VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:ae48645542e7bf5eb3d4f6ec97c234ba
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:cn.shortcut.base.f
Minimum operating environment:Android 2.2.x
copyright:

Key behavior

Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x310106a2.
Foreground window Info: HWND = 0x00000000, DC = 0xdd010577.
Foreground window Info: HWND = 0x00000000, DC = 0x4f01051d.

File behavior

Behavior description: 查找文件
details: FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-CN
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-Hans
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CHS
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CH

Registry behavior

Behavior description: 查询注册表_检测虚拟机相关
details: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MGJ
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MGJ.IC
EventName = MSCTF.SendReceiveConection.Event.MGJ.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 窗口信息
details: Pid = 2408, Hwnd=0x1f02fe, Text = 确定, ClassName = Button.
Pid = 2408, Hwnd=0xa03ac, Text = 您的系统非NT6以上版本,无法使用本激活!, ClassName = Static.
Pid = 2408, Hwnd=0x503b2, Text = Oem7, ClassName = #32770.
Pid = 2408, Hwnd=0x603c2, Text = 使用我的密钥和证书:, ClassName = TGroupBox.
Pid = 2408, Hwnd=0x12039e, Text = 导入我的证书, ClassName = TButton.
Pid = 2408, Hwnd=0xe0372, Text = 浏览文件..., ClassName = TButton.
Pid = 2408, Hwnd=0xb036a, Text = 导入我的密钥, ClassName = TButton.
Pid = 2408, Hwnd=0x1102aa, Text = 卸载, ClassName = TButton.
Pid = 2408, Hwnd=0xd0368, Text = 修复引导(可PE下), ClassName = TButton.
Pid = 2408, Hwnd=0xa03b0, Text = 引导文件设置:, ClassName = TGroupBox.
Pid = 2408, Hwnd=0x303d6, Text = 引导保护, ClassName = TCheckBox.
Pid = 2408, Hwnd=0x403ca, Text = B, ClassName = TComboBox.
Pid = 2408, Hwnd=0xc038a, Text = J, ClassName = TComboBox.
Pid = 2408, Hwnd=0xf034a, Text = N, ClassName = TComboBox.
Pid = 2408, Hwnd=0x16032e, Text = L, ClassName = TComboBox.
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
Behavior description: 枚举窗口
details: N/A
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x310106a2.
Foreground window Info: HWND = 0x00000000, DC = 0xdd010577.
Foreground window Info: HWND = 0x00000000, DC = 0x4f01051d.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [Oem7F7 By小马,TForm1]
Behavior description: 打开互斥体
details: ShimCacheMutex

Activities

cn.MainActivity android.intent.action.MAIN
cn.MainActivity cn.shortcut.base.f.MainActivity
cn.MainActivity android.intent.action.mainintentex
cn.MainActivity android.intent.category.DEFAULT

Startup mode

com.MyReceive 开机启动服务
com.MyReceive 网络连接改变时启动服务
com.MyReceive
com.MyReceive 屏幕解锁启动服务
com.MyReceive
com.MyReceive
com.MyReceive

Permission list

android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_COARSE_UPDATES
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口

Service list

com.MyService
com.WService

File List

AndroidManifest.xml
assets/ic_wc
assets/ospavkqksobhalsrnnkclkanwdqpwjsbx
assets/wc_g_logo
assets/wc_logo
res/drawable-xxhdpi-v4/ic_launcher.png
res/drawable-xxhdpi-v4/icon_setting.png
res/layout/activity_main.xml
resources.arsc
classes.dex
META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA