VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-06-30 20:12:05 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 2
avast 141231-0 4.7.4 2014-12-31 Found nothing 53
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 7
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 1
clamav 19745 0.97.5 2014-12-07 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 52
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 5
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 10
gdata 25.2289 25.2289 2015-06-30 Found nothing 13
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 14
jiangmin 16.0.100 1.0.0.0 2014-08-20 Found nothing 37
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 44
kingsoft 2.1 2.1 2013-09-22 Found nothing 10
mcafee 7638 5400.1158 2014-11-30 Found nothing 40
nod32 0920 3.0.21 2014-12-23 Found nothing 4
panda 9.05.01 9.05.01 2014-12-31 Found nothing 5
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 2
qh360 1.0.1 1.0.1 1.0.1 Found nothing 10
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 1
quickheal 14.00 14.00 2014-12-31 Found nothing 6
rising 25.46.06.04 25.46.06.04 2014-12-28 Found nothing 1
sophos 5.08 3.55.0 2014-12-01 Found nothing 8
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 2
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 8
thehacker 6.8.0.5 6.8.0.5 2014-12-29 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 27
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:9e1d8c93dc474b943952a20222d4bcb2
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.monotype.android.font.AiFont65717
最低运行环境:Android 2.2.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ALN..IBIGF
MSCTF.MarshalInterface.FileMap.ALN.B.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.C.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.D.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.E.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.F.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.G.IBIGF
MSCTF.Shared.SFM.ALN
MSCTF.MarshalInterface.FileMap.MCJ..HGHIF
MSCTF.MarshalInterface.FileMap.MCJ.B.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.C.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.D.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.E.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.F.HHHIF
行为描述: 修改注册表_镜像劫持
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,CaptionButton]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,Static]
[Window,Class] = [,Button]
[Window,Class] = [,SysAnimate32]
行为描述: 创建系统服务
详情信息: [服务创建成功]: gupdate, "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
[服务创建成功]: gupdatem, "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
行为描述: 按名称获取主机地址
详情信息: wpad.
219.133.40.1
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ALN..IBIGF
MSCTF.MarshalInterface.FileMap.ALN.B.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.C.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.D.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.E.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.F.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.G.IBIGF
MSCTF.Shared.SFM.ALN
MSCTF.MarshalInterface.FileMap.MCJ..HGHIF
MSCTF.MarshalInterface.FileMap.MCJ.B.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.C.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.D.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.E.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.F.HHHIF
行为描述: 修改注册表_镜像劫持
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,CaptionButton]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,Static]
[Window,Class] = [,Button]
[Window,Class] = [,SysAnimate32]
行为描述: 创建系统服务
详情信息: [服务创建成功]: gupdate, "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
[服务创建成功]: gupdatem, "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
行为描述: 按名称获取主机地址
详情信息: wpad.
219.133.40.1
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.ALN..IBIGF
MSCTF.MarshalInterface.FileMap.ALN.B.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.C.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.D.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.E.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.F.IBIGF
MSCTF.MarshalInterface.FileMap.ALN.G.IBIGF
MSCTF.Shared.SFM.ALN
MSCTF.MarshalInterface.FileMap.MCJ..HGHIF
MSCTF.MarshalInterface.FileMap.MCJ.B.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.C.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.D.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.E.HHHIF
MSCTF.MarshalInterface.FileMap.MCJ.F.HHHIF
行为描述: 重命名文件
详情信息: C:\Program Files\Google\Update\1.3.27.5 ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.3.27.55aa03
C:\Program Files\Google\Update ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Update5aa41
行为描述: 添加计划任务
详情信息: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
行为描述: 创建可执行文件
详情信息: C:\Program Files\GUM3.tmp\GoogleUpdate.exe
C:\Program Files\GUM3.tmp\GoogleCrashHandler.exe
C:\Program Files\GUM3.tmp\goopdate.dll
C:\Program Files\GUM3.tmp\npGoogleUpdate3.dll
C:\Program Files\GUM3.tmp\GoogleUpdateBroker.exe
C:\Program Files\GUM3.tmp\GoogleUpdateOnDemand.exe
C:\Program Files\GUM3.tmp\GoogleUpdateComRegisterShell64.exe
C:\Program Files\GUM3.tmp\GoogleUpdateWebPlugin.exe
C:\Program Files\GUM3.tmp\psmachine.dll
C:\Program Files\GUM3.tmp\psmachine_64.dll
C:\Program Files\GUM3.tmp\psuser.dll
C:\Program Files\GUM3.tmp\psuser_64.dll
C:\Program Files\GUM3.tmp\GoogleCrashHandler64.exe
C:\Program Files\GUM3.tmp\goopdateres_am.dll
C:\Program Files\GUM3.tmp\goopdateres_ar.dll
行为描述: 修改文件内容
详情信息: C:\Program Files\GUM3.tmp\GoogleUpdateHelper.msi---> Offset = 0
C:\Program Files\Google\Update\1.3.27.5\GoogleUpdateHelper.msi---> Offset = 0
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job---> Offset = 0
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job---> Offset = 0
C:\Program Files\Google\CrashReports\fdd3b08d-7a77-4292-8197-acc78399e06b.dmp---> Offset = 140
C:\Program Files\Google\CrashReports\9ded94a8-a87f-47ed-bc3a-842faa4693bd.dmp---> Offset = 140
C:\Program Files\Google\CrashReports\Update2-last.dmp---> Offset = 0
C:\Program Files\GUT4.tmp---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 按名称获取主机地址
详情信息: wpad.
219.133.40.1
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\usagestats
\REGISTRY\MACHINE\SOFTWARE\Google\Update\path
\REGISTRY\MACHINE\SOFTWARE\Google\Update\UninstallCmdLine
\REGISTRY\MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}\pv
\REGISTRY\MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}\name
\REGISTRY\MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\pv
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\LocalService
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ServiceParameters
\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\
\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CurVer\
行为描述: 删除注册表键值
详情信息: \REGISTRY\MACHINE\SOFTWARE\Google\Update\eulaaccepted
\REGISTRY\MACHINE\SOFTWARE\Google\Update\uid
\REGISTRY\MACHINE\SOFTWARE\Google\Update\old-uid
\REGISTRY\MACHINE\SOFTWARE\Google\Update\mi
\REGISTRY\MACHINE\SOFTWARE\Google\Update\ui
\REGISTRY\MACHINE\SOFTWARE\Google\Update\LastChecked
\REGISTRY\MACHINE\SOFTWARE\Google\Update\LastCodeRedCheck
\REGISTRY\MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\UpdateAvailableCount
\REGISTRY\MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\UpdateAvailableSince
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\Path
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\Description
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\ProductName
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\Vendor
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\AppName
行为描述: 修改注册表_镜像劫持
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation
行为描述: 删除注册表键值_镜像劫持
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation
行为描述: 删除注册表键
详情信息: \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{53AA8AFA-807E-4272-87D9-BBA51A9DB376}\InprocHandler32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{53AA8AFA-807E-4272-87D9-BBA51A9DB376}
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes\application/x-vnd.google.oneclickctrl.9
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes
\REGISTRY\MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\*
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
\REGISTRY\MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9\CLSID
其他行为
VirSCANVirSCAN
行为描述: 设置对象安全信息
详情信息: MACHINE\Software\Google\Update\ClientStateMedium\
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
RasPbFile
Global\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Global\G{A9A86B93-B54E-4570-BE89-42418507707B}
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.ALN
Global\G{6885AE8E-C070-458d-9711-37B9BEAB65F6}
Global\G{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
Global\G{0A175FBE-AEEC-4fea-855A-2AA549A88846}
Global\_MSIExecute
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,CaptionButton]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,Static]
[Window,Class] = [,Button]
[Window,Class] = [,SysAnimate32]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 枚举窗口
详情信息: N/A
行为描述: 获取系统权限
详情信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 3268, Hwnd=0x10360, Text = On your marks..., ClassName = Static.
Pid = 3268, Hwnd=0x1034e, Text = Google Chrome Installer, ClassName = #32770.
Pid = 2356, Hwnd=0x1040e, Text = Connecting to the Internet..., ClassName = Static.
Pid = 2356, Hwnd=0x103fc, Text = Google Chrome Installer, ClassName = #32770.
行为描述: 创建系统服务
详情信息: [服务创建成功]: gupdate, "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
[服务创建成功]: gupdatem, "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x88a8a081
META-INF/CERT.SF 0x5ec6cb53
META-INF/CERT.RSA 0xe69b50fb
AndroidManifest.xml 0xa2a1ea3a
assets/fonts/AiFont65717.ttf 0x2fb231c5
res/drawable/icon.png 0xc6000e88
resources.arsc 0x239f14b
assets/xml/AiFont65717.xml 0x6fe4a25c
classes.dex 0x7eda137a
运行截图
VirSCANVirSCAN
VirSCAN