VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :Mobile+Hidden+Camera+Premium+4.4.015.apk (File not down)
File Size :1377708 byte
File Type :application/zip
MD5:c761d70b915892d7316ea202e9582550
SHA1:0fef9a36bc30fe78e4295b940dce08c317692730
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2018-02-10 20:32:22 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14865 10.0.1405 2018-02-02 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 8
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 24296 0.97.5 2018-02-08 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2018-02-02 Found nothing 60
    fortinet 1.000, 55.058, 54.994, 55.018 5.4.247 2018-02-10 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.15969 25.15969 2018-02-10 Found nothing 15
    ikarus 4.00.06 V1.32.31.0 2018-02-09 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-12-22 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2018-02-09 Found nothing 5
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6872 3.0.21 2018-02-08 Found nothing 60
    panda 9.05.01 9.05.01 2018-02-09 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-11-18 Found nothing 3
    rising 3205 3205 2017-12-26 Found nothing 5
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2018-02-08 Found nothing 3
    tws 17.47.17308 1.0.2.2108 2018-02-09 Found nothing 16
    vba 3.12.29.5 beta 3.12.29.5 beta 2018-02-09 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 没有相关的权限信息

  • 文件信息
    安全评分 :
    基本信息
    MD5:c761d70b915892d7316ea202e9582550
    包名:
    最低运行环境:
    版权:
    关键行为
    行为描述:修改用户密码
    详情信息:ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = NET USER Guest /passwordreq:no
    ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net user guest ""
    行为描述:设置特殊文件属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00030382, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00040384, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103a8, DC = 0x01010057.
    Foreground window Info: HWND = 0x00010398, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00010360, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x0001035a, DC = 0x01010057.
    Foreground window Info: HWND = 0x00010360, DC = 0x01010057.
    行为描述:获取User基本信息
    详情信息:Level = 3.
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = C:\Documents and Settings\Administrator\Local Settings\%temp%\works.bat
    ImagePath = , CmdLine = C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.bat
    ImagePath = , CmdLine = net start workstation
    ImagePath = , CmdLine = net start "Computer Browser"
    ImagePath = , CmdLine = net start server
    ImagePath = , CmdLine = net start netbios
    行为描述:创建进程
    详情信息:[0x00000b68]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c "C:\Documents and Settings\Administrator\Local Settings\%temp%\works.bat"
    [0x00000b88]ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net config workstation
    [0x00000b90]ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find "工作站域"
    [0x00000b98]ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 config workstation
    [0x00000ba0]ImagePath = C:\WINDOWS\system32\find.exe, CmdLine = find /V "DNS"
    [0x00000bcc]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c "C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.bat"
    [0x00000bec]ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = NET USER Guest /active:yes
    [0x00000bf4]ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 USER Guest /active:yes
    [0x00000bfc]ImagePath = C:\WINDOWS\system32\secedit.exe, CmdLine = Secedit /configure /cfg "security.inf" /db secsetup.sdb /areas USER_RIGHTS /verbose
    [0x00000c1c]ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net user guest /active:yes
    [0x00000c24]ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 user guest /active:yes
    [0x00000c44]ImagePath = C:\WINDOWS\regedit.exe, CmdLine = regedit /s 开启共享.reg
    [0x00000c50]ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net start workstation
    [0x00000c58]ImagePath = C:\WINDOWS\system32\net1.exe, CmdLine = net1 start workstation
    [0x00000c6c]ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net start "Computer Browser"
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2676, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2728, StartAddress = 0041C95E, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2732, StartAddress = 0041DF27, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2916, StartAddress = 00409793, Parameter = 00000001
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2984, StartAddress = 00402A1A, Parameter = 00000001
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll
    C:\Documents and Settings\Administrator\Local Settings\%temp%\皮肤.she
    C:\Documents and Settings\Administrator\Local Settings\%temp%\works.bat
    C:\Documents and Settings\Administrator\Local Settings\%temp%\works.ini
    C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.reg
    C:\Documents and Settings\Administrator\Local Settings\%temp%\security.inf
    C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.bat
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\works.ini
    C:\Documents and Settings\Administrator\Local Settings\%temp%\works.bat
    C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.bat
    C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.reg
    C:\Documents and Settings\Administrator\Local Settings\%temp%\security.inf
    C:\Documents and Settings\Administrator\Local Settings\%temp%\secsetup.sdb
    行为描述:修改脚本文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\works.bat ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.bat ---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\works.bat
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\net.*
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\net
    FileName = C:\Python27\net.*
    FileName = C:\Python27\net
    FileName = C:\Python27\Scripts\net.*
    FileName = C:\Python27\Scripts\net
    FileName = C:\WINDOWS\system32\net.*
    FileName = C:\WINDOWS\system32\net.COM
    FileName = C:\WINDOWS\system32\net.EXE
    行为描述:设置特殊文件属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\皮肤.she ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\works.ini ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\开启共享.reg ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\security.inf ---> Offset = 0
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
    \REGISTRY\USER\S-*\Software\JYW\gsm
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP
    \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Epoch\Epoch
    \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LogonTime
    \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\445:TCP
    \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\137:UDP
    \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\138:UDP
    \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\139:TCP
    \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch
    \REGISTRY\USER\S-*\Software\JYW\xd
    其他行为
    行为描述:修改用户密码
    详情信息:ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = NET USER Guest /passwordreq:no
    ImagePath = C:\WINDOWS\system32\net.exe, CmdLine = net user guest ""
    行为描述:创建互斥体
    详情信息:RasPbFile
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.EFK
    行为描述:枚举网络共享资源
    详情信息:N/A
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = MSCTF.SendReceive.Event.EFK.IC
    EventName = MSCTF.SendReceiveConection.Event.EFK.IC
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    NtUserFindWindowEx: [Class,Window] = [RegEdit_RegEdit,]
    行为描述:启动系统服务
    详情信息:[服务已运行]: LocalSystem, Workstation, C:\WINDOWS\system32\svchost.exe -k netsvcs
    [服务已运行]: LocalSystem, Computer Browser, C:\WINDOWS\system32\svchost.exe -k netsvcs
    [服务已运行]: LocalSystem, Server, C:\WINDOWS\system32\svchost.exe -k netsvcs
    [服务已运行]: , NetBIOS Interface, system32\DRIVERS\netbios.sys
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    Global\SvcctrlStartEvent_A3752DX
    \INSTALLATION_SECURITY_HOLD
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    行为描述:获取User基本信息
    详情信息:Level = 3.
    行为描述:调整进程token权限
    详情信息:SE_INC_BASE_PRIORITY_PRIVILEGE
    行为描述:窗口信息
    详情信息:Pid = 2640, Hwnd=0x1036c, Text = 确定, ClassName = Button.
    Pid = 2640, Hwnd=0x1036e, Text = 程序初始化成功, ClassName = Static.
    Pid = 2640, Hwnd=0x20364, Text = 提示:, ClassName = #32770.
    Pid = 2640, Hwnd=0x30386, Text = 下一步, ClassName = Button.
    Pid = 2640, Hwnd=0x20388, Text = 上一步, ClassName = Button.
    Pid = 2640, Hwnd=0x40384, Text = 不再显示设置向导, ClassName = Button(CheckBox).
    Pid = 2640, Hwnd=0x103aa, Text = 不设置权限, ClassName = Button(RadioButton).
    Pid = 2640, Hwnd=0x103a6, Text = 恭喜,已完成共享!, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x103a4, Text = 您的文件夹(磁盘)已经共享,对方电脑可通过:开始-运行-“\\您的IP地址”就可以访问到本机。如果你要共享打印机,请点击共享打印机图标,右击你要共享的打印机,你就可以自己设置了。, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x103a2, Text = 第三步:权限设置:, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x1039a, Text = 超级按钮, ClassName = Button.
    Pid = 2640, Hwnd=0x10398, Text = 第一步:选择共享方式:, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x10396, Text = 如果您有朋友或者是自己想开一家熟食店,请点击联系我们, ClassName = Afx:400000:b:103fd:1900015:0.
    Pid = 2640, Hwnd=0x10394, Text = 打开卤中仙网站, ClassName = Button(CheckBox).
    Pid = 2640, Hwnd=0x10392, Text = 读、写, ClassName = Button(RadioButton).
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00030382, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00040384, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103a8, DC = 0x01010057.
    Foreground window Info: HWND = 0x00010398, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00010360, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x0001035a, DC = 0x01010057.
    Foreground window Info: HWND = 0x00010360, DC = 0x01010057.
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll(签名验证: 未通过)
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [上一步,Button]
    [Window,Class] = [完全控制,Button]
    [Window,Class] = [只读模式,Button]
    [Window,Class] = [读、写,Button]
    [Window,Class] = [打开卤中仙网站,Button]
    [Window,Class] = [如果您有朋友或者是自己想开一家熟食店,请点击联系我们,Afx:400000:b:103fd:1900015:0]
    [Window,Class] = [超级按钮,Button]
    [Window,Class] = [,SysListView32]
    [Window,Class] = [第三步:权限设置:,Afx:400000:b:10011:1900015:0]
    [Window,Class] = [ 您的文件夹(磁盘)已经共享,对方电脑可通过:开始-运行-“\\您的IP地址”就可以访问到本机。如果你要共享打印机,请点击共享打印机图标,右击你要共享的打印机,你就可以自己设置了。,Afx:400000:b:10011:1900015:0]
    [Window,Class] = [恭喜,已完成共享!,Afx:400000:b:10011:1900015:0]
    [Window,Class] = [不设置权限,Button]
    [Window,Class] = [,Afx:400000:b:10011:1900015:0]
    [Window,Class] = [开启共享中。。。,Afx:400000:b:10011:1900015:0]
    [Window,Class] = [第一步:选择共享方式:,Afx:400000:b:10011:1900015:0]
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll ---> 114054313070472cd1a6d7d28f7c5002
    行为描述:打开互斥体
    详情信息:RasPbFile
    ShimCacheMutex
    行为描述:加载新释放的文件
    详情信息:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\jedata.dll.
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号