VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :�����Ķ���1.0.apk (File not down)
File Size :1275454 byte
File Type :Zip archive data
MD5:eaf7d9b922023c4c62f432a2677c19b0
SHA1:08815807d93296658d5e9facabc120e776f6d737
SHA256:e62a42c9091de3f93ce3a3bed1fab403eb620423e95b0fb52f642bbdd4b01e08
SSDEEP:24576:4TFEvRdQbt9Pnzig6Eg6ng6/6Buth3xeDTPgpegQyOVxmSrbIwTtSVyydGQxAv:ikubtggBgWghub3xmTOegVcxmSrbtTtH
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-07-11 11:41:57 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 8
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23551 0.97.5 2017-07-10 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 50.090, 49.961, 49.970 5.4.247 2017-07-11 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.13300 25.13300 2017-07-09 Found nothing 12
    ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-07-05 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-07-10 Found nothing 4
    mcafee 8261 5400.1158 2016-08-18 Found nothing 60
    nod32 1777 3.0.21 2015-06-12 Found nothing 60
    panda 9.05.01 9.05.01 2017-07-09 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-07-10 Found nothing 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-07-09 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-07-10 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-10 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
  • 文件信息
    安全评分 :
    基本信息
    MD5:eaf7d9b922023c4c62f432a2677c19b0
    包名:com.chaoxing
    最低运行环境:Android 2.1.x
    版权:Android
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2628, StartAddress = 77E56C7D, Parameter = 001BAC48
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2632, StartAddress = 769AE43B, Parameter = 001DF140
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2636, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2680, StartAddress = 30D5F014, Parameter = 0027C648
    TargetProcess: WINWORD.EXE, InheritedFromPID = 2000, ProcessID = 2492, ThreadID = 2712, StartAddress = 30072FB7, Parameter = 30AEA990
    文件行为
    行为描述:查找文件
    详情信息:FileName = C:\Program Files
    FileName = C:\Program Files\Microsoft Office
    FileName = C:\Program Files\Microsoft Office\OFFICE11\Normal.dot
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Normal.dot
    FileName = C:\WINDOWS
    FileName = C:\WINDOWS\WinSxS
    FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    FileName = C:/Documents and Settings/Administrator/Local Settings/Temp/EB93A6/%temp%\****.exe_7zdump\神奇男侠将在手机机领域抗衡苹果为什么航空品牌应该投资聊天机器人,而且就是现在?.doc
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\桌面
    FileName = C:\//Documents%20and%20Settings/Administrator/Local%20Settings/Temp/EB93A6/%temp%\****.exe_7zdump/神奇男侠将在手机机领域抗衡苹果为什么航空品牌应该投资聊天机器人,而且就是现在?.doc
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\STARTUP\*.*
    FileName = C:\Program Files\Microsoft Office\OFFICE11\STARTUP\*.*
    行为描述:复制文件
    详情信息:C:\Program Files\Microsoft Office\OFFICE11\opa11.bak ---> C:\Program Files\Microsoft Office\OFFICE11\opa11.dat
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\}I
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\M
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTF
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTA
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\=N
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\wO
    \REGISTRY\USER\S-*\Software\Microsoft\Office\Common\Assistant\CurrAsstState
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\M
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\=N
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\wO
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\}I
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\WordName
    行为描述:删除注册表键
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\
    \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\
    其他行为
    行为描述:创建互斥体
    详情信息:Local\Mutex_MSOSharedMem
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    Local\Mso97SharedDg19211108221Mutex
    Local\Mso97SharedDg20321108221Mutex
    MSCTF.GCompartListMUTEX.DefaultS-*
    Local\Mso97SharedDg19521108221Mutex
    MSCTF.Shared.MUTEX.IOH
    Local\Mso97SharedDg19531108221Mutex
    Local\Mso97SharedDg19541108221Mutex
    OfficeAssistantStateMutex
    行为描述:创建事件对象
    详情信息:EventName = Local\MsoTestEvent_a08c7d05-2046-4191-b1e9-2c8e1958e0cd
    EventName = PrimaryWord11Mutex
    EventName = MSCTF.SendReceive.Event.AMJ.IC
    EventName = MSCTF.SendReceiveConection.Event.AMJ.IC
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
    NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
    NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
    行为描述:窗口信息
    详情信息:Pid = 2492, Hwnd=0x1034c, Text = MsoDockTop, ClassName = MsoCommandBarDock.
    Pid = 2492, Hwnd=0x10354, Text = 格式, ClassName = MsoCommandBar.
    Pid = 2492, Hwnd=0x10352, Text = 常用, ClassName = MsoCommandBar.
    Pid = 2492, Hwnd=0x10356, Text = 菜单栏, ClassName = MsoCommandBar.
    Pid = 2492, Hwnd=0x20346, Text = 文档 1, ClassName = _WwB.
    Pid = 2492, Hwnd=0x10368, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
    Pid = 2492, Hwnd=0x1036c, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
    Pid = 2492, Hwnd=0x10362, Text = Microsoft Word 文档, ClassName = _WwG.
    Pid = 2492, Hwnd=0x2033e, Text = 文档 1 - Microsoft Word, ClassName = OpusApp.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:打开事件
    详情信息:Global\MsoTestEvent_a08c7d05-2046-4191-b1e9-2c8e1958e0cd
    MSFT.VSA.COM.DISABLE.2492
    MSFT.VSA.IEC.STATUS.6c736db0
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ThunderRT6Main]
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Local\Mutex_MSOSharedMem
    Local\Mso97SharedDg19211108221Mutex
    Local\Mso97SharedDg20321108221Mutex
    Local\MU_ACBPIDS08
    CtfmonInstMutexDefaultS-*
    Local\Mso97SharedDg19521108221Mutex
    Local\Mso97SharedDg19531108221Mutex
    Local\Mso97SharedDg19541108221Mutex
    OfficeAssistantStateMutex
    Activities
    活动名类型
    .widget.BookShelfandroid.intent.action.MAIN
    .widget.BookShelfcom.chaoxing.widget.BookShelf
    .widget.BookShelfandroid.intent.category.LAUNCHER
    .widget.BookShelfandroid.intent.category.DEFAULT
    .widget.CWebViewcom.chaoxing.widget.CWebView
    .widget.CWebViewandroid.intent.category.DEFAULT
    com.chaoxing.widget.Readercom.chaoxing.widget.Reader
    com.chaoxing.widget.Readerandroid.intent.category.DEFAULT
    com.chaoxing.widget.PathRequestActivitycom.chaoxing.widget.PathRequestActivity
    com.chaoxing.widget.PathRequestActivityandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    HttpClient;->execute请求远程服务器
    ContentResolver;->delete删除短信、联系人
    ContentResolver;->query读取联系人、短信等数据库
    java/net/URL;->openConnection连接URL
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    服务列表
    名称
    com.chaoxing.HttpAsyncService
    com.chaoxing.BookDownloadManager
    Providers
    名字信息
    com.chaoxing.dao.BooksProvider
    文件列表
    文件名 校验码
    assets/ext-min.css 0x1f55cab8
    assets/ext4-compoent-min.js 0x66e480ab
    res/anim/fadein.xml 0x234b07db
    res/anim/fadeout.xml 0x35b06ba3
    res/anim/layout_grid_fade.xml 0xc6fa5f31
    res/anim/rotate.xml 0xe3ceb2
    res/anim/slide_in_top.xml 0xd13a2b59
    res/anim/slide_out_top.xml 0xfad0c194
    res/drawable/bk_style_list0.png 0xe9ce2609
    res/drawable/bk_style_list1.png 0x9098468
    res/drawable/bk_style_shelf0.png 0x63791f7
    res/drawable/bk_style_shelf1.png 0xe7c4f9b4
    res/drawable/book_dl_complete.png 0xaa9e957a
    res/drawable/book_dl_error.png 0x24cce7e1
    res/drawable/book_dl_notify.png 0x5bf8fe4e
    res/drawable/book_json_dlg_abs_bg.xml 0xb865430d
    res/drawable/book_json_dlg_bg.xml 0xb3a9eee1
    res/drawable/book_json_dlg_btn.xml 0x619a0e0a
    res/drawable/book_json_dlg_btn_bg.9.png 0x55fc8cf1
    res/drawable/book_json_dlg_btn_bg_press.9.png 0xfa982cbc
    res/drawable/book_proccess_bg.xml 0xf2073c3e
    res/drawable/book_shadow.png 0x21355049
    res/drawable/bookmarks_list.png 0x6adf4541
    res/drawable/bookshelf_bg.xml 0x5d270d65
    res/drawable/bookshelftoolbar_bg.png 0xf7a9f6de
    res/drawable/bright_dark.png 0x4d4283d5
    res/drawable/bright_wood.xml 0xd1f8346c
    res/drawable/bright_wood_pic.png 0x33eb9017
    res/drawable/category_all.png 0x93b627fb
    res/drawable/default_cover.png 0x65b4219b
    res/drawable/delete.png 0xc9beeb7
    res/drawable/go_category.png 0x67c55aa6
    res/drawable/ico1.png 0x2b016d9b
    res/drawable/ico3.png 0xffe490b5
    res/drawable/ico4.png 0x65a7ad72
    res/drawable/icon.png 0x179eb318
    res/drawable/loading_bg.xml 0x2a9f87cc
    res/drawable/loading_pic.png 0xa3c41311
    res/drawable/onlinelib.png 0x4a6b0efd
    res/drawable/onlinelib_btn.xml 0xff596508
    res/drawable/onlinelib_selected.png 0x15eb3101
    res/drawable/outline_list_collapse.png 0x50e9898
    res/drawable/outline_list_expand.png 0x65ada1ec
    res/drawable/page_type.png 0xd96bd140
    res/drawable/picture_frame.9.png 0x3a5e9b24
    res/drawable/popwindow_bg.xml 0x3ade5aa2
    res/drawable/progress_horizontal.xml 0xf5dc93e4
    res/drawable/progress_horizontal_error.xml 0x6e73ecce
    res/drawable/read_back.png 0x3f373a24
    res/drawable/reader_bg.png 0xf1481935
    res/drawable/recent_view.png 0x336c236d
    res/drawable/refresh.png 0x2b199c3d
    res/drawable/refresh_btn.xml 0x4edbec41
    res/drawable/refresh_selected.png 0x59b50d21
    res/drawable/searchbook.9.png 0x83fee13d
    res/drawable/tab_bg_selected.xml 0x83d6f1f7
    res/drawable/toolbar_back.png 0xb67c9908
    res/drawable/web_lib.png 0x535312c
    res/drawable/web_lib_btn.xml 0x236be835
    res/drawable/web_lib_selected.png 0x86d54a8a
    res/drawable/webbottom_bg.xml 0xaff183ba
    res/drawable/webtoolbar_bg.xml 0x662e49ce
    res/layout/add_bookmarks.xml 0x1d00d12f
    res/layout/book.xml 0xe5827fd
    res/layout/book_dl_process.xml 0xb49d9e37
    res/layout/book_json_dlg.xml 0xad8e7279
    res/layout/bookmark_listitem.xml 0x7c26e84c
    res/layout/bookshelf.xml 0x7b8fbb07
    res/layout/catalog_listitem.xml 0xb162d741
    res/layout/classify.xml 0x9b9f6e6e
    res/layout/classify_list.xml 0xe5e31561
    res/layout/classify_mask.xml 0xe11661fa
    res/layout/loading.xml 0xb881b04
    res/layout/pagetype_item.xml 0x8a123ea7
    res/layout/popup_bookmarks_window.xml 0x71ac25ee
    res/layout/popup_cacatalog_window.xml 0xffde965a
    res/layout/popup_pagetype_window.xml 0x58818c35
    res/layout/reader.xml 0x6acc464a
    res/layout/reader_container.xml 0x4eb6ee77
    res/layout/web_bottom_tab.xml 0x41924f2f
    res/layout/webview.xml 0xfac99200
    AndroidManifest.xml 0xd03d5fe2
    resources.arsc 0x2b6f9cab
    res/drawable-hdpi/book_json_dlg_btn_bg.9.png 0xcc73e4a7
    res/drawable-hdpi/book_json_dlg_btn_bg_press.9.png 0xfa982cbc
    res/drawable-hdpi/last_lev_shelf.png 0x6be63bf7
    res/drawable-hdpi/recent_view.png 0x336c236d
    res/drawable-hdpi/searchbook.9.png 0x83fee13d
    res/drawable-ldpi/book_json_dlg_btn_bg.9.png 0xcc73e4a7
    res/drawable-ldpi/book_json_dlg_btn_bg_press.9.png 0xfa982cbc
    res/drawable-ldpi/last_lev_shelf.png 0x6be63bf7
    res/drawable-ldpi/recent_view.png 0x336c236d
    res/drawable-ldpi/searchbook.9.png 0x83fee13d
    res/drawable-mdpi/book_json_dlg_btn_bg.9.png 0xcc73e4a7
    res/drawable-mdpi/book_json_dlg_btn_bg_press.9.png 0xfa982cbc
    res/drawable-mdpi/last_lev_shelf.png 0x6be63bf7
    res/drawable-mdpi/recent_view.png 0x336c236d
    res/drawable-mdpi/searchbook.9.png 0x83fee13d
    classes.dex 0xb7b0072f
    lib/armeabi/libpdgparser.so 0x5ce324ef
    lib/armeabi/libSecurity.so 0x789f873b
    META-INF/MANIFEST.MF 0x833d28a4
    META-INF/CERT.SF 0xba45489b
    META-INF/CERT.RSA 0x48ad856d
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号