VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : QQ.apk (File not down)
File Size :1819826 byte
File Type :application/zip
MD5:64d74127bfa8f1363a86500a9359b4b9
SHA1:704ac8529c70db6f212845de0eea2f10861d600e
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!        Behavior
    Time: 2017-08-27 11:33:21 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14366 10.0.1405 2017-08-23 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 8
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23711 0.97.5 2017-08-25 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 1.000, 51.216, 51.106, 51.128 5.4.247 2017-08-27 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.13982 25.13982 2017-08-26 Found nothing 13
    ikarus 1.06.01 V1.32.31.0 2017-08-26 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-08-26 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-08-26 Found nothing 4
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 5975 3.0.21 2017-08-25 Found nothing 60
    panda 9.05.01 9.05.01 2017-08-26 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-08-24 Android.Agent.GEN1478 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 6
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2017-08-25 Found nothing 3
    tws 17.47.17308 1.0.2.2108 2017-08-26 Found nothing 16
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-08-25 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 没有相关的权限信息

  • 文件信息
    安全评分 :
    基本信息
    MD5:64d74127bfa8f1363a86500a9359b4b9
    包名:
    最低运行环境:
    版权:
    关键行为
    行为描述:跨进程写入数据
    详情信息:TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x7ffd81e8, Size = 0x00000004 TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x7ffd8238, Size = 0x00000004 TargetPID = 0x00000874
    行为描述:获取硬件属性检测虚拟机
    详情信息:检测Vmware: 调用WMI接口获取硬件信息
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xa0e73c7d, EDX = 0x0000007b
    EAX = 0xb88575ad, EDX = 0x0000007b
    EAX = 0xc0b7b893, EDX = 0x0000007c
    EAX = 0xc36ab80f, EDX = 0x0000007c
    EAX = 0xdb08f13f, EDX = 0x0000007c
    行为描述:获取TickCount值
    详情信息:TickCount = 210375, SleepMilliseconds = 60000.
    TickCount = 210390, SleepMilliseconds = 60000.
    TickCount = 210406, SleepMilliseconds = 60000.
    TickCount = 210421, SleepMilliseconds = 60000.
    TickCount = 210437, SleepMilliseconds = 60000.
    TickCount = 210453, SleepMilliseconds = 60000.
    TickCount = 210640, SleepMilliseconds = 60000.
    TickCount = 210656, SleepMilliseconds = 60000.
    TickCount = 210687, SleepMilliseconds = 60000.
    TickCount = 211500, SleepMilliseconds = 60000.
    行为描述:设置特殊文件夹属性
    详情信息:C:\$Windows.~WS
    行为描述:直接调用系统关键API
    详情信息:Index = 0x00000149, Name: NtSetInformationFile, Instruction Address = 0x0127D19F
    行为描述:自删除
    详情信息:C:\$Windows.~WS\Sources\SetupHost.exe
    进程行为
    行为描述:跨进程写入数据
    详情信息:TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x00050000, Size = 0x000005dc TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x7ffd81e8, Size = 0x00000004 TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x00060000, Size = 0x00000020 TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x00060020, Size = 0x00000034 TargetPID = 0x00000874
    TargetProcess = C:\$Windows.~WS\Sources\SetupHost.exe, WriteAddress = 0x7ffd8238, Size = 0x00000004 TargetPID = 0x00000874
    行为描述:创建新文件进程
    详情信息:[0x00000874]ImagePath = C:\$Windows.~WS\Sources\SetupHost.exe, CmdLine = "C:\$Windows.~WS\Sources\SetupHost.Exe" /Download /Web
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:创建文件
    详情信息:C:\Windows\Logs\MoSetup\BlueBox.log
    C:\$Windows.~WS\Sources\DU.dll
    C:\$Windows.~WS\Sources\DiagTrack.dll
    C:\$Windows.~WS\Sources\DiagTrackRunner.exe
    C:\$Windows.~WS\Sources\Diager.dll
    C:\$Windows.~WS\Sources\api-ms-win-core-apiquery-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-1.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-1.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l3-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l4-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l2-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-0.dll
    行为描述:创建可执行文件
    详情信息:C:\$Windows.~WS\Sources\DU.dll
    C:\$Windows.~WS\Sources\DiagTrack.dll
    C:\$Windows.~WS\Sources\DiagTrackRunner.exe
    C:\$Windows.~WS\Sources\Diager.dll
    C:\$Windows.~WS\Sources\api-ms-win-core-apiquery-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-1.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-1.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l3-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l4-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l2-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-1.dll
    行为描述:查找文件
    详情信息:FileName = C:\$Windows.~WS\*
    FileName = C:\$Windows.~WS\Sources\*
    FileName = C:\Users\Administrator
    FileName = C:\$Windows.~WS
    FileName = C:\$Windows.~WS\Sources
    FileName = C:\$Windows.~WS\Sources\*.*
    FileName = C:\Windows
    FileName = C:\Windows\SYSTEM32
    FileName = C:\Windows\SYSTEM32\ntdll.dll
    FileName = C:\Windows\system32
    FileName = C:\Windows\system32\kernel32.dll
    FileName = C:\Windows\system32\USER32.dll
    FileName = C:\windows
    FileName = C:\windows\system32
    FileName = C:\windows\system32\winime32.dll
    行为描述:删除文件
    详情信息:C:\$Windows.~WS\Sources
    C:\$Windows.~WS
    C:\$Windows.~WS\Sources\Panther\mnd4C8F.tmp
    C:\$Windows.~WS\Sources\api-ms-win-core-apiquery-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-1.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-1.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l3-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l4-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l2-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-0.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-1.dll
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    行为描述:设置特殊文件夹属性
    详情信息:C:\$Windows.~WS
    行为描述:修改文件内容
    详情信息:C:\Windows\Logs\MoSetup\BlueBox.log ---> Offset = 0
    C:\Windows\Logs\MoSetup\BlueBox.log ---> Offset = 2
    C:\Windows\Logs\MoSetup\BlueBox.log ---> Offset = 192
    C:\$Windows.~WS\Sources\DU.dll ---> Offset = 0
    C:\$Windows.~WS\Sources\DU.dll ---> Offset = 32768
    C:\$Windows.~WS\Sources\DU.dll ---> Offset = 65536
    C:\$Windows.~WS\Sources\DU.dll ---> Offset = 98304
    C:\$Windows.~WS\Sources\DiagTrack.dll ---> Offset = 0
    C:\$Windows.~WS\Sources\DiagTrack.dll ---> Offset = 14432
    C:\$Windows.~WS\Sources\DiagTrack.dll ---> Offset = 47200
    C:\$Windows.~WS\Sources\DiagTrack.dll ---> Offset = 79968
    C:\$Windows.~WS\Sources\DiagTrack.dll ---> Offset = 112736
    C:\$Windows.~WS\Sources\DiagTrackRunner.exe ---> Offset = 0
    C:\$Windows.~WS\Sources\DiagTrackRunner.exe ---> Offset = 8960
    C:\$Windows.~WS\Sources\DiagTrackRunner.exe ---> Offset = 41728
    行为描述:自删除
    详情信息:C:\$Windows.~WS\Sources\SetupHost.exe
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Setup Files\SetupDirectories
    \REGISTRY\MACHINE\SYSTEM\Setup\MoSetup\CorrelationVector
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
    \REGISTRY\MACHINE\SYSTEM\Setup\MoSetup\Volatile\BoxResult
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIdValidation
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS\UpdateCount
    行为描述:删除注册表键值
    详情信息:\REGISTRY\MACHINE\SYSTEM\Setup\MoSetup\CorrelationVector
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid
    行为描述:删除注册表键
    详情信息:\REGISTRY\MACHINE\SYSTEM\Setup\MoSetup\Volatile\
    其他行为
    行为描述:直接调用系统关键API
    详情信息:Index = 0x00000149, Name: NtSetInformationFile, Instruction Address = 0x0127D19F
    行为描述:检测自身是否被调试
    详情信息:IsDebuggerPresent
    行为描述:创建互斥体
    详情信息:Global\Microsoft.Windows.Websetup
    Global\WdsSetupLogInit
    Global\SetupLog
    Global\Instance0: ESENT Performance Data Schema Version 85
    行为描述:获取硬件属性检测虚拟机
    详情信息:检测Vmware: 调用WMI接口获取硬件信息
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Static]
    [Window,Class] = [正在准备安装程序 ,Static]
    [Window,Class] = [正在准备安装 Windows 10,#32770]
    行为描述:打开互斥体
    详情信息:Local\MSCTF.Asm.MutexDefault1
    行为描述:获取TickCount值
    详情信息:TickCount = 210375, SleepMilliseconds = 60000.
    TickCount = 210390, SleepMilliseconds = 60000.
    TickCount = 210406, SleepMilliseconds = 60000.
    TickCount = 210421, SleepMilliseconds = 60000.
    TickCount = 210437, SleepMilliseconds = 60000.
    TickCount = 210453, SleepMilliseconds = 60000.
    TickCount = 210640, SleepMilliseconds = 60000.
    TickCount = 210656, SleepMilliseconds = 60000.
    TickCount = 210687, SleepMilliseconds = 60000.
    TickCount = 211500, SleepMilliseconds = 60000.
    行为描述:调整进程token权限
    详情信息:SE_BACKUP_PRIVILEGE
    SE_RESTORE_PRIVILEGE
    SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
    SE_AUDIT_PRIVILEGE
    SE_SHUTDOWN_PRIVILEGE
    SE_MANAGE_VOLUME_PRIVILEGE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    Local\MSCTF.CtfActivated.Default1
    Local\MSCTF.AsmCacheReady.Default1
    \KernelObjects\MaximumCommitCondition
    MSFT.VSA.COM.DISABLE.2164
    MSFT.VSA.IEC.STATUS.6c736db0
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    Global\SvcctrlStartEvent_A3752DX
    行为描述:可执行文件签名信息
    详情信息:C:\$Windows.~WS\Sources\DU.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\DiagTrack.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\DiagTrackRunner.exe(签名验证: 通过)
    C:\$Windows.~WS\Sources\Diager.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-core-apiquery-l1-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-1.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-1.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l3-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l4-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l1-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l2-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-0.dll(签名验证: 未通过)
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-shlwapi-l1-1-0.dll(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 60000.
    [2]: MilliSeconds = 60000.
    [3]: MilliSeconds = 60000.
    行为描述:可执行文件MD5
    详情信息:C:\$Windows.~WS\Sources\DU.dll ---> 7bf31381c820fb2624148a7b37fe8d89
    C:\$Windows.~WS\Sources\DiagTrack.dll ---> 6c3f6a6bc5ede978e9dfe1acce386339
    C:\$Windows.~WS\Sources\DiagTrackRunner.exe ---> 76f30a1e149792d2542a253b920cbef6
    C:\$Windows.~WS\Sources\Diager.dll ---> 2ae267f623355de084ecfb5e805cdf2c
    C:\$Windows.~WS\Sources\api-ms-win-core-apiquery-l1-1-0.dll ---> 282a2c4e10087559ca4d92e11c0a68d4
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-0.dll ---> 59c607ed72a90a069336ac72f08a43b1
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-1.dll ---> b581c9b49eeed0fea9d147d582dc5891
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-0.dll ---> 7f358ed0f36599d581f22d378081c8c0
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-1.dll ---> 27aa7c2ff54830307a0dd357ee79a136
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l3-1-0.dll ---> fb00383e7eab107449a0e61680ffdf11
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l4-1-0.dll ---> be1d1a07b4a66423d5e9fe234e7278a2
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l2-1-0.dll ---> 56e7bcd3b7ba408ee249485189bc1cf1
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-0.dll ---> dfff694ddf5f06ebb6808243700071ea
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l1-1-0.dll ---> d1a5aaab5f0b07df1958ad9fcce23844
    C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-1.dll ---> aaf02d76e563ec68eb8d6531726ab938
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xa0e73c7d, EDX = 0x0000007b
    EAX = 0xb88575ad, EDX = 0x0000007b
    EAX = 0xc0b7b893, EDX = 0x0000007c
    EAX = 0xc36ab80f, EDX = 0x0000007c
    EAX = 0xdb08f13f, EDX = 0x0000007c
    行为描述:加载新释放的文件
    详情信息:Image: C:\$Windows.~WS\Sources\SetupHost.exe.
    Image: C:\$Windows.~WS\Sources\MediaSetupUIMgr.dll.
    Image: C:\$Windows.~WS\Sources\wdscore.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l1-1-0.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-kernel32-l2-1-0.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l1-1-1.dll.
    Image: C:\$Windows.~WS\Sources\SetupCore.dll.
    Image: C:\$Windows.~WS\Sources\setupplatform.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-ole32-l1-1-1.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l4-1-0.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-advapi32-l2-1-1.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-user32-l1-1-1.dll.
    Image: C:\$Windows.~WS\Sources\unbcl.dll.
    Image: C:\$Windows.~WS\Sources\wpx.dll.
    Image: C:\$Windows.~WS\Sources\api-ms-win-downlevel-shlwapi-l1-1-1.dll.
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号