VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :com.ayansoft.androphp-1.2.0.apk (File not down)
File Size :14609882 byte
File Type :application/jar
MD5:b026855f40d03bc6ba2f2aee5bd665f5
SHA1:999e58e996d02d7ab56e6e4374f7338f1ee3ddc7
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-09-19 12:48:15 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 16
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 4
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2017-03-22 Found nothing 7
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23845 0.97.5 2017-09-17 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
    fortinet 1.000, 51.740, 51.597, 51.621 5.4.247 2017-09-19 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14236 25.14236 2017-09-18 Found nothing 27
    ikarus 3.02.09 V1.32.31.0 2017-09-18 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-18 Found nothing 4
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-18 Android.RISKWARE.luomao.cr.(kcloud) 27
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6095 3.0.21 2017-09-17 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-18 Found nothing 6
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-18 Found nothing 8
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 16
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 10
    thehacker 6.8.0.5 6.8.0.5 2017-09-16 Found nothing 8
    tws 17.47.17308 1.0.2.2108 2017-09-18 Found nothing 29
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-18 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_INTERNAL_STORAGE
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
  • 文件信息
    安全评分 :
    基本信息
    MD5:b026855f40d03bc6ba2f2aee5bd665f5
    包名:com.ayansoft.androphp
    最低运行环境:Android 2.2.x
    版权:
    关键行为
    行为描述:直接调用系统关键API
    详情信息:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x006987CC
    Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x006432DC
    Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00669506
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xda0aeec3, EDX = 0x000000b5
    EAX = 0xda0aef0f, EDX = 0x000000b5
    EAX = 0xda0aef5b, EDX = 0x000000b5
    EAX = 0xda0aefa7, EDX = 0x000000b5
    EAX = 0xda0aeff3, EDX = 0x000000b5
    EAX = 0xda0af03f, EDX = 0x000000b5
    EAX = 0xda0af08b, EDX = 0x000000b5
    EAX = 0xda0af0d7, EDX = 0x000000b5
    EAX = 0xda0af123, EDX = 0x000000b5
    EAX = 0xda0af16f, EDX = 0x000000b5
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00010404, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103f0, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103de, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103cc, DC = 0x01010055.
    Foreground window Info: HWND = 0x00010418, DC = 0x01010057.
    Foreground window Info: HWND = 0x00010414, DC = 0x01010777.
    Foreground window Info: HWND = 0x0001040a, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103fc, DC = 0x01010055.
    Foreground window Info: HWND = 0x000103ea, DC = 0x01010777.
    Foreground window Info: HWND = 0x000103e0, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103ce, DC = 0x01010055.
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2676, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 2880, StartAddress = 005F6D79, Parameter = 001C4F48
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 3128, StartAddress = 005F6D79, Parameter = 001F3830
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 3172, StartAddress = 005F6D79, Parameter = 001F3890
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 3228, StartAddress = 005F6D79, Parameter = 001F3890
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 3260, StartAddress = 005F6D79, Parameter = 001F1690
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 3320, StartAddress = 005F6D79, Parameter = 001F3830
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2640, ThreadID = 3356, StartAddress = 005F6D79, Parameter = 001F2EA0
    行为描述:枚举进程
    详情信息:N/A
    网络行为
    行为描述:连接指定站点
    详情信息:WinHttpConnect: ServerName = ji****om, PORT = 80, UserName = , Password = , hSession = 0x02b83100, hConnect = 0x02b83200, Flags = 0x00000000
    WinHttpConnect: ServerName = ji****om, PORT = 80, UserName = , Password = , hSession = 0x02cd3100, hConnect = 0x02cd3200, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02b83100
    WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x02cd3100
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: ji****om, IP: **.133.40.**:80, SOCKET = 0x00000250
    URL: ji****om, IP: **.133.40.**:80, SOCKET = 0x00000254
    URL: ji****om, IP: **.133.40.**:80, SOCKET = 0x0000022c
    URL: ji****om, IP: **.133.40.**:80, SOCKET = 0x00000228
    URL: ji****om, IP: **.133.40.**:80, SOCKET = 0x00000230
    URL: ji****om, IP: **.133.40.**:80, SOCKET = 0x00000248
    行为描述:发送HTTP包
    详情信息:GET /chaxundianshu?user=123456&pass=123456 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: deflate Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ji****om Connection: Keep-Alive
    GET /chaxundianshu?user=123456&pass=123456123456 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: deflate Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ji****om Connection: Keep-Alive
    GET /chaxundianshu?user=123456&pass=123456123456123456 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: deflate Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ji****om Connection: Keep-Alive
    GET /chaxundianshu?user=123456&pass=123456123456123456123456 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: deflate Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ji****om Connection: Keep-Alive
    GET /chaxundianshu?user=123456&pass=123456123456123456123456123456 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: deflate Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ji****om Connection: Keep-Alive
    GET /chaxundianshu?user=123456&pass=123456123456123456123456123456123456 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Accept-Encoding: deflate Accept: */* User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Host: ji****om Connection: Keep-Alive
    行为描述:打开HTTP请求
    详情信息:WinHttpOpenRequest: ji****om:80/chaxundianshu?user=123456&pass=123456, hConnect = 0x02b83200, hRequest = 0x02c10000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ji****om:80/chaxundianshu?user=123456&pass=123456123456, hConnect = 0x02b83200, hRequest = 0x02c10000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ji****om:80/chaxundianshu?user=123456&pass=123456123456123456, hConnect = 0x02b83200, hRequest = 0x02c10000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ji****om:80/chaxundianshu?user=123456&pass=123456123456123456123456, hConnect = 0x02b83200, hRequest = 0x02c10000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ji****om:80/chaxundianshu?user=123456&pass=123456123456123456123456123456, hConnect = 0x02b83200, hRequest = 0x02c10000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: ji****om:80/chaxundianshu?user=123456&pass=123456123456123456123456123456123456, hConnect = 0x02cd3200, hRequest = 0x02d10000, Verb: GET, Referer: , Flags = 0x00000080
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ji****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
    其他行为
    行为描述:直接调用系统关键API
    详情信息:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x006987CC
    Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x006432DC
    Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00669506
    行为描述:创建互斥体
    详情信息:RasPbFile
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.EFK
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = MSCTF.SendReceive.Event.EFK.IC
    EventName = MSCTF.SendReceiveConection.Event.EFK.IC
    行为描述:打开互斥体
    详情信息:RasPbFile
    ShimCacheMutex
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [,]
    NtUserFindWindowEx: [Class,Window] = [msvb_lib_updown,]
    NtUserFindWindowEx: [Class,Window] = [msctls_updown32,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    行为描述:窗口信息
    详情信息:Pid = 2640, Hwnd=0x10428, Text = 查询, ClassName = Button(CheckBox).
    Pid = 2640, Hwnd=0x1041c, Text = 定时操作, ClassName = Button(GroupBox).
    Pid = 2640, Hwnd=0x1041a, Text = 定时, ClassName = Button(CheckBox).
    Pid = 2640, Hwnd=0x10418, Text = 未设置定时工作, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x10416, Text = 2017年9月19日, ClassName = SysDateTimePick32.
    Pid = 2640, Hwnd=0x10414, Text = 时, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x10410, Text = 19, ClassName = Edit.
    Pid = 2640, Hwnd=0x1040c, Text = 59, ClassName = Edit.
    Pid = 2640, Hwnd=0x1040a, Text = 分, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x10406, Text = 58, ClassName = Edit.
    Pid = 2640, Hwnd=0x10404, Text = 秒, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 2640, Hwnd=0x10400, Text = 软件执行, ClassName = Button(GroupBox).
    Pid = 2640, Hwnd=0x10402, Text = 1, ClassName = Edit.
    Pid = 2640, Hwnd=0x103fe, Text = 换IP, ClassName = Button(CheckBox).
    Pid = 2640, Hwnd=0x103fc, Text = 线程延迟:, ClassName = Afx:400000:b:10011:1900015:0.
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00010404, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103f0, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103de, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103cc, DC = 0x01010055.
    Foreground window Info: HWND = 0x00010418, DC = 0x01010057.
    Foreground window Info: HWND = 0x00010414, DC = 0x01010777.
    Foreground window Info: HWND = 0x0001040a, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103fc, DC = 0x01010055.
    Foreground window Info: HWND = 0x000103ea, DC = 0x01010777.
    Foreground window Info: HWND = 0x000103e0, DC = 0x01010057.
    Foreground window Info: HWND = 0x000103ce, DC = 0x01010055.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xda0aeec3, EDX = 0x000000b5
    EAX = 0xda0aef0f, EDX = 0x000000b5
    EAX = 0xda0aef5b, EDX = 0x000000b5
    EAX = 0xda0aefa7, EDX = 0x000000b5
    EAX = 0xda0aeff3, EDX = 0x000000b5
    EAX = 0xda0af03f, EDX = 0x000000b5
    EAX = 0xda0af08b, EDX = 0x000000b5
    EAX = 0xda0af0d7, EDX = 0x000000b5
    EAX = 0xda0af123, EDX = 0x000000b5
    EAX = 0xda0af16f, EDX = 0x000000b5
    Activities
    活动名类型
    .MainActivityandroid.intent.action.MAIN
    .MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    ActivityManager;->killBackgroundProcesses中断进程,可用于关闭杀软
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    ContentResolver;->query读取联系人、短信等数据库
    权限列表
    许可名称信息
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_INTERNAL_STORAGE
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    文件列表
    文件名 校验码
    assets/conf/lighttpd.conf 0xdcb7b6d0
    assets/conf/my.cnf 0x1287dc5c
    assets/conf/php.ini 0xfd4aeab5
    assets/conf/version 0x10bfb658
    assets/files.zip 0x1c0a4645
    res/drawable/black_button.xml 0x18523ddd
    res/drawable/header_bg.xml 0x41890dd0
    res/drawable/logo.png 0x7b0e4665
    res/drawable/off.png 0xce104fe6
    res/drawable/on.png 0xf41831e6
    res/drawable/toggle_bg.xml 0x883001d2
    res/layout/activity_main.xml 0xd8ed00a0
    res/xml/preferences.xml 0x92f266fb
    AndroidManifest.xml 0x657043d7
    resources.arsc 0x19635396
    res/drawable-hdpi/ic_action_search.png 0x64275be8
    res/drawable-hdpi/ic_launcher.png 0xe6ba6740
    res/drawable-ldpi/ic_launcher.png 0x7d8c390d
    res/drawable-mdpi/ic_action_search.png 0xb4091fdc
    res/drawable-mdpi/ic_launcher.png 0xb990dd44
    res/drawable-xhdpi/ic_action_search.png 0x3294aee3
    res/drawable-xhdpi/ic_launcher.png 0xaa7f98eb
    classes.dex 0xaaf85721
    META-INF/MANIFEST.MF 0xa6bf7b62
    META-INF/CERT.SF 0xaf54da76
    META-INF/CERT.RSA 0xa89db2d8
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号