InheritedFromPID = 1400, ProcessID = 1552, ThreadID = 1140, StartAddress = 77DC845A, Parameter = 00000000 | |
| Behavior description: | 跨进程写入数据 |
| details: | TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00400000, Size = 0x00000400 |
| TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00401000, Size = 0x00010c00 | |
| TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x00412000, Size = 0x00000200 | |
| TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe, WriteAddress = 0x7ffd5008, Size = 0x00000004 | |
| Behavior description: | 设置线程上下文 |
| details: | C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe |
| Behavior description: | 枚举进程 |
| details: | N/A |
| Behavior description: | 通过内存映射跨进程修改内存 |
| details: | TargetProcess = svchost.exe |
| Behavior description: | 创建文件 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Application Data\prntxcqd.exe |
| Behavior description: | 创建可执行文件 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Application Data\prntxcqd.exe |
| Behavior description: | 修改文件内容 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Application Data\prntxcqd.exe ---> Offset = 0 |
| Behavior description: | 查找文件 |
| details: | FileName = C:\Documents and Settings\Administrator\Local Settings\Temp |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp% | |
| FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe | |
| FileName = C:\WINDOWS | |
| FileName = C:\WINDOWS\system32 | |
| FileName = C:\WINDOWS\system32\svchost.exe |
| Behavior description: | 打开注册表_检测虚拟机相关 |
| details: | \REGISTRY\USER\S-*\Software\VMware, Inc. |
| Behavior description: | 创建互斥体 |
| details: | 2GVWNQJz1 |
| CTF.LBES.MutexDefaultS-* | |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| Behavior description: | 创建事件对象 |
| details: | EventName = Y2mNyaZ3 |
| EventName = Global\crypt32LogoffEvent | |
| Behavior description: | 获取TickCount值 |
| details: | TickCount = 5349688, SleepMilliseconds = 1. |
| Behavior description: | 打开事件 |
| details: | HookSwitchHookEnabledEvent |
| Global\crypt32LogoffEvent | |
| \SECURITY\LSA_AUTHENTICATION_INITIALIZED | |
| Y2mNyaZ3 | |
| Behavior description: | 可执行文件签名信息 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Application Data\prntxcqd.exe(签名验证: 未通过) |
| Behavior description: | 可执行文件MD5 |
| details: | C:\Documents and Settings\Administrator\Local Settings\Application Data\prntxcqd.exe ---> 7ff0e957615d696249207e1b23b79430 |
| Behavior description: | 打开互斥体 |
| details: | ShimCacheMutex |
| com.sugen.ipcall.ui.WelcomeActivity | android.intent.action.MAIN |
| com.sugen.ipcall.ui.WelcomeActivity | android.intent.category.LAUNCHER |
| ContentResolver;->query | 读取联系人、短信等数据库 |
| com.sugen.ipcall.common.OutgoingCallReceiver |
| android.permission.PROCESS_OUTGOING_CALLS | 监视、修改有关拨出电话 |
| assets/phoneloc.dat | |
| res/color/textview_color.xml | |
| res/color/textview_color_under.xml | |
| res/drawable/textview_color.xml | |
| res/layout/about_view.xml | |
| res/layout/activity_main.xml | |
| res/layout/layout_welcome.xml | |
| res/layout/popup_form.xml | |
| res/menu/main.xml | |
| AndroidManifest.xml | |
| resources.arsc | |
| res/drawable-hdpi/alert.png | |
| res/drawable-hdpi/checkbox_checked.png | |
| res/drawable-hdpi/checkbox_default.png | |
| res/drawable-hdpi/custom_button.xml | |
| res/drawable-hdpi/edit.png | |
| res/drawable-hdpi/focused.png | |
| res/drawable-hdpi/icon.png | |
| res/drawable-hdpi/info.png | |
| res/drawable-hdpi/loading.png | |
| res/drawable-hdpi/logo.png | |
| res/drawable-hdpi/nofocused.png | |
| res/drawable-hdpi/top_bar_bg.png | |
| res/drawable-ldpi/icon2.png | |
| res/drawable-mdpi/ic_launcher.png | |
| res/drawable-xhdpi/ic_launcher.png | |
| res/drawable-xxhdpi/ic_launcher.png | |
| classes.dex | |
| lib/armeabi/libphoneloc-jni.so | |
| META-INF/MANIFEST.MF | |
| META-INF/CERT.SF | |
| META-INF/CERT.RSA |
HOME
