VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-03-19 17:08:29 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 6
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 141231-0 4.7.4 2014-12-31 Found nothing 57
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 11
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 1
clamav 19745 0.97.5 2014-12-07 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 57
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 41
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 51
gdata 25.721 25.721 2015-03-18 Found nothing 12
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 30
jiangmin 16.0.100 1.0.0.0 2014-08-20 Found nothing 60
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 54
kingsoft 2.1 2.1 2013-09-22 Found nothing 9
mcafee 7638 5400.1158 2014-11-30 Found nothing 60
nod32 0920 3.0.21 2014-12-23 Found nothing 4
panda 9.05.01 9.05.01 2014-12-31 Found nothing 11
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 16
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 1
quickheal 14.00 14.00 2014-12-31 Found nothing 6
rising 25.46.06.04 25.46.06.04 2014-12-28 Found nothing 3
sophos 5.08 3.55.0 2014-12-01 Found nothing 58
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 1
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 9
thehacker 6.8.0.5 6.8.0.5 2014-12-29 Found nothing 3
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 13
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 55
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 34
权限列表
许可名称 信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.INTERNET 连接网络(2G或3G)
文件信息
VirSCANVirSCAN
安全评分 :89
基本信息
VirSCANVirSCAN
MD5:23f1377b434b7556780127e4535ada5b
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:dopool.cctv
最低运行环境:Android 1.5
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = svchost.exe, WriteAddress = 0x00630000, Size = 53
C:\WINDOWS\system32\svchost.exe
行为描述: 修改注册表_IE首页
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Start Page
行为描述: 修改注册表_禁用修改IE首页属性
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\control Panel\HomePage
行为描述: 探测 Virtual PC 是否存在
详情信息: N/A
行为描述: 设置线程上下文
详情信息: C:\%temp%\1417558573.137903.exe
C:\%temp%\1417558573.221383.exe
C:\%temp%\1417558573.304831.exe
C:\%temp%\1417558573.392081.exe
C:\%temp%\1417558573.477305.exe
C:\%temp%\1417558573.565704.exe
C:\%temp%\1417558573.649229.exe
C:\%temp%\1417558573.732715.exe
C:\%temp%\1417558573.816152.exe
行为描述: 插入APC(异步过程调用)
详情信息: C:\WINDOWS\system32\svchost.exe
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = svchost.exe, WriteAddress = 0x00630000, Size = 53
C:\WINDOWS\system32\svchost.exe
行为描述: 修改注册表_IE首页
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Start Page
行为描述: 修改注册表_禁用修改IE首页属性
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\control Panel\HomePage
行为描述: 探测 Virtual PC 是否存在
详情信息: N/A
行为描述: 设置线程上下文
详情信息: C:\%temp%\1417558573.137903.exe
C:\%temp%\1417558573.221383.exe
C:\%temp%\1417558573.304831.exe
C:\%temp%\1417558573.392081.exe
C:\%temp%\1417558573.477305.exe
C:\%temp%\1417558573.565704.exe
C:\%temp%\1417558573.649229.exe
C:\%temp%\1417558573.732715.exe
C:\%temp%\1417558573.816152.exe
行为描述: 插入APC(异步过程调用)
详情信息: C:\WINDOWS\system32\svchost.exe
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
\Documents and Settings\Administrator\IETldCache\index.datndex.dat_245760
行为描述: 重命名文件
详情信息: C:\%temp%\1417558576.751613.exe ---> C:\monitor\pwvkz.exe
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述: 修改文件内容
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\14bb7e.tmp.bat---> Offset = 0
行为描述: 创建可执行文件
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lazycommon.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Memory1351703.res
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表_系统右键菜单
详情信息: \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\new\
行为描述: 修改注册表_组策略
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Main\Search Bar
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Main\Search Page
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Main\Default_Page_URL
行为描述: 修改注册表_IE关键属性
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
行为描述: 修改注册表_延迟重命名项
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
行为描述: 修改注册表_禁用修改IE首页属性
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Internet Explorer\control Panel\HomePage
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500_CLASSES\Interface\{D5FF1933-D2E9-DF73-D827-D531F56A84DB}\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main\Start Page
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Policies\Microsoft\Internet Explorer\Control Panel\Homepage
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\InProcServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\CLSID
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\Param1
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\command
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\method
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001}\Instance\InitPropertyBag\CLSID
行为描述: 删除注册表键_系统右键菜单
详情信息: \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\New
\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers
行为描述: 修改注册表_IE首页
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Start Page
\REGISTRY\USER\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Start Page
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: RasPbFile
lazyerec
SHIMLIB_LOG_MUTEX
Local\c:!documents and settings!administrator!ietldcache!
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\ntdll.dll--->RtlCaptureContext Offset = 0xe6
C:\WINDOWS\system32\kernel32.dll--->WaitForSingleObjectEx Offset = 0xdc
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [4823-00000029,]
NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [,Microsoft Internet Explorer]
行为描述: 探测 Virtual PC 是否存在
详情信息: N/A
行为描述: 尝试打开调试器或监控软件的驱动设备对象
详情信息: \??\NTICE
行为描述: 获取系统权限
详情信息: SE_DEBUG_PRIVILEGE
行为描述: 打开指定IE网页
详情信息: www.yellowfox.cn
行为描述: 插入APC(异步过程调用)
详情信息: C:\WINDOWS\system32\svchost.exe
行为描述: 窗口信息
详情信息: Pid = 1460, Hwnd=0xb0184, Text = 确定, ClassName = Button.
Pid = 1460, Hwnd=0xb01b0, Text = 友情提示!使用本插件请关闭杀毒软件, ClassName = Static.
Pid = 1460, Hwnd=0xb01c6, Text = 黄狐之家, ClassName = #32770.
Pid = 1460, Hwnd=0xc01b0, Text = 确定, ClassName = Button.
Pid = 1460, Hwnd=0xc0184, Text = 黄狐之家QQ群: 386167291, ClassName = Static.
Pid = 1460, Hwnd=0xc01c6, Text = 黄狐之家, ClassName = #32770.
Pid = 1460, Hwnd=0x90394, Text = 确定, ClassName = Button.
Pid = 1460, Hwnd=0xa03ea, Text = 请关闭360谢谢, ClassName = Static.
Pid = 1460, Hwnd=0xa03da, Text = 信息:, ClassName = #32770.
行为描述: 查找反病毒常用工具窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
动态列表行为
VirSCANVirSCAN
行为描述: 启动服务
详情信息: com.android.musicfx.Compatibility$Service
com.android.mms.transaction.SmsReceiverService
行为描述: 读取文件
详情信息: path:/dev/urandom length:17
path:/proc/783/cmdline length:105
path:/proc/799/cmdline length:105
path:/proc/811/cmdline length:105
path:/proc/842/cmdline length:105
path:/proc/852/cmdline length:105
行为描述: 类加载
详情信息: path:/system/app/PicoTts.apk
path:/system/app/MusicFX.apk
path:/system/framework/am.jar
path:/data/app/dopool.cctv-1.apk
行为描述: 写入文件
详情信息: path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
Activities
VirSCANVirSCAN
活动名 类型
.coverView android.intent.action.MAIN
.coverView android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
java/net/URL;->openConnection 连接URL
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.INTERNET 连接网络(2G或3G)
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0xc0972dd1
META-INF/CERT.SF 0x99fe6137
META-INF/CERT.RSA 0xf27340e3
res/drawable/btn.png 0x741ea17b
res/drawable/volume_inc_1.png 0xcab13d9b
res/drawable/exit.png 0x1ba40a01
res/drawable/thumb0.png 0x92ac2092
res/drawable/volume_dec_1.png 0xcd50ec61
res/drawable/cache_view.png 0x28998bf9
res/drawable/play1.png 0x33dc4eab
resources.arsc 0xea05beab
res/drawable/light4_1.png 0xfbf5b128
res/drawable/cover.png 0x988c9ab1
AndroidManifest.xml 0xee2d1a61
res/drawable/size_inc_in.png 0xa2a6a7fa
res/drawable/light6_1.png 0x5a5be752
res/drawable/light2_1.png 0x653cdd8a
res/drawable/bg2.png 0xce724bc2
res/drawable/back1.png 0xe1e9953c
res/drawable/selector_btn.xml 0x97fcf58a
res/layout/webview.xml 0x6f4ae2a6
res/drawable/progress_horizontal.xml 0xe2f79234
res/drawable/light8_1.png 0x84dbd9db
res/layout-land/videocontrol.xml 0x1390a712
classes.dex 0xb746cde1
res/layout/main.xml 0x3eb220e9
res/layout/showview_title_bar.xml 0x7dce8b9d
res/drawable/icon.png 0xbffa7f34
res/drawable/btn_clicked.png 0x701f9049
res/layout/videocontrol.xml 0x1390a712
res/drawable/size_dec_1.png 0x3706011b
lib/armeabi/libDmplayer.so 0xa86cb458
res/drawable/size_inc_out.png 0x570c150f
res/drawable/play_grey.png 0xec8f4e7c
res/drawable/pause1.png 0x1c39999a
res/drawable/size_inc_1.png 0x8575fd97
res/drawable/about.png 0xfc39a119
运行截图
VirSCANVirSCAN
VirSCAN