VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2018-01-13 14:01:06 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14785 10.0.1405 2018-01-04 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 24212 0.97.5 2018-01-11 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-11-04 Found nothing 60
fortinet 1.000, 54.385, 54.343, 54.201 5.4.247 2018-01-13 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.15650 25.15650 2018-01-12 Android.Trojan.SLocker.gDIBN 13
ikarus 4.00.03 V1.32.31.0 2018-01-12 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-12-22 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2018-01-12 Found nothing 3
mcafee 8620 5400.1158 2017-08-12 Found nothing 60
nod32 6720 3.0.21 2018-01-11 Found nothing 60
panda 9.05.01 9.05.01 2018-01-12 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-11-18 Found nothing 3
rising 3090 3090 2017-12-26 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2018-01-08 Found nothing 1
tws 17.47.17308 1.0.2.2108 2018-01-12 Found nothing 14
vba 3.12.29.5 beta 3.12.29.5 beta 2018-01-12 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:5cd3ba37332dded79b4901663f4822f6
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.drpe26.MemoryCleaner
最低运行环境:Android 2.1.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\SICE
\??\SIWVID
\??\NTICE
行为描述: 获取TickCount值
详情信息: TickCount = 5358721, SleepMilliseconds = 50.
TickCount = 5359534, SleepMilliseconds = 50.
TickCount = 5359596, SleepMilliseconds = 50.
TickCount = 5360378, SleepMilliseconds = 50.
TickCount = 5360862, SleepMilliseconds = 50.
TickCount = 5361612, SleepMilliseconds = 50.
TickCount = 5361628, SleepMilliseconds = 50.
TickCount = 5361643, SleepMilliseconds = 50.
TickCount = 5361659, SleepMilliseconds = 50.
TickCount = 5361675, SleepMilliseconds = 50.
TickCount = 5361690, SleepMilliseconds = 50.
TickCount = 5361706, SleepMilliseconds = 50.
TickCount = 5361721, SleepMilliseconds = 50.
TickCount = 5361737, SleepMilliseconds = 50.
TickCount = 5361753, SleepMilliseconds = 50.
行为描述: 直接获取CPU时钟
详情信息: N/A
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
进程行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\SICE
\??\SIWVID
\??\NTICE
行为描述: 获取TickCount值
详情信息: TickCount = 5358721, SleepMilliseconds = 50.
TickCount = 5359534, SleepMilliseconds = 50.
TickCount = 5359596, SleepMilliseconds = 50.
TickCount = 5360378, SleepMilliseconds = 50.
TickCount = 5360862, SleepMilliseconds = 50.
TickCount = 5361612, SleepMilliseconds = 50.
TickCount = 5361628, SleepMilliseconds = 50.
TickCount = 5361643, SleepMilliseconds = 50.
TickCount = 5361659, SleepMilliseconds = 50.
TickCount = 5361675, SleepMilliseconds = 50.
TickCount = 5361690, SleepMilliseconds = 50.
TickCount = 5361706, SleepMilliseconds = 50.
TickCount = 5361721, SleepMilliseconds = 50.
TickCount = 5361737, SleepMilliseconds = 50.
TickCount = 5361753, SleepMilliseconds = 50.
行为描述: 直接获取CPU时钟
详情信息: N/A
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
文件行为
VirSCANVirSCAN
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
注册表行为
VirSCANVirSCAN
行为描述: 查询注册表_检测虚拟机相关
详情信息: \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
其他行为
VirSCANVirSCAN
行为描述: 探测 Virtual PC是否存在
详情信息: N/A
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
ini_read_write
MSCTF.Shared.MUTEX.ELH
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
行为描述: 打开互斥体
详情信息: DBWinMutex
ShimCacheMutex
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\SICE
\??\SIWVID
\??\NTICE
行为描述: 搜索kernel32.dll基地址
详情信息: Instruction Address = 0x00dd2a73
行为描述: 调整进程token权限
详情信息: SE_DEBUG_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,WindowEx]
[Window,Class] = [,EditboxEx]
[Window,Class] = [,ButtonEx]
[Window,Class] = [,ChoiceboxEx]
行为描述: 获取光标位置
详情信息: CursorPos = (71,18468), SleepMilliseconds = 50.
CursorPos = (6364,26501), SleepMilliseconds = 50.
行为描述: 获取TickCount值
详情信息: TickCount = 5358721, SleepMilliseconds = 50.
TickCount = 5359534, SleepMilliseconds = 50.
TickCount = 5359596, SleepMilliseconds = 50.
TickCount = 5360378, SleepMilliseconds = 50.
TickCount = 5360862, SleepMilliseconds = 50.
TickCount = 5361612, SleepMilliseconds = 50.
TickCount = 5361628, SleepMilliseconds = 50.
TickCount = 5361643, SleepMilliseconds = 50.
TickCount = 5361659, SleepMilliseconds = 50.
TickCount = 5361675, SleepMilliseconds = 50.
TickCount = 5361690, SleepMilliseconds = 50.
TickCount = 5361706, SleepMilliseconds = 50.
TickCount = 5361721, SleepMilliseconds = 50.
TickCount = 5361737, SleepMilliseconds = 50.
TickCount = 5361753, SleepMilliseconds = 50.
行为描述: 直接获取CPU时钟
详情信息: N/A
行为描述: 查找指定内核模块
详情信息: lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
Activities
VirSCANVirSCAN
活动名 类型
com.n0n3m4.apkexport.ExportActivity android.intent.action.MAIN
com.n0n3m4.apkexport.ExportActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
android/app/NotificationManager;->notify 信息通知栏
ContentResolver;->query 读取联系人、短信等数据库
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
文件列表
VirSCANVirSCAN
文件名 校验码
AndroidManifest.xml 0x44487abe
assets/busybox 0x8ee15143
assets/executable 0xa4c21844
assets/terminfo.zip 0x2262288e
classes.dex 0x99015f7f
lib/armeabi/libc4droid.so 0x493b91c4
lib/armeabi/libcutehack.so 0x453c8bd9
lib/armeabi/libsdl2util.so 0x4d329c63
lib/armeabi/libterm4c.so 0xb4e911a9
lib/armeabi/libterm4c_dirty.so 0xb1094a7b
res/anim/slide_in_left.xml 0xd6053720
res/anim/slide_out_right.xml 0xe50cdf9d
res/drawable-nodpi-v4/atari_small_nodpi.png 0x3cfe4eac
res/drawable/atari_small.png 0x3cfe4eac
res/drawable/back.png 0xd9e4d781
res/drawable/button.png 0xe45830a3
res/drawable/icon.png 0xe818d4
res/drawable/joystick.png 0x38200772
res/drawable/kbd.png 0x8a82ba84
res/drawable/logo.png 0x93f56092
res/layout/main.xml 0x6a52e71b
res/layout/splash.xml 0xc1db1fe5
res/layout/term_activity.xml 0xb15d62b8
res/menu/main.xml 0x6e916796
res/menu/mainmenu.xml 0xb1d4d429
res/raw/qt_copyright.txt 0x256eccfc
res/xml/preferences.xml 0x53bfe15e
res/xml/sdlprefs.xml 0x2c85110f
resources.arsc 0x6ea5a9d4
META-INF/MANIFEST.MF 0x4228bf72
META-INF/CERT.SF 0xf6c5c67d
META-INF/CERT.RSA 0x28d00a50
运行截图
VirSCANVirSCAN
VirSCAN