VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-27 18:56:16 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.4073 25.4073 2015-10-26 Android.Trojan.AutoSMS.QF 8
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 40
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 16
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 13
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Found nothing 2
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
权限列表
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:93954e385848d0296f72a46f49f64361
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.liuyj.zb.cn
最低运行环境:Android 2.2.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MFF..DEHGH
MSCTF.MarshalInterface.FileMap.MFF.B.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.C.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.D.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.E.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.F.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.G.DEHGH
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [帮助,Button]
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vampiro
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MFF..DEHGH
MSCTF.MarshalInterface.FileMap.MFF.B.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.C.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.D.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.E.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.F.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.G.DEHGH
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [帮助,Button]
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vampiro
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.MFF..DEHGH
MSCTF.MarshalInterface.FileMap.MFF.B.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.C.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.D.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.E.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.F.DEHGH
MSCTF.MarshalInterface.FileMap.MFF.G.DEHGH
行为描述: 创建可执行文件
详情信息: C:\WINDOWS\system32\WDD.EXE
行为描述: 修改新生成的可执行文件
详情信息: C:\WINDOWS\system32\WDD.EXE---> Offset = 0
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vampiro
其他行为
VirSCANVirSCAN
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述: 窗口信息
详情信息: Pid = 416, Hwnd=0x202d4, Text = General, ClassName = #32770.
Pid = 416, Hwnd=0x302dc, Text = S&top scripts after specified number of seconds:, ClassName = Button(CheckBox).
Pid = 416, Hwnd=0x202d6, Text = 10, ClassName = Edit.
Pid = 416, Hwnd=0x202d8, Text = Spin1, ClassName = msctls_updown32.
Pid = 416, Hwnd=0x202c2, Text = Display &logo when scripts executed in command console, ClassName = Button(CheckBox).
Pid = 416, Hwnd=0x202c4, Text = &Reset to Defaults, ClassName = Button.
Pid = 416, Hwnd=0x202c8, Text = seconds, ClassName = Static.
Pid = 416, Hwnd=0x202a8, Text = 确定, ClassName = Button.
Pid = 416, Hwnd=0x202cc, Text = 取消, ClassName = Button.
Pid = 416, Hwnd=0x202b4, Text = 应用(&A), ClassName = Button.
Pid = 416, Hwnd=0x202b2, Text = 帮助, ClassName = Button.
Pid = 416, Hwnd=0x202a4, Text = Windows Scripting Host, ClassName = #32770.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [帮助,Button]
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
动态列表行为
VirSCANVirSCAN
行为描述: 调用哈希算法
详情信息: MD5
行为描述: 加载链接库文件
详情信息: /data/data/com.liuyj.zb.cn/lib/libgreywolf.so
行为描述: 获取加密实例
详情信息: [u'RSA']
行为描述: 添加View
详情信息: [u'com.android.internal.policy.impl.PhoneWindow$DecorView@414d3a70', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810500 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414b8708']
[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414c84a8', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810100 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414b8708']
行为描述: 初始化Intent
详情信息: []
[u'android.os.Parcel@414b5fd8']
[]
[u'android.os.Parcel@414b5f98']
行为描述: 激活Activity
详情信息: {"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.liuyj.zb.cn\/com.yougaile.iapp.MainActivity}"}
{"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.liuyj.zb.cn\/com.yougaile.iapp.MainActivity}"}
行为描述: 获取设备ID
详情信息: 357143040944263
Activities
VirSCANVirSCAN
活动名 类型
com.yougaile.iapp.logoActivity android.intent.action.MAIN
com.yougaile.iapp.logoActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
SmsManager;->sendTextMessage 发送普通短信
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getLine1Number 获取手机号
ActivityManager;->killBackgroundProcesses 中断进程,可用于关闭杀软
java/net/URL;->openConnection 连接URL
android/app/NotificationManager;->notify 信息通知栏
WifiManager;->setWifiEnabled 变更WIFI状态
HttpClient;->execute 请求远程服务器
DefaultHttpClient;->execute 发送HTTP请求
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERNET 连接网络(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
文件列表
VirSCANVirSCAN
文件名 校验码
AndroidManifest.xml 0xdb478451
assets/Userimg/--1444275721.png 0xbc0ee13
assets/Userimg/jj.png 0xcc733e7
assets/dk.iyu 0x162e5bc1
assets/fps_images.png 0x112b3776
assets/mian.iyu 0xb3fd74de
assets/tcpdump 0x3fc822be
assets/yj.iyu 0x6438246
keys/keystore.ks 0x3d7ea71f
keys/media.pk8 0xb2ff8b4b
keys/media.sbt 0x787af273
keys/media.x509.pem 0xb2b93fdc
keys/platform.pk8 0x7d91e3b8
keys/platform.sbt 0x78fc5c38
keys/platform.x509.pem 0xe2b43571
keys/shared.pk8 0x44b55be
keys/shared.sbt 0xcb0d9b76
keys/shared.x509.pem 0x52234887
keys/testkey.pk8 0x5c6d8836
keys/testkey.sbt 0x197cd57f
keys/testkey.x509.pem 0xc3fc0954
lib/armeabi/libgdx.so 0x39a6b20c
lib/armeabi/libgreywolf.so 0x6771a154
lib/x86/libgdx.so 0x7ec621b5
res/drawable-hdpi/ic_arrow_left.png 0xede5ec62
res/drawable-hdpi/icon.png 0x5f434f68
res/drawable-hdpi/notice_down_icon.png 0x13e56a9c
res/drawable/hy_xml_ui_user_it32.xml 0x21d7e958
res/drawable/hy_xml_ui_user_it52.xml 0xb8c8613b
res/drawable/hy_xml_ui_user_itt.xml 0xfe94a4fa
res/drawable/hy_xml_ui_user_itt2.xml 0x4e1a3cf8
res/drawable/hy_xml_ui_user_t.xml 0xabcb17fa
res/drawable/list_itemshighlighted_translucent.xml 0xaeb7b32c
res/layout/activity_main.xml 0x3600e315
res/layout/activity_webview.xml 0xde99f8a3
resources.arsc 0x6bc2265e
classes.dex 0x19c48896
META-INF/MANIFEST.MF 0xd1140d75
META-INF/CERT.SF 0xe354d212
META-INF/CERT.RSA 0x3615fbcf
运行截图
VirSCANVirSCAN
VirSCAN