VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-22 12:05:10 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 9
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.3997 25.3997 2015-10-22 Found nothing 8
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 42
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 10
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 12
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Found nothing 2
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
权限列表
许可名称 信息
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_WAP_PUSH 接收wap push信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.MASTER_CLEAR 软格式化
android.permission.WRITE_SETTINGS 读写系统设置项
htc.permission.CUSTOMIZATION_CHANGE
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.HTC_FOTA_UPDATE
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_CACHE_FILESYSTEM
android.permission.MODIFY_PHONE_STATE 修改电话状态
android.permission.REBOOT 重启设备
android.permission.ACCESS_RECOVERY_FOLDER
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.UPDATE_DEVICE_STATS 更新设备状态
com.android.settings.permission.ACCESS_SETTINGS
android.permission.INSTALL_PACKAGES 安装应用
android.permission.DELETE_PACKAGES 删除应用
android.permission.WRITE_SECURE_SETTINGS 读写系统敏感设置
com.htc.android.mail.permission.READ_ACCOUNT
com.htc.android.mail.permission.WRITE_ACCOUNT
com.htc.permission.APP_SHARED
com.htc.permission.APP_PLATFORM
com.htc.permission.APP_DEFAULT
com.htc.permission.APP_MEDIA
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:d4bd4e230e466571f22c01da2e08cba7
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.htc.android.omadm.service
最低运行环境:Android 5.0
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MNF..GMGGH
MSCTF.MarshalInterface.FileMap.MNF.B.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.C.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.D.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.E.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.F.GNGGH
MSCTF.MarshalInterface.FileMap.MNF.G.GNGGH
MSCTF.MarshalInterface.FileMap.AOG..JOIGH
MSCTF.MarshalInterface.FileMap.AOG.B.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.C.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.D.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.E.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.F.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.G.JPIGH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,WTWindow]
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x050104e6, DC = 0x050104e6.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x050104e5, DC = 0x050104e5.
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MNF..GMGGH
MSCTF.MarshalInterface.FileMap.MNF.B.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.C.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.D.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.E.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.F.GNGGH
MSCTF.MarshalInterface.FileMap.MNF.G.GNGGH
MSCTF.MarshalInterface.FileMap.AOG..JOIGH
MSCTF.MarshalInterface.FileMap.AOG.B.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.C.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.D.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.E.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.F.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.G.JPIGH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,WTWindow]
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x050104e6, DC = 0x050104e6.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x050104e5, DC = 0x050104e5.
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MNF..GMGGH
MSCTF.MarshalInterface.FileMap.MNF.B.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.C.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.D.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.E.GMGGH
MSCTF.MarshalInterface.FileMap.MNF.F.GNGGH
MSCTF.MarshalInterface.FileMap.MNF.G.GNGGH
MSCTF.MarshalInterface.FileMap.AOG..JOIGH
MSCTF.MarshalInterface.FileMap.AOG.B.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.C.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.D.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.E.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.F.JPIGH
MSCTF.MarshalInterface.FileMap.AOG.G.JPIGH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = 001.3vftp.com, PORT = 21
InternetConnectA: ServerName = zdhmz.xkw.pw, PORT = 80
行为描述: 读取网络文件
详情信息: hFile = 0x00000624, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00000628, BytesToRead =2048, BytesRead = 2048.
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: zdhmz.xkw.pw:80/12.php, hConnect = 0x00000628
HttpOpenRequestA: zdhmz.xkw.pw:80/rjpz/index.php?catid=13, hConnect = 0x00000620
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
\REGISTRY\MACHINE\SOFTWARE\计次\
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,]
行为描述: 窗口信息
详情信息: Pid = 252, Hwnd=0x102fa, Text = 确定, ClassName = Button.
Pid = 252, Hwnd=0x102fe, Text = 运行时出错! 错误代码:1 , ClassName = Static.
Pid = 252, Hwnd=0x102f6, Text = 错误, ClassName = #32770.
Pid = 252, Hwnd=0x102e2, Text = 复制标签, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 252, Hwnd=0x102e0, Text = 注册码多余的, ClassName = Edit.
Pid = 252, Hwnd=0x102de, Text = 软件试用次数总共3次!, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 252, Hwnd=0x202d2, Text = 单号导入:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 252, Hwnd=0x202d0, Text = 我愿意承担后果 <<<, ClassName = Button(RadioButton).
Pid = 252, Hwnd=0x302b6, Text = 备注, ClassName = Edit.
Pid = 252, Hwnd=0x502ce, Text = 手机号, ClassName = Edit.
Pid = 252, Hwnd=0x202ae, Text = 公告, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 252, Hwnd=0x202b0, Text = MZ, ClassName = Edit.
Pid = 252, Hwnd=0x302b8, Text = 点此刷新, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 252, Hwnd=0x302da, Text = 当前有*人在线, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 252, Hwnd=0x202c6, Text = 推荐5轮 到达指定轮数后即停止轰炸, ClassName = Afx:400000:b:10011:1900015:0.
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x050104e6, DC = 0x050104e6.
Foreground window Info: HWND = 0x24010301, DC = 0x24010301.
Foreground window Info: HWND = 0x050104e5, DC = 0x050104e5.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,Afx:400000:8:10011:1900015:0]
[Window,Class] = [,Afx:400000:b:10011:1900015:0]
[Window,Class] = [,WTWindow]
动态列表行为
VirSCANVirSCAN
行为描述: Android运行时错误
详情信息: E/AndroidRuntime( 666): FATAL EXCEPTION: ContactsProviderWorker
E/AndroidRuntime( 666): Process: android.process.acore, PID: 666
E/AndroidRuntime( 666): android.database.sqlite.SQLiteConstraintException: column mimetype is not unique (code 19)
E/AndroidRuntime( 666): at android.database.sqlite.SQLiteConnection.nativeExecuteForLastInsertedRowId(Native Method)
E/AndroidRuntime( 666): at android.database.sqlite.SQLiteConnection.executeForLastInsertedRowId(SQLiteConnection.java:782)
E/AndroidRuntime( 666): at android.database.sqlite.SQLiteSession.executeForLastInsertedRowId(SQLiteSession.java:788)
E/AndroidRuntime( 666): at android.database.sqlite.SQLiteStatement.executeInsert(SQLiteStatement.java:86)
E/AndroidRuntime( 666): at com.android.providers.contacts.ContactsDatabaseHelper.lookupAndCacheId(ContactsDatabaseHelper.java:4350)
E/AndroidRuntime( 666): at com.android.providers.contacts.ContactsDatabaseHelper.lookupMimeTypeId(ContactsDatabaseHelper.java:4411)
E/AndroidRuntime( 666): at com.android.providers.contacts.ContactsDatabaseHelper.getMimeTypeId(ContactsDatabaseHelper.java:4396)
E/AndroidRuntime( 666): at com.android.providers.contacts.aggregation.ContactAggregator.<init>(ContactAggregator.java:375)
E/AndroidRuntime( 666): at com.android.providers.contacts.ContactsProvider2.initForDefaultLocale(ContactsProvider2.java:1509)
E/AndroidRuntime( 666): at com.android.providers.contacts.ContactsProvider2.performBackgroundTask(ContactsProvider2.java:1582)
E/AndroidRuntime( 666): at com.android.providers.contacts.ContactsProvider2$1.handleMessage(ContactsProvider2.java:1468)
E/AndroidRuntime( 666): at android.os.Handler.dispatchMessage(Handler.java:102)
E/AndroidRuntime( 666): at android.os.Looper.loop(Looper.java:136)
E/AndroidRuntime( 666): at android.os.HandlerThread.run(HandlerThread.java:61)
危险函数
VirSCANVirSCAN
函数名称 信息
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
ContentResolver;->delete 删除短信、联系人
ContentResolver;->query 读取联系人、短信等数据库
PackageManager;->installPackage 安装apk包
android/app/NotificationManager;->notify 信息通知栏
启动方式
VirSCANVirSCAN
名称 信息
com.htc.android.omadm.service.BootStart 开机启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_WAP_PUSH 接收wap push信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.MASTER_CLEAR 软格式化
android.permission.WRITE_SETTINGS 读写系统设置项
htc.permission.CUSTOMIZATION_CHANGE
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.HTC_FOTA_UPDATE
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.ACCESS_CACHE_FILESYSTEM
android.permission.MODIFY_PHONE_STATE 修改电话状态
android.permission.REBOOT 重启设备
android.permission.ACCESS_RECOVERY_FOLDER
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.UPDATE_DEVICE_STATS 更新设备状态
com.android.settings.permission.ACCESS_SETTINGS
android.permission.INSTALL_PACKAGES 安装应用
android.permission.DELETE_PACKAGES 删除应用
android.permission.WRITE_SECURE_SETTINGS 读写系统敏感设置
com.htc.android.mail.permission.READ_ACCOUNT
com.htc.android.mail.permission.WRITE_ACCOUNT
com.htc.permission.APP_SHARED
com.htc.permission.APP_PLATFORM
com.htc.permission.APP_DEFAULT
com.htc.permission.APP_MEDIA
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
服务列表
VirSCANVirSCAN
名称
com.htc.android.omadm.service.HtcDmService
com.htc.android.omadm.service.AutoRegisterService
文件列表
VirSCANVirSCAN
文件名 校验码
res/drawable-xhdpi-v4/icon_btn_update_light_xl.png 0xbe8e751b
res/drawable-xhdpi-v4/stat_notify_running_services.png 0x61e38771
resources.arsc 0xce3e8431
AndroidManifest.xml 0x16171a08
classes.dex 0x6a3dcc23
META-INF/MANIFEST.MF 0xdde7708
META-INF/CERT.SF 0x30a48a54
META-INF/CERT.RSA 0xb1312ca3
运行截图
VirSCANVirSCAN
VirSCAN