VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :4168.apk (File not down)
File Size :831468 byte
File Type :Zip archive data
MD5:c7bc30440e321cbbe612fce2e9cd7274
SHA1:b6e8a2b5238ff2bc92917ffecb3eb22bbd1ca4cc
SHA256:4c7788f7da60b36a7cc4487db433f4307b70e2136efcd639a215d33970140aec
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:53%Scanner(s) (17/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2019-06-05 08:21:18 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 AVL SDK 3.0 2019-06-04 Trojan[Backdoor]/Android.KungFu 1
    avast 18.4.3895.0 18.4.3895.0 2019-06-05 Found nothing 46
    avg 10.0.1405 10.0.1405 2019-06-05 Found nothing 1
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 2
    baidusd 1.0 1.0 2019-06-04 Found nothing 1
    bitdefender 7.141118 7.141118 2019-06-04 Found nothing 1
    clamav 25469 0.100.2 2019-06-03 Andr.Trojan.DroidKungFu-1 1
    drweb 11.0.10.1810231600 11.0.10.1810231600 2019-06-04 Android.KungFu.2 10
    emsisoft 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    fortinet 1.000, 68.991, 68.849, 68.873 5.4.247 2019-06-05 Android/DroidKungFu.AW!tr.bdr 1
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 1
    fsecure 2015-08-01-02 9.13 2019-06-05 Found nothing 56
    gdata 25.22249 25.22249 2019-06-05 Android.Adware.Adwo.A 17
    ikarus 5.01.05 V1.32.39.0 2019-06-04 Trojan.AndroidOS.DroidKungFu 4
    jiangmin 16.0.100 1.0.0.0 2019-06-04 Backdoor/AndroidOS.afe 2
    kaspersky 5.5.33 5.5.33 2019-06-04 Backdoor.AndroidOS.KungFu.cz 20
    kingsoft 2.1 2.1 2013-09-22 Found nothing 8
    mcafee 9256 5400.1158 2019-05-13 Found nothing 12
    nod32 9446 4.5.15 2019-05-31 multiple threats 1
    panda 9.05.01 9.05.01 2019-05-29 Found nothing 5
    pcc 13.302.06 9.500-1005 2019-06-04 ANDROID.DDA41826 2
    qh360 1.0.1 1.0.1 2019-06-04 Trojan.Android.Gen 3
    qqphone 2.0.0.0 2.0.0.0 2019-06-04 a.system.safesys.e 1
    quickheal 14.00 14.00 2019-02-10 Android.Kungfu.L 3
    rising 5113 5113 2019-06-03 System.Fokonge 3
    sophos 4.62 3.16.1 2016-09-20 Andr/KongFu-A 11
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 1
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-03-30 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2019-06-04 Android.M.kuuo 3
    vba 4.0.0 4.0.0 2019-06-04 Backdoor.AndroidOS.KungFu.a 4
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 3
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INSTALL_PACKAGES安装应用
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
  • 文件信息
    安全评分 :
    基本信息
    MD5:c7bc30440e321cbbe612fce2e9cd7274
    包名:com.ps.mine
    最低运行环境:Android 1.5
    版权:Phone
    关键行为
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xa1e2d80e, EDX = 0x0000039e
    EAX = 0xa1e2d85a, EDX = 0x0000039e
    EAX = 0xb6f9424d, EDX = 0x0000039e
    EAX = 0xbee71036, EDX = 0x0000039e
    EAX = 0x2b0a1ff5, EDX = 0x0000039f
    EAX = 0x2b0a2041, EDX = 0x0000039f
    EAX = 0x42d38964, EDX = 0x0000039f
    EAX = 0x5243e7fb, EDX = 0x0000039f
    EAX = 0x5243e847, EDX = 0x0000039f
    行为描述:获取User基本信息
    详情信息:Level = 2.
    文件行为
    行为描述:覆盖已有文件
    详情信息:C:\Users\Administrator\AppData\Roaming\WinRAR\version.dat
    行为描述:修改文件内容
    详情信息:C:\Users\Administrator\AppData\Roaming\WinRAR\version.dat ---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\Users\Administrator\AppData\Roaming\WinRAR\rarreg.*
    FileName = \\?\C:\Users\Administrator\AppData\Roaming\WinRAR\rarreg.*
    FileName = C:\Users\Administrator\AppData\Local\%temp%\rarreg.*
    FileName = \\?\C:\Users\Administrator\AppData\Local\%temp%\rarreg.*
    FileName = C:\Users\Administrator\AppData\Local\%temp%\Themes\winrar_theme_description.txt
    FileName = \\?\C:\Users\Administrator\AppData\Local\%temp%\Themes\winrar_theme_description.txt
    FileName = C:\Users\Administrator\AppData\Local\%temp%\Themes\*
    FileName = \\?\C:\Users\Administrator\AppData\Local\%temp%\Themes\*
    FileName = C:\*
    FileName = C:\Users\ADMINI~1\AppData\Local\Temp\Rar$*
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\WinRAR\General\VerInfo
    \REGISTRY\USER\S-*\Software\WinRAR\General\Toolbar\Layout\Band56_0
    \REGISTRY\USER\S-*\Software\WinRAR\General\Toolbar\Layout\Band56_1
    \REGISTRY\USER\S-*\Software\WinRAR\General\Toolbar\Layout\Band56_2
    其他行为
    行为描述:检测自身是否被调试
    详情信息:IsDebuggerPresent
    行为描述:创建互斥体
    详情信息:WinRAR_Busy
    行为描述:枚举网络共享资源
    详情信息:N/A
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    行为描述:打开互斥体
    详情信息:Local\MSCTF.Asm.MutexDefault1
    DefaultTabtip-MainUI
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [WinRarWindow,]
    NtUserFindWindowEx: [Class,Window] = [RarViewWindow,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    \KernelObjects\MaximumCommitCondition
    Local\MSCTF.CtfActivated.Default1
    Local\MSCTF.AsmCacheReady.Default1
    Global\SvcctrlStartEvent_A3752DX
    Global\TermSrvReadyEvent
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    行为描述:获取User基本信息
    详情信息:Level = 2.
    行为描述:窗口信息
    详情信息:Pid = 4060, Hwnd=0x90180, Text = 本地磁盘 (C:), ClassName = ComboBoxEx32.
    Pid = 4060, Hwnd=0xf0228, Text = 撨"磁盘 (C:), ClassName = ComboBox.
    Pid = 4060, Hwnd=0xe02a6, Text = 本地磁盘 (C:), ClassName = Edit.
    Pid = 4060, Hwnd=0xb01fe, Text = C:\ (评估版本), ClassName = WinRarWindow.
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xa1e2d80e, EDX = 0x0000039e
    EAX = 0xa1e2d85a, EDX = 0x0000039e
    EAX = 0xb6f9424d, EDX = 0x0000039e
    EAX = 0xbee71036, EDX = 0x0000039e
    EAX = 0x2b0a1ff5, EDX = 0x0000039f
    EAX = 0x2b0a2041, EDX = 0x0000039f
    EAX = 0x42d38964, EDX = 0x0000039f
    EAX = 0x5243e7fb, EDX = 0x0000039f
    EAX = 0x5243e847, EDX = 0x0000039f
    Activities
    活动名类型
    .Mainandroid.intent.action.MAIN
    .Mainandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    HttpClient;->execute请求远程服务器
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getSimSerialNumber获取SIM序列号
    TelephonyManager;->getLine1Number获取手机号
    android/app/NotificationManager;->notify信息通知栏
    DefaultHttpClient;->execute发送HTTP请求
    WifiManager;->setWifiEnabled变更WIFI状态
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    LocationManager;->getLastKnownLocation获取地址位置
    启动方式
    名称信息
    com.google.update.Receiver
    com.google.update.Receiver
    com.google.update.Receiver开机启动服务
    广告信息
    名称信息
    com.adwo.adsdk安沃
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INSTALL_PACKAGES安装应用
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    服务列表
    名称
    com.google.update.UpdateService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x822639b5
    META-INF/PS.SF 0xc825bcea
    META-INF/PS.RSA 0xb22c55a8
    res/drawable/i00.png 0x69f6f4b6
    res/drawable/i01.png 0xd9277eb5
    res/drawable/i02.png 0xf0657d14
    res/drawable/i03.png 0xe153ce7
    res/drawable/i04.png 0x4c3de6a0
    res/drawable/i05.png 0x9953e244
    res/drawable/i06.png 0xe6ec1967
    res/drawable/i07.png 0x31faa354
    res/drawable/i08.png 0x96a096ca
    res/drawable/i09.png 0xc61b25ec
    res/drawable/i10.png 0x79a71106
    res/drawable/i11.png 0x35728b48
    res/drawable/i12.png 0xf9f01a95
    res/drawable/i13.png 0xeb829f6e
    res/drawable/i14.png 0x83beaf56
    res/drawable/i_cry.png 0x9493c8ae
    res/drawable/i_flag.png 0xefb963c7
    res/drawable/i_flag_down.png 0x854602e7
    res/drawable/i_happy.png 0x57df6267
    res/drawable/icon.png 0xbda7ea28
    res/layout/main.xml 0x8107f6dd
    res/raw/wish.mp3 0x52f8f11d
    AndroidManifest.xml 0xa46a0cb7
    resources.arsc 0xc97b64bf
    classes.dex 0x13c99075
    assets/db.init 0x92c96d6d
    assets/myicon 0xaaa6e076
    assets/secbino 0xb94f88d5
    assets/starter 0x5fcc6fc6
    assets/adwo_left_arrow.png 0x54827195
    assets/adwo_logo.png 0x220dc9de
    assets/adwo_right_arrow.png 0xb16b8854
    assets/adwo_x.png 0x14e293ba
    assets/t1.png 0x84341ac5
    assets/t10.png 0xe9251ca8
    assets/t12.png 0xc9111b9e
    assets/t13.png 0x523b0a20
    assets/t3.png 0x175c3378
    assets/t8.png 0x7bbc78fa
    assets/t9.png 0x86363427
    lib/armeabi/libnative.so 0xb84e347f
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号