VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-05-04 15:38:02 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 6
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 150725-1 4.7.4 2015-07-25 Found nothing 34
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 6
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 4
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 1
clamav 19861 0.97.5 2014-12-31 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 49
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 1
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 6
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 37
gdata 25.6452 25.6452 2016-05-03 Found nothing 10
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 19
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 56
kingsoft 2.1 2.1 2013-09-22 Found nothing 7
mcafee 7638 5400.1158 2014-11-30 Found nothing 56
nod32 0920 3.0.21 2014-12-23 Found nothing 1
panda 9.05.01 9.05.01 2015-07-26 Found nothing 9
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 4
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 1
quickheal 14.00 14.00 2015-07-25 Found nothing 2
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
sophos 5.08 3.55.0 2014-12-01 Found nothing 13
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 1
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 13
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 24
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 8
权限列表
许可名称 信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.INTERNET 连接网络(2G或3G)
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:6e73cd85cd61bf348cdf6110bea3e06e
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.test.regtool_reg_zeyex
最低运行环境:Android 3.0.x
版权:yun
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x00020000, Size = 0x000006f8
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x7ffd4010, Size = 0x00000004
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x00030000, Size = 0x00000184
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x7ffd41e8, Size = 0x00000004
行为描述: 获取TickCount值
详情信息: TickCount = 489156, SleepMilliseconds = 500.
TickCount = 491437, SleepMilliseconds = 1000.
TickCount = 500781, SleepMilliseconds = 500.
TickCount = 500796, SleepMilliseconds = 500.
TickCount = 503890, SleepMilliseconds = 1000.
TickCount = 505765, SleepMilliseconds = 500.
TickCount = 505796, SleepMilliseconds = 500.
TickCount = 511921, SleepMilliseconds = 500.
TickCount = 511953, SleepMilliseconds = 500.
TickCount = 519312, SleepMilliseconds = 1000.
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\1460911369.701818.exe
行为描述: 创建系统服务
详情信息: [服务创建成功]: Defghi Klmnopqr Tuv, C:\WINDOWS\system32\nelvey.exe
行为描述: 进程提权信息
详情信息: NT AUTHORITY\SYSTEM
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x00020000, Size = 0x000006f8
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x7ffd4010, Size = 0x00000004
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x00030000, Size = 0x00000184
TargetProcess = C:\WINDOWS\system32\wscript.exe, WriteAddress = 0x7ffd41e8, Size = 0x00000004
行为描述: 获取TickCount值
详情信息: TickCount = 489156, SleepMilliseconds = 500.
TickCount = 491437, SleepMilliseconds = 1000.
TickCount = 500781, SleepMilliseconds = 500.
TickCount = 500796, SleepMilliseconds = 500.
TickCount = 503890, SleepMilliseconds = 1000.
TickCount = 505765, SleepMilliseconds = 500.
TickCount = 505796, SleepMilliseconds = 500.
TickCount = 511921, SleepMilliseconds = 500.
TickCount = 511953, SleepMilliseconds = 500.
TickCount = 519312, SleepMilliseconds = 1000.
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\1460911369.701818.exe
行为描述: 创建系统服务
详情信息: [服务创建成功]: Defghi Klmnopqr Tuv, C:\WINDOWS\system32\nelvey.exe
行为描述: 进程提权信息
详情信息: NT AUTHORITY\SYSTEM
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\WINDOWS\system32\nelvey.exe
C:\6865.vbs
行为描述: 创建可执行文件
详情信息: C:\WINDOWS\system32\nelvey.exe
行为描述: 复制文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\1460911369.614112.exe ---> C:\WINDOWS\system32\nelvey.exe
行为描述: 删除文件
详情信息: C:\6865.vbs
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\6865.vbs
FileName = C:\WINDOWS
FileName = C:\WINDOWS\System32
FileName = C:\WINDOWS\System32\WScript.exe
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\wscript.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1460911369.705187.exe
行为描述: 修改BAT脚本文件
详情信息: C:\6865.vbs ---> Offset = 0
行为描述: 修改文件内容
详情信息: C:\WINDOWS\system32\nelvey.exe ---> Offset = 0
C:\WINDOWS\system32\nelvey.exe ---> Offset = 65536
C:\WINDOWS\system32\nelvey.exe ---> Offset = 131072
C:\WINDOWS\system32\nelvey.exe ---> Offset = 196608
C:\WINDOWS\system32\nelvey.exe ---> Offset = 262144
行为描述: 自删除
详情信息: C:\Documents and Settings\Administrator\Local Settings\%temp%\1460911369.701818.exe
网络行为
VirSCANVirSCAN
行为描述: 建立到一个指定的套接字连接
详情信息: URL: zz*******************rg, IP: <FAKE_SERVER_IP>:2016, SOCKET = 0x000000b8
行为描述: 按名称获取主机地址
详情信息: gethostbyname: zz*******************rg
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\System32\WScript.exe
行为描述: 删除注册表键值
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
行为描述: 删除注册表键
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
行为描述: 启动系统服务
详情信息: [服务启动成功]: LocalSystem, Defghi Klmnopqr Tuvwxyab Defg, C:\WINDOWS\system32\nelvey.exe
行为描述: 获取TickCount值
详情信息: TickCount = 489156, SleepMilliseconds = 500.
TickCount = 491437, SleepMilliseconds = 1000.
TickCount = 500781, SleepMilliseconds = 500.
TickCount = 500796, SleepMilliseconds = 500.
TickCount = 503890, SleepMilliseconds = 1000.
TickCount = 505765, SleepMilliseconds = 500.
TickCount = 505796, SleepMilliseconds = 500.
TickCount = 511921, SleepMilliseconds = 500.
TickCount = 511953, SleepMilliseconds = 500.
TickCount = 519312, SleepMilliseconds = 1000.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 588, Hwnd=0x202a6, Text = 确定, ClassName = Button.
Pid = 588, Hwnd=0x202a8, Text = 取消, ClassName = Button.
Pid = 588, Hwnd=0x202b4, Text = "0x2001c138" 指令引用的 "0x00ac0000" 内存。该内存不能为 "read"。 要终止程序,请单击“确定”。 要调试程序,请单击“取消”。, ClassName = Static.
Pid = 588, Hwnd=0x202a4, Text = nelvey.exe - 应用程序错误, ClassName = #32770.
Pid = 588, Hwnd=0x20314, Text = 确定, ClassName = Button.
Pid = 588, Hwnd=0x10316, Text = 取消, ClassName = Button.
Pid = 588, Hwnd=0x1031a, Text = "0x2001c138" 指令引用的 "0x00ab0000" 内存。该内存不能为 "read"。 要终止程序,请单击“确定”。 要调试程序,请单击“取消”。, ClassName = Static.
Pid = 588, Hwnd=0x40312, Text = nelvey.exe - 应用程序错误, ClassName = #32770.
Pid = 588, Hwnd=0x20318, Text = 确定, ClassName = Button.
Pid = 588, Hwnd=0x20316, Text = 取消, ClassName = Button.
Pid = 588, Hwnd=0x1031c, Text = "0x2001c138" 指令引用的 "0x00aa0000" 内存。该内存不能为 "read"。 要终止程序,请单击“确定”。 要调试程序,请单击“取消”。, ClassName = Static.
Pid = 588, Hwnd=0x5031a, Text = nelvey.exe - 应用程序错误, ClassName = #32770.
Pid = 588, Hwnd=0x2031c, Text = 确定, ClassName = Button.
Pid = 588, Hwnd=0x40314, Text = 取消, ClassName = Button.
Pid = 588, Hwnd=0x30318, Text = "0x2001c138" 指令引用的 "0x00ac0000" 内存。该内存不能为 "read"。 要终止程序,请单击“确定”。 要调试程序,请单击“取消”。, ClassName = Static.
行为描述: 可执行文件签名信息
详情信息: C:\WINDOWS\system32\nelvey.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 500.
[2]: MilliSeconds = 1000.
[3]: MilliSeconds = 1000.
[4]: MilliSeconds = 1000.
[5]: MilliSeconds = 1000.
[6]: MilliSeconds = 1000.
[7]: MilliSeconds = 1000.
[8]: MilliSeconds = 1000.
[9]: MilliSeconds = 1000.
[10]: MilliSeconds = 1000.
行为描述: 可执行文件MD5
详情信息: C:\WINDOWS\system32\nelvey.exe ---> 170fbf80f87d2a1258a2c9792a5752ca
行为描述: 创建系统服务
详情信息: [服务创建成功]: Defghi Klmnopqr Tuv, C:\WINDOWS\system32\nelvey.exe
Activities
VirSCANVirSCAN
活动名 类型
com.test.load.MainActivity android.intent.action.MAIN
com.test.load.MainActivity android.intent.category.LAUNCHER
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.INTERNET 连接网络(2G或3G)
Providers
VirSCANVirSCAN
名称 信息
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x68c41316
META-INF/CERT.SF 0x7f4d2d2b
META-INF/CERT.RSA 0xa379bdab
assets/com.test.regtool_reg_zfgj 0xa40c066f
assets/com.test.regtool_reg_zfgj.L 0x333fe636
assets/com.test.regtool_reg_zfgj.art 0x18ee04b
assets/com.test.regtool_reg_zfgj.art.20 0xc443b8b3
assets/com.test.regtool_reg_zfgj.fr 0x7fae87b5
assets/com.test.regtool_reg_zfgj.x86 0x79a90b7f
assets/com.test.regtool_reg_zfgj.x86.L 0x8bff740
res/drawable-hdpi-v4/arrow_back.png 0x4b19b0ed
res/drawable-hdpi-v4/bar.png 0x5146bad9
res/drawable-hdpi-v4/bar_bg.png 0xddd547d7
res/drawable-hdpi-v4/button_titlebar_back.png 0xfd6f6b32
res/drawable-hdpi-v4/icon_back.png 0x8ca125f9
res/drawable-hdpi-v4/load.png 0x33c3b417
res/drawable-hdpi-v4/qrcode_scan_line.png 0xfee8ef6e
res/drawable-mdpi-v4/ic_action_search.png 0xb4091fdc
res/drawable-xhdpi-v4/ic_action_search.png 0x3294aee3
res/drawable/back_btn_selector.xml 0x7f638450
res/drawable/ic_launcher.png 0xe0f9e2b3
res/drawable/loading.png 0x289e9e54
res/layout/load_dialogview.xml 0x283ce09e
res/layout/main.xml 0x8c9fdd66
res/raw/beep.ogg 0xc2805e07
resources.arsc 0xaaa8489
AndroidManifest.xml 0x130634de
assets/baiduprotect.jar 0x7e20790c
lib/ 0x0
lib/armeabi/ 0x0
lib/armeabi/libbaiduprotect.so 0xa919617f
lib/x86/ 0x0
lib/x86/libbaiduprotect.so 0x8b034d3c
assets/libbaiduprotect_x86.so 0xed6a6436
classes.dex 0x67546bb5
运行截图
VirSCANVirSCAN
VirSCAN