VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :学籍.apk (File not down)
File Size :1046723 byte
File Type :application/zip
MD5:aadb69cf6ede65163fa0a823d6c2e1df
SHA1:9781e5b41ec8d13fe8ca8d7a2b0c24437ccbe7f5
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2016-08-30 12:48:55 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 60
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
    clamav 19861 0.97.5 2014-12-31 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
    gdata 25.8084 25.8084 2016-08-30 Found nothing 11
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 42
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2013-09-22 Found nothing 5
    mcafee 7638 5400.1158 2014-11-30 Found nothing 60
    nod32 0920 3.0.21 2014-12-23 Found nothing 60
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 5
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
    quickheal 14.00 14.00 2015-07-25 Found nothing 8
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 60
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 13
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 没有相关的权限信息

  • 文件信息
    安全评分 :
    基本信息
    MD5:aadb69cf6ede65163fa0a823d6c2e1df
    包名:
    最低运行环境:
    版权:
    关键行为
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: 京东商城商品价格-有货监控软件-V1.1.exe, InheritedFromPID = 1944, ProcessID = 2100, ThreadID = 2116, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: 京东商城商品价格-有货监控软件-V1.1.exe, InheritedFromPID = 1944, ProcessID = 2100, ThreadID = 2136, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: 京东商城商品价格-有货监控软件-V1.1.exe, InheritedFromPID = 1944, ProcessID = 2100, ThreadID = 2140, StartAddress = 7C930230, Parameter = 00000000
    文件行为
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\jd[1].jpg
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\jd[1].jpg
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\autio.mp3
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\autio.mp3 ---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\WINDOWS\system32\Ras\*.pbk
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\autio.mp3
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\god.xin
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\京东商城商品价格-有货监控软件-V1.1\京东监控记录.txt
    网络行为
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = ww****me, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1), hSession = 0x00cc0004
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: ww****me, IP: **.133.40.**:80, SOCKET = 0x00000578
    行为描述:读取网络文件
    详情信息:hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
    行为描述:发送HTTP包
    详情信息:GET /jd.jpg HTTP/1.1 Accept: */* Referer: http://www.bsh.me/jd.jpg Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: ww****me Cache-Control: no-cache
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: ww****me:80/jd.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80004010
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ww****me
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    其他行为
    行为描述:创建互斥体
    详情信息:RasPbFile
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    Local\c:!documents and settings!administrator!ietldcache!
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.IDI
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [,_EL_Timer]
    [Window,Class] = [,Afx:400000:b:10011:0:0]
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 2100, Hwnd=0xd032c, Text = >, ClassName = CMIButton.
    Pid = 2100, Hwnd=0xd033c, Text = <, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x4037e, Text = -=-, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x20382, Text = ---, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x20394, Text = >, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x303b2, Text = <, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x30376, Text = -=-, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x203ca, Text = ---, ClassName = CMIButton.
    Pid = 2100, Hwnd=0xb0336, Text = >, ClassName = CMIButton.
    Pid = 2100, Hwnd=0xb0364, Text = <, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x90366, Text = -=-, ClassName = CMIButton.
    Pid = 2100, Hwnd=0xd0312, Text = ---, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x120308, Text = >, ClassName = CMIButton.
    Pid = 2100, Hwnd=0x1002b0, Text = <, ClassName = CMIButton.
    Pid = 2100, Hwnd=0xe0310, Text = -=-, ClassName = CMIButton.
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    Global\SvcctrlStartEvent_A3752DX
    \INSTALLATION_SECURITY_HOLD
    CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
    CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
    MSCTF.SendReceiveConection.Event.ELH.IC
    MSCTF.SendReceive.Event.ELH.IC
    CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
    CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = Global\userenv: User Profile setup event
    EventName = MSCTF.SendReceive.Event.IDI.IC
    EventName = MSCTF.SendReceiveConection.Event.IDI.IC
    行为描述:打开互斥体
    详情信息:RasPbFile
    ShimCacheMutex
    Local\_!MSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
    Local\c:!documents and settings!administrator!cookies!
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!
    Local\WininetStartupMutex
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    Local\!IETld!Mutex
    Local\c:!documents and settings!administrator!ietldcache!
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号