VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : 1.apk (File not down)
File Size :4498686 byte
File Type :application/zip
MD5:36fd99aca943b76eed7b865e4204b04e
SHA1:85d93e0495273fe0e2fd427733b97ee165d311f5
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:6%Scanner(s) (2/32)found malware!        Behavior
    Time: 2017-08-25 19:12:44 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14366 10.0.1405 2017-08-23 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23696 0.97.5 2017-08-22 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 1.000, 51.150, 51.106, 51.128 5.4.247 2017-08-24 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.13965 25.13965 2017-08-25 Android.Riskware.SMSReg.MW 11
    ikarus 1.06.01 V1.32.31.0 2017-08-24 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-08-24 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-08-24 Found nothing 60
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 5964 3.0.21 2017-08-23 Found nothing 60
    panda 9.05.01 9.05.01 2017-08-24 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-08-24 Android.Agent.RZ 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-08-20 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-08-24 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-08-24 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SEND_SMS发送短信
    android.permission.CALL_PHONE拨打电话
  • 文件信息
    安全评分 :
    基本信息
    MD5:36fd99aca943b76eed7b865e4204b04e
    包名:com.admick.cla
    最低运行环境:Android 2.2.x
    版权:Android
    关键行为
    行为描述:跨进程写入数据
    详情信息:TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\hust.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000d40
    TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\hust.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000d40
    TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\hust.exe, WriteAddress = 0x7ffd5238, Size = 0x00000004 TargetPID = 0x00000d40
    TargetProcess = C:\Windows\System32\wscript.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000de4
    TargetProcess = C:\Windows\System32\wscript.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000de4
    TargetProcess = C:\Windows\System32\wscript.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000de4
    行为描述:查询注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\DisplayName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\UninstallString
    行为描述:获取TickCount值
    详情信息:TickCount = 202531, SleepMilliseconds = 60000.
    TickCount = 202546, SleepMilliseconds = 60000.
    TickCount = 202562, SleepMilliseconds = 60000.
    TickCount = 202578, SleepMilliseconds = 60000.
    TickCount = 202593, SleepMilliseconds = 60000.
    TickCount = 202625, SleepMilliseconds = 60000.
    TickCount = 202640, SleepMilliseconds = 60000.
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x2275705c, EDX = 0x00000075
    EAX = 0x2d163d75, EDX = 0x00000075
    EAX = 0x2f9e0cfe, EDX = 0x00000075
    EAX = 0x98ce1091, EDX = 0x00000075
    EAX = 0x9b81100d, EDX = 0x00000075
    EAX = 0x9b811059, EDX = 0x00000075
    EAX = 0x9b8110a5, EDX = 0x00000075
    EAX = 0x9b8110f1, EDX = 0x00000075
    EAX = 0x9b81113d, EDX = 0x00000075
    EAX = 0x9b811189, EDX = 0x00000075
    EAX = 0x2c7635b8, EDX = 0x00000077
    行为描述:设置启动项
    详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_142406
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hust.vbs
    进程行为
    行为描述:跨进程写入数据
    详情信息:TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\hust.exe, WriteAddress = 0x00050000, Size = 0x00000020 TargetPID = 0x00000d40
    TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\hust.exe, WriteAddress = 0x00050020, Size = 0x00000034 TargetPID = 0x00000d40
    TargetProcess = C:\Users\Administrator\AppData\Local\%temp%\hust.exe, WriteAddress = 0x7ffd5238, Size = 0x00000004 TargetPID = 0x00000d40
    TargetProcess = C:\Windows\System32\wscript.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000de4
    TargetProcess = C:\Windows\System32\wscript.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000de4
    TargetProcess = C:\Windows\System32\wscript.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000de4
    行为描述:创建新文件进程
    详情信息:[0x00000d40]ImagePath = C:\Users\Administrator\AppData\Local\%temp%\hust.exe, CmdLine = "C:\Users\Administrator\AppData\Local\%temp%\hust.exe"
    行为描述:创建进程
    详情信息:[0x00000de4]ImagePath = C:\Windows\System32\wscript.exe, CmdLine = "C:\Windows\System32\WScript.exe" "C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hust.vbs"
    文件行为
    行为描述:创建文件
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\__tmp_rar_sfx_access_check_140468
    C:\Users\Administrator\AppData\Local\%temp%\hust.exe
    C:\Users\Administrator\AppData\Local\%temp%\2121.jpg
    C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb
    行为描述:创建可执行文件
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\hust.exe
    行为描述:修改脚本文件
    详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hust.vbs ---> Offset = 0
    行为描述:覆盖已有文件
    详情信息:C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
    C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
    C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
    C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf
    C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf
    C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
    C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
    行为描述:查找文件
    详情信息:FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
    FileName = C:\Users
    FileName = C:\Users\Administrator\AppData
    FileName = C:\Users\Administrator\AppData\Local
    FileName = C:\Users\Administrator\AppData\Local\Temp
    FileName = C:\Users\Administrator\AppData\Local\%temp%
    FileName = C:\Users\Administrator\AppData\Local\%temp%\hust.exe
    FileName = C:\Users\Administrator\AppData\Local\%temp%\*.*
    FileName = C:\Program Files\Windows Photo Viewer\*.*
    FileName = C:\Users\Administrator\AppData\Roaming
    FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
    FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hust.vbs
    FileName = C:\Windows
    行为描述:设置启动项
    详情信息:C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_142406
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hust.vbs
    行为描述:删除文件
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\__tmp_rar_sfx_access_check_140468
    C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_142406
    C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb
    C:\Windows\SoftwareDistribution\Download\49cea37ed490e5126ec9450fc2dd5116\cbshandler\state
    C:\Windows\SoftwareDistribution\Download\49cea37ed490e5126ec9450fc2dd5116\Windows6.1-KB2999226-x86.cab
    行为描述:修改文件内容
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\hust.exe ---> Offset = 0
    C:\Users\Administrator\AppData\Local\%temp%\hust.exe ---> Offset = 65536
    C:\Users\Administrator\AppData\Local\%temp%\hust.exe ---> Offset = 131072
    C:\Users\Administrator\AppData\Local\%temp%\hust.exe ---> Offset = 196608
    C:\Users\Administrator\AppData\Local\%temp%\hust.exe ---> Offset = 231424
    C:\Users\Administrator\AppData\Local\%temp%\2121.jpg ---> Offset = 0
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19078
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 19082
    C:\Windows\AppCompat\Programs\RecentFileCache.bcf ---> Offset = 16
    C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf ---> Offset = 0
    C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf ---> Offset = 0
    C:\Windows\WindowsUpdate.log ---> Offset = 90112
    C:\Windows\WindowsUpdate.log ---> Offset = 90206
    C:\Windows\WindowsUpdate.log ---> Offset = 90326
    C:\Windows\WindowsUpdate.log ---> Offset = 90410
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FFE2A43C-56B9-4BF5-9A79-CC6D4285608A} {00000122-0000-0000-C000-000000000046} 0xFFFF
    \REGISTRY\USER\S-*\Software\Microsoft\Direct3D\MostRecentApplication\Name
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\NextSqmReportTime
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIdValidation
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS\UpdateCount
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AccountDomainSid
    行为描述:查询注册表_检测虚拟机相关
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\DisplayName
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\UninstallString
    其他行为
    行为描述:检测自身是否被调试
    详情信息:IsDebuggerPresent
    行为描述:创建互斥体
    详情信息:Local\ZonesCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    Global\WindowsUpdateTracingMutex
    Global\Instance0: ESENT Performance Data Schema Version 85
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [&Обзор...,Button]
    [Window,Class] = [C:\Users\Administrator\AppData\Local\%temp%,ComboBox]
    [Window,Class] = [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup,ComboBox]
    行为描述:打开互斥体
    详情信息:DefaultTabtip-MainUI
    Local\MSCTF.Asm.MutexDefault1
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [EDIT,]
    行为描述:打开照片查看器
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\2121.jpg
    行为描述:获取TickCount值
    详情信息:TickCount = 202531, SleepMilliseconds = 60000.
    TickCount = 202546, SleepMilliseconds = 60000.
    TickCount = 202562, SleepMilliseconds = 60000.
    TickCount = 202578, SleepMilliseconds = 60000.
    TickCount = 202593, SleepMilliseconds = 60000.
    TickCount = 202625, SleepMilliseconds = 60000.
    TickCount = 202640, SleepMilliseconds = 60000.
    行为描述:调整进程token权限
    详情信息:SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
    SE_MANAGE_VOLUME_PRIVILEGE
    SE_AUDIT_PRIVILEGE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    \KernelObjects\MaximumCommitCondition
    Local\MSCTF.CtfActivated.Default1
    Local\MSCTF.AsmCacheReady.Default1
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    MSFT.VSA.COM.DISABLE.2828
    MSFT.VSA.IEC.STATUS.6c736db0
    MSFT.VSA.COM.DISABLE.3556
    Global\SvcctrlStartEvent_A3752DX
    行为描述:可执行文件签名信息
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\hust.exe(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 60000.
    行为描述:可执行文件MD5
    详情信息:C:\Users\Administrator\AppData\Local\%temp%\hust.exe ---> 7cc718c0360078349d39237bfd69542e
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x2275705c, EDX = 0x00000075
    EAX = 0x2d163d75, EDX = 0x00000075
    EAX = 0x2f9e0cfe, EDX = 0x00000075
    EAX = 0x98ce1091, EDX = 0x00000075
    EAX = 0x9b81100d, EDX = 0x00000075
    EAX = 0x9b811059, EDX = 0x00000075
    EAX = 0x9b8110a5, EDX = 0x00000075
    EAX = 0x9b8110f1, EDX = 0x00000075
    EAX = 0x9b81113d, EDX = 0x00000075
    EAX = 0x9b811189, EDX = 0x00000075
    EAX = 0x2c7635b8, EDX = 0x00000077
    行为描述:加载新释放的文件
    详情信息:Image: C:\Users\Administrator\AppData\Local\%temp%\hust.exe.
    Activities
    活动名类型
    com.yougaile.iapp.logoActivityandroid.intent.action.MAIN
    com.yougaile.iapp.logoActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    SmsManager;->sendTextMessage发送普通短信
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getLine1Number获取手机号
    ActivityManager;->killBackgroundProcesses中断进程,可用于关闭杀软
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    java/net/URL;->openConnection连接URL
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    android/app/NotificationManager;->notify信息通知栏
    WifiManager;->setWifiEnabled变更WIFI状态
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SEND_SMS发送短信
    android.permission.CALL_PHONE拨打电话
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xc149619
    META-INF/CERT.SF 0x453155a1
    META-INF/CERT.RSA 0x9db2960
    AndroidManifest.xml 0x154be1b7
    assets/.i.i 0x6b82f212
    assets/001.iyu 0xd450c082
    assets/002.iyu 0x1b46e624
    assets/003.iyu 0xf35c4269
    assets/05.iyu 0xb092329e
    assets/06.iyu 0x5131190d
    assets/07.iyu 0x386c7352
    assets/08.iyu 0x37fdae7b
    assets/09.iyu 0xa1523393
    assets/1.iyu 0x14b2c85e
    assets/10.iyu 0x10715264
    assets/11.iyu 0xce03e76c
    assets/18.iyu 0x4cec3d9e
    assets/Userimg/2017080315104314489.jpg 0x4e79c36e
    assets/Userimg/2017080315175523408.jpg 0xf80c3e1e
    assets/Userimg/2017080315273129696.jpg 0x5f78074b
    assets/Userimg/2017080612135417998.png 0x8121251e
    assets/Userimg/2017081718134581916.png 0x777b44a9
    assets/Userimg/2017081810550359676.png 0x8babeea9
    assets/Userimg/2017081811120288639.png 0x56728de1
    assets/Userimg/2017081811130384639.png 0x1b948a59
    assets/Userimg/2017081812214199301.png 0x41385c45
    assets/Userimg/2017081812504311349.png 0x27ff0a4a
    assets/Userimg/2017081812554425189.png 0x4b283abf
    assets/fps_images.png 0x112b3776
    assets/mian$.iyu 0x48223bb4
    assets/mian.iyu 0x2541cb4a
    assets/mian1.iyu 0xc73b630a
    assets/mian2.iyu 0x8380eb50
    classes.dex 0x4d6d31d0
    keys/keystore.ks 0x3d7ea71f
    keys/media.pk8 0xb2ff8b4b
    keys/media.sbt 0x787af273
    keys/media.x509.pem 0xb2b93fdc
    keys/platform.pk8 0x7d91e3b8
    keys/platform.sbt 0x78fc5c38
    keys/platform.x509.pem 0xe2b43571
    keys/shared.pk8 0x44b55be
    keys/shared.sbt 0xcb0d9b76
    keys/shared.x509.pem 0x52234887
    keys/testkey.pk8 0x5c6d8836
    keys/testkey.sbt 0x197cd57f
    keys/testkey.x509.pem 0xc3fc0954
    lib/armeabi/libgdx.so 0x39a6b20c
    lib/x86/libgdx.so 0x7ec621b5
    res/drawable-hdpi/ic_arrow_left.png 0xede5ec62
    res/drawable-hdpi/icon.png 0x91ac34e6
    res/drawable-hdpi/notice_down_icon.png 0x13e56a9c
    res/drawable/hy_xml_ui_user_it32.xml 0x21d7e958
    res/drawable/hy_xml_ui_user_it52.xml 0xb8c8613b
    res/drawable/hy_xml_ui_user_itt.xml 0xfe94a4fa
    res/drawable/hy_xml_ui_user_itt2.xml 0x4e1a3cf8
    res/drawable/hy_xml_ui_user_t.xml 0xabcb17fa
    res/drawable/list_itemshighlighted_translucent.xml 0xaeb7b32c
    res/layout/activity_main.xml 0x3600e315
    res/layout/activity_webview.xml 0xde99f8a3
    resources.arsc 0xfc96e89e
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号