VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:f086d7dc0836e2f465ba60bfa882c31d
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:com.laosji2
Minimum operating environment:Android 2.2.x
copyright:Android

Key behavior

Behavior description: 直接获取CPU时钟
details: EAX = 0xf230a3c6, EDX = 0x000000b3
EAX = 0xf230a412, EDX = 0x000000b3
EAX = 0x07470e05, EDX = 0x000000b4
EAX = 0x07470e51, EDX = 0x000000b4
EAX = 0xb2ad5b05, EDX = 0x000000b4
EAX = 0xb5352a8e, EDX = 0x000000b4
EAX = 0xca4b9481, EDX = 0x000000b4
EAX = 0xca4b94cd, EDX = 0x000000b4

Process behavior

Behavior description: 创建本地线程
details: TargetProcess: %temp%\****.exe, InheritedFromPID = 2260, ProcessID = 2656, ThreadID = 2716, StartAddress = 792A741C, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2260, ProcessID = 2656, ThreadID = 2720, StartAddress = 791F59C0, Parameter = 001B0170
TargetProcess: %temp%\****.exe, InheritedFromPID = 2260, ProcessID = 2656, ThreadID = 2800, StartAddress = 77DC845A, Parameter = 00000000

File behavior

Behavior description: 查找文件
details: FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.INI

Other behavior

Behavior description: 检测自身是否被调试
details: IsDebuggerPresent
Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Behavior description: 创建事件对象
details: EventName = Global\CPFATE_2656_v4.0.30319
Behavior description: 打开互斥体
details: ShimCacheMutex
Behavior description: 打开事件
details: Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
Behavior description: 直接获取CPU时钟
details: EAX = 0xf230a3c6, EDX = 0x000000b3
EAX = 0xf230a412, EDX = 0x000000b3
EAX = 0x07470e05, EDX = 0x000000b4
EAX = 0x07470e51, EDX = 0x000000b4
EAX = 0xb2ad5b05, EDX = 0x000000b4
EAX = 0xb5352a8e, EDX = 0x000000b4
EAX = 0xca4b9481, EDX = 0x000000b4
EAX = 0xca4b94cd, EDX = 0x000000b4
Behavior description: 导入密钥
details: [CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x58D5F12B, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x5595E26A, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x56FB2409, DataLen: 148, Flags: 0x00000000

Activities

com.e4a.runtime.android.StartActivity android.intent.action.MAIN
com.e4a.runtime.android.StartActivity android.intent.category.DEFAULT
com.qihoo.util.StartActivity android.intent.action.MAIN
com.qihoo.util.StartActivity android.intent.category.LAUNCHER
com.e4a.runtime.android.mainActivity android.intent.action.MAIN
com.e4a.runtime.android.mainActivity android.intent.category.DEFAULT
com.tencent.tauth.AuthActivity android.intent.action.VIEW
com.tencent.tauth.AuthActivity android.intent.category.DEFAULT
com.tencent.tauth.AuthActivity android.intent.category.BROWSABLE
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity android.intent.action.VIEW
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity android.intent.category.DEFAULT
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity android.intent.category.BROWSABLE
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2 android.intent.action.VIEW
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2 android.intent.category.DEFAULT
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity2 android.intent.category.BROWSABLE
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4 android.intent.action.VIEW
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4 android.intent.category.DEFAULT
com.e4a.runtime.components.impl.android.Ok百度视频类库.VideoViewPlayingActivity4 android.intent.category.BROWSABLE

Dangerous function

getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令

Permission list

com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
ACCESS_WIFI_STATE
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.ACCESS_WIFI_STATE.android.permission.READ_PHONE_STATE
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS 访问额外的定位指令
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)

Service list

com.qihoo.util.UpdateService
com.qihoo.util.QhJobService
com.qihoo.util.CommonService
com.qihoo.util.CommonService2
com.qihoo.ls.SoService

name

com.qihoo.util.CommonProvider

File List

META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA
res/drawable/zidingyi_anniu_style2.xml
res/drawable/qcloud_player_icon_audio_vol.png
res/drawable-hdpi-v4/ic_zoom_out_btn_videoplayer.png
res/drawable-hdpi-v4/ic_retreat_media_disable.png
res/drawable-xhdpi-v4/ok_win10_45.png
res/drawable/ok_win10.xml
res/drawable/red_button_background.xml
res/drawable-xhdpi-v4/ok_win10_6.png
res/drawable/warning_circle.xml
res/anim/error_x_in.xml
res/drawable-xhdpi-v4/download_bookmark_toolbar_delete.png
res/drawable-hdpi-v4/ic_retreat_media.png
res/drawable-hdpi-v4/cyberplayer_play_media_disable.png
res/drawable-xhdpi-v4/ok_win10_29.png
res/drawable-hdpi-v4/warning_toast.xml
assets/assss.jpg
res/drawable-xhdpi-v4/ok_win10_27.png
res/layout/pull_to_refresh_header.xml
res/drawable-xhdpi-v4/yanse_baise.png
res/drawable-hdpi-v4/cyberplayer_take_snapshot_pressed.png
res/drawable-xhdpi-v4/ok_win10_28.png
res/drawable/pulltorefresh_arrow.png
res/drawable-xhdpi-v4/ok_win10_50.png
res/anim/error_frame_in.xml
res/drawable-hdpi-v4/cyberplayer_seekbar_background_normal.9.png
assets/cashier__tip_icon.png
res/drawable-xhdpi-v4/ok_win10_53.png
res/layout/error_toast_layout.xml
res/drawable-hdpi-v4/cyberplayer_take_snapshot.png
res/drawable-xhdpi-v4/ok_win10_39.png
res/drawable-xhdpi-v4/ok_win10_18.png
res/drawable-xhdpi-v4/ok_win10_52.png
res/drawable-hdpi-v4/cyberplayer_stop_media_disable.png
res/drawable-xhdpi-v4/ok_win10_23.png
res/drawable-xhdpi-v4/ok_win10_72.png
res/drawable-hdpi-v4/cyberplayer_listbtn_normal.png
res/drawable-xhdpi-v4/btn_style_alert_dialog_button_normal.9.png
res/drawable-xhdpi-v4/ok_win10_5.png
lib/armeabi/libcyberplayer.so
res/drawable-xhdpi-v4/ok_win10_56.png
res/drawable-xhdpi-v4/ok_win10_63.png
res/drawable-xhdpi-v4/yanse_baisu.png
res/drawable/dialog_background.xml
res/drawable-xhdpi-v4/ok_win10_11.png
res/drawable-xhdpi-v4/ok_win10_41.png
res/drawable/seekbar_define_style.xml
res/drawable-xhdpi-v4/btn_style_alert_dialog_cancel_normal.9.png
assets/44.jpg
res/drawable-xhdpi-v4/ok_win10_33.png
res/anim/success_mask_layout.xml
res/drawable-xhdpi-v4/ok_win10_68.png
res/drawable-hdpi-v4/ic_next_play_pressed.png
res/layout/default_toast_layout.xml
res/drawable-xhdpi-v4/ic_action_search.png
res/drawable/btn_style_alert_dialog_button.xml
res/drawable-xhdpi-v4/ok_win10_19.png
res/drawable-xhdpi-v4/ok_win10_24.png
res/drawable-xhdpi-v4/ok_win10_58.png
res/drawable-xhdpi-v4/ok_win10_60.png
res/drawable-xhdpi-v4/yanse_huhuise.png
res/drawable-hdpi-v4/cyberplayer_textbtn_background_blue.9.png
res/drawable-xhdpi-v4/ok_win10_57.png
res/drawable-xhdpi-v4/yanse_huise.png
res/drawable-xhdpi-v4/ok_win10_67.png
res/drawable/btn_style_alert_dialog_cancel.xml
res/drawable/error_circle.xml
res/drawable-hdpi-v4/cyberplayer_next_play.png
res/drawable-xhdpi-v4/ok_win10_20.png
res/drawable-xhdpi-v4/btn_style_alert_dialog_button_pressed.9.png
res/drawable/hou.png
res/drawable-xhdpi-v4/ok_win10_51.png
res/drawable-hdpi-v4/cyberplayer_play_media.png
res/drawable-hdpi-v4/ic_zoom_in_btn_videoplayer_disable.png
res/anim/dialog_scale_in.xml
res/drawable-xhdpi-v4/ok_win10_62.png
res/drawable-xhdpi-v4/ok_win10_1.png
res/drawable/next_btn_style.xml
res/drawable-xhdpi-v4/ok_win10_42.png
res/drawable-xhdpi-v4/ok_win10_66.png
res/drawable-hdpi-v4/cyberplayer_stop_media_pressed.png
res/anim/dialog_scale_out.xml
res/drawable-xhdpi-v4/ok_win10_9.png
res/drawable/pause_btn_style.xml
res/layout/alert_dialog.xml
res/drawable/gray_button_background.xml
res/drawable-xhdpi-v4/ok_win10_31.png
res/drawable/player_landscape_more_normal.png
res/drawable-hdpi-v4/cyberplayer_seekbar_background_sound_normal.9.png
res/drawable-xhdpi-v4/ok_win10_36.png
res/drawable/btn_style_alert_dialog_special.xml
res/drawable/qcloud_player_icon_brightness.png
res/drawable-hdpi-v4/error_toast.xml
res/drawable-xhdpi-v4/ok_win10_61.png
res/drawable-xhdpi-v4/mo_xia.png
res/drawable-xhdpi-v4/ok_win10_47.png
assets/libjiagu_ls.so
res/layout/controllerplayingok.xml
res/drawable/moren.png
res/drawable-hdpi-v4/cyberplayer_retreat_media.png
res/drawable-hdpi-v4/cyberplayer_seekbar_background.png
res/drawable-xhdpi-v4/ok_win10_64.png
res/drawable/qian.png
res/drawable-xhdpi-v4/bookmark_icon_folder.png
assets/timg.jpg
res/drawable-xhdpi-v4/ok_win10_35.png
res/drawable/caidian_lie_style.xml
res/drawable-hdpi-v4/ic_zoom_out_btn_videoplayer_disable.png
res/drawable-hdpi-v4/cyberplayer_next_play_pressed.png
res/drawable/blue_button_background.xml
res/drawable/ad_indicator_selected.png
res/drawable/error_center_x.xml
assets/.appkey
res/drawable-xhdpi-v4/ok_win10_26.png
res/drawable-hdpi-v4/ic_episode_titlebar_videoplayer.png
res/drawable-hdpi-v4/cyberplayer_next_play_disable.png
assets/6638.jpg
res/drawable-xhdpi-v4/ok_win10_46.png
res/drawable-xhdpi-v4/bookmark_expand_icon.png
res/drawable-hdpi-v4/info_toast.xml
res/drawable-hdpi-v4/cyberplayer_switch_subtitle_disable.png
res/drawable-xhdpi-v4/btn_style_alert_dialog_special_pressed.9.png
res/drawable-xhdpi-v4/ok_win10_2.png
res/drawable-xhdpi-v4/ok_win10_3.png
res/drawable-xhdpi-v4/menu_exit.png
res/drawable/vive_yuanxing.xml
res/drawable-hdpi-v4/cyberplayer_titlebar_return.png
res/drawable-hdpi-v4/cyberplayer_take_snapshot_disable.png
res/drawable-xhdpi-v4/bookmark_unexpand_icon.png
res/drawable-hdpi-v4/default_toast.xml
res/drawable-xhdpi-v4/ok_win10_75.png
assets/mav.png
res/layout/loading_dialog.xml
res/drawable-xhdpi-v4/ok_win10_25.png
res/drawable/anniu.xml
res/drawable-xhdpi-v4/ok_win10_38.png
res/drawable/success_circle.xml
assets/bg1.png
res/drawable-hdpi-v4/ic_play_media.png
res/drawable-hdpi-v4/cyberplayer_switch_subtitle.png
res/drawable-hdpi-v4/cyberplayer_seekbar_background_process.9.png
res/drawable/play_btn_style.xml
res/drawable-xhdpi-v4/ok_win10_12.png
res/drawable/emoticon_pager_select_normal.png
res/drawable-hdpi-v4/cyberplayer_subtitle_setting.png
assets/radar_bg.jpg
assets/leftanglearrow.png
res/drawable-hdpi-v4/cyberplayer_seekbar_ratio_white.png
res/drawable/zidingyi_anniu_style1.xml
assets/warning.png
res/drawable-xhdpi-v4/round_48px_1071539_easyicon.png
res/drawable-xhdpi-v4/download_toolbar_backward.png
res/drawable/bkg.9.png
res/drawable-xhdpi-v4/ok_win10_70.png
resources.arsc
AndroidManifest.xml
res/drawable/caidan_btn_style.xml
res/drawable-xhdpi-v4/ok_win10_37.png
res/layout/loadmore_footer.xml
lib/armeabi/libcyberplayer-core.so
res/drawable-xhdpi-v4/ok_win10_40.png
res/drawable-xhdpi-v4/ok_win10_65.png
res/drawable-hdpi-v4/ic_play_media_pressed.png
res/drawable/caidian_lies_style.xml
res/drawable-xhdpi-v4/ok_win10_10.png
res/drawable/pre_btn_style.xml
assets/libjiagu.so
res/layout/info_toast_layout.xml
res/drawable-xhdpi-v4/ok_win10_43.png
res/drawable-hdpi-v4/cyberplayer_subtitle_setting_pressed.png
res/drawable-xhdpi-v4/mo_shang.png
classes.dex
res/drawable/icon.png
res/drawable-xhdpi-v4/ok_win10_34.png
res/drawable-hdpi-v4/ic_zoom_out_btn_videoplayer_pressed.png
res/drawable-hdpi-v4/cyberplayer_stop_media.png
res/drawable-hdpi-v4/custom_img.jpg
res/drawable/fancircle_banner_cover.png
res/drawable-xhdpi-v4/ok_win10_14.png
res/drawable-xhdpi-v4/ok_win10_55.png
res/drawable/a4.png
res/drawable-xhdpi-v4/ok_win10_48.png
res/drawable-xhdpi-v4/ok_win10_71.png
res/drawable-hdpi-v4/ic_stop_media.png
res/drawable-hdpi-v4/cyberplayer_retreat_media_disable.png
res/drawable-xhdpi-v4/ok_win10_15.png
res/drawable-xhdpi-v4/ok_win10_17.png
res/drawable-hdpi-v4/cyberplayer_volumebar_background.9.png
res/drawable-xhdpi-v4/ok_win10_73.png
res/drawable-xhdpi-v4/ok_win10_59.png
res/layout/warning_toast_layout.xml
res/drawable-hdpi-v4/ic_stop_media_pressed.png
assets/bg.jpg
res/drawable-hdpi-v4/ic_retreat_media_pressed.png
assets/libjiagu_x86.so
res/drawable-xhdpi-v4/ok_win10_4.png
res/drawable-hdpi-v4/ic_play_media_disable.png
res/drawable/zidingyi_anniu_style.xml
assets/552dc05a206e9_32.png
res/drawable/warning_sigh.xml
res/drawable-xhdpi-v4/ok_win10_7.png
res/drawable/ound_easyicon.png
res/drawable-xhdpi-v4/ok_win10_74.png
res/drawable/e4alistview_new_message.png
res/drawable-hdpi-v4/cyberplayer_listbtn_pressed.png
res/drawable-hdpi-v4/success_toast.xml
assets/F9561DF2FAA538C29B2BE39CF69DF931.jpg
res/drawable-hdpi-v4/background_toast.xml
res/drawable-hdpi-v4/ic_episode_titlebar_videoplayer_disable.png
res/drawable-xhdpi-v4/ok_win10_32.png
res/drawable/seekbar_thumb.xml
res/layout/success_toast_layout.xml
assets/nav_header_bg.jpg
res/layout/canduanxiang.xml
res/drawable-hdpi-v4/cyberplayer_seekbar_ratio.png
res/drawable-xhdpi-v4/ok_win10_69.png
res/drawable-xhdpi-v4/ok_win10_16.png
res/drawable-hdpi-v4/ic_zoom_in_btn_videoplayer_pressed.png
res/drawable-xhdpi-v4/mo_zhong.png
res/drawable-hdpi-v4/ic_next_play.png
res/drawable-xhdpi-v4/btn_style_alert_dialog_special_normal.9.png
res/drawable-hdpi-v4/ic_episode_titlebar_videoplayer_pressed.png
res/drawable/player_landscape_more_press.png
res/drawable-hdpi-v4/cyberplayer_seekbar_normal.png
res/drawable-hdpi-v4/cyberplayer_subtitle_setting_disable.png
res/drawable-xhdpi-v4/ok_win10_22.png
res/drawable-xhdpi-v4/ok_win10_44.png
res/anim/success_bow_roate.xml
res/drawable-xhdpi-v4/ok_win10_8.png
res/drawable-hdpi-v4/cyberplayer_seekbar_cache.png
res/drawable-xhdpi-v4/ok_win10_54.png
res/drawable-hdpi-v4/cyberplayer_switch_subtitle_pressed.png
res/drawable-xhdpi-v4/ok_win10_30.png
res/drawable-hdpi-v4/ic_zoom_in_btn_videoplayer.png
res/drawable-hdpi-v4/cyberplayer_retreat_media_pressed.png
res/drawable/success_bow.xml
res/drawable-hdpi-v4/cyberplayer_seekbar_background_sound_process.9.png
res/drawable-hdpi-v4/cyberplayer_play_media_pressed.png
res/layout/controllerplayinging.xml
res/drawable-xhdpi-v4/ok_win10_13.png
res/drawable-xhdpi-v4/ok_win10_49.png
res/drawable-xhdpi-v4/ok_win10_21.png