VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :com.willme.topactivity-10.apk (File not down)
File Size :37757 byte
File Type :application/jar
MD5:bff8352f8cce7f9ebe98ef25940dd076
SHA1:3ab5edc7bcbb12d41739f7b760d82af48924fbaf
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2016-08-16 20:27:26 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 60
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 10
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
    clamav 19861 0.97.5 2014-12-31 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
    gdata 25.7888 25.7888 2016-08-14 Found nothing 10
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 56
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2013-09-22 Found nothing 6
    mcafee 7638 5400.1158 2014-11-30 Found nothing 60
    nod32 0920 3.0.21 2014-12-23 Found nothing 60
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 60
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
  • 文件信息
    安全评分 :
    基本信息
    MD5:bff8352f8cce7f9ebe98ef25940dd076
    包名:com.willme.topactivity
    最低运行环境:Android 2.2.x
    版权:
    关键行为
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x000d035e, Text = U盘杀毒专家, ClassName = TMainForm.
    行为描述:检测自身是否被调试
    详情信息:N/A
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: USBKiller.exe, InheritedFromPID = 1944, ProcessID = 3808, ThreadID = 3828, StartAddress = 77DC845A, Parameter = 00000000
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.mdb
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.ndb
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.mfp
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 16
    C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 32
    C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 48
    C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 64
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 16
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 32
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 48
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 64
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 16
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 32
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 48
    C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 64
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Lang\CHINESE_SIMPLIFIED.ini
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\KERNEL.DLL
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\DEF001.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\DEF002.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL001.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL002.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL003.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL004.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL005.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL006.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL007.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL008.BIN
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL009.BIN
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\All Users
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\SystemSafe\MainPath
    \REGISTRY\USER\S-*\Software\SystemSafe\Handle
    \REGISTRY\MACHINE\SOFTWARE\SystemSafe\MainPath
    \REGISTRY\MACHINE\SOFTWARE\SystemSafe\Handle
    其他行为
    行为描述:检测自身是否被调试
    详情信息:N/A
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MutexNPA_UnitVersioning_3808
    SystemSafer
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.EOO
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,TWScrollbar]
    [Window,Class] = [,ComboLBox]
    [Window,Class] = [U盘杀毒专家,TMainForm]
    行为描述:窗口信息
    详情信息:Pid = 3808, Hwnd=0x10408, Text = 网络设置, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0x603a4, Text = 进程管理, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0x4038c, Text = 报告病毒, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0x100354, Text = 关于, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0x1702b6, Text = U盘工具, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0x160324, Text = 修复系统, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0xc03a8, Text = 扫描病毒, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0x1302b8, Text = 免疫U盘病毒, ClassName = TActiveRadioButton.
    Pid = 3808, Hwnd=0x10404, Text = ToolBar1, ClassName = TToolBar.
    Pid = 3808, Hwnd=0x10034c, Text = 手动扫描, ClassName = TTabSheet.
    Pid = 3808, Hwnd=0x7038e, Text = 开始扫描, ClassName = TButton.
    Pid = 3808, Hwnd=0x110342, Text = 移动存储, ClassName = TCheckBox.
    Pid = 3808, Hwnd=0xb0398, Text = 本地硬盘, ClassName = TCheckBox.
    Pid = 3808, Hwnd=0xe039e, Text = 内存, ClassName = TCheckBox.
    Pid = 3808, Hwnd=0x103ea, Text = 关于, ClassName = TTabSheet.
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
    CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
    MSCTF.SendReceiveConection.Event.ELH.IC
    MSCTF.SendReceive.Event.ELH.IC
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x000d035e, Text = U盘杀毒专家, ClassName = TMainForm.
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:创建事件对象
    详情信息:EventName = MSCTF.SendReceive.Event.EOO.IC
    EventName = MSCTF.SendReceiveConection.Event.EOO.IC
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Activities
    活动名类型
    com.willme.topactivity.MainActivityandroid.intent.action.MAIN
    com.willme.topactivity.MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    启动方式
    名称信息
    com.willme.topactivity.NotificationActionReceiver
    权限列表
    许可名称信息
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    服务列表
    名称
    com.willme.topactivity.WatchingService
    com.willme.topactivity.WatchingAccessibilityService
    com.willme.topactivity.QuickSettingTileService
    文件列表
    文件名 校验码
    AndroidManifest.xml 0x223a5f1a
    res/drawable-hdpi-v4/ic_launcher.png 0xb67ec1e1
    res/drawable-mdpi-v4/ic_launcher.png 0x4de3902d
    res/drawable-xhdpi-v4/ic_launcher.png 0xb7a05f14
    res/drawable-xhdpi-v4/ic_noti_action_pause.png 0x8781b07e
    res/drawable-xhdpi-v4/ic_noti_action_resume.png 0x41ac4f9c
    res/drawable-xhdpi-v4/ic_noti_action_stop.png 0xab844c58
    res/drawable-xhdpi-v4/ic_notification.png 0x37a17622
    res/drawable-xxhdpi-v4/ic_launcher.png 0x19416cec
    res/layout-v14/activity_main.xml 0x6462d35d
    res/layout/activity_main.xml 0x12727160
    res/layout/window_tasks.xml 0x8a6b7582
    res/xml-v14/accessibility.xml 0x99255b7
    resources.arsc 0x1b05eb75
    classes.dex 0x524f6067
    META-INF/MANIFEST.MF 0xe879856f
    META-INF/CERT.SF 0xe2f1abb9
    META-INF/CERT.RSA 0x520849b4
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号