VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:28%Antivirus software(9/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2018-09-30 19:21:01 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 AVL SDK 2.0 2018-05-1 Found nothing 5
avast 18.4.3895.0 18.4.3895.0 2018-09-30 Found nothing 46
avg 10.0.1405 10.0.1405 2018-09-30 Found nothing 1
baidu 2.0.1.0 4.1.3.52192 2018-06-20 Found nothing 5
baidusd 1.0 1.0 2018-06-21 Found nothing 60
bitdefender 7.141118 7.141118 2018-09-30 Found nothing 6
clamav 24989 0.97.5 2018-09-28 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2018-09-30 Found nothing 51
emsisoft 9.0.0.4799 9.0.0.4799 2018-06-21 Found nothing 1
fortinet 1.000, 63.037, 62.972, 62.996 5.4.247 2018-09-30 Android/FakeInst.HQ!tr 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 1
fsecure 2015-08-01-02 9.13 2018-09-30 Android.Trojan.Downloader.CU 8
gdata 25.18688 25.18688 2018-09-28 Android.Trojan.Downloader.CU 14
ikarus 4.00.09 V1.32.39.0 2018-09-29 Found nothing 1
jiangmin 16.0.100 1.0.0.0 2018-07-11 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 20
kingsoft 2.1 2.1 2018-06-20 Android.Troj.Danpaydrop.gf.(kcloud) 4
mcafee 8974 5400.1158 2018-08-03 Found nothing 12
nod32 7844 3.0.21 2018-08-07 a variant of Android/Wint.A trojan 1
panda 9.05.01 9.05.01 2018-07-15 Found nothing 4
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 2
qh360 1.0.1 1.0.1 2018-06-20 Android mobile malware 3
qqphone 2.0.0.0 2.0.0.0 2018-09-25 a.gray.adwtb 1
quickheal 14.00 14.00 2018-08-07 Android.Rootnik.N 3
rising 4124 4124 2018-09-29 Found nothing 1
sophos 4.62 3.16.1 2016-09-20 Andr/Rootnik-I 10
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 1
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2018-07-12 Found nothing 1
tws 17.47.17308 1.0.2.2108 2018-09-29 Found nothing 14
vba 3.12.29.3 beta 3.12.29.3 beta 2016-09-19 Found nothing 4
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 20
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.VIBRATE 允许设备震动
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.BATTERY_STATS 电量统计
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.READ_CALENDAR 读取日程提醒
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.MANAGE_ACCOUNTS 管理账户
android.permission.ACCESS_DOWNLOAD_MANAGER
android.permission.RECEIVE_USER_PRESENT
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:a56c05ea4613b686918f1dec08b958e9
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.android.notification.service
最低运行环境:Android 2.2.x
版权:yysing_config1
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 217863, SleepMilliseconds = 20.
TickCount = 217879, SleepMilliseconds = 20.
TickCount = 217895, SleepMilliseconds = 20.
TickCount = 217957, SleepMilliseconds = 20.
TickCount = 217973, SleepMilliseconds = 20.
TickCount = 218035, SleepMilliseconds = 20.
TickCount = 218051, SleepMilliseconds = 20.
TickCount = 218082, SleepMilliseconds = 20.
TickCount = 218113, SleepMilliseconds = 20.
TickCount = 218207, SleepMilliseconds = 20.
TickCount = 218254, SleepMilliseconds = 20.
TickCount = 218270, SleepMilliseconds = 20.
TickCount = 218285, SleepMilliseconds = 20.
TickCount = 218348, SleepMilliseconds = 20.
TickCount = 218395, SleepMilliseconds = 20.
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 217863, SleepMilliseconds = 20.
TickCount = 217879, SleepMilliseconds = 20.
TickCount = 217895, SleepMilliseconds = 20.
TickCount = 217957, SleepMilliseconds = 20.
TickCount = 217973, SleepMilliseconds = 20.
TickCount = 218035, SleepMilliseconds = 20.
TickCount = 218051, SleepMilliseconds = 20.
TickCount = 218082, SleepMilliseconds = 20.
TickCount = 218113, SleepMilliseconds = 20.
TickCount = 218207, SleepMilliseconds = 20.
TickCount = 218254, SleepMilliseconds = 20.
TickCount = 218270, SleepMilliseconds = 20.
TickCount = 218285, SleepMilliseconds = 20.
TickCount = 218348, SleepMilliseconds = 20.
TickCount = 218395, SleepMilliseconds = 20.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Program Files\AppPatch\mysqld.dll
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\Consys21[1].dll
行为描述: 创建可执行文件
详情信息: C:\Program Files\AppPatch\mysqld.dll
行为描述: 覆盖已有文件
详情信息: C:\Program Files\AppPatch\mysqld.dll
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\Consys21[1].dll
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Program Files\AppPatch\mysqld.dll ---> Offset = 0
C:\Program Files\AppPatch\mysqld.dll ---> Offset = 1024
C:\Program Files\AppPatch\mysqld.dll ---> Offset = 2048
C:\Program Files\AppPatch\mysqld.dll ---> Offset = 3072
C:\Program Files\AppPatch\mysqld.dll ---> Offset = 4096
C:\Program Files\AppPatch\mysqld.dll ---> Offset = 8192
C:\Program Files\AppPatch\mysqld.dll ---> Offset = 12288
C:\Program Files\AppPatch\mysqld.dll ---> Offset = 16384
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://**.188.248.**:6789/Consys21.dll, hInternet = 0x00cc0004, Flags = 0x80000000
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = **.188.248.**, PORT = 6789, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible), hSession = 0x00cc0004
行为描述: 建立到一个指定的套接字连接
详情信息: IP: **.188.248.**:6789, SOCKET = 0x00000244
IP: **.188.248.**:6789, SOCKET = 0x00000248
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
行为描述: 发送HTTP包
详情信息: GET /Consys21.dll HTTP/1.1 User-Agent: Mozilla/4.0 (compatible) Host: **.188.248.**:6789 Cache-Control: no-cache
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: **.188.248.**:6789/consys21.dll, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
行为描述: 获取TickCount值
详情信息: TickCount = 217863, SleepMilliseconds = 20.
TickCount = 217879, SleepMilliseconds = 20.
TickCount = 217895, SleepMilliseconds = 20.
TickCount = 217957, SleepMilliseconds = 20.
TickCount = 217973, SleepMilliseconds = 20.
TickCount = 218035, SleepMilliseconds = 20.
TickCount = 218051, SleepMilliseconds = 20.
TickCount = 218082, SleepMilliseconds = 20.
TickCount = 218113, SleepMilliseconds = 20.
TickCount = 218207, SleepMilliseconds = 20.
TickCount = 218254, SleepMilliseconds = 20.
TickCount = 218270, SleepMilliseconds = 20.
TickCount = 218285, SleepMilliseconds = 20.
TickCount = 218348, SleepMilliseconds = 20.
TickCount = 218395, SleepMilliseconds = 20.
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
行为描述: 可执行文件签名信息
详情信息: C:\Program Files\AppPatch\mysqld.dll(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 0.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 20.
[7]: MilliSeconds = 0.
[8]: MilliSeconds = 0.
[9]: MilliSeconds = 0.
[10]: MilliSeconds = 0.
行为描述: 可执行文件MD5
详情信息: C:\Program Files\AppPatch\mysqld.dll ---> fe1d0ee5901dd167ee9b28eece31786c
行为描述: 打开互斥体
详情信息: Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
Activities
VirSCANVirSCAN
活动名 类型
com.comet.app.MainActivity android.intent.action.MAIN
com.comet.app.NotifyActivity android.intent.action.MAIN
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getLine1Number 获取手机号
TelephonyManager;->getSimSerialNumber 获取SIM序列号
HttpClient;->execute 请求远程服务器
启动方式
VirSCANVirSCAN
名称 信息
com.comet.app.BootReceiver 开机启动服务
com.comet.app.BootReceiver 应用安装时启动服务
com.comet.app.BootReceiver
com.comet.app.BootReceiver 应用卸载时启动服务
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver WIFI状态改变时启动服务
com.comet.app.BootReceiver 网络连接改变时启动服务
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver
com.comet.app.BootReceiver 屏幕解锁启动服务
com.comet.app.FastReceiver
com.comet.app.FastReceiver WIFI状态改变时启动服务
com.comet.app.FastReceiver 网络连接改变时启动服务
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.FastReceiver
com.comet.app.NotifyReceiver
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.VIBRATE 允许设备震动
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.BATTERY_STATS 电量统计
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.READ_CALENDAR 读取日程提醒
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.MANAGE_ACCOUNTS 管理账户
android.permission.ACCESS_DOWNLOAD_MANAGER
android.permission.RECEIVE_USER_PRESENT
服务列表
VirSCANVirSCAN
名称
com.comet.service.CometService
com.comet.service.ShortcutService
文件列表
VirSCANVirSCAN
文件名 校验码
AndroidManifest.xml 0x20332c03
res/drawable-hdpi-v4/ic_launcher.png 0x53d08ae
res/drawable-mdpi-v4/ic_launcher.png 0xb76f8e32
res/drawable-xhdpi-v4/ic_launcher.png 0x5f58f4d5
res/drawable-xxhdpi-v4/ic_launcher.png 0xce43d39a
resources.arsc 0x98719eb5
classes.dex 0xe84942d2
META-INF/MANIFEST.MF 0x9d65dd95
META-INF/CERT.SF 0xa0ca0a3c
META-INF/CERT.RSA 0x407fecb7
运行截图
VirSCANVirSCAN
VirSCAN