VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:6%Scanner(s) (2/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-20 21:15:18 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23575 0.97.5 2017-07-19 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 5.4.247 2017-07-20 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13454 25.13454 2017-07-20 Android.Trojan.SLocker.FH 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-07-19 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-07-19 Found nothing 5
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-07-19 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-07-18 Android.Congur.A 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-07-16 Found nothing 1
tws 17.47.17308 1.0.2.2108 2017-07-19 Found nothing 14
vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-17 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.SEND_SMS 发送短信
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.VIBRATE 允许设备震动
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:72bd270f9ab01599bc9ed698f027f957
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.h
最低运行环境:Android 2.2.x
版权:Android
进程行为
VirSCANVirSCAN
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x01003100, hConnect = 0x01003200, Flags = 0x00000000
WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x01002100, hConnect = 0x01002200, Flags = 0x00000000
WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e21100, hConnect = 0x00e21200, Flags = 0x00000000
WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e71100, hConnect = 0x00e71200, Flags = 0x00000000
WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e31100, hConnect = 0x00e31200, Flags = 0x00000000
WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e81100, hConnect = 0x00e81200, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01003100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01002100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e21100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e71100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e31100
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e81100
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000170
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000174
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x0000011c
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000150
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x0000016c
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000134
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000164
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000168
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000184
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000180
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000160
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000130
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000188
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000128
URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000178
行为描述: 发送HTTP包
详情信息: GET /zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotId=265108&chartType=zhzs&r=0.009212904376909137#roll_632 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ch****cn Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01003200, hRequest = 0x01090000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01002200, hRequest = 0x00db0000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e21200, hRequest = 0x00e60000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e71200, hRequest = 0x00e80000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e31200, hRequest = 0x00e80000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01002200, hRequest = 0x00e30000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e81200, hRequest = 0x00e90000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01002200, hRequest = 0x00e90000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e81200, hRequest = 0x00e30000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e21200, hRequest = 0x00e90000, Verb: GET, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e21200, hRequest = 0x00e30000, Verb: GET, Referer: , Flags = 0x00000080
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: ch****cn
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MJK
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MJK.IC
EventName = MSCTF.SendReceiveConection.Event.MJK.IC
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 窗口信息
详情信息: Pid = 2712, Hwnd=0x1034c, Text = 期数:, ClassName = msctls_statusbar32.
Pid = 2712, Hwnd=0x10346, Text = Pc28 去3余N 预测 by 28客栈, ClassName = ArrtryPC28.
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,_EL_Timer]
行为描述: 打开互斥体
详情信息: ShimCacheMutex
Activities
VirSCANVirSCAN
活动名 类型
.M android.intent.action.MAIN
.M android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
启动方式
VirSCANVirSCAN
名称 信息
com.h.bbb 开机启动服务
com.h.MyAdmin
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.SEND_SMS 发送短信
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.VIBRATE 允许设备震动
服务列表
VirSCANVirSCAN
名称
com.h.s
文件列表
VirSCANVirSCAN
文件名 校验码
resources.arsc 0x715e468d
AndroidManifest.xml 0x642b9077
classes.dex 0x245123b6
res/anim/show1.xml 0xd6a4ac2e
res/anim/show2.xml 0x7654fed3
res/anim/show3.xml 0x6f1f70bf
res/anim/show4.xml 0x58501145
res/anim/tvanim.xml 0xa070c56a
res/drawable/button.xml 0x4870c4e2
res/drawable/icon.png 0x50c4fdb
res/drawable/image_1.png 0xbba22b48
res/drawable/image_10.png 0x1d8d0321
res/drawable/image_2.png 0xcc536973
res/drawable/image_3.png 0x5bf10fa0
res/drawable/image_4.png 0x177dfa26
res/drawable/image_5.png 0x847fb2e6
res/drawable/image_6.png 0xd02b3ade
res/drawable/tv.xml 0xa0b7382
res/drawable/youc1.xml 0x6f3a33c8
res/drawable/youc2.xml 0x8d4a9028
res/drawable/youc3.xml 0x589dcc4a
res/layout/main.xml 0xf41e2f66
res/layout/newone.xml 0x73d4d016
res/raw/a.mp3 0x6f0e4bb6
res/xml/my_admin.xml 0x980762b3
META-INF/MANIFEST.MF 0xbc329660
META-INF/CERT.SF 0x3f87fbe3
META-INF/CERT.RSA 0x8dcedc4c
运行截图
VirSCANVirSCAN
VirSCAN