VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-07-01 08:11:54 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 6
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 2
avast 150725-1 4.7.4 2015-07-25 Found nothing 60
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 2
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
clamav 19861 0.97.5 2014-12-31 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
gdata 25.7180 25.7180 2016-07-01 Found nothing 12
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 38
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Android.RISKWARE.at_luomao.a.(kcloud) 6
mcafee 7638 5400.1158 2014-11-30 Found nothing 60
nod32 0920 3.0.21 2014-12-23 Found nothing 60
panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
quickheal 14.00 14.00 2015-07-25 Found nothing 3
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 2
sophos 5.08 3.55.0 2014-12-01 Found nothing 60
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 15
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:84aaa15d58219f1f6ae2f9644b050bf1
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.wepower.jjmpojie
最低运行环境:Android 2.3, 2.3.1, 2.3.2
版权:
关键行为
VirSCANVirSCAN
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x000403a2, Text = 传奇世界登录器, ClassName = TfrmMain.
hWnd = 0x001002c8, Text = 传奇世界, ClassName = TApplication.
行为描述: 更名后删除HOST文件
详情信息: C:\WINDOWS\system32\drivers\etc\hosts
行为描述: 查找文件方式探测虚拟机
详情信息: FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VBoxGuestAdditions\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VMwareDnD\*.*
FindFirstFileEx: FileName = C:\Program Files\Common Files\VMware\*.*
FindFirstFileEx: FileName = C:\Program Files\VMware\*.*
行为描述: 获取User基本信息
详情信息: Level = 10.
行为描述: 获取TickCount值
详情信息: TickCount = 5357088, SleepMilliseconds = 10.
TickCount = 5357275, SleepMilliseconds = 10.
TickCount = 5357400, SleepMilliseconds = 10.
TickCount = 5357416, SleepMilliseconds = 10.
TickCount = 5357541, SleepMilliseconds = 10.
TickCount = 5358025, SleepMilliseconds = 10.
TickCount = 5358228, SleepMilliseconds = 10.
TickCount = 5358244, SleepMilliseconds = 10.
TickCount = 5358369, SleepMilliseconds = 10.
TickCount = 5358416, SleepMilliseconds = 10.
TickCount = 5358431, SleepMilliseconds = 10.
TickCount = 5358463, SleepMilliseconds = 10.
TickCount = 5358510, SleepMilliseconds = 10.
TickCount = 5358619, SleepMilliseconds = 10.
TickCount = 5358650, SleepMilliseconds = 10.
进程行为
VirSCANVirSCAN
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x000403a2, Text = 传奇世界登录器, ClassName = TfrmMain.
hWnd = 0x001002c8, Text = 传奇世界, ClassName = TApplication.
行为描述: 更名后删除HOST文件
详情信息: C:\WINDOWS\system32\drivers\etc\hosts
行为描述: 查找文件方式探测虚拟机
详情信息: FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VBoxGuestAdditions\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VMwareDnD\*.*
FindFirstFileEx: FileName = C:\Program Files\Common Files\VMware\*.*
FindFirstFileEx: FileName = C:\Program Files\VMware\*.*
行为描述: 获取User基本信息
详情信息: Level = 10.
行为描述: 获取TickCount值
详情信息: TickCount = 5357088, SleepMilliseconds = 10.
TickCount = 5357275, SleepMilliseconds = 10.
TickCount = 5357400, SleepMilliseconds = 10.
TickCount = 5357416, SleepMilliseconds = 10.
TickCount = 5357541, SleepMilliseconds = 10.
TickCount = 5358025, SleepMilliseconds = 10.
TickCount = 5358228, SleepMilliseconds = 10.
TickCount = 5358244, SleepMilliseconds = 10.
TickCount = 5358369, SleepMilliseconds = 10.
TickCount = 5358416, SleepMilliseconds = 10.
TickCount = 5358431, SleepMilliseconds = 10.
TickCount = 5358463, SleepMilliseconds = 10.
TickCount = 5358510, SleepMilliseconds = 10.
TickCount = 5358619, SleepMilliseconds = 10.
TickCount = 5358650, SleepMilliseconds = 10.
文件行为
VirSCANVirSCAN
行为描述: 重命名文件
详情信息: C:\WINDOWS\system32\drivers\etc ---> C:\WINDOWS\system32\drivers\etcAB1MQ
行为描述: 更名后删除HOST文件
详情信息: C:\WINDOWS\system32\drivers\etc\hosts
行为描述: 删除文件
详情信息: C:\WINDOWS\system32\drivers\etcAB1MQ\lmhosts.sam
C:\WINDOWS\system32\drivers\etcAB1MQ\networks
C:\WINDOWS\system32\drivers\etcAB1MQ\protocol
C:\WINDOWS\system32\drivers\etcAB1MQ\services
行为描述: 查找文件
详情信息: FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\WINDOWS\system32\drivers\etcAB1MQ\*
FileName = C:\Documents and Settings\Administrator\桌面\*.*
FileName = C:\Documents and Settings\All Users\桌面\*.*
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\root
FileName = C:\Documents and Settings\root\My Documents
FileName = C:\Documents and Settings\All Users
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21765
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12693
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12691
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21786
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Global\winlogon: Logon UserProfileMapping Mutex
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EIJ
行为描述: 枚举网络共享资源
详情信息: N/A
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = OpenWebEvent
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.EIJ.IC
EventName = MSCTF.SendReceiveConection.Event.EIJ.IC
行为描述: 窗口信息
详情信息: Pid = 2432, Hwnd=0x1702d8, Text = 800×600, ClassName = TComboBox.
Pid = 2432, Hwnd=0x7037c, Text = 窗口模式, ClassName = TRzCheckBox.
Pid = 2432, Hwnd=0x403a2, Text = 传奇世界登录器, ClassName = TfrmMain.
Pid = 2432, Hwnd=0x4038c, Text = 关闭, ClassName = TButton.
Pid = 2432, Hwnd=0x100354, Text = 确定, ClassName = TButton.
Pid = 2432, Hwnd=0x1902b6, Text = 我不知道路径使用自动搜索, ClassName = TButton.
Pid = 2432, Hwnd=0x703b8, Text = 选择传奇世界安装目录, ClassName = TfrmSelectDir.
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,GINA Logon]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述: 获取User基本信息
详情信息: Level = 10.
行为描述: 获取TickCount值
详情信息: TickCount = 5357088, SleepMilliseconds = 10.
TickCount = 5357275, SleepMilliseconds = 10.
TickCount = 5357400, SleepMilliseconds = 10.
TickCount = 5357416, SleepMilliseconds = 10.
TickCount = 5357541, SleepMilliseconds = 10.
TickCount = 5358025, SleepMilliseconds = 10.
TickCount = 5358228, SleepMilliseconds = 10.
TickCount = 5358244, SleepMilliseconds = 10.
TickCount = 5358369, SleepMilliseconds = 10.
TickCount = 5358416, SleepMilliseconds = 10.
TickCount = 5358431, SleepMilliseconds = 10.
TickCount = 5358463, SleepMilliseconds = 10.
TickCount = 5358510, SleepMilliseconds = 10.
TickCount = 5358619, SleepMilliseconds = 10.
TickCount = 5358650, SleepMilliseconds = 10.
行为描述: 调整进程token权限
详情信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
行为描述: 屏蔽窗口关闭消息
详情信息: hWnd = 0x000403a2, Text = 传奇世界登录器, ClassName = TfrmMain.
hWnd = 0x001002c8, Text = 传奇世界, ClassName = TApplication.
行为描述: 枚举窗口
详情信息: N/A
行为描述: 停止系统服务
详情信息: ServiceName = IPSEC Services
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [传奇世界登录器,TfrmMain]
行为描述: 打开互斥体
详情信息: ShimCacheMutex
行为描述: 查找文件方式探测虚拟机
详情信息: FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VBoxGuestAdditions\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\VMwareDnD\*.*
FindFirstFileEx: FileName = C:\Program Files\Common Files\VMware\*.*
FindFirstFileEx: FileName = C:\Program Files\VMware\*.*
Activities
VirSCANVirSCAN
活动名 类型
com.wepower.ptopphone.activity.MainActivity android.intent.action.MAIN
com.wepower.ptopphone.activity.MainActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
HttpClient;->execute 请求远程服务器
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
java/net/URL;->openConnection 连接URL
java/net/HttpURLConnection;->connect 连接URL
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
文件列表
VirSCANVirSCAN
文件名 校验码
lib/armeabi/libencoder.so 0xc191a3f4
lib/armeabi/libforcetv.so 0x6f2f19ae
lib/armeabi/libmd.so 0xee1131ac
lib/armeabi/libvinit.so 0x17ecf48
res/anim/close_program.xml 0x41ad39a7
res/anim/loading_in.xml 0x1ef9147a
res/anim/loading_out.xml 0x9645c057
res/anim/show_program.xml 0xcf04f31b
res/drawable/listview_gridview_bg.xml 0x85e753e2
res/drawable/media_list_selector.xml 0x3c5e4cea
res/drawable/mediacontroller_pause_button.xml 0xefe3160
res/drawable/mediacontroller_play_button.xml 0x5fc8f244
res/drawable/mediacontroller_seekbar.xml 0xebe514b6
res/drawable/mediacontroller_seekbar_thumb.xml 0x1326a2ee
res/drawable/program_listview_style.xml 0x93fb60c5
res/drawable/progressbar.xml 0x1165bbc6
res/drawable/welcome_buttonno_style.xml 0xb7ed5b37
res/drawable/welcome_buttonyes_style.xml 0x2891baff
res/drawable-hdpi/back_play.png 0x742ce866
res/drawable-hdpi/battery0.png 0x55893a2
res/drawable-hdpi/battery1.png 0xd3dc64ca
res/drawable-hdpi/battery2.png 0xf7064d78
res/drawable-hdpi/battery3.png 0x976b9189
res/drawable-hdpi/battery4.png 0xedf8175e
res/drawable-hdpi/battery5.png 0x252251ec
res/drawable-hdpi/battery_charge.png 0x8363de2
res/drawable-hdpi/detail_share_icon_n.png 0x95bc0853
res/drawable-hdpi/ic_guide_left.png 0x60011441
res/drawable-hdpi/ic_guide_right.png 0x57529991
res/drawable-hdpi/ic_launcher.png 0xf8b53ed0
res/drawable-hdpi/ic_zoom_in_btn_videoplayer.png 0x629e3b22
res/drawable-hdpi/ic_zoom_out_btn_videoplayer.png 0x629e3b22
res/drawable-hdpi/load_line.png 0x54cb85a5
res/drawable-hdpi/login_no.png 0xa728c440
res/drawable-hdpi/login_no_clicked.png 0xacb41ea3
res/drawable-hdpi/login_yes.png 0xbcede520
res/drawable-hdpi/login_yes_clicked.png 0x89f18284
res/drawable-hdpi/love_default.png 0x5f6d12e5
res/drawable-hdpi/love_play_default.png 0xe7693958
res/drawable-hdpi/love_play_select.png 0xe244b45f
res/drawable-hdpi/love_select.png 0x3ea00202
res/drawable-hdpi/mediacontroller_bg.png 0x8def9ff6
res/drawable-hdpi/mediacontroller_pause01.png 0x851e83f4
res/drawable-hdpi/mediacontroller_pause02.png 0x58ba3ba3
res/drawable-hdpi/mediacontroller_play01.png 0x83f3821d
res/drawable-hdpi/mediacontroller_play02.png 0x4e0451b9
res/drawable-hdpi/mediacontroller_seekbar01.png 0xf294cb6
res/drawable-hdpi/mediacontroller_seekbar02.png 0x27aa891
res/drawable-hdpi/next_play.png 0x3ae8f69b
res/drawable-hdpi/play_program_bg.png 0x86f05ff9
res/drawable-hdpi/sl_bg.png 0x334b8393
res/drawable-hdpi/tv.png 0x1a1818f
res/drawable-hdpi/welcome_bg.jpg 0xf5e0f37c
res/drawable-mdpi/arrows.png 0x92d6506a
res/drawable-mdpi/default_tv.png 0x14585366
res/drawable-mdpi/edit_bg.png 0xfd1d8630
res/drawable-mdpi/edittext_bg.9.png 0xce0b6967
res/drawable-mdpi/go_gray.png 0x7f40eea5
res/drawable-mdpi/ic_launcher.png 0x1cd7bd41
res/drawable-mdpi/line_bg.png 0x3a4f6655
res/drawable-mdpi/media_controler_background.png 0xa38e24e2
res/drawable-mdpi/media_h.png 0xfef63d48
res/drawable-mdpi/meida_pg.png 0x9437a24a
res/drawable-mdpi/menu.png 0xa6d0c8e3
res/drawable-mdpi/program_tv_menu_bg.png 0x3b5598ac
res/drawable-xhdpi/ic_launcher.png 0xdd4da304
res/drawable-xxhdpi/ic_launcher.png 0x7e4ca712
res/layout/listview.xml 0xdbbc2abc
res/layout/main.xml 0xed218a05
res/layout/media_controler.xml 0x8ee98358
res/layout/mediacontent.xml 0xc374b5ea
res/layout/mediacontroller.xml 0x38148b01
res/layout/page.xml 0xff9428ef
res/layout/page_item.xml 0x92094563
res/layout/password_edit.xml 0xb794b1f6
res/layout/play_program_item.xml 0x799ef7c9
res/layout/prediction_item.xml 0x8c182247
res/layout/program.xml 0xfb5bd760
res/layout/statement.xml 0xd21089
res/layout/wb_mediacontent.xml 0xc8ccd662
res/layout-hdpi/play.xml 0xf5b3cb3f
res/layout-ldpi/play.xml 0xd629308a
res/layout-mdpi/play.xml 0xd629308a
res/menu/activity_menu_by_resource.xml 0x85b4057e
res/menu/main.xml 0x6719886f
res/raw/libarm.so 0xde38dd79
res/raw/select.wav 0x9e38a99b
res/raw/shake_sound.mp3 0xa61bcac9
res/raw/sure.wav 0x29e8b1e0
AndroidManifest.xml 0x2f1b4202
classes.dex 0x8203f247
resources.arsc 0x3044024d
META-INF/MANIFEST.MF 0xb31b7eff
META-INF/CERT.SF 0xcae024d2
META-INF/CERT.RSA 0x6262d456
运行截图
VirSCANVirSCAN
VirSCAN