VirSCAN VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.
4, Si su navegador no puede cargar el archivo, por favor descargue el archivo virscan.

Idioma
Carga del Servidor
Server Load

VirSCAN
VirSCAN

1, Podés SUBIR cualquier archivo de hasta 20MB.
2, VirSCAN soporta descompresión Rar/Zip de hasta 20 archivos.
3, VirSCAN puede escanear archivos comprimidos con la contraseña 'infected' o 'virus'.

Información Archivo

Resultados
Resultados:34%Software antivirus(11/32)encontró infección
Informe de análisis de comportamiento:         Análisis de archivos Habo
Tiempo: 2016-04-06 17:46:07 (CST)
Escaner Versión Motor Versión Firma Fecha Firma Resultados Tiempo
antiy AVL SDK 3.0 1970-01-01 No se ha encontrado nada 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Trojan.Adrd.A 1
avast 150725-1 4.7.4 2015-07-25 No se ha encontrado nada 23
avg 2109/8133 10.0.1405 2014-11-26 No se ha encontrado nada 7
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 No se ha encontrado nada 16
baidusd 1.0 1.0 2014-04-02 No se ha encontrado nada 1
bitdefender 7.58469 7.90123 2014-12-25 No se ha encontrado nada 1
clamav 19861 0.97.5 2014-12-31 No se ha encontrado nada 1
drweb 5.0.2.3300 5.0.1.1 2014-12-31 No se ha encontrado nada 46
fortinet 23.345, 23.345 5.1.158 2014-12-08 No se ha encontrado nada 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 No se ha encontrado nada 3
fsecure 2014-04-02-01 9.13 2014-04-02 Trojan:Android/Adrd.A 10
gdata 25.6066 25.6066 2016-04-06 Android.Trojan.Adrd.A 9
ikarus 1.06.01 V1.32.31.0 2014-12-08 No se ha encontrado nada 10
jiangmin 16.0.100 1.0.0.0 2015-07-25 TrojanSpy.AndroidOS.fj 44
kaspersky 5.5.33 5.5.33 2014-04-01 Trojan-Spy.AndroidOS.Adrd.ao 39
kingsoft 2.1 2.1 2013-09-22 Troj.Adrd.a.(kcloud) 6
mcafee 7638 5400.1158 2014-11-30 No se ha encontrado nada 35
nod32 0920 3.0.21 2014-12-23 No se ha encontrado nada 1
panda 9.05.01 9.05.01 2015-07-26 No se ha encontrado nada 4
pcc 11.380.07 9.500-1005 2014-12-31 AndroidOS_ADRD.X 2
qh360 1.0.1 1.0.1 1.0.1 Win32/Trojan.376 2
qqphone 1.0.0.0 1.0.0.0 2014-12-09 No se ha encontrado nada 1
quickheal 14.00 14.00 2015-07-25 Android.Adrd.A 2
rising 25.76.04.01 25.76.04.01 2015-07-24 No se ha encontrado nada 1
sophos 5.08 3.55.0 2014-12-01 No se ha encontrado nada 5
symantec 20141230.001 1.3.0.24 2014-12-30 No se ha encontrado nada 1
tachyon 9.9.9 9.9.9 2013-12-27 No se ha encontrado nada 3
thehacker 6.8.0.5 6.8.0.5 2015-07-23 No se ha encontrado nada 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Android.M.ilto 14
vba 3.12.26.3 3.12.26.3 2014-12-31 Trojan-Spy.AndroidOS.Adrd.ao 21
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 No se ha encontrado nada 34
权限列表
许可名称 信息
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:77b0105632e309b48e66f7cdb4678e02
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.tt.yy
最低运行环境:Android 1.5
版权:kdsjfkl
进程行为
VirSCANVirSCAN
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.lib
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\readme.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\readme.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\readme.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew-rus.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\Contributors.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\gpl-2.0.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\License.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc036-eng.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc040-rus.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\avg.rb
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\maketest.rb
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\arc.custom-log.lua
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.lib ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew-rus.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\Contributors.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\gpl-2.0.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\License.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc036-eng.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc040-rus.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\avg.rb ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\maketest.rb ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\arc.custom-log.lua ---> Offset = 0
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述: 窗口信息
详情信息: Pid = 648, Hwnd=0x202a6, Text = Destination folder:, ClassName = Static.
Pid = 648, Hwnd=0x202a8, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E, ClassName = Edit.
Pid = 648, Hwnd=0x202cc, Text = Browse, ClassName = Button.
Pid = 648, Hwnd=0x202b4, Text = OK, ClassName = Button.
Pid = 648, Hwnd=0x202b2, Text = Cancel, ClassName = Button.
Pid = 648, Hwnd=0x302ba, Text = Welcome to FreeArc 0.666 alpha. FreeArc is an archiver featuring: * best speed and compression ratio among all practical arch, ClassName = RichEdit20W.
Pid = 648, Hwnd=0x202d4, Text = http://freearc.org, ClassName = Static.
Pid = 648, Hwnd=0x202a2, Text = %temp%\1459881098.224001.exe - FreeArc self-extracting archive, ClassName = #32770.
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll(签名验证: 未通过)
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt ---> 817f96021be6d05cb758540f0ea9c261
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe ---> 7fbda96d3a9d3eb0442d1e1a4ca334a5
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe ---> 99a7a301a29441db95bf25f2d6e7037d
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx ---> 6973659897f30fb6350a0502a77f5f18
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx ---> 34d594fbac4a71614beebc9939943f76
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx ---> 4c2250580688aea532f28279937f3bca
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx ---> 4500d67f590b25206aa89364b0faef12
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx ---> 8185e464dd2a4748abff383b75ae90e8
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx ---> 1b1a4f6596d89d9fe894f5bcca7c9f80
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx ---> 3563fbef365eacc38484d0c1310fc8b0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx ---> bf8b9ad7d82b2553cdec97fa4fd34e94
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll ---> 2e623331902fc9676cba93fc8d7819dd
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll ---> 0b21c6017129d22eddda38d445091dcc
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll ---> 512d1d3b063031e1f8d13bf4fd2b640b
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll ---> 1e2ffc79a73817f882eaaee0a7b76c1d
行为描述: 样本控制台输出内容
详情信息: N/A
Activities
VirSCANVirSCAN
活动名 类型
.loginActivity android.intent.action.MAIN
.loginActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
HttpClient;->execute 请求远程服务器
DefaultHttpClient;->execute 发送HTTP请求
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
ContentResolver;->delete 删除短信、联系人
ContentResolver;->query 读取联系人、短信等数据库
SmsManager;->sendTextMessage 发送普通短信
启动方式
VirSCANVirSCAN
名称 信息
com.xxx.yyy.MyBoolService 开机启动服务
com.xxx.yyy.MyAlarmReceiver
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
服务列表
VirSCANVirSCAN
名称
com.xxx.yyy.MyService
文件列表
VirSCANVirSCAN
文件名 校验码
res/drawable/icon.png 0xa68bd0c5
res/layout/l_login.xml 0xdf35d954
res/layout/l_webview.xml 0x2a4db95f
res/layout/list_13.xml 0xc4253acb
res/layout/list_items.xml 0xb8f5d6e
res/layout/main.xml 0x8ae7db9b
AndroidManifest.xml 0x7eaaff2a
resources.arsc 0x7fc54f93
classes.dex 0x5cf1e333
META-INF/MANIFEST.MF 0x7faea73a
META-INF/CERT.SF 0x240722cb
META-INF/CERT.RSA 0xa758d449
运行截图
VirSCANVirSCAN
VirSCAN