VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-06-17 09:43:22 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14054 10.0.1405 2017-06-14 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23419 0.97.5 2017-05-26 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-06 Found nothing 60
fortinet 5.4.233 2017-06-17 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.12896 25.12896 2017-06-17 Found nothing 11
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-16 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-06-16 Found nothing 6
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-16 Found nothing 3
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-06-16 Android.Jiagu.A (PUP) 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2017-06-14 Found nothing 1
tws 17.47.17308 1.0.2.2108 2017-06-17 Found nothing 13
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-15 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.REORDER_TASKS 系统任务排序
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.SET_DEBUG_APP 调试程序
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.READ_LOGS 读取系统日志
android.permission.MANAGE_ACCOUNTS 管理账户
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.INTERNET 连接网络(2G或3G)
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:562d20333910eff5d687c8873f1ed295
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.tencent.qqgamehelp
最低运行环境:Android 2.2.x
版权:
进程行为
VirSCANVirSCAN
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5E34.tmp
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\%temp%\****.xls.LNK
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\%temp%.LNK
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5E34.tmp
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\%temp%\****.xls.LNK ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat ---> Offset = 28
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\%temp%.LNK ---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Program Files
FileName = C:\Program Files\Microsoft Office
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Excel\XLSTART\*.*
FileName = C:\Program Files\Microsoft Office\OFFICE11\xlstart\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.xls
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Office
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent
行为描述: 复制文件
详情信息: C:\Program Files\Microsoft Office\OFFICE11\opa11.bak ---> C:\Program Files\Microsoft Office\OFFICE11\opa11.dat
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\CWR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\MTTT
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery\52E198\52E198
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Common\ReviewCycle\ReviewToken
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery\52E6F7\52E6F7
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\gR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\}hR
\REGISTRY\USER\S-*\Software\Microsoft\Office\Common\Assistant\CurrAsstState
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery\52E198\
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery\
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\CWR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery\52E198\52E198
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\gR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\Resiliency\StartupItems\}hR
\REGISTRY\USER\S-*\Software\Microsoft\Office\11.0\Excel\ExcelName
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: Local\Mutex_MSOSharedMem
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\Mso97SharedDg19211108221Mutex
Local\Mso97SharedDg20321108221Mutex
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
MSCTF.Shared.MUTEX.ELH
OfficeAssistantStateMutex
行为描述: 创建事件对象
详情信息: EventName = Local\MsoTestEvent_85b3900a-533d-4cc7-bc2e-23cb511ebf7c
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceiveConection.Event.IJI.IC
EventName = MSCTF.SendReceive.Event.IJI.IC
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MsoHelp11,]
行为描述: 窗口信息
详情信息: Pid = 2196, Hwnd=0x1f02fe, Text = 格式, ClassName = MsoCommandBar.
Pid = 2196, Hwnd=0x503b2, Text = 常用, ClassName = MsoCommandBar.
Pid = 2196, Hwnd=0x40382, Text = 工作表菜单栏, ClassName = MsoCommandBar.
Pid = 2196, Hwnd=0x150342, Text = Microsoft Excel - %temp%\****.xls, ClassName = XLMAIN.
Pid = 2196, Hwnd=0x15030c, Text = 123456, ClassName = ComboBox.
Pid = 2196, Hwnd=0x6037e, Text = 123456, ClassName = Edit.
Pid = 2196, Hwnd=0x180340, Text = %temp%\****.xls, ClassName = EXCEL7.
Pid = 2196, Hwnd=0x15030c, Text = 23456, ClassName = ComboBox.
Pid = 2196, Hwnd=0x6037e, Text = 23456, ClassName = Edit.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 打开事件
详情信息: Global\MsoTestEvent_85b3900a-533d-4cc7-bc2e-23cb511ebf7c
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2196
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000052
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000052
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,ComboLBox]
[Window,Class] = [,ThunderRT6Main]
行为描述: 打开互斥体
详情信息: ShimCacheMutex
Local\Mutex_MSOSharedMem
Local\Mso97SharedDg19211108221Mutex
CtfmonInstMutexDefaultS-*
Local\Mso97SharedDg20321108221Mutex
Local\MU_ACBPIDS08
Local\Mso97SharedDg19521108221Mutex
Local\Mso97SharedDg19531108221Mutex
Global\MTX_MSO_Formal1_S-*
Global\MTX_MSO_AdHoc1_S-*
OfficeAssistantStateMutex
Activities
VirSCANVirSCAN
活动名 类型
com.qihoo365.mobilesafe.MaMobileSafe android.intent.action.MAIN
com.qihoo365.mobilesafe.MaMobileSafe android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.REORDER_TASKS 系统任务排序
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.SET_DEBUG_APP 调试程序
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.READ_LOGS 读取系统日志
android.permission.MANAGE_ACCOUNTS 管理账户
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.INTERNET 连接网络(2G或3G)
服务列表
VirSCANVirSCAN
名称
com.qihoo.util.QhJobService
com.qihoo.util.CommonService
com.qihoo.util.CommonService2
com.qihoo.ls.SoService
Providers
VirSCANVirSCAN
名称 信息
com.qihoo.util.QhJobService
com.qihoo.util.CommonService
com.qihoo.util.CommonService2
com.qihoo.ls.SoService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x31e3b4e2
META-INF/QB001SOS.SF 0x597546bc
META-INF/QB001SOS.RSA 0x696aed09
AndroidManifest.xml 0xd9382af8
assets/.appkey 0xfeebfa8b
assets/RegionCfg.ini 0x5c2de084
assets/libjiagu.so 0xd30de6dc
assets/libjiagu_ls.so 0x58ead553
classes.dex 0x66e144ef
lib/armeabi/ 0x0
lib/armeabi/libjiagu_art.so 0x0
res/drawable-hdpi-v4/ic_launcher.png 0xae912613
resources.arsc 0x803001e1
运行截图
VirSCANVirSCAN
VirSCAN