VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Scanner(s) (0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-09-19 21:41:00 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23845 0.97.5 2017-09-17 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
fortinet 1.000, 51.740, 51.597, 51.621 5.4.247 2017-09-19 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.14236 25.14236 2017-09-18 Found nothing 12
ikarus 3.02.09 V1.32.31.0 2017-09-18 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-09-18 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-09-18 Found nothing 60
mcafee 8620 5400.1158 2017-08-12 Found nothing 60
nod32 6095 3.0.21 2017-09-17 Found nothing 60
panda 9.05.01 9.05.01 2017-09-18 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-09-18 Found nothing 2
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-09-16 Found nothing 1
tws 17.47.17308 1.0.2.2108 2017-09-18 Found nothing 13
vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-18 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.READ_CONTACTS 读取联系人信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:b32f9ad15ab9f0e8eabddf04b9de11dd
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.example.anycut
最低运行环境:Android 1.0
版权:Android
进程行为
VirSCANVirSCAN
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nso3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\StartMenu.dll
C:\Program Files\XYplorer\XYplorer.exe
C:\Program Files\XYplorer\XYcopy.exe
C:\Program Files\XYplorer\ContextMenu64.exe
C:\Program Files\XYplorer\XYplorer.chm
C:\Program Files\XYplorer\ReadmeXY.txt
C:\Program Files\XYplorer\LicenseXY.txt
行为描述: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息: C:\Documents and Settings\All Users\「开始」菜单\程序\XYplorer\XYplorer.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\XYplorer\XYplorer Help.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\XYplorer\XYplorer Website.url
C:\Documents and Settings\All Users\「开始」菜单\程序\XYplorer\XYplorer Uninstall.lnk
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\UserInfo.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\StartMenu.dll
C:\Program Files\XYplorer\XYplorer.exe
C:\Program Files\XYplorer\XYcopy.exe
C:\Program Files\XYplorer\ContextMenu64.exe
C:\Program Files\XYplorer\Uninstall.exe
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-wizard.bmp
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj5.tmp
FileName = C:\Program Files\XYplorer
FileName = C:\Program Files
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\「开始」菜单
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序
FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\*.*
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\*.*
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nso3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-header.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsDialogs.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\StartMenu.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\UserInfo.dll
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\UserInfo.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\System.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp ---> Offset = 71722
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4.tmp ---> Offset = 104490
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-header.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-wizard.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-wizard.bmp ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-wizard.bmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\modern-wizard.bmp ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsDialogs.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\StartMenu.dll ---> Offset = 0
C:\Program Files\XYplorer\XYplorer.exe ---> Offset = 0
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\XYplorer.exe\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\DisplayIcon
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\NSIS:StartMenuDir
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\URLInfoAbout
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\Publisher
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\VersionMajor
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XYplorer\VersionMinor
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@C:\WINDOWS\system32\SHELL32.dll,-8964
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-12693
\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\@shell32.dll,-21786
行为描述: 修改注册表_延迟重命名项
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AHM
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,Button]
[Window,Class] = [Nullsoft Installer for XYplorer - Build Time 2016-08-16 15:46:54,Static]
[Window,Class] = [Nullsoft Installer for XYplorer - Build Time 2016-08-16 15:46:54 ,Static]
[Window,Class] = [,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [Show &details,Button]
[Window,Class] = [Installation Complete,Static]
[Window,Class] = [Setup was completed successfully.,Static]
[Window,Class] = [,ComboLBox]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [ThunderRT6FormDC,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 3180, Hwnd=0x10348, Text = 确定, ClassName = Button.
Pid = 3180, Hwnd=0x30340, Text = Welcome to the newest version of XYplorer! If you have not yet purchased a license you will be able to install XYplorer and evaluate it for free for a maximum period of 30 days. The trial version is fully functional with only minor limitations. If you w, ClassName = Static.
Pid = 3180, Hwnd=0x10344, Text = XYplorer 17.00 Setup, ClassName = #32770.
Pid = 3180, Hwnd=0x20348, Text = &Next >, ClassName = Button.
Pid = 3180, Hwnd=0x20346, Text = Cancel, ClassName = Button.
Pid = 3180, Hwnd=0x10358, Text = Nullsoft Installer for XYplorer - Build Time 2016-08-16 15:46:54 , ClassName = Static.
Pid = 3180, Hwnd=0x1035a, Text = Nullsoft Installer for XYplorer - Build Time 2016-08-16 15:46:54, ClassName = Static.
Pid = 3180, Hwnd=0x1036a, Text = Welcome to XYplorer 17.00 Setup, ClassName = Static.
Pid = 3180, Hwnd=0x1036c, Text = This wizard will guide you through the installation of XYplorer 17.00 (build 17.00.0200). XYplorer is a file manager for Windows 10, 10 Server, 8.1, 8, Server 2012, 7, Server 2008, Vista, XP, Server 2003; 32-bit and 64-bit versions. No system files will, ClassName = Static.
Pid = 3180, Hwnd=0x20344, Text = XYplorer 17.00 Setup, ClassName = #32770.
Pid = 3180, Hwnd=0x2034a, Text = < &Back, ClassName = Button.
Pid = 3180, Hwnd=0x20348, Text = I &Agree, ClassName = Button.
Pid = 3180, Hwnd=0x1035e, Text = License Agreement, ClassName = Static.
Pid = 3180, Hwnd=0x10360, Text = Please review the license terms before installing XYplorer 17.00., ClassName = Static.
Pid = 3180, Hwnd=0x2036c, Text = Press Page Down to see the rest of the agreement., ClassName = Static.
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\UserInfo.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsDialogs.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\StartMenu.dll(签名验证: 未通过)
C:\Program Files\XYplorer\XYplorer.exe(签名验证: 未通过)
C:\Program Files\XYplorer\XYcopy.exe(签名验证: 未通过)
C:\Program Files\XYplorer\ContextMenu64.exe(签名验证: 未通过)
C:\Program Files\XYplorer\Uninstall.exe(签名验证: 未通过)
行为描述: 创建事件对象
详情信息: EventName = MSCTF.SendReceive.Event.AHM.IC
EventName = MSCTF.SendReceiveConection.Event.AHM.IC
EventName = Global\userenv: User Profile setup event
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\UserInfo.dll ---> 1e4995d182c923924c325888930eea33
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\System.dll ---> 960a5c48e25cf2bca332e74e11d825c9
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\nsDialogs.dll ---> 8ced0b79f7b9033d0795aab3be6d627c
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj5.tmp\StartMenu.dll ---> 28052e87fc73e2aad1db2db35eba62e7
C:\Program Files\XYplorer\XYplorer.exe ---> 文件过大!
C:\Program Files\XYplorer\XYcopy.exe ---> f840aea259682631660cb19e37b0af6f
C:\Program Files\XYplorer\ContextMenu64.exe ---> 8b534810810252f09999f29962759b73
C:\Program Files\XYplorer\Uninstall.exe ---> d7570c21d6b57f7d2f09a5da5abafe57
行为描述: 打开互斥体
详情信息: ShimCacheMutex
行为描述: 加载新释放的文件
详情信息: Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj5.tmp\UserInfo.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj5.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj5.tmp\nsDialogs.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj5.tmp\StartMenu.dll.
Activities
VirSCANVirSCAN
活动名 类型
.FrontDoorActivity android.intent.action.MAIN
.FrontDoorActivity android.intent.category.DEFAULT
.FrontDoorActivity android.intent.category.LAUNCHER
.CreateShortcutActivity android.intent.action.CREATE_SHORTCUT
.CreateShortcutActivity android.intent.category.DEFAULT
危险函数
VirSCANVirSCAN
函数名称 信息
ContentResolver;->query 读取联系人、短信等数据库
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.READ_CONTACTS 读取联系人信息
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x2f89b5f2
META-INF/CERT.SF 0x6d6c92
META-INF/CERT.RSA 0x2d1ec180
AndroidManifest.xml 0xd7e85677
classes.dex 0xbeeb7df
res/drawable/app_icon.png 0xee2bf81f
res/drawable/sym_action_call.png 0x670ecec7
res/drawable/sym_action_sms.png 0x8b6508e8
res/layout/custom_shortcut_creator.xml 0x368118bf
res/layout/front_door.xml 0xe21b6d95
res/layout/list.xml 0x2e73ad06
res/layout/shortcut_editor.xml 0xe9a5ee12
resources.arsc 0xeb66dc57
运行截图
VirSCANVirSCAN
VirSCAN