VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:65%Antivirus software(21/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2019-06-16 01:12:13 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 AVL SDK 3.0 2019-06-15 Trojan[SMS]/Android.FakePlayer 4
avast 18.4.3895.0 18.4.3895.0 2019-06-16 Found nothing 9
avg 10.0.1405 10.0.1405 2019-06-16 Found nothing 1
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2019-06-15 Found nothing 1
bitdefender 7.141118 7.141118 2019-06-15 Found nothing 1
clamav 25480 0.100.2 2019-06-14 Andr.Trojan.FakePlayer-1 1
drweb 11.0.10.1810231600 11.0.10.1810231600 2019-06-14 Android.SmsSend.1 10
emsisoft 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Trojan.FakePlayer.D 2
fortinet 1.000, 69.253, 69.184, 69.208 5.4.247 2019-06-16 Android/FakePlayer.A!tr 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 DroidSMS.A 1
fsecure 2015-08-01-02 9.13 2019-06-16 Found nothing 56
gdata 25.22375 25.22375 2019-06-14 Android.Trojan.FakePlayer.D 16
ikarus 5.01.05 V1.32.39.0 2019-06-15 Trojan.AndroidOS.FakePlayer 4
jiangmin 16.0.100 1.0.0.0 2019-06-15 Trojan/AndroidOS.ax 2
kaspersky 5.5.33 5.5.33 2019-06-15 Trojan-SMS.AndroidOS.FakePlayer.a 19
kingsoft 2.1 2.1 2013-09-22 Found nothing 8
mcafee 9256 5400.1158 2019-05-13 Android/FakePlayer.a 12
nod32 9516 4.5.15 2019-06-13 Android/FakePlayer.A trojan 1
panda 9.05.01 9.05.01 2019-05-29 Android/FakePlayer.A 4
pcc 13.302.06 9.500-1005 2019-06-15 Android.D3B4B018 2
qh360 1.0.1 1.0.1 2019-06-15 Trojan.Android.Gen 2
qqphone 2.0.0.0 2.0.0.0 2019-06-15 a.expense.fakeMMS.a 1
quickheal 14.00 14.00 2019-02-10 Android.FakePlayer.D 3
rising 5161 5161 2019-06-14 Trojan.Agent.fxv 3
sophos 4.62 3.16.1 2016-09-20 Andr/FakePlay-B 10
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 1
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-03-30 Found nothing 1
tws 17.47.17308 1.0.2.2108 2019-06-14 Android.M.pguc 6
vba 4.0.0 4.0.0 2019-06-14 Android.SmsSend.1 4
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 3
权限列表
许可名称 信息
android.permission.SEND_SMS 发送短信
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:fdb84ff8125b3790011b83cc85adce16
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:org.me.androidapplication1
最低运行环境:
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\system32\清华紫光.ime
行为描述: 按名称获取主机地址
详情信息: google.com
fget-career.com
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
\device\harddiskvolume1\documents and settings\administrator\local settings\%temp%\1443538024.575626.exe_7zdump\贵族輔助\test.dll
行为描述: 修改注册表_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..GPLGH
MSCTF.MarshalInterface.FileMap.EMF.B.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.C.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.D.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.E.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.F.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.G.GPLGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
MSCTF.Shared.SFM.EMF
行为描述: 设置特殊文件夹属性
详情信息: C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 53248
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\system32\清华紫光.ime
行为描述: 按名称获取主机地址
详情信息: google.com
fget-career.com
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
\device\harddiskvolume1\documents and settings\administrator\local settings\%temp%\1443538024.575626.exe_7zdump\贵族輔助\test.dll
行为描述: 修改注册表_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..GPLGH
MSCTF.MarshalInterface.FileMap.EMF.B.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.C.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.D.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.E.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.F.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.G.GPLGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
MSCTF.Shared.SFM.EMF
行为描述: 设置特殊文件夹属性
详情信息: C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
文件行为
VirSCANVirSCAN
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538024.213436.exe_7zdump\贵族輔助\贵族科技0927Srv.exe
C:\Program Files\Microsoft\DesktopLayer.exe
C:\WINDOWS\system32\清华紫光.ime
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538024.746739.exe_7zdump\贵族輔助
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\清华紫光.IME
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\*.*
FileName = C:\222c25ed\*.*
FileName = C:\222c25ed\IE8-Setup-Full\*.*
FileName = C:\222c25ed\IE8-Setup-Full\log\*.*
FileName = C:\AnalyzeControl\*.*
FileName = C:\DiskD\*.*
FileName = C:\DiskX\*.*
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
\device\harddiskvolume1\documents and settings\administrator\local settings\%temp%\1443538024.575626.exe_7zdump\贵族輔助\test.dll
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\system32\清华紫光.ime
行为描述: 修改原系统的可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll---> Offset = 376832
C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538024.729190.exe_7zdump\贵族輔助\test.dll---> Offset = 827392
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.EMF..GPLGH
MSCTF.MarshalInterface.FileMap.EMF.B.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.C.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.D.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.E.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.F.GPLGH
MSCTF.MarshalInterface.FileMap.EMF.G.GPLGH
\222c25ed\IE8-Setup-Full\IE-REDIST.EXE
\222c25ed\IE8-Setup-Full\ieakcust.dll
\222c25ed\IE8-Setup-Full\iedkcs32.dll
\222c25ed\IE8-Setup-Full\installservices.exe
\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
MSCTF.Shared.SFM.EMF
行为描述: 设置特殊文件夹属性
详情信息: C:\DiskX\RECYCLER
C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407
行为描述: 修改文件内容
详情信息: C:\Program Files\Microsoft\px4.tmp---> Offset = 0
C:\Program Files\Internet Explorer\dmlconf.dat---> Offset = 0
C:\DiskX\autorun.inf---> Offset = 7787
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 39547
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 5201
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html---> Offset = 12867
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\google_translate.html---> Offset = 0
行为描述: 修改新生成的可执行文件
详情信息: C:\DiskX\RECYCLER\S-4-6-81-7126415084-8788226705-740875152-4407\ncZdRDbJ.exe---> Offset = 53248
C:\Documents and Settings\Administrator\Local Settings\%temp%\1443538026.017974.exe_7zdump\贵族輔助\贵族科技0927Srv.exe---> Offset = 53248
网络行为
VirSCANVirSCAN
行为描述: 发送一个已连接的套接字数据
详情信息: SOCKET = 0x000000e0, TotalSize = 6, Offset = 0, ReadSize = 6.
行为描述: 建立到一个指定的套接字连接
详情信息: 219.133.40.1:80
219.133.40.1:443
行为描述: 按名称获取主机地址
详情信息: google.com
fget-career.com
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-*\Software\Super-EC\输入法\标识符
\REGISTRY\USER\S-*\Software\Super-EC\输入法\文件名
行为描述: 修改注册表_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 删除注册表键值_安装输入法项
详情信息: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: KyUffThOkYwRRtgPP
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EMF
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\ntdll.dll--->ZwWriteVirtualMemory Offset = 0x0
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 284, Hwnd=0x202cc, Text = 选择频道开启 或 选择角色开启 , ClassName = Button.
Pid = 284, Hwnd=0x202a8, Text = baji, ClassName = WTWindow.
危险行为
VirSCANVirSCAN
行为描述: 发送短信
详情信息: number:3353 data:message:798657
number:3354 data:message:798657
number:3353 data:message:798657
动态列表行为
VirSCANVirSCAN
行为描述: 发送短信
详情信息: number:3353 data:message:798657
number:3354 data:message:798657
number:3353 data:message:798657
行为描述: 数据库查询
详情信息: [u'table1', u'[was]', u'null', u'null', u'null', u'null', u'null']
Activities
VirSCANVirSCAN
活动名 类型
.MoviePlayer android.intent.action.MAIN
.MoviePlayer android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
SmsManager;->sendTextMessage 发送普通短信
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.SEND_SMS 发送短信
文件列表
VirSCANVirSCAN
文件名 校验码
classes.dex 0x9a809913
AndroidManifest.xml 0x8c8316e4
res/drawable/icon.png 0x7196cc4c
res/layout/main.xml 0x199f852e
resources.arsc 0x68aae2f9
META-INF/MANIFEST.MF 0xae0ef7b4
META-INF/CERT.SF 0xc2b3b274
META-INF/CERT.RSA 0xcd0d5a49
运行截图
VirSCANVirSCAN
VirSCAN