VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:
Behavior list
Basic Information
MD5:f9e7d2b09b7d899eaf1ac58ddd3555b8
Package names:com.elsdoerfer.android.autostarts
Minimum operating environment:Android 3.0.x
copyright:Unknown
Key behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BF8C12
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x00BAB505
Index = 0x000000B5, Name: NtRaiseException, Instruction Address = 0x00BB6A2E
Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB5E44
Index = 0x000000A3, Name: NtQueryObject, Instruction Address = 0x00BB61CF
Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB6325
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BC2C9B
Behavior description:直接获取CPU时钟
details:EAX = 0xbe96157e, EDX = 0x000000b5
EAX = 0xc936e297, EDX = 0x000000b5
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2844, StartAddress = 00B51399, Parameter = 0019FBF0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2848, StartAddress = 00B51399, Parameter = 0019FC00
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2852, StartAddress = 00B51399, Parameter = 0019FC00
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2856, StartAddress = 00B51399, Parameter = 0019FBF0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3080, StartAddress = 00B51399, Parameter = 001A65C0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3196, StartAddress = 00B51399, Parameter = 001CEF78
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3228, StartAddress = 00B51399, Parameter = 001CABA8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3288, StartAddress = 00B51399, Parameter = 001CF888
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3348, StartAddress = 00B51399, Parameter = 001D1F58
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3352, StartAddress = 00B51399, Parameter = 001CA038
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\DNF.mdb
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\DNF.mdb ---> Offset = 0
Other behavior
Behavior description:直接调用系统关键API
details:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BF8C12
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x00BAB505
Index = 0x000000B5, Name: NtRaiseException, Instruction Address = 0x00BB6A2E
Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB5E44
Index = 0x000000A3, Name: NtQueryObject, Instruction Address = 0x00BB61CF
Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB6325
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BC2C9B
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IIK
MSCTF.Shared.MUTEX.MHM
Behavior description:创建事件对象
details:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IIK.IC
EventName = MSCTF.SendReceiveConection.Event.IIK.IC
EventName = MSCTF.SendReceive.Event.MHM.IC
EventName = MSCTF.SendReceiveConection.Event.MHM.IC
Behavior description:打开互斥体
details:ShimCacheMutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [SysHeader32,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:尝试打开调试器或监控软件的驱动设备对象
details:\??\NTICE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000012
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000012
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000013
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000013
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000014
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000014
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000015
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000015
Behavior description:窗口信息
details:Pid = 2692, Hwnd=0x104ac, Text = 物品查询结果框, ClassName = _EL_Label.
Pid = 2692, Hwnd=0x10478, Text = 当前版本:4.10终极版, ClassName = msctls_statusbar32.
Pid = 2692, Hwnd=0x1040c, Text = 鸣谢, ClassName = Button.
Pid = 2692, Hwnd=0x103aa, Text = D点余额, ClassName = _EL_Label.
Pid = 2692, Hwnd=0x104b2, Text = 在总物品数据库里(十万条数据)提供毫秒级搜索速度 输入关键词精确查找,无关键词加载整表, ClassName = _EL_Label.
Pid = 2692, Hwnd=0x104b0, Text = 发送情况, ClassName = _EL_Label.
Pid = 2692, Hwnd=0x104a0, Text = 时装邮件, ClassName = Button(RadioButton).
Pid = 2692, Hwnd=0x104a6, Text = 天, ClassName = _EL_Label.
Pid = 2692, Hwnd=0x104a2, Text = 使用时限, ClassName = _EL_Label.
Pid = 2692, Hwnd=0x1049c, Text = D点, ClassName = Button(RadioButton).
Pid = 2692, Hwnd=0x1049a, Text = 单独金币, ClassName = Button(RadioButton).
Pid = 2692, Hwnd=0x10498, Text = 宠物邮件, ClassName = Button(RadioButton).
Pid = 2692, Hwnd=0x10496, Text = 普通邮件, ClassName = Button(RadioButton).
Pid = 2692, Hwnd=0x10490, Text = 在线玩家充值, ClassName = Button.
Pid = 2692, Hwnd=0x1048e, Text = 非常感谢您的支持,GM工具的功能会越来越强大的!有什么BUG或建议请您及时反馈, ClassName = Edit.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
Behavior description:直接获取CPU时钟
details:EAX = 0xbe96157e, EDX = 0x000000b5
EAX = 0xc936e297, EDX = 0x000000b5
Activities
Activity nameTypes of
.ListActivityandroid.intent.action.MAIN
.ListActivityandroid.intent.category.LAUNCHER
Dangerous function
Function nameinformation
getRuntime获取命令行环境
java/lang/Runtime;->exec执行字符串命令
Permission list
License nameinformation
android.permission.WRITE_SETTINGS读写系统设置项
android.permission.WRITE_SECURE_SETTINGS读写系统敏感设置
android.permission.CHANGE_COMPONENT_ENABLED_STATE变更组件状态
android.permission.ACCESS_SUPERUSER
Service list
name
com.elsdoerfer.android.autostarts.ToggleService
File List
file name Check code
AndroidManifest.xml 0xb0ee8c91
res/drawable-hdpi-v4/ic_action_action_help.png 0x71d9c72d
res/drawable-hdpi-v4/ic_action_action_info.png 0x12c73d10
res/drawable-hdpi-v4/ic_action_action_search.png 0xa223395b
res/drawable-hdpi-v4/ic_action_action_view_column.png 0xa0217fdf
res/drawable-hdpi-v4/ic_action_action_view_list.png 0xef99f422
res/drawable-hdpi-v4/ic_action_image_remove_red_eye.png 0x9b64003a
res/drawable-hdpi-v4/ic_action_navigation_expand_less.png 0x7f0fe161
res/drawable-hdpi-v4/ic_action_navigation_expand_more.png 0x9c163398
res/drawable-hdpi-v4/ic_action_navigation_refresh.png 0xd8887b3f
res/drawable-hdpi-v4/ic_collapse_expand.png 0x640d6457
res/drawable-hdpi-v4/ic_dialog_alert.png 0x6af2f3cc
res/drawable-hdpi-v4/ic_dialog_info.png 0x8094e82b
res/drawable-hdpi-v4/ic_dialog_info_btn_normal.png 0x62100914
res/drawable-hdpi-v4/ic_dialog_info_btn_pressed.png 0x98f550d5
res/drawable-hdpi-v4/ic_menu_help.png 0x9c385d1e
res/drawable-hdpi-v4/ic_menu_refresh.png 0x65ad3899
res/drawable-hdpi-v4/ic_menu_view.png 0x9c329a2b
res/drawable-hdpi-v4/ic_menu_windows.png 0xe4a16889
res/drawable-hdpi-v4/icon.png 0xb7554329
res/drawable-mdpi-v4/ic_action_action_help.png 0xa144b5ba
res/drawable-mdpi-v4/ic_action_action_info.png 0x47aaf82f
res/drawable-mdpi-v4/ic_action_action_search.png 0x97e4fb0e
res/drawable-mdpi-v4/ic_action_action_view_column.png 0xc9e8da8f
res/drawable-mdpi-v4/ic_action_action_view_list.png 0xbd1a86eb
res/drawable-mdpi-v4/ic_action_image_remove_red_eye.png 0xba9296fb
res/drawable-mdpi-v4/ic_action_navigation_expand_less.png 0xdf0c815e
res/drawable-mdpi-v4/ic_action_navigation_expand_more.png 0x92bbe5da
res/drawable-mdpi-v4/ic_action_navigation_refresh.png 0x74fd541e
res/drawable-mdpi-v4/icon.png 0xf0801d50
res/drawable-xhdpi-v4/ic_action_action_help.png 0x5398b36f
res/drawable-xhdpi-v4/ic_action_action_info.png 0x88b0e255
res/drawable-xhdpi-v4/ic_action_action_search.png 0xb4fb05d6
res/drawable-xhdpi-v4/ic_action_action_view_column.png 0x8b1856f0
res/drawable-xhdpi-v4/ic_action_action_view_list.png 0xe17ab9dc
res/drawable-xhdpi-v4/ic_action_image_remove_red_eye.png 0x7aeb7074
res/drawable-xhdpi-v4/ic_action_navigation_expand_less.png 0x264353c1
res/drawable-xhdpi-v4/ic_action_navigation_expand_more.png 0xad23221d
res/drawable-xhdpi-v4/ic_action_navigation_refresh.png 0x391f0a9
res/drawable-xhdpi-v4/icon.png 0x6d37a94d
res/drawable-xxhdpi-v4/ic_action_action_help.png 0x8ac37aa5
res/drawable-xxhdpi-v4/ic_action_action_info.png 0x69de03d
res/drawable-xxhdpi-v4/ic_action_action_search.png 0x9d888d4f
res/drawable-xxhdpi-v4/ic_action_action_view_column.png 0xee7ffd72
res/drawable-xxhdpi-v4/ic_action_action_view_list.png 0xbb1c08c
res/drawable-xxhdpi-v4/ic_action_image_remove_red_eye.png 0xdf179eff
res/drawable-xxhdpi-v4/ic_action_navigation_expand_less.png 0x4604c6b9
res/drawable-xxhdpi-v4/ic_action_navigation_expand_more.png 0xd5e05303
res/drawable-xxhdpi-v4/ic_action_navigation_refresh.png 0x712f4670
res/drawable-xxhdpi-v4/icon.png 0xf7aff73
res/drawable/ic_dialog_alert.png 0xea43276c
res/drawable/ic_dialog_info_btn.xml 0x8c5ab4cb
res/layout/by_act_child_row.xml 0xd865229f
res/layout/by_act_group_row.xml 0x3e400ec5
res/layout/by_pkg_child_row.xml 0xf456b741
res/layout/by_pkg_group_row.xml 0x5ad9178a
res/layout/detail_toast.xml 0x9a244ed7
res/layout/help.xml 0x8994b1df
res/layout/list.xml 0x3fc08279
res/layout/receiver_info_panel.xml 0xcca4fa7c
res/menu/actionbar.xml 0x2707a6a0
resources.arsc 0xd76b4b7a
classes.dex 0xda8c50f5
META-INF/MANIFEST.MF 0x63aa74a3
META-INF/CERT.SF 0x1aa42e7f
META-INF/CERT.RSA 0x21e5f454
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号