VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ภาษา
การทำงานของเซิฟเวอร์
Server Load

VirSCAN
VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ข้อมูลไฟล์

ชื่อไฟล์ :5939.apk (ไฟล์ไม่ลง)
ขนาดของไฟล์ :12927 byte
ประเภทของไฟล์ :Zip archive data
MD5:fdb84ff8125b3790011b83cc85adce16
SHA1:1e993b0632d5bc6f07410ee31e41dd316435d997
SHA256:14ebc4e9c7c297f3742c41213938ee01fd198dd4f4a5f188bbbb6ffcf4db5f14
SSDEEP:
ผลสรุปการสแกน
ผลสรุปการสแกน:65% โปรแกรม (21/32)พบมัลแวร์!
รายงานการวิเคราะห์พฤติกรรม:         การวิเคราะห์ไฟล์ Habo
เวลา: 2019-06-16 01:12:13 (CST)
สแกนเนอร์ เวอร์ชั่นเอ็นจิน เวอร์ชั่นของฐานข้อมูล ฐานข้อมูลวันที่ ผลการสแกน เวลา
antiy AVL SDK 3.0 AVL SDK 3.0 2019-06-15 Trojan[SMS]/Android.FakePlayer 4
avast 18.4.3895.0 18.4.3895.0 2019-06-16 ไม่พบอะไร 9
avg 10.0.1405 10.0.1405 2019-06-16 ไม่พบอะไร 1
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 ไม่พบอะไร 5
baidusd 1.0 1.0 2019-06-15 ไม่พบอะไร 1
bitdefender 7.141118 7.141118 2019-06-15 ไม่พบอะไร 1
clamav 25480 0.100.2 2019-06-14 Andr.Trojan.FakePlayer-1 1
drweb 11.0.10.1810231600 11.0.10.1810231600 2019-06-14 Android.SmsSend.1 10
emsisoft 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Trojan.FakePlayer.D 2
fortinet 1.000, 69.253, 69.184, 69.208 5.4.247 2019-06-16 Android/FakePlayer.A!tr 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 DroidSMS.A 1
fsecure 2015-08-01-02 9.13 2019-06-16 ไม่พบอะไร 56
gdata 25.22375 25.22375 2019-06-14 Android.Trojan.FakePlayer.D 16
ikarus 5.01.05 V1.32.39.0 2019-06-15 Trojan.AndroidOS.FakePlayer 4
jiangmin 16.0.100 1.0.0.0 2019-06-15 Trojan/AndroidOS.ax 2
kaspersky 5.5.33 5.5.33 2019-06-15 Trojan-SMS.AndroidOS.FakePlayer.a 19
kingsoft 2.1 2.1 2013-09-22 ไม่พบอะไร 8
mcafee 9256 5400.1158 2019-05-13 Android/FakePlayer.a 12
nod32 9516 4.5.15 2019-06-13 Android/FakePlayer.A trojan 1
panda 9.05.01 9.05.01 2019-05-29 Android/FakePlayer.A 4
pcc 13.302.06 9.500-1005 2019-06-15 Android.D3B4B018 2
qh360 1.0.1 1.0.1 2019-06-15 Trojan.Android.Gen 2
qqphone 2.0.0.0 2.0.0.0 2019-06-15 a.expense.fakeMMS.a 1
quickheal 14.00 14.00 2019-02-10 Android.FakePlayer.D 3
rising 5161 5161 2019-06-14 Trojan.Agent.fxv 3
sophos 4.62 3.16.1 2016-09-20 Andr/FakePlay-B 10
symantec 20151230.005 1.3.0.24 2015-12-30 ไม่พบอะไร 1
tachyon 9.9.9 9.9.9 2013-12-27 ไม่พบอะไร 3
thehacker 6.8.0.5 6.8.0.5 2017-03-30 ไม่พบอะไร 1
tws 17.47.17308 1.0.2.2108 2019-06-14 Android.M.pguc 6
vba 4.0.0 4.0.0 2019-06-14 Android.SmsSend.1 4
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 ไม่พบอะไร 3
权限列表
许可名称 信息
android.permission.SEND_SMS 发送短信
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:fdb84ff8125b3790011b83cc85adce16
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:org.me.androidapplication1
最低运行环境:
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\system32\清华紫光.ime
行为描述: 按名称获取主机地址
详情信息: google.com
fget-career.com
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
\device\harddiskvolume1\documents and settings\administrator\local settings\%temp%\1443538024.575626.exe_7zdump\贵族輔助\test.dll
行为描述: 修改注册表_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..GPLGH
MSCTF.MarshalInterface.FileMap.EMF.B.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.C.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.D.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.E.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.F.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.G.GPLGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
MSCTF.Shared.SFM.EMF
行为描述: 设置特殊文件夹属性
详情信息: C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\system32\清华紫光.ime
行为描述: 按名称获取主机地址
详情信息: google.com
fget-career.com
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
\device\harddiskvolume1\documents and settings\administrator\local settings\%temp%\1443538024.575626.exe_7zdump\贵族輔助\test.dll
行为描述: 修改注册表_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..GPLGH
MSCTF.MarshalInterface.FileMap.EMF.B.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.C.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.D.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.E.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.F.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.G.GPLGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
MSCTF.Shared.SFM.EMF
行为描述: 设置特殊文件夹属性
详情信息: C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
文件行为
VirSCANVirSCAN
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538024.213436.exe_7zdump\贵族輔助\贵族科技0927Srv.exe
C:\Program Files\Microsoft\DesktopLayer.exe
C:\WINDOWS\system32\清华紫光.ime
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538024.746739.exe_7zdump\贵族輔助
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\清华紫光.IME
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\*.*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.*
FileName = C:\DiskX\*.*
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
\device\harddiskvolume1\documents and settings\administrator\local settings\%temp%\1443538024.575626.exe_7zdump\贵族輔助\test.dll
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\system32\清华紫光.ime
行为描述: 修改原系统的可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll---> Offset = 376832
C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538024.729190.exe_7zdump\贵族輔助\test.dll---> Offset = 827392
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..GPLGH
MSCTF.MarshalInterface.FileMap.EMF.B.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.C.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.D.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.E.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.F.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.G.GPLGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
MSCTF.Shared.SFM.EMF
行为描述: 设置特殊文件夹属性
详情信息: C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407
行为描述: 修改文件内容
详情信息: C:\Program Files\Microsoft\px4.tmp---> Offset = 0
C:\Program Files\Internet Explorer\dmlconf.dat---> Offset = 0
C:\DiskX\autorun.inf---> Offset = 7787
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 39547
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 5201
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html---> Offset = 12867
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\google_translate.html---> Offset = 0
行为描述: 修改新生成的可执行文件
详情信息: C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe---> Offset = 53248
C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538026.017974.exe_7zdump\贵族輔助\贵族科技0927Srv.exe---> Offset = 53248
网络行为
VirSCANVirSCAN
行为描述: 发送一个已连接的套接字数据
详情信息: SOCKET = 0x000000e0, TotalSize = 6, Offset = 0, ReadSize = 6.
行为描述: 建立到一个指定的套接字连接
详情信息: 219.133.40.1:80
219.133.40.1:443
行为描述: 按名称获取主机地址
详情信息: google.com
fget-career.com
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-*\Software\Super-EC\输入法\标识符
\REGISTRY\USER\S-*\Software\Super-EC\输入法\文件名
行为描述: 修改注册表_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 删除注册表键值_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: KyUffThOkYwRRtgPP
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EMF
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\ntdll.dll--->ZwWriteVirtualMemory Offset = 0x0
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 284, Hwnd=0x202cc, Text = 选择频道开启 或 选择角色开启 , ClassName = Button.
Pid = 284, Hwnd=0x202a8, Text = baji, ClassName = WTWindow.
危险行为
VirSCANVirSCAN
行为描述: 发送短信
详情信息: number:3353 data:message:798657
number:3354 data:message:798657
number:3353 data:message:798657
动态列表行为
VirSCANVirSCAN
行为描述: 发送短信
详情信息: number:3353 data:message:798657
number:3354 data:message:798657
number:3353 data:message:798657
行为描述: 数据库查询
详情信息: [u'table1', u'[was]', u'null', u'null', u'null', u'null', u'null']
Activities
VirSCANVirSCAN
活动名 类型
.MoviePlayer android.intent.action.MAIN
.MoviePlayer android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
SmsManager;->sendTextMessage 发送普通短信
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.SEND_SMS 发送短信
文件列表
VirSCANVirSCAN
文件名 校验码
classes.dex 0x9a809913
AndroidManifest.xml 0x8c8316e4
res/drawable/icon.png 0x7196cc4c
res/layout/main.xml 0x199f852e
resources.arsc 0x68aae2f9
META-INF/MANIFEST.MF 0xae0ef7b4
META-INF/CERT.SF 0xc2b3b274
META-INF/CERT.RSA 0xcd0d5a49
运行截图
VirSCANVirSCAN
VirSCAN