com.willme.topactivity-10.apk MD5:bff8352f8cce7f9ebe98ef25940dd076 0% Scanner(s) (0/32) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

API

uploader for windows(test)

Powered By

File information

File Name :com.willme.topactivity-10.apk (File not down)

File Size :37757 byte

File Type :application/jar

MD5:bff8352f8cce7f9ebe98ef25940dd076

SHA1:3ab5edc7bcbb12d41739f7b760d82af48924fbaf

扫描结果
权限
文件行为分析

Scanner results

Scanner results:0%Scanner(s) (0/32)found malware!

Behavior analysis report: Habo file analysis

Time: 2016-08-16 20:27:26 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
antiy	AVL SDK 3.0		1970-01-01	Found nothing	5
asquared	9.0.0.4324	9.0.0.4324	2014-07-03	Found nothing	1
avast	150725-1	4.7.4	2015-07-25	Found nothing	60
avg	2109/8133	10.0.1405	2014-11-26	Found nothing	60
baidu	2.0.1.0	4.1.3.52192	2.0.1.0	Found nothing	10
baidusd	1.0	1.0	2014-04-02	Found nothing	1
bitdefender	7.58469	7.90123	2014-12-25	Found nothing	60
clamav	19861	0.97.5	2014-12-31	Found nothing	60
drweb	5.0.2.3300	5.0.1.1	2014-12-31	Found nothing	60
fortinet	23.345, 23.345	5.1.158	2014-12-08	Found nothing	60
fprot	4.6.2.117	6.5.1.5418	2014-12-31	Found nothing	60
fsecure	2014-04-02-01	9.13	2014-04-02	Found nothing	60
gdata	25.7888	25.7888	2016-08-14	Found nothing	10
ikarus	1.06.01	V1.32.31.0	2014-12-08	Found nothing	60
jiangmin	16.0.100	1.0.0.0	2015-07-25	Found nothing	56
kaspersky	5.5.33	5.5.33	2014-04-01	Found nothing	60
kingsoft	2.1	2.1	2013-09-22	Found nothing	6
mcafee	7638	5400.1158	2014-11-30	Found nothing	60
nod32	0920	3.0.21	2014-12-23	Found nothing	60
panda	9.05.01	9.05.01	2015-07-26	Found nothing	5
pcc	11.380.07	9.500-1005	2014-12-31	Found nothing	60
qh360	1.0.1	1.0.1	1.0.1	Found nothing	3
qqphone	1.0.0.0	1.0.0.0	2014-12-09	Found nothing	60
quickheal	14.00	14.00	2015-07-25	Found nothing	2
rising	25.76.04.01	25.76.04.01	2015-07-24	Found nothing	1
sophos	5.08	3.55.0	2014-12-01	Found nothing	60
symantec	20141230.001	1.3.0.24	2014-12-30	Found nothing	60
tachyon	9.9.9	9.9.9	2013-12-27	Found nothing	3
thehacker	6.8.0.5	6.8.0.5	2015-07-23	Found nothing	1
tws	17.47.17308	1.0.2.2108	2014-12-08	Found nothing	12
vba	3.12.26.3	3.12.26.3	2014-12-31	Found nothing	60
virusbuster	15.0.985.0	5.5.2.13	2014-12-05	Found nothing	60

■Heuristic/Suspicious ■Exact

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

权限列表
许可名称	信息
android.permission.GET_TASKS	获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW	显示系统窗口

文件信息

安全评分 :

基本信息
MD5:bff8352f8cce7f9ebe98ef25940dd076
包名:com.willme.topactivity
最低运行环境:Android 2.2.x
版权:

关键行为
行为描述:	屏蔽窗口关闭消息
详情信息:	hWnd = 0x000d035e, Text = U盘杀毒专家, ClassName = TMainForm.
行为描述:	检测自身是否被调试
详情信息:	N/A

进程行为
行为描述:	创建本地线程
详情信息:	TargetProcess: USBKiller.exe, InheritedFromPID = 1944, ProcessID = 3808, ThreadID = 3828, StartAddress = 77DC845A, Parameter = 00000000

文件行为
行为描述:	创建文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.mdb
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.ndb
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.mfp
行为描述:	修改文件内容
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 16
	C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 32
	C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 48
	C:\Documents and Settings\Administrator\Local Settings\Temp\KERNEL.DLL ---> Offset = 64
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 16
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 32
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 48
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\DEF.hdb ---> Offset = 64
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 0
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 16
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 32
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 48
	C:\Documents and Settings\Administrator\Local Settings\Temp\SDB24AX\TOL.hdb ---> Offset = 64
行为描述:	查找文件
详情信息:	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\Lang\CHINESE_SIMPLIFIED.ini
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\KERNEL.DLL
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\DEF001.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\DEF002.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL001.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL002.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL003.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL004.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL005.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL006.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL007.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL008.BIN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\TOL009.BIN
	FileName = C:\Documents and Settings
	FileName = C:\Documents and Settings\All Users

注册表行为
行为描述:	修改注册表
详情信息:	\REGISTRY\USER\S-*\Software\SystemSafe\MainPath
	\REGISTRY\USER\S-*\Software\SystemSafe\Handle
	\REGISTRY\MACHINE\SOFTWARE\SystemSafe\MainPath
	\REGISTRY\MACHINE\SOFTWARE\SystemSafe\Handle

其他行为
行为描述:	检测自身是否被调试
详情信息:	N/A
行为描述:	创建互斥体
详情信息:	CTF.LBES.MutexDefaultS-*
	CTF.Compart.MutexDefaultS-*
	CTF.Asm.MutexDefaultS-*
	CTF.Layouts.MutexDefaultS-*
	CTF.TMD.MutexDefaultS-*
	CTF.TimListCache.FMPDefaultS-MUTEX.DefaultS-
	MutexNPA_UnitVersioning_3808
	SystemSafer
	MSCTF.Shared.MUTEX.ELH
	MSCTF.Shared.MUTEX.EOO
行为描述:	隐藏指定窗口
详情信息:	[Window,Class] = [,TWScrollbar]
	[Window,Class] = [,ComboLBox]
	[Window,Class] = [U盘杀毒专家,TMainForm]
行为描述:	窗口信息
详情信息:	Pid = 3808, Hwnd=0x10408, Text = 网络设置, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0x603a4, Text = 进程管理, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0x4038c, Text = 报告病毒, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0x100354, Text = 关于, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0x1702b6, Text = U盘工具, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0x160324, Text = 修复系统, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0xc03a8, Text = 扫描病毒, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0x1302b8, Text = 免疫U盘病毒, ClassName = TActiveRadioButton.
	Pid = 3808, Hwnd=0x10404, Text = ToolBar1, ClassName = TToolBar.
	Pid = 3808, Hwnd=0x10034c, Text = 手动扫描, ClassName = TTabSheet.
	Pid = 3808, Hwnd=0x7038e, Text = 开始扫描, ClassName = TButton.
	Pid = 3808, Hwnd=0x110342, Text = 移动存储, ClassName = TCheckBox.
	Pid = 3808, Hwnd=0xb0398, Text = 本地硬盘, ClassName = TCheckBox.
	Pid = 3808, Hwnd=0xe039e, Text = 内存, ClassName = TCheckBox.
	Pid = 3808, Hwnd=0x103ea, Text = 关于, ClassName = TTabSheet.
行为描述:	查找指定窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
	NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
	NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:	打开事件
详情信息:	HookSwitchHookEnabledEvent
	_fCanRegisterWithShellService
	CTF.ThreadMIConnectionEvent.000007B4.00000000.00000040
	CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
	MSCTF.SendReceiveConection.Event.ELH.IC
	MSCTF.SendReceive.Event.ELH.IC
行为描述:	调整进程token权限
详情信息:	SE_LOAD_DRIVER_PRIVILEGE
行为描述:	屏蔽窗口关闭消息
详情信息:	hWnd = 0x000d035e, Text = U盘杀毒专家, ClassName = TMainForm.
行为描述:	枚举窗口
详情信息:	N/A
行为描述:	创建事件对象
详情信息:	EventName = MSCTF.SendReceive.Event.EOO.IC
	EventName = MSCTF.SendReceiveConection.Event.EOO.IC
行为描述:	打开互斥体
详情信息:	ShimCacheMutex

Activities
活动名	类型
com.willme.topactivity.MainActivity	android.intent.action.MAIN
com.willme.topactivity.MainActivity	android.intent.category.LAUNCHER

危险函数
函数名称	信息
android/app/NotificationManager;->notify	信息通知栏

启动方式
名称	信息
com.willme.topactivity.NotificationActionReceiver

权限列表
许可名称	信息
android.permission.GET_TASKS	获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW	显示系统窗口

服务列表
名称
com.willme.topactivity.WatchingService
com.willme.topactivity.WatchingAccessibilityService
com.willme.topactivity.QuickSettingTileService

文件列表
文件名	校验码
AndroidManifest.xml	0x223a5f1a
res/drawable-hdpi-v4/ic_launcher.png	0xb67ec1e1
res/drawable-mdpi-v4/ic_launcher.png	0x4de3902d
res/drawable-xhdpi-v4/ic_launcher.png	0xb7a05f14
res/drawable-xhdpi-v4/ic_noti_action_pause.png	0x8781b07e
res/drawable-xhdpi-v4/ic_noti_action_resume.png	0x41ac4f9c
res/drawable-xhdpi-v4/ic_noti_action_stop.png	0xab844c58
res/drawable-xhdpi-v4/ic_notification.png	0x37a17622
res/drawable-xxhdpi-v4/ic_launcher.png	0x19416cec
res/layout-v14/activity_main.xml	0x6462d35d
res/layout/activity_main.xml	0x12727160
res/layout/window_tasks.xml	0x8a6b7582
res/xml-v14/accessibility.xml	0x99255b7
resources.arsc	0x1b05eb75
classes.dex	0x524f6067
META-INF/MANIFEST.MF	0xe879856f
META-INF/CERT.SF	0xe2f1abb9
META-INF/CERT.RSA	0x520849b4

运行截图