VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :大傻.apk (File not down)
File Size :288758 byte
File Type :Zip archive data
MD5:a939108758be32e5b4cb3dd118edf30e
SHA1:99fe2718414f180cb3ab6e6f197b7fe08b4c2b67
SHA256:d95d4732f8ebc93298a879950141217138c3ab15bcf8516931102eb795ff7965
SSDEEP:6144:lxIHbPCL6sj3zm3CXof4D4oOvnaoQzyrsb7Wr4I4+EJ3/fLrD5/D:lMb6/j3zSCXogjOvn+urQ5lJ3/zrDJ
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:9%Scanner(s) (3/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-07-20 10:02:59 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23575 0.97.5 2017-07-19 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 5.4.247 2017-07-20 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.13454 25.13454 2017-07-20 Android.Trojan.SLocker.FH 11
    ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-07-19 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-07-19 Found nothing 6
    mcafee 8261 5400.1158 2016-08-18 Found nothing 60
    nod32 1777 3.0.21 2015-06-12 Found nothing 60
    panda 9.05.01 9.05.01 2017-07-19 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Android mobile malware 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-07-18 Android.Congur.A 2
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-07-16 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2017-07-19 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-17 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 没有相关的权限信息

  • 文件信息
    安全评分 :
    基本信息
    MD5:a939108758be32e5b4cb3dd118edf30e
    包名:
    最低运行环境:
    版权:
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2724, StartAddress = 00403457, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2732, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2736, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2740, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2744, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2748, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2752, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2756, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2760, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2764, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2768, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2772, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2776, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2780, StartAddress = 00403418, Parameter = 00000000
    TargetProcess: Pc去3N预测.exe, InheritedFromPID = 2000, ProcessID = 2712, ThreadID = 2784, StartAddress = 00403418, Parameter = 00000000
    网络行为
    行为描述:连接指定站点
    详情信息:WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x01003100, hConnect = 0x01003200, Flags = 0x00000000
    WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x01002100, hConnect = 0x01002200, Flags = 0x00000000
    WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e21100, hConnect = 0x00e21200, Flags = 0x00000000
    WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e71100, hConnect = 0x00e71200, Flags = 0x00000000
    WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e31100, hConnect = 0x00e31200, Flags = 0x00000000
    WinHttpConnect: ServerName = ch****cn, PORT = 80, UserName = , Password = , hSession = 0x00e81100, hConnect = 0x00e81200, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01003100
    WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01002100
    WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e21100
    WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e71100
    WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e31100
    WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x00e81100
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000170
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000174
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x0000011c
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000150
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x0000016c
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000134
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000164
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000168
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000184
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000180
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000160
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000130
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000188
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000128
    URL: ch****cn, IP: **.133.40.**:80, SOCKET = 0x00000178
    行为描述:发送HTTP包
    详情信息:GET /zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotId=265108&chartType=zhzs&r=0.009212904376909137#roll_632 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ch****cn Connection: Keep-Alive
    行为描述:打开HTTP请求
    详情信息:WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01003200, hRequest = 0x01090000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01002200, hRequest = 0x00db0000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e21200, hRequest = 0x00e60000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e71200, hRequest = 0x00e80000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e31200, hRequest = 0x00e80000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01002200, hRequest = 0x00e30000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e81200, hRequest = 0x00e90000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x01002200, hRequest = 0x00e90000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e81200, hRequest = 0x00e30000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e21200, hRequest = 0x00e90000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ch****cn:80/zst/getchartdata?sb_spm=9cefa284cbafa329f651e529d9d3049a&lotid=265108&charttype=zhzs&r=0.009212904376909137#roll_632, hConnect = 0x00e21200, hRequest = 0x00e30000, Verb: GET, Referer: , Flags = 0x00000080
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ch****cn
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.MJK
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = MSCTF.SendReceive.Event.MJK.IC
    EventName = MSCTF.SendReceiveConection.Event.MJK.IC
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 2712, Hwnd=0x1034c, Text = 期数:, ClassName = msctls_statusbar32.
    Pid = 2712, Hwnd=0x10346, Text = Pc28 去3余N 预测 by 28客栈, ClassName = ArrtryPC28.
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceive.Event.IOH.IC
    MSCTF.SendReceiveConection.Event.IOH.IC
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,_EL_Timer]
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号