VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : 吖吖云.apk (File not down)
File Size :12452315 byte
File Type :application/jar
MD5:1e51d4b3224abc12947744d0d7222c3b
SHA1:5fb8e233fc7111618671c27a7793789eea781bf4
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!        Behavior
    Time: 2017-09-04 15:47:01 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 6
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14366 10.0.1405 2017-08-23 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2017-03-22 Found nothing 2
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23759 0.97.5 2017-09-03 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 1.000, 51.409, 51.320, 51.290 5.4.247 2017-09-04 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14063 25.14063 2017-09-03 Found nothing 15
    ikarus 1.06.01 V1.32.31.0 2017-09-03 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-01 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-03 Found nothing 6
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6018 3.0.21 2017-09-02 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-03 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 9
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-01 Found nothing 4
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 7
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2017-08-28 Found nothing 4
    tws 17.47.17308 1.0.2.2108 2017-09-04 Found nothing 22
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-01 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 没有相关的权限信息

  • 文件信息
    安全评分 :75
    基本信息
    MD5:1e51d4b3224abc12947744d0d7222c3b
    包名:
    最低运行环境:
    版权:
    关键行为
    行为描述:打开注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2760, StartAddress = 77E56C7D, Parameter = 001A6658
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2772, StartAddress = 769AE43B, Parameter = 001A8F20
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2776, StartAddress = 77E56C7D, Parameter = 001AA5E0
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2856, StartAddress = 326138F8, Parameter = 02C53420
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2884, StartAddress = 3BE7617C, Parameter = 00000000
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2912, StartAddress = 3264B7DB, Parameter = 00000000
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 3172, StartAddress = 314AB3EA, Parameter = 320FDEB0
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 3344, StartAddress = 314AB3EA, Parameter = 320FDEB0
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{9F4A49BD-A2F7-463C-AEC4-EE92E7CD1429}.tmp
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\~$g4llg3.docx
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{D80AE14F-53EB-4712-ACC6-C6A054439188}.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{09F0D5F4-82EF-4D13-A2D0-3F3AEE3230C7}.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{E72B0E09-70F9-4FCD-ADCF-E58E81C46B43}.tmp
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\3vg4llg3.docx.LNK
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\%temp%\****.exe_7zdump.LNK
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\E9AEBC8F.jpeg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{C9572AE3-01B0-4619-AA43-FFBE3FA82838}.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\E6F78D44.jpeg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\287F4475.png
    C:\Documents and Settings\Administrator\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\732A17F2.jpeg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\F54FA34B.jpeg
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\E9AEBC8F.jpeg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\E6F78D44.jpeg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\287F4475.png
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\732A17F2.jpeg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\F54FA34B.jpeg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\226E2CD0.png
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\5C32691.jpeg
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm ---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm ---> Offset = 54
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{9F4A49BD-A2F7-463C-AEC4-EE92E7CD1429}.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\~$g4llg3.docx ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\~$g4llg3.docx ---> Offset = 54
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{09F0D5F4-82EF-4D13-A2D0-3F3AEE3230C7}.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{E72B0E09-70F9-4FCD-ADCF-E58E81C46B43}.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{E72B0E09-70F9-4FCD-ADCF-E58E81C46B43}.tmp ---> Offset = 32256
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{E72B0E09-70F9-4FCD-ADCF-E58E81C46B43}.tmp ---> Offset = 40448
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{E72B0E09-70F9-4FCD-ADCF-E58E81C46B43}.tmp ---> Offset = 39936
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\3vg4llg3.docx.LNK ---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat ---> Offset = 28
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\%temp%\****.exe_7zdump.LNK ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\E9AEBC8F.jpeg ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.MSO\E9AEBC8F.jpeg ---> Offset = 4096
    行为描述:查找文件
    详情信息:FileName = C:\Program Files
    FileName = C:\Program Files\Microsoft Office 2007
    FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
    FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
    FileName = C:\Program Files\Microsoft Office 2007\Office12\Normal.dotm
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\桌面
    FileName = C:\Documents and Settings\Administrator\Application Data
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates
    FileName = C:\Documents and Settings\Administrator\My Documents
    FileName = C:\Documents and Settings\All Users
    FileName = C:\Documents and Settings\All Users\Documents
    行为描述:复制文件
    详情信息:C:\Program Files\Microsoft Office 2007\Office12\OPA12.BAK ---> C:\Program Files\Microsoft Office 2007\Office12\opa12.dat
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\ao-
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\ProductFiles
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\2052
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\LanguageResources\EnabledLanguages\1033
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109030000000000000000F01FEC\Usage\WORDFiles
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\MTTT
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\qy-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\n|-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\e~-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\3~-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\<-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\*`-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\x`-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Common\ReviewCycle\ReviewToken
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\qy-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\n|-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\e~-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\3~-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\<-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\*`-
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Max Display
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 1
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 2
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 3
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 4
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 5
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 6
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 7
    \REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\File MRU\Item 8
    行为描述:打开注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
    行为描述:删除注册表键
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\12.0\Word\Resiliency\StartupItems\
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.GCompartListMUTEX.DefaultS-*
    Global\MTX_MSO_Formal1_S-*
    Global\MTX_MSO_AdHoc1_S-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.MHK
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    行为描述:创建事件对象
    详情信息:EventName = Local\PrimaryWord12Mutex_S-*
    EventName = Global\userenv: User Profile setup event
    EventName = MSCTF.SendReceive.Event.MHK.IC
    EventName = MSCTF.SendReceiveConection.Event.MHK.IC
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    MSFT.VSA.COM.DISABLE.2680
    MSFT.VSA.IEC.STATUS.6c736db0
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [mspim_wnd32,]
    NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
    NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
    NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
    行为描述:窗口信息
    详情信息:Pid = 2680, Hwnd=0x10356, Text = MsoDockTop, ClassName = MsoCommandBarDock.
    Pid = 2680, Hwnd=0x1035c, Text = Ribbon, ClassName = MsoCommandBar.
    Pid = 2680, Hwnd=0x1035a, Text = MsoDockBottom, ClassName = MsoCommandBarDock.
    Pid = 2680, Hwnd=0x1035e, Text = 状态栏, ClassName = MsoCommandBar.
    Pid = 2680, Hwnd=0x1036c, Text = 状态栏, ClassName = MsoWorkPane.
    Pid = 2680, Hwnd=0x1034c, Text = MsoWorkPane, ClassName = MsoWorkPane.
    Pid = 2680, Hwnd=0x10360, Text = MsoWorkPane, ClassName = MsoWorkPane.
    Pid = 2680, Hwnd=0x3033e, Text = 3vg4llg3.docx [兼容模式] - Microsoft Word, ClassName = OpusApp.
    Pid = 2680, Hwnd=0x2038c, Text = Ribbon, ClassName = MsoWorkPane.
    Pid = 2680, Hwnd=0x20346, Text = 3vg4llg3.docx [兼容模式], ClassName = _WwB.
    Pid = 2680, Hwnd=0x1037e, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
    Pid = 2680, Hwnd=0x10380, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
    Pid = 2680, Hwnd=0x10376, Text = Microsoft Word 文档, ClassName = _WwG.
    Pid = 2680, Hwnd=0x10378, Text = 垂直, ClassName = NUIScrollbar.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ThunderRT6Main]
    [Window,Class] = [,_WwB]
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Local\MU_ACBPIDS09_S-1-5-5-0-52227
    CtfmonInstMutexDefaultS-*
    Global\MTX_MSO_Formal1_S-*
    Global\MTX_MSO_AdHoc1_S-*
    Local\!IETld!Mutex
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号