VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Scanner(s) (1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-06-18 10:53:50 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14054 10.0.1405 2017-06-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23479 0.97.5 2017-06-16 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.549, 49.549, 49.549 5.4.233 2017-06-18 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.12919 25.12919 2017-06-18 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-16 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-06-17 Found nothing 6
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-16 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 7
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-06-17 Android.Jiagu.A (PUP) 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2017-06-15 Found nothing 2
tws 17.47.17308 1.0.2.2108 2017-06-17 Found nothing 15
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-16 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:a4829006f4e3fd08e947243393c00ecc
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:net.dingd.vpn
最低运行环境:Android 4.0, 4.0.1, 4.0.2
版权:
进程行为
VirSCANVirSCAN
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\~DF66FF.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\~$斯派克国际机构掀起IT行业第二次产业革命》.doc
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\《多斯派克国际机构掀起IT行业第二次产业革命》.doc.LNK
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\%temp%\****.exe_7zdump.LNK
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\~DF66FF.tmp
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\~$斯派克国际机构掀起IT行业第二次产业革命》.doc ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\~$斯派克国际机构掀起IT行业第二次产业革命》.doc ---> Offset = 54
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\《多斯派克国际机构掀起IT行业第二次产业革命》.doc.LNK ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat ---> Offset = 28
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\%temp%\****.exe_7zdump.LNK ---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Program Files\Microsoft Office\OFFICE11\Normal.dot
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Normal.dot
FileName = C:\WINDOWS
FileName = C:\WINDOWS\WinSxS
FileName = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\《多斯派克国际机构掀起IT行业第二次产业革命》.doc
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
行为描述: 复制文件
详情信息: C:\Program Files\Microsoft Office\OFFICE11\opa11.bak ---> C:\Program Files\Microsoft Office\OFFICE11\opa11.dat
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\WWR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\A]R
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\_R
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O`R
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\aR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\cbR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\=eR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Common\ReviewCycle\ReviewToken
\REGISTRY\USER\S-*\Software\Microsoft\Office\Common\Assistant\CurrAsstState
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\A]R
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\_R
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\O`R
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\aR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\cbR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\=eR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\WWR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\WordName
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\StartupItems\
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Word\Resiliency\
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: Local\Mutex_MSOSharedMem
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
MSCTF.GCompartListMUTEX.DefaultS-*
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
MSCTF.Shared.MUTEX.ELH
行为描述: 创建事件对象
详情信息: EventName = Local\MsoTestEvent_b17b099a-ad9a-469e-9f25-51e5c786c2a2
EventName = PrimaryWord11Mutex
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.MKI.IC
EventName = MSCTF.SendReceiveConection.Event.MKI.IC
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MSOBALLOON,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp10,]
NtUserFindWindowEx: [Class,Window] = [AgentAnim,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
行为描述: 打开事件
详情信息: Global\MsoTestEvent_b17b099a-ad9a-469e-9f25-51e5c786c2a2
MSFT.VSA.COM.DISABLE.2216
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 2216, Hwnd=0x2102bc, Text = MsoDockTop, ClassName = MsoCommandBarDock.
Pid = 2216, Hwnd=0x603c6, Text = 格式, ClassName = MsoCommandBar.
Pid = 2216, Hwnd=0xf034a, Text = 常用, ClassName = MsoCommandBar.
Pid = 2216, Hwnd=0xc038a, Text = 菜单栏, ClassName = MsoCommandBar.
Pid = 2216, Hwnd=0x1b02b6, Text = 《多斯派克国际机构掀起IT行业第二次产业革命》.doc - Microsoft Word, ClassName = OpusApp.
Pid = 2216, Hwnd=0x150306, Text = 《多斯派克国际机构掀起IT行业第二次产业革命》.doc, ClassName = _WwB.
Pid = 2216, Hwnd=0x100398, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2216, Hwnd=0x303d0, Text = MSO Generic Control Container, ClassName = MsoCommandBar.
Pid = 2216, Hwnd=0x503b2, Text = Microsoft Word 文档, ClassName = _WwG.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ThunderRT6Main]
行为描述: 打开互斥体
详情信息: ShimCacheMutex
Local\Mutex_MSOSharedMem
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
Local\MU_ACBPIDS08
CtfmonInstMutexDefaultS-*
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
Local\Mso97SharedDg19541108221Mutex
OfficeAssistantStateMutex
Activities
VirSCANVirSCAN
活动名 类型
net.openvpn.openvpn.OpenVPNAttachmentReceiver android.intent.action.VIEW
net.openvpn.openvpn.OpenVPNAttachmentReceiver android.intent.category.BROWSABLE
net.openvpn.openvpn.OpenVPNAttachmentReceiver android.intent.category.DEFAULT
net.openvpn.openvpn.splash android.intent.action.MAIN
net.openvpn.openvpn.splash android.intent.category.DEFAULT
com.qihoo.util.StartActivity android.intent.action.MAIN
com.qihoo.util.StartActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
启动方式
VirSCANVirSCAN
名称 信息
net.openvpn.openvpn.OpenVPNRebootReceiver 开机启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
服务列表
VirSCANVirSCAN
名称
net.openvpn.openvpn.OpenVPNService
com.qihoo.util.CommonService
com.qihoo.util.UpdateService
Providers
VirSCANVirSCAN
名称 信息
net.openvpn.openvpn.OpenVPNService
com.qihoo.util.CommonService
com.qihoo.util.UpdateService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x1ed61d90
META-INF/BIN.SF 0x37a5c233
META-INF/BIN.RSA 0xba30400
AndroidManifest.xml 0x6d78a353
assets/.appkey 0xbba052ee
assets/btn_login.xml 0xc94f50c2
assets/error.html 0xa5b1820a
assets/help/default/index.html 0x55e96f0
assets/libjiagu.so 0x7d47f0f0
assets/libjiagu_a64.so 0x6afb5044
assets/libjiagu_x86.so 0xd607bf0c
classes.dex 0x914cf28a
lib/arm64-v8a/libovpncli.so 0xc6b8a8d9
lib/armeabi-v7a/libovpncli.so 0x77c5da1c
lib/armeabi/libovpncli.so 0xe3e69f9e
res/drawable-hdpi-v4/icon.png 0x9b2f281b
res/drawable-hdpi-v4/info.png 0x799e162
res/drawable-hdpi-v4/openvpn_connected.png 0x2694f519
res/drawable-hdpi-v4/openvpn_connecting.png 0x193a439e
res/drawable-hdpi-v4/openvpn_disconnected.png 0x3990b5d3
res/drawable-mdpi-v4/icon.png 0x9b2f281b
res/drawable-mdpi-v4/info.png 0x3a7e65e0
res/drawable-mdpi-v4/openvpn_connected.png 0x2694f519
res/drawable-mdpi-v4/openvpn_connecting.png 0x193a439e
res/drawable-mdpi-v4/openvpn_disconnected.png 0x3990b5d3
res/drawable-xhdpi-v4/icon.png 0x9b2f281b
res/drawable-xhdpi-v4/openvpn_connected.png 0x2694f519
res/drawable-xhdpi-v4/openvpn_connecting.png 0x193a439e
res/drawable-xhdpi-v4/openvpn_disconnected.png 0x3990b5d3
res/drawable/blue_bg.png 0xc1898e2f
res/drawable/blue_help.png 0xa338d349
res/drawable/blue_line.png 0x322349f1
res/drawable/blue_more.png 0xf6d1bd6e
res/drawable/blue_shop.png 0xf47f836f
res/drawable/bt_add.png 0xc6ee3f4
res/drawable/bt_help.png 0xbb58735b
res/drawable/bt_info.png 0x7f7ebed2
res/drawable/bt_line.png 0xbcf39461
res/drawable/bt_more.png 0xf907799
res/drawable/bt_shop.png 0xc4b15cd0
res/drawable/btn.png 0xc1c7d91f
res/drawable/btn_accept_install.xml 0x301e961f
res/drawable/btn_back_on.png 0xa7cfb1f9
res/drawable/btn_cancel_install.xml 0xd9a24884
res/drawable/btn_login.xml 0x88bba1a0
res/drawable/btn_on.png 0x60bf3bad
res/drawable/btn_on_xml.xml 0x11b8dd5f
res/drawable/btn_reg.xml 0x2b535a27
res/drawable/btns_on_xml.xml 0xcd0e0b
res/drawable/connected.png 0xe2bea1ea
res/drawable/connecting.png 0xad2c040f
res/drawable/data_icon.png 0x78149f41
res/drawable/date_icon.png 0xef99ef4c
res/drawable/delete.png 0xb0f2e025
res/drawable/dingd.png 0x622dfd6a
res/drawable/disconnected.png 0xb0f2e025
res/drawable/dk.png 0x71bb882b
res/drawable/edit.png 0x8eaaddd8
res/drawable/error.png 0xb0f2e025
res/drawable/file_dialog_file.png 0x8bb344a8
res/drawable/file_dialog_folder.png 0xf82ca808
res/drawable/file_dialog_icon.png 0x99a4f90b
res/drawable/gg.png 0xb298a5ba
res/drawable/hs.png 0x7dd17c2f
res/drawable/info.png 0x9ca8bbc
res/drawable/info_box.xml 0xa3ae0df8
res/drawable/line.png 0x140d9b10
res/drawable/link_icon.png 0x8bfe1cda
res/drawable/main_bg.jpg 0x78f5743d
res/drawable/my_bg.jpg 0x69d9fee1
res/drawable/pass.png 0xb2c25d0b
res/drawable/pause.png 0x6f332d55
res/drawable/profile_box.xml 0x4cc276a6
res/drawable/progress_bar_states.xml 0xbc2dd259
res/drawable/pt.png 0x55b2d9a0
res/drawable/reload.png 0x149d0bbf
res/drawable/rightarrow.png 0x6a4a8a4f
res/drawable/shap.xml 0x2b535a27
res/drawable/shap2.xml 0x2b535a27
res/drawable/shape_progressbar_bg.xml 0x71ebd399
res/drawable/shape_progressbar_mini.xml 0xd67d890e
res/drawable/splash.jpg 0xec525078
res/drawable/stats_box.xml 0xca691a9b
res/drawable/user.png 0xbc945d2a
res/drawable/user_center.png 0xf48f3dc9
res/drawable/ws.png 0x4cb04be0
res/layout-land/cert_warn.xml 0xbcad2270
res/layout/about.xml 0x5880d0d0
res/layout/activity_main.xml 0x2b7f58db
res/layout/activity_reg.xml 0xc6ab4ee3
res/layout/activity_splash.xml 0xdff6f9c9
res/layout/activity_update.xml 0x38cfd093
res/layout/add_proxy.xml 0x281b051e
res/layout/add_shortcut.xml 0xffcb9ee5
res/layout/attachment_receiver.xml 0x41eb11c1
res/layout/cert_warn.xml 0x5f2dedd2
res/layout/cr_dialog.xml 0x3a0d4fe7
res/layout/create_shortcut_dialog.xml 0xf0080b74
res/layout/file_dialog_main.xml 0xc2fc40cf
res/layout/file_dialog_row.xml 0x31dfbc4e
res/layout/form.xml 0xb7631a0c
res/layout/import_profile.xml 0xc6dc6d6f
res/layout/import_server_item.xml 0x4aa50903
res/layout/log.xml 0xb205a07a
res/layout/login.xml 0x425f8c63
res/layout/proxy_creds.xml 0x63c5c5cc
res/layout/rename_profile_dialog.xml 0x34e1b9c1
res/layout/stats.xml 0xed7b389a
res/menu/menu.xml 0x3d5fc920
res/raw/disconnect.wav 0xd00e64b8
res/xml/preferences.xml 0x98da62d9
resources.arsc 0x667501f3
运行截图
VirSCANVirSCAN
VirSCAN