VirSCAN VirSCAN

1, 您可以上傳任何檔案,但是檔案大小不能超過20MB。
2, 我們支援RAR或ZIP壓縮檔案格式的自動解壓縮,但壓縮檔案中不能夾帶超過20個檔案。
3, 我們可以辨識並檢測密碼為 'infected' 或 'virus' 的壓縮檔案。

選擇語言
伺服器負載程度
Server Load

文件信息
安全評分:
行為列表
基本信息
MD5:101b2e80384997aa68dc89a36321008a
包名:com.Wddffgfhhvbh.sereuri
最低運行環境:Android 2.2.x
版權:Android
進程行為
行為描述:创建本地线程
詳細信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2344, ThreadID = 2428, StartAddress = 4AEA7456, Parameter = 00000000
文件行為
行為描述:创建文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\Libpdf.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\license.dat
行為描述:删除文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\Libpdf.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\license.dat
行為描述:覆盖已有文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行為描述:创建可执行文件
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\spec.fne
C:\Documents and Settings\Administrator\Local Settings\%temp%\Libpdf.exe
行為描述:修改文件内容
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\spec.fne ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\Libpdf.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\license.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ---> Offset = 0
其他行為
行為描述:创建互斥体
詳細信息:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.MCJ
行為描述:创建事件对象
詳細信息:EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MCJ.IC
EventName = MSCTF.SendReceiveConection.Event.MCJ.IC
行為描述:查找指定窗口
詳細信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行為描述:打开事件
詳細信息:HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行為描述:窗口信息
詳細信息:Pid = 2344, Hwnd=0xb032a, Text = Remove Pdf Password, ClassName = Remove Pdf Password.
行為描述:可执行文件签名信息
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\spec.fne(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\Libpdf.exe(签名验证: 未通过)
行為描述:可执行文件MD5
詳細信息:C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\krnln.fnr ---> 27624b70558e32a98698fda958cdee8d
C:\Documents and Settings\Administrator\Local Settings\Temp\E_N50005\spec.fne ---> bd6eef5ea9a52a412a8f57490d8bd8e4
C:\Documents and Settings\Administrator\Local Settings\%temp%\Libpdf.exe ---> 88d3b83ca1b4de77dc9a2340b9931432
行為描述:打开互斥体
詳細信息:ShimCacheMutex
行為描述:加载新释放的文件
詳細信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N50005\krnln.fnr.
Activities
活動名類型
com.phone2.stop.activity.MainActivityandroid.intent.action.MAIN
com.phone2.stop.activity.MainActivityandroid.intent.category.LAUNCHER
com.phone2.stop.activity.DeleteActivityandroid.intent.action.DELETE
com.phone2.stop.activity.DeleteActivityandroid.intent.category.DEFAULT
com.phone2.stop.activity.DefaultSmsActivityandroid.intent.action.SEND
com.phone2.stop.activity.DefaultSmsActivityandroid.intent.action.SENDTO
com.phone2.stop.activity.DefaultSmsActivityandroid.intent.category.DEFAULT
com.phone2.stop.activity.DefaultSmsActivityandroid.intent.category.BROWSABLE
危險函數
函數名稱信息
ContentResolver;->delete删除短信、联系人
ContentResolver;->query读取联系人、短信等数据库
TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
SmsManager;->sendTextMessage发送普通短信
java/net/URL;->openConnection连接URL
啟動方式
名稱信息
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver网络连接改变时启动服务
com.phone.stop.receiver.BootReceiver应用安装时启动服务
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver
com.phone.stop.receiver.BootReceiver开机启动服务
com.phone.stop.receiver.SMSReceiver监控短信(收到短信)启动服务
com.phone.stop.receiver.SMSReceiver
com.phone.stop.receiver.MyDeviceAdminReceiver
權限列表
許可名稱信息
android.permission.RECEIVE_WAP_PUSH接收wap push信息
android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.RECEIVE_USER_PRESENT
android.permission.READ_CONTACTS读取联系人信息
android.permission.INTERNET连接网络(2G或3G)
android.permission.READ_PHONE_STATE读取电话状态
android.permission.READ_SMS读取短信
android.permission.WRITE_SETTINGS读写系统设置项
android.permission.GET_TASKS获取有关当前或最近运行的任务信息
android.permission.WRITE_SMS写短信
android.permission.SEND_SMS发送短信
android.permission.VIBRATE允许设备震动
android.permission.RECEIVE_SMS监控接收短信
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE读取wifi网络状态
服務列表
名稱
com.phone.stop6.service.SecondService
com.phone.stop6.service.BootService
com.phone.stop6.service.SmsService
文件列表
文件名 校驗碼
META-INF/MANIFEST.MF 0x7630136b
META-INF/CERT.SF 0x785fa605
META-INF/CERT.RSA 0x86d0cf69
com/sun/mail/dsn/mailcap 0x7605dc17
org/apache/harmony/awt/internal/nls/messages.properties 0x5f88eb12
javamail.smtp.provider 0x990c469d
javamail.default.address.map 0xf20496b
javamail.imap.provider 0x8934555a
res/drawable-hdpi/app_logo.png 0x9e723428
resources.arsc 0xc93c53e7
javamail.default.providers 0x45ea1b21
mailcap.default 0x6f616b6
javamail.charset.map 0xad0dfcee
AndroidManifest.xml 0xb1019811
javamail.smtp.address.map 0xf20496b
res/drawable-hdpi/ap1p_logo.png 0x593366b5
mailcap 0xd7759e43
mimetypes.default 0x97dd5cdb
res/xml/devicepolicymanager_permission.xml 0x8ca390c6
classes.dex 0x3ab836e9
res/layout/activity_aa.xml 0x4e03dfe8
res/layout/activity_main.xml 0x4565c59e
res/drawable-hdpi/icon.png 0xac8b5a00
javamail.pop3.provider 0xa23c9bc
dsn.mf 0x1e4e9355
res/drawable-hdpi/app2_logo.png 0xa346342c
運行截圖
VirSCAN

關於VirSCAN | 隱私權政策 | 聯繫 VirSCAN | 友情鏈接 | 幫助VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号