VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :小小云任务[1].apk (File not down)
File Size :2473063 byte
File Type :Zip archive data
MD5:3bc6adf34c27d5aa4fb2df2894016c48
SHA1:351291d9683b18315968ccb801494f7cec4a06d8
SHA256:149721a753955290690f64a2ba2d31930ff9a2a50b788acc3804d95a39028b98
SSDEEP:49152:mnzSJke+P3iM5S66Emt21/cr4WnzSJke+P3jH9EAsySEly9tSEly9bgig/zsuN9L:IzwOiMl6O/crHzwOz9KyZAZk/QzeM
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:6%Scanner(s) (2/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-07-07 19:40:36 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23536 0.97.5 2017-07-05 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 49.995, 49.961, 49.970 5.4.247 2017-07-07 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.13252 25.13252 2017-07-06 Android.Adware.Epatroa.A 11
    ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-07-05 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-07-06 Found nothing 6
    mcafee 8261 5400.1158 2016-08-18 Found nothing 60
    nod32 1777 3.0.21 2015-06-12 Found nothing 60
    panda 9.05.01 9.05.01 2017-07-06 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-07-06 Android.Styricka.GEN6254 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2017-07-04 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-07-06 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-04 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
  • 文件信息
    安全评分 :
    基本信息
    MD5:3bc6adf34c27d5aa4fb2df2894016c48
    包名:com.beichen2
    最低运行环境:Android 2.2.x
    版权:E4A
    关键行为
    行为描述:获取TickCount值
    详情信息:TickCount = 221363, SleepMilliseconds = 4.
    TickCount = 221383, SleepMilliseconds = 8.
    TickCount = 221445, SleepMilliseconds = 8.
    TickCount = 221476, SleepMilliseconds = 8.
    行为描述:查找PE资源信息
    详情信息:(FindResourceW) hModule = 0x00000000, ResName: 92(ID), ResType: DLL
    (FindResourceW) hModule = 0x00000000, ResName: 93(ID), ResType: DLL
    (FindResourceW) hModule = 0x00000000, ResName: 8a(ID), ResType: EXE
    行为描述:杀掉进程
    详情信息:C:\WINDOWS\system32\DriveTheLife.exe
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = CMD /C ping www.160.com
    行为描述:创建进程
    详情信息:[0x00000af8]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = CMD /C ping www.160.com
    [0x00000b2c]ImagePath = C:\WINDOWS\system32\ping.exe, CmdLine = ping www.160.com
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2720, StartAddress = 4AEA7456, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2772, StartAddress = 77C0A341, Parameter = 01D08DC8
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2804, StartAddress = 00404AA0, Parameter = 01AB68A8
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2844, StartAddress = 0041DE96, Parameter = 01AB79E0
    TargetProcess: dtl6_wnqd_pcol_silent.exe, InheritedFromPID = 2684, ProcessID = 2928, ThreadID = 2936, StartAddress = 4AEA7456, Parameter = 00000000
    行为描述:枚举进程
    详情信息:N/A
    行为描述:杀掉进程
    详情信息:C:\WINDOWS\system32\DriveTheLife.exe
    行为描述:创建新文件进程
    详情信息:[0x00000b70]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dtl6_wnqd_pcol_silent.exe, CmdLine = -s
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\libcurl.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\ResDll.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\dtl6_wnqd_pcol_silent.exe
    C:\Program Files\DTLSoft\DriveTheLife\HWBox\skin\png\basic_logo_gif_1.gif
    C:\Program Files\DTLSoft\DriveTheLife\HWBox\skin\png\VR_Loading.gif
    C:\Program Files\DTLSoft\DriveTheLife\skin\ad_image\20150120160wifi.jpg
    C:\Program Files\DTLSoft\DriveTheLife\skin\ad_image\20150120rili.jpg
    C:\Program Files\DTLSoft\DriveTheLife\skin\ad_image\20150120wan.jpg
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\635945191665798750.jpg
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\101_48_1398302313.png
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\10314_48_1378453152.png
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\103_48_1449798959.png
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\10455_48_1377491722.png
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\1103_48_1387247768.png
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\1202_48_1384933060.png
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\libcurl.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\ResDll.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\dtl6_wnqd_pcol_silent.exe
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\libcurl.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\ResDll.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\dtl6_wnqd_pcol_silent.exe ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\HWBox\skin\png\basic_logo_gif_1.gif ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\HWBox\skin\png\VR_Loading.gif ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\skin\ad_image\20150120160wifi.jpg ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\skin\ad_image\20150120rili.jpg ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\skin\ad_image\20150120wan.jpg ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\635945191665798750.jpg ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\101_48_1398302313.png ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\10314_48_1378453152.png ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\103_48_1449798959.png ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\10455_48_1377491722.png ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\1103_48_1387247768.png ---> Offset = 0
    C:\Program Files\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\1202_48_1384933060.png ---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS
    FileName = C:\WINDOWS\system32
    FileName = C:\WINDOWS\system32\CMD.exe
    FileName = C:\WINDOWS\system32\cmd.exe
    FileName = C:\WINDOWS\system32\ping.*
    FileName = C:\WINDOWS\system32\ping.COM
    FileName = C:\WINDOWS\system32\ping.EXE
    FileName = C:\WINDOWS\system32\ping.exe
    FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    网络行为
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: in****om, IP: **.133.40.**:128, SOCKET = 0x000000d0
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: in****om
    GetAddrInfoW: ww****om
    注册表行为
    行为描述:修改注册表_延迟重命名项
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    Global\{A043B702-166A-4FB8-9733-E2BC4713F36F}53
    MSCTF.Shared.MUTEX.AIK
    行为描述:创建事件对象
    详情信息:EventName = MSCTF.SendReceive.Event.AIK.IC
    EventName = MSCTF.SendReceiveConection.Event.AIK.IC
    行为描述:窗口信息
    详情信息:Pid = 2684, Hwnd=0x10346, Text = 万能驱动工具, ClassName = Afx:00400000:3:00010011:00000000:00000000.
    Pid = 2928, Hwnd=0x20362, Text = 确定, ClassName = Button.
    Pid = 2928, Hwnd=0x20368, Text = 释放文件时出现错误,安装程序将终止!, ClassName = Static.
    Pid = 2928, Hwnd=0x3034a, Text = 驱动人生6 安装, ClassName = #32770.
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [dtl_inst_univeral_2012,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
    行为描述:获取TickCount值
    详情信息:TickCount = 221363, SleepMilliseconds = 4.
    TickCount = 221383, SleepMilliseconds = 8.
    TickCount = 221445, SleepMilliseconds = 8.
    TickCount = 221476, SleepMilliseconds = 8.
    行为描述:调整进程token权限
    详情信息:SE_DEBUG_PRIVILEGE
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:查找PE资源信息
    详情信息:(FindResourceW) hModule = 0x00000000, ResName: 92(ID), ResType: DLL
    (FindResourceW) hModule = 0x00000000, ResName: 93(ID), ResType: DLL
    (FindResourceW) hModule = 0x00000000, ResName: 8a(ID), ResType: EXE
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\libcurl.dll(签名验证: 通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\ResDll.dll(签名验证: 通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\dtl6_wnqd_pcol_silent.exe(签名验证: 通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 4.
    [2]: MilliSeconds = 8.
    [3]: MilliSeconds = 0.
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\libcurl.dll ---> 43291983172885d6a4fe3bcfb93ab6e3
    C:\Documents and Settings\Administrator\Local Settings\Temp\ResDll.dll ---> 256e5841ff14008f40f2555ded5c12e7
    C:\Documents and Settings\Administrator\Local Settings\Temp\dtl6_wnqd_pcol_silent.exe ---> 文件过大!
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Global\{029E1EB6-7A55-4fd7-8815-105B2087C1FA}dtl2013
    DBWinMutex
    行为描述:加载新释放的文件
    详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ResDll.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\libcurl.dll.
    Activities
    活动名类型
    com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.android.StartActivityandroid.intent.category.LAUNCHER
    com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    ContentResolver;->query读取联系人、短信等数据库
    权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xce4543c6
    META-INF/MYKE.SF 0x9f01b86d
    META-INF/MYKE.RSA 0xa50dcd14
    assets/1.png 0xd491b5bb
    assets/10.png 0x6978c5
    assets/123654.jpg 0x88d31109
    assets/1b3.png 0x5f727de4
    assets/2.png 0xf61fb4a2
    assets/3.png 0x8390db75
    assets/4.png 0xd0d7681e
    assets/5.png 0x3cd2c67c
    assets/6.png 0x9896e3e2
    assets/7.png 0x7454060f
    assets/8.png 0x9ed78a83
    assets/9.png 0x1141ecbd
    assets/Shape10.png 0x8494273a
    assets/Shape11.png 0xf9b2af1b
    assets/background.jpg 0xc2187c12
    assets/btn_attention_nor.9.png 0x5830cbc7
    assets/btn_attention_sel.9.png 0x6f8418d4
    assets/channel_art.png 0xec880c0e
    assets/ckrw.png 0xa89bccf
    assets/dialog_bottom_bg.9.png 0xe8c929
    assets/dlbj.png 0x7a66ef02
    assets/dlbj1.png 0x675f4133
    assets/gbsn.png 0xfb6fc112
    assets/health_button_orange_line.9.png 0x9114f6dc
    assets/ic_settings_privacy.png 0xa8d30d2e
    assets/ic_student_data_account_icon.png 0xa5d5f1b5
    assets/icon1_1.png 0xa9e9fb00
    assets/icon_1.png 0x99e652b9
    assets/icon_2.png 0xdae3cec3
    assets/icon_2_d.png 0x79ca0ff1
    assets/icon_3.png 0x9632e14d
    assets/icon_4.png 0x943403c5
    assets/icon_5.png 0x60ef3f10
    assets/icon_6.png 0x49cf85ca
    assets/icon_7.png 0xe2634180
    assets/icon_8.png 0xdd813922
    assets/img_praise_gray.png 0x179ccf23
    assets/jz.png 0x1df4d708
    assets/jztp.gif 0x1c2ee0c
    assets/laohu.png 0xbe20cb27
    assets/lb1.jpg 0x7cd8ecc3
    assets/lb2.jpg 0x248e28f3
    assets/left_normal_3.png 0xeb9040ea
    assets/login_button_big_orange.9.png 0x75a9badd
    assets/login_key_hightlighted.png 0x4b759911
    assets/login_user_hightlighted.png 0x38e333ed
    assets/more_icon_qq.png 0x5f1ccc7c
    assets/page_indicator_focused.png 0x8350bc2c
    assets/page_indicator_unfocused.png 0x443e9026
    assets/pf1.jpg 0x4c08f17d
    assets/pf2.jpg 0xb06f0059
    assets/pf3.jpg 0x5429ceae
    assets/pf4.jpg 0xe2e0f055
    assets/pf5.jpg 0x7f505a03
    assets/pf6.jpg 0x7c12f262
    assets/right_normal_11.png 0x12c36ebd
    assets/statusdetail_toolbar_follow_background.9.png 0x2d7fc27e
    assets/sxan.jpg 0x82fb608c
    assets/sytp.png 0x5f727de4
    assets/titlebar.png 0xf0c9e588
    assets/tm.png 0x863db4b0
    assets/userinfo_navigationbar_small_background.9.png 0x9ccdce9e
    assets/w01.jpg 0xe52db707
    assets/w02.jpg 0x439ee5c5
    assets/w03.jpg 0x52e774ab
    assets/z1.jpg 0x52e774ab
    assets/zz.txt 0xee58d9d1
    res/drawable/bkg.9.png 0x6e530870
    res/drawable/e4alistview_new_message.png 0x1cdc5409
    res/drawable/icon.png 0xe11d3927
    res/drawable/send1.9.png 0x23abec1e
    res/drawable/send2.9.png 0x98622f74
    res/drawable/text.9.png 0x5a578819
    res/drawable/whatsnew_btn_nor.9.png 0xd2514971
    res/drawable/whatsnew_btn_pressed.9.png 0xb7b50efc
    AndroidManifest.xml 0xef4b662e
    resources.arsc 0xea742909
    classes.dex 0x5431788e
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号