VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-03-05 20:36:24 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 60
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 60
avast 141231-0 4.7.4 2014-12-31 Found nothing 11
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 7
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 60
baidusd 1.0 1.0 2014-04-02 Found nothing 60
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 1
clamav 19745 0.97.5 2014-12-07 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 57
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 2
fsecure 2014-04-02-01 9.13 2014-04-02 Trojan:Android/Fakeinst.IT 3
gdata 25.473 25.473 2015-03-01 Found nothing 60
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 5
jiangmin 16.0.100 1.0.0.0 2014-08-20 Found nothing 60
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 43
kingsoft 2.1 2.1 2013-09-22 Found nothing 60
mcafee 7638 5400.1158 2014-11-30 Found nothing 26
nod32 0920 3.0.21 2014-12-23 Found nothing 4
panda 9.05.01 9.05.01 2014-12-31 Found nothing 60
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 4
qh360 1.0.1 1.0.1 1.0.1 Found nothing 60
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 1
quickheal 14.00 14.00 2014-12-31 Found nothing 60
rising 25.46.06.04 25.46.06.04 2014-12-28 Found nothing 60
sophos 5.08 3.55.0 2014-12-01 Found nothing 7
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 1
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 60
thehacker 6.8.0.5 6.8.0.5 2014-12-29 Found nothing 60
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 60
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 25
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 49
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.VIBRATE 允许设备震动
android.permission.RECEIVE_SMS 监控接收短信
android.permission.WRITE_SMS 写短信
android.permission.READ_SMS 读取短信
android.permission.SEND_SMS 发送短信
android.permission.SET_TIME_ZONE 设置系统时区
android.permission.GLOBAL_SEARCH 允许全局搜索
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.DEVICE_POWER 电源管理
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.READ_CONTACTS 读取联系人信息
android.permission.CALL_PHONE 拨打电话
文件信息
VirSCANVirSCAN
安全评分 :79
基本信息
VirSCANVirSCAN
MD5:69c9aa40f9125928c4aa01086e3ab9b9
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.message.v5.xc5_4023
最低运行环境:Android 2.2.x
版权:123456
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [2,Button]
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\urlspace
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
5e3342fd-8290-4b05-a431-4c1b2f4b2e53
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
Local\UrlZonesSM_Administrator
MSCTF.MarshalInterface.FileMap.AOJ..BIJFF
MSCTF.MarshalInterface.FileMap.AOJ.B.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.C.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.D.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.E.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.F.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.G.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.H.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.I.BJJFF
MSCTF.MarshalInterface.FileMap.AOJ.J.BJJFF
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = urlspirit.spiritsoft.cn, PORT = 80
InternetConnectA: ServerName = bak1.spiritsoft.cn, PORT = 80
InternetConnectA: ServerName = bak2.spiritsoft.cn, PORT = 80
InternetConnectA: ServerName = urlspirit.urlspirit.com, PORT = 80
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: urlspirit.spiritsoft.cn:80/urlcore/olcfgs.dat?q=41, hConnect = 0x000004f0
HttpOpenRequestA: urlspirit.spiritsoft.cn:80/urlcore/olcfgs.dat?q=18467, hConnect = 0x000004c8
HttpOpenRequestA: bak1.spiritsoft.cn:80/urlcore/olcfgs.dat?q=6334, hConnect = 0x000004c8
HttpOpenRequestA: bak2.spiritsoft.cn:80/urlcore/olcfgs.dat?q=26500, hConnect = 0x000004c8
HttpOpenRequestA: urlspirit.urlspirit.com:80/urlcore/olcfgs.dat?q=19169, hConnect = 0x000004c8
HttpOpenRequestA: urlspirit.spiritsoft.cn:80/urlcore/olcfgs.dat?q=15724, hConnect = 0x000005e4
HttpOpenRequestA: urlspirit.spiritsoft.cn:80/urlcore/olcfgs.dat?q=11478, hConnect = 0x000005e4
HttpOpenRequestA: bak1.spiritsoft.cn:80/urlcore/olcfgs.dat?q=29358, hConnect = 0x000005e4
HttpOpenRequestA: bak2.spiritsoft.cn:80/urlcore/olcfgs.dat?q=26962, hConnect = 0x000005e4
HttpOpenRequestA: urlspirit.urlspirit.com:80/urlcore/olcfgs.dat?q=24464, hConnect = 0x00000594
HttpOpenRequestA: urlspirit.spiritsoft.cn:80/urlcore/olcfgs.dat?q=5705, hConnect = 0x000004c4
HttpOpenRequestA: urlspirit.spiritsoft.cn:80/urlcore/olcfgs.dat?q=28145, hConnect = 0x000004c4
HttpOpenRequestA: bak1.spiritsoft.cn:80/urlcore/olcfgs.dat?q=23281, hConnect = 0x000004c4
HttpOpenRequestA: bak2.spiritsoft.cn:80/urlcore/olcfgs.dat?q=16827, hConnect = 0x000004c4
HttpOpenRequestA: urlspirit.urlspirit.com:80/urlcore/olcfgs.dat?q=9961, hConnect = 0x000004c4
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\%temp%\1425495806.657643.exe
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\urlspace
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: RasPbFile
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.AEH
Local\c:!documents and settings!administrator!ietldcache!
MSCTF.Shared.MUTEX.AOJ
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\kernel32.dll--->SetUnhandledExceptionFilter Offset = 0x0
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [2,Button]
行为描述: 窗口信息
详情信息: Pid = 2524, Hwnd=0x1035a, Text = 添加"通用流量"网址, ClassName = Button.
Pid = 2524, Hwnd=0x1035c, Text = 添加"在线绑定"网址, ClassName = Button.
Pid = 2524, Hwnd=0x1035e, Text = 2, ClassName = Button.
Pid = 2524, Hwnd=0x10360, Text = 通用流量使用帮助, ClassName = Button.
Pid = 2524, Hwnd=0x10362, Text = 精灵设置, ClassName = Button.
Pid = 2524, Hwnd=0x10366, Text = 网址数量:, ClassName = Static.
Pid = 2524, Hwnd=0x10368, Text = 1/1, ClassName = Button.
Pid = 2524, Hwnd=0x1036a, Text = 添加您的网址:, ClassName = Static.
Pid = 2524, Hwnd=0x1034e, Text = 流量精灵 4.0.3, ClassName = #32770.
动态列表行为
VirSCANVirSCAN
行为描述: 传递附加信息
详情信息: Ljava/lang/String;=android.app.extra.DEVICE_ADMIN | Landroid/os/Parcelable;=ComponentInfo{com.message.v5.xc5_4023/com.test.message.Device}
Ljava/lang/String;=android.app.extra.ADD_EXPLANATION | Ljava/lang/String;=
行为描述: 访问网络
详情信息: host:183.86.211.133 port:4023
行为描述: 启动服务
详情信息: com.android.musicfx.Compatibility$Service
com.test.message.MyService
行为描述: 读取文件
详情信息: path:/proc/761/cmdline length:105
path:/proc/777/cmdline length:105
path:/proc/790/cmdline length:105
path:/proc/819/cmdline length:105
path:/proc/832/cmdline length:105
行为描述: 添加设备管理器
详情信息:
行为描述: 注册ContentObserver
详情信息: URI=content://sms
行为描述: 访问URL
详情信息: libcore.net.http.HttpURLConnectionImpl:http://183.86.211.133:4023/api/init
libcore.net.http.HttpURLConnectionImpl:http://183.86.211.133:4023/api/status/DFA56A396EB2570E5E203705B1DEF7CE
libcore.net.http.HttpURLConnectionImpl:http://183.86.211.133:4023/api/sms
行为描述: 设置组件属性
详情信息: Landroid/content/ComponentName;=ComponentInfo{com.message.v5.xc5_4023/com.test.message.MainActivity} | I=2 | I=1
行为描述: 类加载
详情信息: path:/system/app/PicoTts.apk
path:/system/app/MusicFX.apk
path:/system/framework/am.jar
path:/data/app/com.message.v5.xc5_4023-1.apk
行为描述: 调用哈希算法
详情信息: MD5
行为描述: 初始化Intent
详情信息: Ljava/lang/String;=android.app.action.ADD_DEVICE_ADMIN
Landroid/content/Context;=com.test.message.MyService@4156d5e0 | Ljava/lang/Class;=class com.test.version2.SMSService
行为描述: 获取设备ID
详情信息: 357242043237511
行为描述: 写入文件
详情信息: path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
Activities
VirSCANVirSCAN
活动名 类型
com.test.message.MainActivity android.intent.action.MAIN
com.test.message.MainActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
ContentResolver;->delete 删除短信、联系人
ContentResolver;->query 读取联系人、短信等数据库
java/net/URL;->openConnection 连接URL
SmsManager;->sendTextMessage 发送普通短信
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getSimSerialNumber 获取SIM序列号
启动方式
VirSCANVirSCAN
名称 信息
com.test.message.BootupReceiver 开机启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.VIBRATE 允许设备震动
android.permission.RECEIVE_SMS 监控接收短信
android.permission.WRITE_SMS 写短信
android.permission.READ_SMS 读取短信
android.permission.SEND_SMS 发送短信
android.permission.SET_TIME_ZONE 设置系统时区
android.permission.GLOBAL_SEARCH 允许全局搜索
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.DEVICE_POWER 电源管理
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.READ_CONTACTS 读取联系人信息
android.permission.CALL_PHONE 拨打电话
服务列表
VirSCANVirSCAN
名称
com.test.message.MyService
com.test.version2.SMSService
文件列表
VirSCANVirSCAN
文件名 校验码
AndroidManifest.xml 0xf672aeea
res/drawable-hdpi-v4/ic_launcher.jpg 0xd4cd04f5
res/layout/activity_login.xml 0x12dbe0d4
res/layout/activity_main.xml 0x735bee5a
res/layout/activity_register.xml 0x735bee5a
res/layout/activity_setings.xml 0x2a7a5669
res/menu/login.xml 0x26c715af
res/menu/register.xml 0x653c11f7
res/menu/setings.xml 0x515ae42
res/xml/device_admin.xml 0x5174a133
res/xml/pref_data_sync.xml 0xa75189aa
res/xml/pref_general.xml 0xa11a98d2
res/xml/pref_headers.xml 0x2d191d9d
res/xml/pref_notification.xml 0xd98cd94a
resources.arsc 0x6688d9de
classes.dex 0x6282cd9b
META-INF/MANIFEST.MF 0xde4fa2ff
META-INF/CERT.SF 0xbaa903e8
META-INF/CERT.RSA 0x5761644c
运行截图
VirSCANVirSCAN
VirSCAN