VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : bes.apk (File not down)
File Size :2314613 byte
File Type :application/zip
MD5:594b0a92e820b1a960aef0b747d35877
SHA1:0e6574ef4961bb1b6936e5e7dc59621e7d585d5d
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:6%Scanner(s) (2/32)found malware!        Behavior
    Time: 2017-09-17 19:01:25 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23835 0.97.5 2017-09-15 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
    fortinet 5.4.247 2017-09-17 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14209 25.14209 2017-09-16 Android.Adware.Epatroa.A 12
    ikarus 3.02.08 V1.32.31.0 2017-09-16 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-16 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-16 Found nothing 9
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6086 3.0.21 2017-09-15 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-16 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-16 Android.Styricka.GEN6254 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2017-09-11 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-09-16 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-15 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    ACCESS_WIFI_STATE
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
  • 文件信息
    安全评分 :
    基本信息
    MD5:594b0a92e820b1a960aef0b747d35877
    包名:com.Box
    最低运行环境:Android 2.2.x
    版权:XXBox
    关键行为
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x00020352, Text = Setup - NetCrunch WMI Tool, ClassName = TWizardForm.
    hWnd = 0x0001034a, Text = Setup, ClassName = TApplication.
    行为描述:查找PE资源信息
    详情信息:(FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
    行为描述:获取TickCount值
    详情信息:TickCount = 247409, SleepMilliseconds = 50.
    TickCount = 247471, SleepMilliseconds = 50.
    TickCount = 247534, SleepMilliseconds = 50.
    TickCount = 247596, SleepMilliseconds = 50.
    TickCount = 247659, SleepMilliseconds = 50.
    TickCount = 247721, SleepMilliseconds = 50.
    TickCount = 247784, SleepMilliseconds = 50.
    TickCount = 247846, SleepMilliseconds = 50.
    TickCount = 247909, SleepMilliseconds = 50.
    TickCount = 247971, SleepMilliseconds = 50.
    TickCount = 248034, SleepMilliseconds = 50.
    TickCount = 248096, SleepMilliseconds = 50.
    TickCount = 248159, SleepMilliseconds = 50.
    TickCount = 248221, SleepMilliseconds = 50.
    TickCount = 248284, SleepMilliseconds = 50.
    进程行为
    行为描述:创建新文件进程
    详情信息:[0x00000b14]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp\996E.tmp" /SL5="$4033C,8853798,498688,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 131072
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 196608
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> Offset = 262144
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll ---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LKB1F.tmp\996E.tmp
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\「开始」菜单
    FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-VEC06.tmp\*
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-VEC06.tmp\_isetup\*
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.IBL
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [Setup,TApplication]
    行为描述:窗口信息
    详情信息:Pid = 2836, Hwnd=0x1037a, Text = Welcome to the NetCrunch WMI Tool Setup Wizard , ClassName = TNewStaticText.
    Pid = 2836, Hwnd=0x10378, Text = This will install NetCrunch WMI Tool version 8.0 on your computer. It is recommended that you close all other applications before continuing. Click Next to continue, or Cancel to exit Setup., ClassName = TNewStaticText.
    Pid = 2836, Hwnd=0x1036c, Text = LICENSE: AdRem Software hereby grants you a non-exclusive license to use its accompanying software product ("Software") for u, ClassName = TRichEditViewer.
    Pid = 2836, Hwnd=0x2035c, Text = DirEdit, ClassName = TEdit.
    Pid = 2836, Hwnd=0x10374, Text = &Next >, ClassName = TNewButton.
    Pid = 2836, Hwnd=0x10372, Text = Cancel, ClassName = TNewButton.
    Pid = 2836, Hwnd=0x20352, Text = Setup - NetCrunch WMI Tool, ClassName = TWizardForm.
    Pid = 2836, Hwnd=0x50444, Text = 是(&Y), ClassName = Button.
    Pid = 2836, Hwnd=0x20446, Text = 否(&N), ClassName = Button.
    Pid = 2836, Hwnd=0x1044a, Text = Setup is not complete. If you exit now, the program will not be installed. You may run Setup again at another time to complete the installation. Exit Setup?, ClassName = Static.
    Pid = 2836, Hwnd=0x503e8, Text = Exit Setup, ClassName = #32770.
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    行为描述:获取TickCount值
    详情信息:TickCount = 247409, SleepMilliseconds = 50.
    TickCount = 247471, SleepMilliseconds = 50.
    TickCount = 247534, SleepMilliseconds = 50.
    TickCount = 247596, SleepMilliseconds = 50.
    TickCount = 247659, SleepMilliseconds = 50.
    TickCount = 247721, SleepMilliseconds = 50.
    TickCount = 247784, SleepMilliseconds = 50.
    TickCount = 247846, SleepMilliseconds = 50.
    TickCount = 247909, SleepMilliseconds = 50.
    TickCount = 247971, SleepMilliseconds = 50.
    TickCount = 248034, SleepMilliseconds = 50.
    TickCount = 248096, SleepMilliseconds = 50.
    TickCount = 248159, SleepMilliseconds = 50.
    TickCount = 248221, SleepMilliseconds = 50.
    TickCount = 248284, SleepMilliseconds = 50.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x00020352, Text = Setup - NetCrunch WMI Tool, ClassName = TWizardForm.
    hWnd = 0x0001034a, Text = Setup, ClassName = TApplication.
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:查找PE资源信息
    详情信息:(FindResourceW) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType: a(ID)
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp(签名验证: 通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 50.
    [2]: MilliSeconds = 50.
    [3]: MilliSeconds = 50.
    [4]: MilliSeconds = 50.
    [5]: MilliSeconds = 50.
    [6]: MilliSeconds = 50.
    [7]: MilliSeconds = 50.
    [8]: MilliSeconds = 50.
    [9]: MilliSeconds = 50.
    [10]: MilliSeconds = 50.
    [2]: MilliSeconds = 250.
    [3]: MilliSeconds = 250.
    [4]: MilliSeconds = 250.
    [5]: MilliSeconds = 250.
    [6]: MilliSeconds = 250.
    行为描述:创建事件对象
    详情信息:EventName = MSCTF.SendReceive.Event.IBL.IC
    EventName = MSCTF.SendReceiveConection.Event.IBL.IC
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\is-LKB1F.tmp\996E.tmp ---> e6a8fc9b6315327875beb7c408d8771d
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-VEC06.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Activities
    活动名类型
    com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.android.StartActivityandroid.intent.category.LAUNCHER
    com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    ContentResolver;->query读取联系人、短信等数据库
    权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    ACCESS_WIFI_STATE
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x898e46b3
    META-INF/XIAOXUAN.SF 0x3ea84e86
    META-INF/XIAOXUAN.RSA 0xb88cdb5
    assets/1.png 0xf76e9415
    assets/2.png 0xf69028fd
    assets/3.png 0xae6a5384
    assets/4.png 0x7577a49e
    assets/5.png 0x4ed60a25
    assets/6.png 0x4d90768d
    assets/beijing.png 0x3b008654
    assets/biaoti.png 0x24fa7d63
    assets/bj.png 0x1616fe97
    assets/dt.png 0x38280550
    assets/gg.png 0x305c2319
    assets/gy.png 0x8e23f261
    assets/hez.png 0xf8d44b8e
    assets/hz.png 0x3ff7077c
    assets/ip.png 0xf4fb7ff7
    assets/jianbian.jpg 0x87c52543
    assets/jx.png 0x1bfa22ce
    assets/kf.png 0x62d9f101
    assets/lqq.png 0x2e5fac71
    assets/lszt.png 0xbf1e10f8
    assets/mb.jpg 0xcb0a34bd
    assets/ofo.jpg 0xb7c89919
    assets/q.txt 0x762ae69
    assets/qq.txt 0x81dbf80e
    assets/qqq.png 0xf8d44b8e
    assets/qqq.txt 0x58d10359
    assets/stick.gif 0x7cc00403
    assets/stick_stand.png 0x795450f8
    assets/tb.png 0x64997e56
    assets/tx.jpg 0xa03d6345
    assets/wl.png 0x83424da8
    assets/wy.png 0x42e748db
    assets/yj.png 0x4d5d160e
    res/anim/dialog_scale_in.xml 0xd1205a18
    res/anim/dialog_scale_out.xml 0xe4110112
    res/anim/error_frame_in.xml 0xd0b84e8
    res/anim/error_x_in.xml 0x75ae2b72
    res/anim/success_bow_roate.xml 0x868ab202
    res/anim/success_mask_layout.xml 0x803af484
    res/drawable/aa_dialog_bg.xml 0xf44a03ba
    res/drawable/beijing.png 0x177042a8
    res/drawable/blue_button_background.xml 0xb79d34e1
    res/drawable/dialog_background.xml 0x9003702f
    res/drawable/e4alistview_new_message.png 0x1cdc5409
    res/drawable/error_center_x.xml 0x445372ef
    res/drawable/error_circle.xml 0xdc8e58f9
    res/drawable/gray_button_background.xml 0x47f8b966
    res/drawable/icon.png 0x5201868a
    res/drawable/menu_shape_bg.xml 0x3c272e65
    res/drawable/red_button_background.xml 0x3b459b27
    res/drawable/success_bow.xml 0x95388dfa
    res/drawable/success_circle.xml 0x1b7a3cc4
    res/drawable/tb_munion_icon.xml 0x3c4bbb89
    res/drawable/tb_munion_item_selector.xml 0xf1544202
    res/drawable/umeng_common_gradient_green.xml 0x962bb903
    res/drawable/umeng_common_gradient_orange.xml 0xd5106ae2
    res/drawable/umeng_common_gradient_red.xml 0x133ade08
    res/drawable/umeng_update_button_cancel_bg_focused.xml 0xe15186e2
    res/drawable/umeng_update_button_cancel_bg_normal.xml 0x7f247f01
    res/drawable/umeng_update_button_cancel_bg_selector.xml 0xa1e18dd6
    res/drawable/umeng_update_button_cancel_bg_tap.xml 0x8b9edc3
    res/drawable/umeng_update_button_check_selector.xml 0x88df2f4b
    res/drawable/umeng_update_button_close_bg_selector.xml 0xed19a512
    res/drawable/umeng_update_button_ok_bg_focused.xml 0xca9ec970
    res/drawable/umeng_update_button_ok_bg_normal.xml 0xafd26ea2
    res/drawable/umeng_update_button_ok_bg_selector.xml 0xdf945dd7
    res/drawable/umeng_update_button_ok_bg_tap.xml 0x2b2a0e55
    res/drawable/umeng_update_dialog_bg.xml 0x565551a3
    res/drawable/umeng_update_title_bg.xml 0x9173f89e
    res/drawable/umeng_update_wifi_disable.png 0xe635e071
    res/drawable/warning_circle.xml 0xaf66bb8a
    res/drawable/warning_sigh.xml 0xfac8fec6
    res/layout/alert_dialog.xml 0x17249650
    res/layout/layout_dialog_wz.xml 0x7855b043
    res/layout/oklianyi_bujv.xml 0xed4a2d2e
    res/layout/tb_munion_aditem.xml 0xea92cdd3
    res/layout/umeng_common_download_notification.xml 0x102359e4
    res/layout/umeng_update_dialog.xml 0x9d42bc26
    AndroidManifest.xml 0xd054e34
    resources.arsc 0x2d83deb7
    res/layout-v14/left_drawer_fragment.xml 0xd906f155
    res/layout-v14/profile_drawer_right.xml 0x1d756642
    res/layout-v14/slidingmenumain.xml 0xc4c4cae0
    res/layout-v9/umeng_common_download_notification.xml 0x54663881
    res/drawable-hdpi/custom_img.jpg 0x5180fa2a
    res/drawable-hdpi/umeng_update_btn_check_off_focused_holo_light.png 0x63f5fdb0
    res/drawable-hdpi/umeng_update_btn_check_off_holo_light.png 0x9dd19bd9
    res/drawable-hdpi/umeng_update_btn_check_off_pressed_holo_light.png 0x3f0df474
    res/drawable-hdpi/umeng_update_btn_check_on_focused_holo_light.png 0x3a86058e
    res/drawable-hdpi/umeng_update_btn_check_on_holo_light.png 0x54ca4df0
    res/drawable-hdpi/umeng_update_btn_check_on_pressed_holo_light.png 0xc6e0029f
    res/drawable-hdpi/umeng_update_close_bg_normal.png 0xfbb3a5d2
    res/drawable-hdpi/umeng_update_close_bg_tap.png 0xa852b3ec
    res/drawable-xhdpi/shadow.xml 0xfa069760
    res/drawable-xhdpi/shadowright.xml 0x34918384
    classes.dex 0x17b3f7da
    lib/armeabi/libbspatch.so 0x6333ecec
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号