VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

File Name :360MobileSafe_6.0.0.1074.apk (File not down)
File Size :7510252 byte
File Type : Zip archive data
MD5:9f53d50c18eabfe4f5c56f27b7c2d1da
SHA1:52c16f6ed98df6e4e1e8a2c76116322c87fdc75d
SHA256:820fd4776419bc4ac894892a15f913fb8dfa197432c7b6d69706a93db126076d
SSDEEP:196608:3eMKMzCXuXguoYh2IWTcasgeL7fIzAHtIy0I:35lWFsL7J
Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-03-05 14:10:21 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 60
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 60
avast 141231-0 4.7.4 2014-12-31 Found nothing 30
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 6
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 60
baidusd 1.0 1.0 2014-04-02 Found nothing 60
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 1
clamav 19745 0.97.5 2014-12-07 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 49
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 6
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 52
gdata 25.473 25.473 2015-03-01 Found nothing 60
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 29
jiangmin 16.0.100 1.0.0.0 2014-08-20 Found nothing 60
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 50
kingsoft 2.1 2.1 2013-09-22 Found nothing 60
mcafee 7638 5400.1158 2014-11-30 Found nothing 44
nod32 0920 3.0.21 2014-12-23 Found nothing 4
panda 9.05.01 9.05.01 2014-12-31 Found nothing 60
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 7
qh360 1.0.1 1.0.1 1.0.1 Found nothing 60
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 1
quickheal 14.00 14.00 2014-12-31 Found nothing 60
rising 25.46.06.04 25.46.06.04 2014-12-28 Found nothing 60
sophos 5.08 3.55.0 2014-12-01 Found nothing 56
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 3
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 60
thehacker 6.8.0.5 6.8.0.5 2014-12-29 Found nothing 60
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 60
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 16
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 31
权限列表
许可名称 信息
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CAMERA 访问照相机设备
android.permission.FLASHLIGHT 访问闪光灯
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.VIBRATE 允许设备震动
android.permission.BLUETOOTH 连接蓝牙设备
android.permission.BLUETOOTH_ADMIN 搜寻蓝牙设备
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.CALL_PHONE 拨打电话
android.permission.SEND_SMS 发送短信
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.RECEIVE_SMS 监控接收短信
android.permission.RECEIVE_MMS 接收彩信
android.permission.RECEIVE_WAP_PUSH 接收wap push信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.READ_CALL_LOG 读取通话记录
android.permission.WRITE_CALL_LOG 写入通话记录
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.GET_PACKAGE_SIZE 获取应用大小
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.REORDER_TASKS 系统任务排序
android.permission.EXPAND_STATUS_BAR 操控状态栏
com.android.alarm.permission.SET_ALARM 设置闹铃提醒
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
com.android.browser.permission.READ_HISTORY_BOOKMARKS 读取浏览器书签
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS 写浏览器书签
android.permission.ACCESS_MTK_MMHW
文件信息
VirSCANVirSCAN
安全评分 :85
基本信息
VirSCANVirSCAN
MD5:9f53d50c18eabfe4f5c56f27b7c2d1da
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.qihoo360.mobilesafe
最低运行环境:Android 2.3.3, 2.3.4
版权:Qihoo
关键行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 跨进程写入数据
详情信息: TargetProcess = explorer.exe, WriteAddress = 0x01e40000, Size = 106496
C:\WINDOWS\explorer.exe
TargetProcess = explorer.exe, WriteAddress = 0x01e58768, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01e5877c, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01e58c2c, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01e58c30, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009a0000, Size = 106496
C:\WINDOWS\system32\ctfmon.exe
TargetProcess = ctfmon.exe, WriteAddress = 0x009b8768, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009b877c, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009b8c2c, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009b8c30, Size = 4
TargetProcess = QQ.exe, WriteAddress = 0x00c60000, Size = 106496
C:\Program Files\Tencent\QQ\Bin\QQ.exe
TargetProcess = QQ.exe, WriteAddress = 0x00c78768, Size = 4
进程行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 跨进程写入数据
详情信息: TargetProcess = explorer.exe, WriteAddress = 0x01e40000, Size = 106496
C:\WINDOWS\explorer.exe
TargetProcess = explorer.exe, WriteAddress = 0x01e58768, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01e5877c, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01e58c2c, Size = 4
TargetProcess = explorer.exe, WriteAddress = 0x01e58c30, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009a0000, Size = 106496
C:\WINDOWS\system32\ctfmon.exe
TargetProcess = ctfmon.exe, WriteAddress = 0x009b8768, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009b877c, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009b8c2c, Size = 4
TargetProcess = ctfmon.exe, WriteAddress = 0x009b8c30, Size = 4
TargetProcess = QQ.exe, WriteAddress = 0x00c60000, Size = 106496
C:\Program Files\Tencent\QQ\Bin\QQ.exe
TargetProcess = QQ.exe, WriteAddress = 0x00c78768, Size = 4
文件行为
VirSCANVirSCAN
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Alhu\tuzay.exe
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 创建互斥体
详情信息: Global\{CE745474-8D71-5914-863E-C07A0EBE161C}
Local\{746D713F-A83A-E30D-863E-C07A0EBE161C}
Global\{79E8061C-DF19-EE88-CC0E-C697448E10F1}
Global\{79E8061C-DF19-EE88-D40C-C6975C8C10F1}
Global\{79E8061C-DF19-EE88-9C0C-C697148C10F1}
Global\{79E8061C-DF19-EE88-A40C-C6972C8C10F1}
Global\{79E8061C-DF19-EE88-500C-C697D88C10F1}
Global\{79E8061C-DF19-EE88-6C0C-C697E48C10F1}
Global\{79E8061C-DF19-EE88-8C0D-C697048D10F1}
Global\{79E8061C-DF19-EE88-980D-C697108D10F1}
Global\{79E8061C-DF19-EE88-B40D-C6973C8D10F1}
Global\{79E8061C-DF19-EE88-740D-C697FC8D10F1}
Global\{79E8061C-DF19-EE88-2C0D-C697A48D10F1}
Global\{79E8061C-DF19-EE88-F00A-C697788A10F1}
Global\{79E8061C-DF19-EE88-B00A-C697388A10F1}
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\ntdll.dll--->ZwCreateThread Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->LdrLoadDll Offset = 0x0
C:\WINDOWS\system32\kernel32.dll--->GetFileAttributesExW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestExW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestExA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetCloseHandle Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetReadFile Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetReadFileExA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetQueryDataAvailable Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpQueryInfoA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->TranslateMessage Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetClipboardData Offset = 0x0
C:\WINDOWS\system32\CRYPT32.dll--->PFXImportCertStore Offset = 0x0
行为描述: 获取系统权限
详情信息: SE_SECURITY_PRIVILEGE
异常崩溃
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: N/A
行为描述: 创建互斥体
详情信息: Global\{CE745474-8D71-5914-863E-C07A0EBE161C}
Local\{746D713F-A83A-E30D-863E-C07A0EBE161C}
Global\{79E8061C-DF19-EE88-CC0E-C697448E10F1}
Global\{79E8061C-DF19-EE88-D40C-C6975C8C10F1}
Global\{79E8061C-DF19-EE88-9C0C-C697148C10F1}
Global\{79E8061C-DF19-EE88-A40C-C6972C8C10F1}
Global\{79E8061C-DF19-EE88-500C-C697D88C10F1}
Global\{79E8061C-DF19-EE88-6C0C-C697E48C10F1}
Global\{79E8061C-DF19-EE88-8C0D-C697048D10F1}
Global\{79E8061C-DF19-EE88-980D-C697108D10F1}
Global\{79E8061C-DF19-EE88-B40D-C6973C8D10F1}
Global\{79E8061C-DF19-EE88-740D-C697FC8D10F1}
Global\{79E8061C-DF19-EE88-2C0D-C697A48D10F1}
Global\{79E8061C-DF19-EE88-F00A-C697788A10F1}
Global\{79E8061C-DF19-EE88-B00A-C697388A10F1}
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\ntdll.dll--->ZwCreateThread Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->LdrLoadDll Offset = 0x0
C:\WINDOWS\system32\kernel32.dll--->GetFileAttributesExW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestExW Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpSendRequestExA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetCloseHandle Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetReadFile Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetReadFileExA Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->InternetQueryDataAvailable Offset = 0x0
C:\WINDOWS\system32\WININET.dll--->HttpQueryInfoA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->TranslateMessage Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->GetClipboardData Offset = 0x0
C:\WINDOWS\system32\CRYPT32.dll--->PFXImportCertStore Offset = 0x0
行为描述: 获取系统权限
详情信息: SE_SECURITY_PRIVILEGE
动态列表行为
VirSCANVirSCAN
行为描述: 数据加密
详情信息: {u'operation': u'keyalgo', u'algorithm': u'DES', u'key': u'96, 71, 37, 15, -101, -128, 21, -66'}
{u'operation': u'keyalgo', u'algorithm': u'AES', u'key': u'108, 49, 118, 98, 66, 65, 98, 110, 37, 44, 74, 94, 100, 64, 50, 55'}
{u'operation': u'keyalgo', u'algorithm': u'DES', u'key': u'98, 42, 115, 45, 97, 105, 108, 101'}
{u'operation': u'decryption', u'data': u'*|\u7968\u53f7', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u822a\u7ad9\u697c', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u53bb\u54ea\u513f\u7f51', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u4e2d\u56fd\u6c11\u822a\u4fe1\u606f', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u63a5\u8f7d', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u91d1\u989d', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u4f59\u989d', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u79ef\u5206', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|10086.cn', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|qq,weixin.com', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u624b\u673a\u536b\u58eb,360.cn', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u6b22\u8fce\u767b\u9646,cmread.com', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u4e66\u5238\u6210\u529f,cmread.com', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u5c0a\u656c\u7684\u7528\u6237,cmread.com', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u60a8\u5df2\u6210\u529f\u53c2\u4e0e,cmread.com', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u5411\u60a8\u8d60\u9001,cmread.com', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'*|\u60a8\u5df2\u6210\u529f\u8ba2\u8d2d,cmread.com', u'algorithm': u'DES'}
{u'operation': u'keyalgo', u'algorithm': u'DES', u'key': u'-32, -99, 61, -56, -55, 50, -112, 36'}
{u'operation': u'keyalgo', u'algorithm': u'DES', u'key': u'-44, 29, -116, -39, -113, 0, -78, 4'}
{u'operation': u'decryption', u'data': u'BestTone', u'algorithm': u'DES'}
{u'operation': u'decryption', u'data': u'callshow_114', u'algorithm': u'DES'}
{u'operation': u'keyalgo', u'algorithm': u'AES', u'key': u'-45, 59, -79, -61, 72, 98, 0, -26, 9, -32, -80, 85, 43, 51, -101, 63'}
行为描述: 启动服务
详情信息: com.android.musicfx.Compatibility$Service
com.qihoo360.mobilesafe.service.helper.GuardHelperService
com.qihoo360.mobilesafe.service.PluginSetupService
com.qihoo360.mobilesafe.main.CasualService
行为描述: 读取文件
详情信息: path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/819/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/835/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6
path:/proc/849/cmdline length:6