VirSCAN VirSCAN

1, Você pode enviar qualquer arquivo, porém com um limite de 20Mb por arquivo.
2, VirSCAN suporta arquivos Rar/Zip, porém ele deve conter menos que 20 arquivos.
3, VirSCAN consegue verificar arquivos compactados com senha 'infected' ou 'virus'.
4, Não FOI possível enviar, por favor use o upload VirSCAN

Idioma
Carga do sistema
Server Load

VirSCAN
VirSCAN

1, Você pode enviar qualquer arquivo, porém com um limite de 20Mb por arquivo.
2, VirSCAN suporta arquivos Rar/Zip, porém ele deve conter menos que 20 arquivos.
3, VirSCAN consegue verificar arquivos compactados com senha 'infected' ou 'virus'.

Informações do Arquivo

Resultado da Verificação
Resultado da Verificação:34%Software antivírus(11/32)encontrou código malicioso!
Relatório de análise de comportamento:         Análise do arquivo Habo
Tempo: 2016-04-06 17:46:07 (CST)
Software Versão Versão Ass. Data Ass. Resultado da verificação Tempo
antiy AVL SDK 3.0 1970-01-01 Nada encontrado 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Trojan.Adrd.A 1
avast 150725-1 4.7.4 2015-07-25 Nada encontrado 23
avg 2109/8133 10.0.1405 2014-11-26 Nada encontrado 7
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Nada encontrado 16
baidusd 1.0 1.0 2014-04-02 Nada encontrado 1
bitdefender 7.58469 7.90123 2014-12-25 Nada encontrado 1
clamav 19861 0.97.5 2014-12-31 Nada encontrado 1
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Nada encontrado 46
fortinet 23.345, 23.345 5.1.158 2014-12-08 Nada encontrado 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Nada encontrado 3
fsecure 2014-04-02-01 9.13 2014-04-02 Trojan:Android/Adrd.A 10
gdata 25.6066 25.6066 2016-04-06 Android.Trojan.Adrd.A 9
ikarus 1.06.01 V1.32.31.0 2014-12-08 Nada encontrado 10
jiangmin 16.0.100 1.0.0.0 2015-07-25 TrojanSpy.AndroidOS.fj 44
kaspersky 5.5.33 5.5.33 2014-04-01 Trojan-Spy.AndroidOS.Adrd.ao 39
kingsoft 2.1 2.1 2013-09-22 Troj.Adrd.a.(kcloud) 6
mcafee 7638 5400.1158 2014-11-30 Nada encontrado 35
nod32 0920 3.0.21 2014-12-23 Nada encontrado 1
panda 9.05.01 9.05.01 2015-07-26 Nada encontrado 4
pcc 11.380.07 9.500-1005 2014-12-31 AndroidOS_ADRD.X 2
qh360 1.0.1 1.0.1 1.0.1 Win32/Trojan.376 2
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Nada encontrado 1
quickheal 14.00 14.00 2015-07-25 Android.Adrd.A 2
rising 25.76.04.01 25.76.04.01 2015-07-24 Nada encontrado 1
sophos 5.08 3.55.0 2014-12-01 Nada encontrado 5
symantec 20141230.001 1.3.0.24 2014-12-30 Nada encontrado 1
tachyon 9.9.9 9.9.9 2013-12-27 Nada encontrado 3
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Nada encontrado 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Android.M.ilto 14
vba 3.12.26.3 3.12.26.3 2014-12-31 Trojan-Spy.AndroidOS.Adrd.ao 21
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Nada encontrado 34
权限列表
许可名称 信息
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:77b0105632e309b48e66f7cdb4678e02
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.tt.yy
最低运行环境:Android 1.5
版权:kdsjfkl
进程行为
VirSCANVirSCAN
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.lib
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\readme.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\readme.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\readme.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew-rus.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\Contributors.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\gpl-2.0.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\License.txt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc036-eng.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc040-rus.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\avg.rb
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\maketest.rb
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\arc.custom-log.lua
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.lib ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\readme.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew-rus.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\Contributors.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\gpl-2.0.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\License.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc036-eng.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc040-rus.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.htm ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\avg.rb ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\maketest.rb ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\arc.custom-log.lua ---> Offset = 0
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述: 窗口信息
详情信息: Pid = 648, Hwnd=0x202a6, Text = Destination folder:, ClassName = Static.
Pid = 648, Hwnd=0x202a8, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E, ClassName = Edit.
Pid = 648, Hwnd=0x202cc, Text = Browse, ClassName = Button.
Pid = 648, Hwnd=0x202b4, Text = OK, ClassName = Button.
Pid = 648, Hwnd=0x202b2, Text = Cancel, ClassName = Button.
Pid = 648, Hwnd=0x302ba, Text = Welcome to FreeArc 0.666 alpha. FreeArc is an archiver featuring: * best speed and compression ratio among all practical arch, ClassName = RichEdit20W.
Pid = 648, Hwnd=0x202d4, Text = http://freearc.org, ClassName = Static.
Pid = 648, Hwnd=0x202a2, Text = %temp%\1459881098.224001.exe - FreeArc self-extracting archive, ClassName = #32770.
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll(签名验证: 未通过)
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt ---> 817f96021be6d05cb758540f0ea9c261
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe ---> 7fbda96d3a9d3eb0442d1e1a4ca334a5
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe ---> 99a7a301a29441db95bf25f2d6e7037d
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx ---> 6973659897f30fb6350a0502a77f5f18
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx ---> 34d594fbac4a71614beebc9939943f76
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx ---> 4c2250580688aea532f28279937f3bca
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx ---> 4500d67f590b25206aa89364b0faef12
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx ---> 8185e464dd2a4748abff383b75ae90e8
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx ---> 1b1a4f6596d89d9fe894f5bcca7c9f80
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx ---> 3563fbef365eacc38484d0c1310fc8b0
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx ---> bf8b9ad7d82b2553cdec97fa4fd34e94
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll ---> 2e623331902fc9676cba93fc8d7819dd
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll ---> 0b21c6017129d22eddda38d445091dcc
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll ---> 512d1d3b063031e1f8d13bf4fd2b640b
C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll ---> 1e2ffc79a73817f882eaaee0a7b76c1d
行为描述: 样本控制台输出内容
详情信息: N/A
Activities
VirSCANVirSCAN
活动名 类型
.loginActivity android.intent.action.MAIN
.loginActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
HttpClient;->execute 请求远程服务器
DefaultHttpClient;->execute 发送HTTP请求
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
ContentResolver;->delete 删除短信、联系人
ContentResolver;->query 读取联系人、短信等数据库
SmsManager;->sendTextMessage 发送普通短信
启动方式
VirSCANVirSCAN
名称 信息
com.xxx.yyy.MyBoolService 开机启动服务
com.xxx.yyy.MyAlarmReceiver
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
服务列表
VirSCANVirSCAN
名称
com.xxx.yyy.MyService
文件列表
VirSCANVirSCAN
文件名 校验码
res/drawable/icon.png 0xa68bd0c5
res/layout/l_login.xml 0xdf35d954
res/layout/l_webview.xml 0x2a4db95f
res/layout/list_13.xml 0xc4253acb
res/layout/list_items.xml 0xb8f5d6e
res/layout/main.xml 0x8ae7db9b
AndroidManifest.xml 0x7eaaff2a
resources.arsc 0x7fc54f93
classes.dex 0x5cf1e333
META-INF/MANIFEST.MF 0x7faea73a
META-INF/CERT.SF 0x240722cb
META-INF/CERT.RSA 0xa758d449
运行截图
VirSCANVirSCAN
VirSCAN