VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-08 15:03:00 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 8
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23539 0.97.5 2017-07-06 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 5.4.247 2017-07-08 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13269 25.13269 2017-07-08 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-07-05 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-07-07 Found nothing 5
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-07-06 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 12
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-07-07 Found nothing 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-07-04 Found nothing 2
tws 17.47.17308 1.0.2.2108 2017-07-07 Found nothing 14
vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-07 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:f896b2a62bee1b54a601b58eb8cb0baf
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:mark.via
最低运行环境:Android 2.3, 2.3.1, 2.3.2
版权:
关键行为
VirSCANVirSCAN
行为描述: 对比可疑进程名
详情信息: stricmp: [System Process] <------> avp.exe Des: 卡巴斯基
lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FZmxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lqycthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FKMpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FZmxTray.exe <------> avp.exe Des: 卡巴斯基
行为描述: 获取TickCount值
详情信息: TickCount = 5447968, SleepMilliseconds = 500.
TickCount = 5448000, SleepMilliseconds = 500.
TickCount = 5448203, SleepMilliseconds = 500.
TickCount = 5448218, SleepMilliseconds = 500.
TickCount = 5447789, SleepMilliseconds = 8.
TickCount = 5448796, SleepMilliseconds = 1000.
TickCount = 5448039, SleepMilliseconds = 8.
TickCount = 5448179, SleepMilliseconds = 8.
TickCount = 5448351, SleepMilliseconds = 8.
TickCount = 5448586, SleepMilliseconds = 8.
TickCount = 5448773, SleepMilliseconds = 8.
TickCount = 5448789, SleepMilliseconds = 8.
TickCount = 5448804, SleepMilliseconds = 8.
TickCount = 5449828, SleepMilliseconds = 1000.
TickCount = 5448914, SleepMilliseconds = 8.
行为描述: 创建系统服务
详情信息: [服务创建成功]: Abcdef Hijklmno Qrs, C:\WINDOWS\atiecli.exe
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
进程行为
VirSCANVirSCAN
行为描述: 对比可疑进程名
详情信息: stricmp: [System Process] <------> avp.exe Des: 卡巴斯基
lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FZmxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lqycthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FKMpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FZmxTray.exe <------> avp.exe Des: 卡巴斯基
行为描述: 获取TickCount值
详情信息: TickCount = 5447968, SleepMilliseconds = 500.
TickCount = 5448000, SleepMilliseconds = 500.
TickCount = 5448203, SleepMilliseconds = 500.
TickCount = 5448218, SleepMilliseconds = 500.
TickCount = 5447789, SleepMilliseconds = 8.
TickCount = 5448796, SleepMilliseconds = 1000.
TickCount = 5448039, SleepMilliseconds = 8.
TickCount = 5448179, SleepMilliseconds = 8.
TickCount = 5448351, SleepMilliseconds = 8.
TickCount = 5448586, SleepMilliseconds = 8.
TickCount = 5448773, SleepMilliseconds = 8.
TickCount = 5448789, SleepMilliseconds = 8.
TickCount = 5448804, SleepMilliseconds = 8.
TickCount = 5449828, SleepMilliseconds = 1000.
TickCount = 5448914, SleepMilliseconds = 8.
行为描述: 创建系统服务
详情信息: [服务创建成功]: Abcdef Hijklmno Qrs, C:\WINDOWS\atiecli.exe
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\WINDOWS\atiecli.exe
行为描述: 创建可执行文件
详情信息: C:\WINDOWS\atiecli.exe
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\****.exe
行为描述: 复制文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\WINDOWS\atiecli.exe
行为描述: 修改文件内容
详情信息: C:\WINDOWS\atiecli.exe ---> Offset = 0
C:\WINDOWS\atiecli.exe ---> Offset = 65536
C:\WINDOWS\atiecli.exe ---> Offset = 131072
C:\WINDOWS\atiecli.exe ---> Offset = 196608
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
网络行为
VirSCANVirSCAN
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ww****om, IP: **.133.40.**:8896, SOCKET = 0x0000015c
URL: sa****et, IP: **.133.40.**:8612, SOCKET = 0x00000150
URL: sa****et, IP: **.133.40.**:8612, SOCKET = 0x00000164
行为描述: 按名称获取主机地址
详情信息: gethostbyname: bu****om
gethostbyname: sa****et
gethostbyname: ww****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SOFTWARE\death\MarkTime
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\Abcdef Hijklmno Qrs\Description
\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\Version
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
C:\WINDOWS\atiecli.exe
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-18
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
行为描述: 对比可疑进程名
详情信息: stricmp: [System Process] <------> avp.exe Des: 卡巴斯基
lstrcmpiA: System <------> avp.exe Des: 卡巴斯基
lstrcmpiA: smss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: csrss.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: winlogon.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: services.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lsass.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FZmxService.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: lqycthlp.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: svchost.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: spoolsv.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FKMpgradeHelper.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: alg.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: explorer.exe <------> avp.exe Des: 卡巴斯基
lstrcmpiA: FZmxTray.exe <------> avp.exe Des: 卡巴斯基
行为描述: 启动系统服务
详情信息: [服务启动成功]: LocalSystem, Abcdef Hijklmno Qrstuvwx Abcd, C:\WINDOWS\atiecli.exe
行为描述: 获取TickCount值
详情信息: TickCount = 5447968, SleepMilliseconds = 500.
TickCount = 5448000, SleepMilliseconds = 500.
TickCount = 5448203, SleepMilliseconds = 500.
TickCount = 5448218, SleepMilliseconds = 500.
TickCount = 5447789, SleepMilliseconds = 8.
TickCount = 5448796, SleepMilliseconds = 1000.
TickCount = 5448039, SleepMilliseconds = 8.
TickCount = 5448179, SleepMilliseconds = 8.
TickCount = 5448351, SleepMilliseconds = 8.
TickCount = 5448586, SleepMilliseconds = 8.
TickCount = 5448773, SleepMilliseconds = 8.
TickCount = 5448789, SleepMilliseconds = 8.
TickCount = 5448804, SleepMilliseconds = 8.
TickCount = 5449828, SleepMilliseconds = 1000.
TickCount = 5448914, SleepMilliseconds = 8.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
行为描述: 可执行文件签名信息
详情信息: C:\WINDOWS\atiecli.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 0.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 8.
[5]: MilliSeconds = 8.
[6]: MilliSeconds = 8.
[7]: MilliSeconds = 8.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 8.
[10]: MilliSeconds = 8.
行为描述: 可执行文件MD5
详情信息: C:\WINDOWS\atiecli.exe ---> c627d888a8623f11a754d9abcc00d44c
行为描述: 打开互斥体
详情信息: Local\!IETld!Mutex
ShimCacheMutex
行为描述: 创建系统服务
详情信息: [服务创建成功]: Abcdef Hijklmno Qrs, C:\WINDOWS\atiecli.exe
Activities
VirSCANVirSCAN
活动名 类型
mark.via.ui.activity.BrowserActivity android.intent.action.MAIN
mark.via.ui.activity.BrowserActivity android.intent.action.VIEW
mark.via.ui.activity.BrowserActivity android.intent.action.WEB_SEARCH
mark.via.ui.activity.BrowserActivity android.intent.category.DEFAULT
mark.via.ui.activity.BrowserActivity android.intent.category.LAUNCHER
mark.via.ui.activity.BrowserActivity android.intent.category.BROWSABLE
危险函数
VirSCANVirSCAN
函数名称 信息
java/net/URL;->openConnection 连接URL
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
LocationManager;->getLastKnownLocation 获取地址位置
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
java/net/HttpURLConnection;->connect 连接URL
ContentResolver;->query 读取联系人、短信等数据库
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
Providers
VirSCANVirSCAN
名称 信息
文件列表
VirSCANVirSCAN
文件名 校验码
AndroidManifest.xml 0x12898947
META-INF/ 0x0
META-INF/MANIFEST.MF 0x186f2381
META-INF/VARIOUSF.RSA 0x395ee975
META-INF/VARIOUSF.SF 0xa857f422
assets/ 0x0
assets/hosts.txt 0x6d95f4a0
assets/logo.png 0x89db152d
classes.dex 0xdc824bef
r/ 0x0
r/a/ 0x0
r/a/a.xml 0xaa9bf08d
r/a/b.xml 0xe83dfd1b
r/a/c.xml 0x2984f08a
r/a/d.xml 0x800aa02a
r/a/e.xml 0x44f8325a
r/a/f.xml 0x7ebc8ea8
r/a/g.xml 0x981ea02e
r/b/ 0x0
r/b/a.xml 0x19c75dfb
r/b/b.xml 0x4844f088
r/b/c.xml 0x71082367
r/b/d.xml 0x34106d77
r/b/e.xml 0x4da0eb98
r/b/f.xml 0xb990ab0f
r/b/g.xml 0x853a871d
r/b/h.xml 0xc9157fbd
r/b/i.xml 0xd448b1f9
r/b/j.xml 0xb93d954c
r/b/k.xml 0x5aade317
r/b/l.xml 0x23a85c6a
r/b/m.xml 0x7f94d5b7
r/b/n.xml 0x23ae562c
r/b/o.xml 0xed529b5
r/b/p.xml 0x8492105b
r/b/q.xml 0x46ec9013
r/b/r.xml 0x17ed7314
r/b/s.xml 0xbd207f41
r/b/t.xml 0xeae6fd1f
r/b/u.xml 0x3978e2dc
r/b/v.xml 0xbfc18167
r/c/ 0x0
r/c/a0.png 0x287bfe65
r/c/a1.png 0x23f09151
r/c/a2.png 0xdf3aca0
r/c/a3.png 0x50c30e2
r/c/a4.png 0xf315c3df
r/c/a5.png 0x7c7087fd
r/c/a6.png 0x9312619b
r/c/a7.png 0x9f611ffc
r/c/a8.png 0x2a50b725
r/c/a9.png 0x42a02c24
r/c/a_.png 0xae6a8b75
r/c/aa.png 0x9d2863c5
r/c/ab.png 0xe4ca3360
r/c/ac.png 0x85b73673
r/c/ad.png 0x79802ef9
r/c/ae.png 0x257451e
r/c/af.png 0x5c52a5d5
r/c/ag.png 0xeea40dc
r/c/ah.png 0x8f7baeaa
r/c/ai.png 0xb6c60a4
r/c/aj.png 0x93cf7bf9
r/c/ak.png 0x5fcfe645
r/c/al.png 0xbc13eee3
r/c/am.png 0xb4b59c8c
r/c/an.png 0xc0ac4290
r/c/ao.png 0xccc140a2
r/c/ap.png 0x50fe4f85
r/c/aq.png 0xfce59b31
r/c/ar.png 0x3c0de8c7
r/c/as.png 0x88a56229
r/c/at.png 0x893460b4
r/c/au.png 0xac5d3221
r/c/av.png 0x5afdf95a
r/c/aw.png 0x835ce631
r/c/ax.png 0x4d3349fa
r/c/ay.png 0xd09ba0b9
r/c/ic_launcher.png 0xb78a91f8
r/c/w.png 0x4755883e
r/c/x.png 0xd71f2655
r/c/y.png 0xfcfb0338
r/c/z.png 0x63312234
r/d/ 0x0
r/d/a.xml 0x7f20efc
r/d/a0.xml 0xec9b336c
r/d/a1.xml 0xa7971161
r/d/a2.xml 0x4fa756ea
r/d/a3.xml 0x6539aba3
r/d/a4.xml 0xb3faff89
r/d/a5.xml 0x2bdf23f7
r/d/a6.xml 0xbcef1c8f
r/d/b.xml 0xcc5e1ac9
r/d/c.xml 0x17b97a0d
r/d/d.xml 0xad17f583
r/d/e.xml 0xda662dae
r/d/f.xml 0x4c5552a7
r/d/g.xml 0x264ebfcf
r/d/h.xml 0xf8f5169e
r/d/i.xml 0x52386e0
r/d/j.xml 0xaabf27da
r/d/k.xml 0x42d73b95
r/d/l.xml 0x2dcdc172
r/d/m.xml 0xa4f715c5
r/d/n.xml 0x89731ef5
r/d/o.xml 0x383d1b5c
r/d/p.xml 0x6ed656f4
r/d/q.xml 0x82fa156d
r/d/r.xml 0xd637586b
r/d/s.xml 0xb97dff14
r/d/t.xml 0xb695d1bf
r/d/u.xml 0x6ed0843
r/d/v.xml 0x6bf3a5f4
r/d/w.xml 0xfa38d639
r/d/x.xml 0x7b5d9ce3
r/d/y.xml 0x6a0797ea
r/d/z.xml 0xde7070c5
r/e/ 0x0
r/e/a.xml 0x6e05194
r/e/b.xml 0xdfa9fc4c
r/f/ 0x0
r/f/b.xml 0xba251e1
resources.arsc 0xd13f5da8
运行截图
VirSCANVirSCAN
VirSCAN