VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-10 19:16:48 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:bffcd4b947090a051bfd863b252125f2
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.thermatk.android.xf.xperiafmwohs
最低运行环境:Android 4.0, 4.0.1, 4.0.2
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABC..GNDHH
MSCTF.MarshalInterface.FileMap.ABC.B.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.C.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.D.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.E.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.F.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.G.GNDHH
MSCTF.Shared.SFM.ABC
MSCTF.MarshalInterface.FileMap.ABC.H.PKILH
MSCTF.MarshalInterface.FileMap.ABC.I.PKILH
MSCTF.MarshalInterface.FileMap.ABC.J.PKILH
MSCTF.MarshalInterface.FileMap.ABC.K.PKILH
MSCTF.MarshalInterface.FileMap.ABC.L.PKILH
MSCTF.MarshalInterface.FileMap.ABC.M.PKILH
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [Setup,TApplication]
[Window,Class] = [,Auto-Suggest Dropdown]
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABC..GNDHH
MSCTF.MarshalInterface.FileMap.ABC.B.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.C.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.D.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.E.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.F.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.G.GNDHH
MSCTF.Shared.SFM.ABC
MSCTF.MarshalInterface.FileMap.ABC.H.PKILH
MSCTF.MarshalInterface.FileMap.ABC.I.PKILH
MSCTF.MarshalInterface.FileMap.ABC.J.PKILH
MSCTF.MarshalInterface.FileMap.ABC.K.PKILH
MSCTF.MarshalInterface.FileMap.ABC.L.PKILH
MSCTF.MarshalInterface.FileMap.ABC.M.PKILH
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [Setup,TApplication]
[Window,Class] = [,Auto-Suggest Dropdown]
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.ABC..GNDHH
MSCTF.MarshalInterface.FileMap.ABC.B.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.C.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.D.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.E.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.F.GNDHH
MSCTF.MarshalInterface.FileMap.ABC.G.GNDHH
MSCTF.Shared.SFM.ABC
MSCTF.MarshalInterface.FileMap.ABC.H.PKILH
MSCTF.MarshalInterface.FileMap.ABC.I.PKILH
MSCTF.MarshalInterface.FileMap.ABC.J.PKILH
MSCTF.MarshalInterface.FileMap.ABC.K.PKILH
MSCTF.MarshalInterface.FileMap.ABC.L.PKILH
MSCTF.MarshalInterface.FileMap.ABC.M.PKILH
行为描述: 创建可执行文件
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-J5S3D.tmp\996E.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-929IH.tmp\_isetup\_shfoldr.dll
行为描述: 查找文件
详情信息: FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-J5S3D.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-J5S3D.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\*.*
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.ABC
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [Setup,TApplication]
[Window,Class] = [,Auto-Suggest Dropdown]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
行为描述: 窗口信息
详情信息: Pid = 1384, Hwnd=0x202c2, Text = Select the language to use during the installation:, ClassName = TNewStaticText.
Pid = 1384, Hwnd=0x202d4, Text = English, ClassName = TNewComboBox.
Pid = 1384, Hwnd=0x202d8, Text = OK, ClassName = TNewButton.
Pid = 1384, Hwnd=0x202d6, Text = Cancel, ClassName = TNewButton.
Pid = 1384, Hwnd=0x402bc, Text = Select Setup Language, ClassName = TSelectLanguageForm.
Pid = 1384, Hwnd=0x502ce, Text = Welcome to the Icecream Ebook Reader Setup Wizard , ClassName = TNewStaticText.
Pid = 1384, Hwnd=0x702c0, Text = This will install Icecream Ebook Reader version 2.11 on your computer. It is recommended that you close all other applications, ClassName = TNewStaticText.
Pid = 1384, Hwnd=0x202ac, Text = IMPORTANT: THIS SOFTWARE END USER LICENSE AGREEMENT ("EULA") IS A LEGAL AGREEMENT BETWEEN YOU AND RABERLES INVESTMENTS LIMITED (", ClassName = TRichEditViewer.
Pid = 1384, Hwnd=0x302c8, Text = C:\Program Files\Icecream Ebook Reader, ClassName = TEdit.
Pid = 1384, Hwnd=0x160142, Text = &Next >, ClassName = TNewButton.
Pid = 1384, Hwnd=0x140134, Text = Cancel, ClassName = TNewButton.
Pid = 1384, Hwnd=0x402d6, Text = Setup - Icecream Ebook Reader, ClassName = TWizardForm.
Pid = 1384, Hwnd=0x102e2, Text = License Agreement, ClassName = TNewStaticText.
Pid = 1384, Hwnd=0x102e0, Text = Please read the following important information before continuing., ClassName = TNewStaticText.
Pid = 1384, Hwnd=0x202d2, Text = Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation., ClassName = TNewStaticText.
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 枚举窗口
详情信息: N/A
危险函数
VirSCANVirSCAN
函数名称 信息
ContentResolver;->query 读取联系人、短信等数据库
文件列表
VirSCANVirSCAN
文件名 校验码
assets/xposed_init 0x35ded768
AndroidManifest.xml 0x1cc7a321
resources.arsc 0x9733c708
res/drawable-hdpi/ic_launcher.png 0x5f818b0c
res/drawable-mdpi/ic_launcher.png 0x650e7551
res/drawable-xhdpi/ic_launcher.png 0x57d79c2d
res/drawable-xxhdpi/ic_launcher.png 0xd6edb895
classes.dex 0xc73675aa
META-INF/MANIFEST.MF 0x50d07545
META-INF/CERT.SF 0xb54e6914
META-INF/CERT.RSA 0xb1479db7
运行截图
VirSCANVirSCAN
VirSCAN