VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

File Name :10086.apk (File not down)
File Size :41522 byte
File Type : application/jar
MD5:f2bd0acb67f0ab06f3775a4b703e4524
SHA1:9e913b393a1266f524aee40c2a53f6bab11e80d7
Scanner results
Scanner results:6%Antivirus software(2/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-19 17:29:53 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.3945 25.3945 2015-10-19 Android.Trojan.AutoSMS.MN 8
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 43
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 10
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Android.Agent.DB 2
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
权限列表
许可名称 信息
android.permission.READ_LOGS 读取系统日志
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.RECEIVE_USER_PRESENT
android.permission.RECEIVE_SMS 监控接收短信
android.permission.SEND_SMS 发送短信
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:f2bd0acb67f0ab06f3775a4b703e4524
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.qihoo360.molksxzqfe
最低运行环境:Android 2.2.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
Local\Mso97SharedDg19211108221
PrimaryWord11SharedMemoryArea
Local\Mso97SharedDg20321108221
MSCTF.GCompartListSFM.DefaultS-*
DfSharedHeap3D4EB4
DFMap0-4017855
DfRoot0003D4EB4
DFMap0-4017879
MSCTF.MarshalInterface.FileMap.MPB..FFOHH
Local\Mso97SharedDg19521108221
Local\Mso97SharedDg19531108221
MSCTF.MarshalInterface.FileMap.MPB.B.FGOHH
MSCTF.MarshalInterface.FileMap.MPB.C.FGOHH
MSCTF.MarshalInterface.FileMap.MPB.D.FGOHH
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ThunderRT6Main]
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
Local\Mso97SharedDg19211108221
PrimaryWord11SharedMemoryArea
Local\Mso97SharedDg20321108221
MSCTF.GCompartListSFM.DefaultS-*
DfSharedHeap3D4EB4
DFMap0-4017855
DfRoot0003D4EB4
DFMap0-4017879
MSCTF.MarshalInterface.FileMap.MPB..FFOHH
Local\Mso97SharedDg19521108221
Local\Mso97SharedDg19531108221
MSCTF.MarshalInterface.FileMap.MPB.B.FGOHH
MSCTF.MarshalInterface.FileMap.MPB.C.FGOHH
MSCTF.MarshalInterface.FileMap.MPB.D.FGOHH
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ThunderRT6Main]
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
Local\Mso97SharedDg19211108221
PrimaryWord11SharedMemoryArea
Local\Mso97SharedDg20321108221
MSCTF.GCompartListSFM.DefaultS-*
DfSharedHeap3D4EB4
DFMap0-4017855
DfRoot0003D4EB4
DFMap0-4017879
MSCTF.MarshalInterface.FileMap.MPB..FFOHH
Local\Mso97SharedDg19521108221
Local\Mso97SharedDg19531108221
MSCTF.MarshalInterface.FileMap.MPB.B.FGOHH
MSCTF.MarshalInterface.FileMap.MPB.C.FGOHH
MSCTF.MarshalInterface.FileMap.MPB.D.FGOHH
行为描述: 创建可执行文件
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI3.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI6.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI7.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI8.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI9.tmp
行为描述: 修改文件内容
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\~$996E.doc---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dot---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Program Files\Microsoft Office\OFFICE11\Normal.dot
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot
FileName = C:\WINDOWS\system32\Normal.dot
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\996E.doc
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\#y
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\u{
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\q|
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\|
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O|
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\o|
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\i}
\REGISTRY\USER\S-*\Software\Microsoft\Office\Common\Assistant\CurrAsstState
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\7 
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040210900063D11C8EF10054038389C\Usage\WORDFiles
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{000C0300-0000-0000-C000-000000000046}\TypeLib\Version
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\u{
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\q|
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\|
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O|
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\o|
\REGISTRY\USER\S-1-5-21-117609710-688789844-839522115-500\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\1"
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: Local\Mutex_MSOSharedMem
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
MSCTF.GCompartListMUTEX.DefaultS-*
OfficeAssistantStateMutex
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
MSCTF.Shared.MUTEX.ELH
Local\Mso97SharedDg19541108221Mutex
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ThunderRT6Main]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_INCREASE_QUOTA_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
动态列表行为
VirSCANVirSCAN
行为描述: 传递附加信息
详情信息: android.app.extra.DEVICE_ADMIN:ComponentInfo{com.qihoo360.molksxzqfe/ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM06}
android.app.extra.ADD_EXPLANATION:---------
行为描述: 读取手机短信
详情信息: [u'content://sms/inbox', u'null', u'null', u'null', u'_id desc']
行为描述: 启动服务
详情信息: {"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.qihoo360.molksxzqfe\/ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM01}"}
行为描述: 查询App共享数据
详情信息: [u'content://sms/inbox', u'null', u'null', u'null', u'_id desc']
行为描述: 解析通用资源标识符
详情信息: content://sms/
content://sms/inbox
行为描述: 注册广播接收器
详情信息: [u'ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03@414da380', u'android.content.IntentFilter@41548188', u'android.permission.BROADCAST_SMS', u'null']
[u'ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03@414d6638', u'android.content.IntentFilter@414bbb58']
行为描述: 读取系统设置
详情信息: [u'android.app.ContextImpl$ApplicationContentResolver@4154d7e0', u'sound_effects_enabled']
行为描述: 初始化IntentFilter
详情信息: [u'sh.ji.fe']
行为描述: 注册ContentObserver
详情信息: URI=content://sms/
行为描述: 窗口信息
详情信息: {"text": "提示", "class": "android.widget.TextView"}
{"text": "兑换申请提交成功,正在等待银行处理!", "class": "android.widget.TextView"}
{"text": "确定", "class": "android.widget.Button"}
{"text": "提示", "class": "android.widget.TextView"}
{"text": "兑换申请提交成功,正在等待银行处理!", "class": "android.widget.TextView"}
{"text": "确定", "class": "android.widget.Button"}
行为描述: 添加View
详情信息: [u'com.android.internal.policy.impl.PhoneWindow$DecorView@4154f288', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#8020002 pfl=0x8 fmt=-2 wanim=0x1030002}', u'android.view.CompatibilityInfoHolder@414afa48']
[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414c9fe0', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#8010100 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414afa48']
行为描述: 初始化Intent
详情信息: [u'com.qihoo360.mobilesafe.StartActivity@4154d550', u'class ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JieMian']
[u'android.os.Parcel@414ad208']
[u'ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JieMian@415190b8', u'class ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM01']
[u'android.os.Parcel@414ad208']
[u'android.app.action.ADD_DEVICE_ADMIN']
[]
[u'android.os.Parcel@414ad208']
[u'android.os.Parcel@414ad248']
行为描述: 激活Activity
详情信息: {"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.qihoo360.molksxzqfe\/ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JieMian}"}
{"ACTION":"android.app.action.ADD_DEVICE_ADMIN","FLAG":0,"EXTRAS":{"android.app.extra.DEVICE_ADMIN":"ComponentInfo{com.qihoo360.molksxzqfe\/ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM06}","android.app.extra.ADD_EXPLANATION":"---------"}}
行为描述: 获取运行service
详情信息: [u'40']
行为描述: 发送多份短信
详情信息: number:13148781601 messages:[]
number:13148781601 messages:[]
Activities
VirSCANVirSCAN
活动名 类型
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JieMian android.intent.category.DEFAULT
com.qihoo360.mobilesafe.StartActivity android.intent.action.MAIN
com.qihoo360.mobilesafe.StartActivity android.intent.category.LAUNCHER
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07 android.intent.action.VIEW
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07 android.intent.action.DELETE
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM07 android.intent.category.DEFAULT
危险函数
VirSCANVirSCAN
函数名称 信息
SmsManager;->sendMultipartTextMessage 发送彩信
ContentResolver;->query 读取联系人、短信等数据库
ContentResolver;->delete 删除短信、联系人
ActivityManager;->restartPackage 中断进程,可用于关闭杀软
启动方式
VirSCANVirSCAN
名称 信息
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04 监控短信(收到短信)启动服务
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04 开机启动服务
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM04 屏幕解锁启动服务
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM03 监控短信(收到短信)启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.READ_LOGS 读取系统日志
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.RECEIVE_USER_PRESENT
android.permission.RECEIVE_SMS 监控接收短信
android.permission.SEND_SMS 发送短信
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
服务列表
VirSCANVirSCAN
名称
ji.qqqqqqqqq.wwwwwwwwwwww.eeeeeeeeee.JM01
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0xb5780e57
META-INF/CERT.SF 0x52a9c522
META-INF/CERT.RSA 0x6e9ba53
AndroidManifest.xml 0xfd6390f
res/drawable-mdpi/ic_launcher.png 0x352422cc
res/layout/main.xml 0xddcbbfb1
res/xml/xyz.xml 0x5174a133
resources.arsc 0xa001b198
classes.dex 0xf97d4706
运行截图
VirSCANVirSCAN
VirSCAN