VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:ffd2b50d2f145224b728181d45312de4
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:com.tv1024
Minimum operating environment:Android 4.1, 4.1.1
copyright:Android

Key behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..MHFHH
MSCTF.MarshalInterface.FileMap.AEF.B.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.C.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.D.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.E.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.F.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.G.MHFHH
MSCTF.Shared.SFM.AEF
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,CoreForms20.Label]
[Window,Class] = [,CoreForms20.Control]
[Window,Class] = [Settings,CoreForms20.Button]
[Window,Class] = [Save Log,CoreForms20.Label]
Behavior description: 设置线程上下文
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445710455.067360.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445710455.074382.exe
Behavior description: 按名称获取主机地址
details: wpad.
219.133.40.1
files.surfright.nl

Process behavior

Behavior description: 设置线程上下文
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445710455.067360.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1445710455.074382.exe
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 写权限映射文件
details: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.AEF..MHFHH
MSCTF.MarshalInterface.FileMap.AEF.B.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.C.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.D.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.E.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.F.MHFHH
MSCTF.MarshalInterface.FileMap.AEF.G.MHFHH
MSCTF.Shared.SFM.AEF
Behavior description: 查找文件
details: FileName = C:\Documents and Settings\All Users\Application Data\HitmanPro\Customize.bin
FileName = C:\Documents and Settings\All Users\Application Data\HitmanPro\Quarantine\quarantine.xml
FileName = C:\Documents and Settings\All Users\Application Data\HitmanPro\HitmanPro.lic

Network behavior

Behavior description: 发送一个已连接的套接字数据
details: SOCKET = 0x00000614, TotalSize = 83, Offset = 0, ReadSize = 83.
SOCKET = 0x000005ec, TotalSize = 1, Offset = 0, ReadSize = 1.
Behavior description: 建立到一个指定的套接字连接
details: 110.110.110.110:80
127.0.0.1:1032
127.0.0.1:1033
127.0.0.1:1034
127.0.0.1:1035
127.0.0.1:1036
127.0.0.1:1038
Behavior description: 按名称获取主机地址
details: wpad.
219.133.40.1
files.surfright.nl

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\MACHINE\SOFTWARE\HitmanPro\UID
\REGISTRY\MACHINE\SOFTWARE\HitmanPro\EULA36
Behavior description: 删除注册表键值
details: \REGISTRY\MACHINE\SOFTWARE\HitmanPro\BannerID
\REGISTRY\MACHINE\SOFTWARE\HitmanPro\BannerURL

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.AEF
Behavior description: 内联HOOK
details: C:\WINDOWS\system32\WS2_32.dll--->GetAddrInfoW Offset = 0x0
C:\WINDOWS\system32\kernel32.dll--->LoadLibraryW Offset = 0x0
Behavior description: 样本控制台输出内容
details: N/A
Behavior description: 窗口信息
details: Pid = 1476, Hwnd=0x202a6, Text = Next , ClassName = CoreForms20.Button.
Pid = 1476, Hwnd=0x202a8, Text = Close, ClassName = CoreForms20.Button.
Pid = 1476, Hwnd=0x202cc, Text = Buy Now, ClassName = CoreForms20.Button.
Pid = 1476, Hwnd=0x202b4, Text = Settings, ClassName = CoreForms20.Button.
Pid = 1476, Hwnd=0x302bc, Text = Save Log, ClassName = CoreForms20.Label.
Pid = 1476, Hwnd=0x202c8, Text = Automatic update, ClassName = CoreForms20.Label.
Pid = 1476, Hwnd=0x202c6, Text = Failed to see whether a new version is available., ClassName = CoreForms20.Label.
Pid = 1476, Hwnd=0x202a2, Text = HitmanPro 3.7.7 - Build 205, ClassName = CoreForms20.Control.
Pid = 1476, Hwnd=0x202a6, Text = Next, ClassName = CoreForms20.Button.
Pid = 1476, Hwnd=0x702c0, Text = End user license agreement, ClassName = CoreForms20.Label.
Pid = 1476, Hwnd=0x502ce, Text = You must accept the end user license agreement in order to run this program., ClassName = CoreForms20.Label.
Pid = 1476, Hwnd=0x302b6, Text = I accept the terms of the license agreement, ClassName = CoreForms20.Button.
Pid = 1476, Hwnd=0x202d0, Text = SURFRIGHT SOFTWARE LICENSE TERMS 1.1 HitmanPro These license terms are an agreement between SurfRight B.V. (or based on where y, ClassName = CoreForms20.RichTextBox.
Pid = 1476, Hwnd=0x160142, Text = Setup, ClassName = CoreForms20.Label.
Pid = 1476, Hwnd=0x3015a, Text = Would you like to store a copy of the HitmanPro program file on this computer?, ClassName = CoreForms20.Label.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,CoreForms20.Label]
[Window,Class] = [,CoreForms20.Control]
[Window,Class] = [Settings,CoreForms20.Button]
[Window,Class] = [Save Log,CoreForms20.Label]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]

Dynamic list behavior

Behavior description: 窗口信息
details: {"text": "系统", "class": "android.widget.TextView"}
{"text": "网路未连接", "class": "android.widget.TextView"}
{"text": "确认", "class": "android.widget.Button"}
Behavior description: 添加View
details: [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41551d08', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#1820002 pfl=0x8 fmt=-2 wanim=0x1030290}', u'android.view.CompatibilityInfoHolder@414af8a0']
[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414ee028', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810100 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414af8a0']
[u'com.android.internal.policy.impl.PhoneWindow$DecorView@41c52a98', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#1820002 pfl=0x8 fmt=-2 wanim=0x1030290}', u'android.view.CompatibilityInfoHolder@414af8a0']
Behavior description: 获取网络状态信息[*]
details: NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
Behavior description: 写入文件
details: path:/data/data/com.tv1024/shared_prefs/firm.xml length:135

Activities

com.uicity.activity.MainActivity android.intent.action.MAIN
com.uicity.activity.MainActivity android.intent.category.LAUNCHER

Dangerous function

android/app/NotificationManager;->notify 信息通知栏
ContentResolver;->query 读取联系人、短信等数据库
java/net/URL;->openConnection 连接URL
java/net/HttpURLConnection;->connect 连接URL
HttpClient;->execute 请求远程服务器
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令

Permission list

android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.STORAGE
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
com.google.android.c2dm.permission.RECEIVE
android.permission.INTERNET 连接网络(2G或3G)
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.VIBRATE 允许设备震动

File List

res/layout/activity_main.xml
AndroidManifest.xml
resources.arsc
res/drawable-hdpi/android_12bg.png
res/drawable-hdpi/android_13bg.png
res/drawable-hdpi/android_bar.png
res/drawable-hdpi/android_bg01.jpg
res/drawable-hdpi/android_bg02.jpg
res/drawable-hdpi/android_bg02_1.jpg
res/drawable-hdpi/android_bg02_15.jpg
res/drawable-hdpi/android_bg02_18.jpg
res/drawable-hdpi/android_bg03_s.png
res/drawable-hdpi/android_bg04.png
res/drawable-hdpi/android_bg05.png
res/drawable-hdpi/android_bg06.png
res/drawable-hdpi/android_bg07.png
res/drawable-hdpi/android_bg08_s.png
res/drawable-hdpi/android_bg09_s.png
res/drawable-hdpi/android_bg10.png
res/drawable-hdpi/android_bg11.png
res/drawable-hdpi/android_bg11_s.png
res/drawable-hdpi/android_bg12.png
res/drawable-hdpi/android_bg12_s.png
res/drawable-hdpi/android_button01.png
res/drawable-hdpi/android_button01_press.png
res/drawable-hdpi/android_button02.png
res/drawable-hdpi/android_button02_press.png
res/drawable-hdpi/android_button03.png
res/drawable-hdpi/android_button03_prerss.png
res/drawable-hdpi/android_button04.png
res/drawable-hdpi/android_button04_prerss.png
res/drawable-hdpi/android_button05.png
res/drawable-hdpi/android_button05_prerss.png
res/drawable-hdpi/android_button06.png
res/drawable-hdpi/android_button06_prerss.png
res/drawable-hdpi/android_button07.png
res/drawable-hdpi/android_button07_press.png
res/drawable-hdpi/android_button08.png
res/drawable-hdpi/android_button08_press.png
res/drawable-hdpi/android_button09.png
res/drawable-hdpi/android_button09_press.png
res/drawable-hdpi/android_button10.png
res/drawable-hdpi/android_button10_off.png
res/drawable-hdpi/android_button10_on.png
res/drawable-hdpi/android_button10_press.png
res/drawable-hdpi/android_button15.png
res/drawable-hdpi/android_button16.png
res/drawable-hdpi/android_button16_press.png
res/drawable-hdpi/android_button17.png
res/drawable-hdpi/android_button17_press.png
res/drawable-hdpi/android_button18.png
res/drawable-hdpi/android_button18_press.png
res/drawable-hdpi/android_button_home.jpg
res/drawable-hdpi/android_button_home_press.jpg
res/drawable-hdpi/android_cell01.png
res/drawable-hdpi/android_cell02.png
res/drawable-hdpi/android_cell03.png
res/drawable-hdpi/android_cell04.png
res/drawable-hdpi/android_cell05.png
res/drawable-hdpi/android_cell06.png
res/drawable-hdpi/android_cell08_1.png
res/drawable-hdpi/android_cell08_2.png
res/drawable-hdpi/android_cell08_3.png
res/drawable-hdpi/android_cell09_1.png
res/drawable-hdpi/android_cell09_2.png
res/drawable-hdpi/android_cell09_3.png
res/drawable-hdpi/android_channel.jpg
res/drawable-hdpi/android_channel_press.jpg
res/drawable-hdpi/android_check_box.png
res/drawable-hdpi/android_check_box2.png
res/drawable-hdpi/android_check_box2_ok.png
res/drawable-hdpi/android_check_box_ok.png
res/drawable-hdpi/android_favorite.png
res/drawable-hdpi/android_favorite_press.png
res/drawable-hdpi/android_icon01.png
res/drawable-hdpi/android_icon02.png
res/drawable-hdpi/android_icon02_press.png
res/drawable-hdpi/android_icon03.png
res/drawable-hdpi/android_icon03_press.png
res/drawable-hdpi/android_icon04.png
res/drawable-hdpi/android_icon04_press.png
res/drawable-hdpi/android_icon05.png
res/drawable-hdpi/android_icon05_press.png
res/drawable-hdpi/android_icon06.png
res/drawable-hdpi/android_icon06_press.png
res/drawable-hdpi/android_icon07.png
res/drawable-hdpi/android_icon07_press.png
res/drawable-hdpi/android_icon08.png
res/drawable-hdpi/android_icon08_press.png
res/drawable-hdpi/android_icon09.png
res/drawable-hdpi/android_icon10.png
res/drawable-hdpi/android_icon11.png
res/drawable-hdpi/android_icon_press.png
res/drawable-hdpi/android_logo.png
res/drawable-hdpi/android_menubutton.png
res/drawable-hdpi/android_menubutton_press.png
res/drawable-hdpi/android_menuicon13.png
res/drawable-hdpi/android_play_button.png
res/drawable-hdpi/android_searchbar.jpg
res/drawable-hdpi/android_vedio_bg.jpg
res/drawable-hdpi/bg_5341_andriod_tabbar.jpg
res/drawable-hdpi/bg_5341_angriod_navigationbar.jpg
res/drawable-hdpi/game_05.png
res/drawable-hdpi/game_icon.png
res/drawable-hdpi/ic_launcher.png
res/drawable-hdpi/icon_512x512r.png
res/drawable-hdpi/playicon.png
res/drawable-hdpi/search_bg_input.png
res/drawable-mdpi/ic_launcher.png
res/drawable-xhdpi/ic_launcher.png
res/drawable-xxhdpi/ic_launcher.png
classes.dex
META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA