VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :4351.apk (File not down)
File Size :2314558 byte
File Type :Zip archive data
MD5:35df2db59f5ffee8f86cb2fe32671b77
SHA1:cb0bbb948126728163442c0492af63cd40ed9e9e
SHA256:4e6034e350c89c27c89387b90a1d5c483f94814aaec6a8f432cf8af3a46ce06e
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:56%Scanner(s) (18/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2019-06-13 20:35:02 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 AVL SDK 3.0 2019-06-12 Trojan[SMS]/Android.FakeInst 1
    avast 18.4.3895.0 18.4.3895.0 2019-06-13 Found nothing 46
    avg 10.0.1405 10.0.1405 2019-06-13 Found nothing 1
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 2
    baidusd 1.0 1.0 2019-06-12 Found nothing 1
    bitdefender 7.141118 7.141118 2019-06-12 Found nothing 1
    clamav 25477 0.100.2 2019-06-11 Andr.Malware.Agent-1536734 4
    drweb 11.0.10.1810231600 11.0.10.1810231600 2019-06-12 Android.SmsSend.383 10
    emsisoft 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Trojan.FakeInst.DU 2
    fortinet 1.000, 69.160, 69.017, 69.041 5.4.247 2019-06-13 Android/SMSBoxer.AQ!tr 1
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 ANDR/FakeInst.AU 1
    fsecure 2015-08-01-02 9.13 2019-06-13 Found nothing 56
    gdata 25.22349 25.22349 2019-06-13 Android.Trojan.FakeInst.DU 11
    ikarus 5.01.05 V1.32.39.0 2019-06-12 Trojan-SMS.AndroidOS.Boxer 4
    jiangmin 16.0.100 1.0.0.0 2019-06-12 Trojan/AndroidOS.acl 2
    kaspersky 5.5.33 5.5.33 2019-06-12 Found nothing 20
    kingsoft 2.1 2.1 2013-09-22 Found nothing 8
    mcafee 9256 5400.1158 2019-05-13 Found nothing 12
    nod32 9510 4.5.15 2019-06-12 multiple threats 1
    panda 9.05.01 9.05.01 2019-05-29 Found nothing 3
    pcc 13.302.06 9.500-1005 2019-06-12 Android.61AE239C 2
    qh360 1.0.1 1.0.1 2019-06-12 Trojan.Android.Gen 3
    qqphone 2.0.0.0 2.0.0.0 2019-06-12 a.expense.fakeinstall.b 1
    quickheal 14.00 14.00 2019-02-10 Android.FakeInst.D 3
    rising 5151 5151 2019-06-12 Trojan.Android.BoxerSms 3
    sophos 4.62 3.16.1 2016-09-20 Andr/Boxer-D 11
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 1
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-03-30 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2019-06-11 Android.M.zxss 7
    vba 4.0.0 4.0.0 2019-06-12 Trojan-SMS.AndroidOS.FakeInst.a 4
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 4
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SEND_SMS发送短信
  • 文件信息
    安全评分 :
    基本信息
    MD5:35df2db59f5ffee8f86cb2fe32671b77
    包名:com.software.apk
    最低运行环境:Android 2.0
    版权:Reti
    关键行为
    行为描述:修改原系统的EXE文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\BORLNDMM.DLL
    行为描述:获取TickCount值
    详情信息:TickCount = 280031, SleepMilliseconds = 60000.
    TickCount = 280046, SleepMilliseconds = 60000.
    TickCount = 240453, SleepMilliseconds = 20000.
    TickCount = 222968, SleepMilliseconds = 2000.
    TickCount = 222984, SleepMilliseconds = 2000.
    TickCount = 223046, SleepMilliseconds = 2000.
    TickCount = 223156, SleepMilliseconds = 2000.
    TickCount = 223203, SleepMilliseconds = 2000.
    TickCount = 223218, SleepMilliseconds = 2000.
    TickCount = 223234, SleepMilliseconds = 2000.
    TickCount = 223281, SleepMilliseconds = 2000.
    TickCount = 223296, SleepMilliseconds = 2000.
    TickCount = 223312, SleepMilliseconds = 2000.
    TickCount = 223328, SleepMilliseconds = 2000.
    TickCount = 223359, SleepMilliseconds = 2000.
    进程行为
    行为描述:创建进程
    详情信息:[0x00000cb0]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll, CmdLine = "HDD Regenerator.dll"
    [0x00000d74]ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = regsvr32 C:\WINDOWS\Media\ActiveX.ocx /s
    行为描述:创建本地线程
    详情信息:TargetProcess: 硬盘再生器.exe, InheritedFromPID = 2000, ProcessID = 3236, ThreadID = 3308, StartAddress = 77E56C7D, Parameter = 0019A698
    TargetProcess: 硬盘再生器.exe, InheritedFromPID = 2000, ProcessID = 3236, ThreadID = 3312, StartAddress = 769AE43B, Parameter = 0019CFF8
    TargetProcess: 硬盘再生器.exe, InheritedFromPID = 2000, ProcessID = 3236, ThreadID = 3416, StartAddress = 756D3AAF, Parameter = 0019DA54
    TargetProcess: 硬盘再生器.exe, InheritedFromPID = 2000, ProcessID = 3236, ThreadID = 3420, StartAddress = 1B004723, Parameter = 1B120E10
    TargetProcess: 硬盘再生器.exe, InheritedFromPID = 2000, ProcessID = 3236, ThreadID = 3424, StartAddress = 1B004723, Parameter = 1B120E10
    TargetProcess: 硬盘再生器.exe, InheritedFromPID = 2000, ProcessID = 3236, ThreadID = 3428, StartAddress = 1B004723, Parameter = 1B120E10
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\硬盘再生器.exe
    C:\WINDOWS\Media\Desktop.ini:dbase.mdb
    C:\Documents and Settings\Administrator\Local Settings\Temp\JET6831.tmp
    C:\WINDOWS\Media\Desktop.ini:dbase.ldb
    C:\WINDOWS\Media\ActiveX.ocx
    行为描述:修改原系统的EXE文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\BORLNDMM.DLL
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\硬盘再生器.exe
    C:\WINDOWS\Media\ActiveX.ocx
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\219562\*
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\219562\TemporaryFile\*
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\system.mdb
    FileName = C:\WINDOWS\Media\Desktop.ini:dbase.mdb
    FileName = C:\WINDOWS
    FileName = C:\WINDOWS\system32
    FileName = C:\WINDOWS\system32\regsvr32.exe
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\JET6831.tmp
    C:\WINDOWS\Media\Desktop.ini:dbase.ldb
    行为描述:重命名文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\硬盘再生器.exe ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\219562\...\TemporaryFile
    C:\Documents and Settings\Administrator\Local Settings\Temp\219562\... ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\219562\TemporaryFile
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll ---> Offset = 700416
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll ---> Offset = 765952
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\BORLNDMM.DLL ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\BORLNDMM.DLL ---> Offset = 24576
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\CC3280MT.DLL ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\CC3280MT.DLL ---> Offset = 667648
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\硬盘再生器.exe ---> Offset = 0
    C:\WINDOWS\Media\Desktop.ini:dbase.mdb ---> Offset = 0
    C:\WINDOWS\Media\Desktop.ini:dbase.ldb ---> Offset = 0
    C:\WINDOWS\Media\ActiveX.ocx ---> Offset = 0
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.ELM
    行为描述:创建事件对象
    详情信息:EventName = Global\userenv: User Profile setup event
    EventName = MSCTF.SendReceive.Event.ELM.IC
    EventName = MSCTF.SendReceiveConection.Event.ELM.IC
    行为描述:修改后的可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll ---> 36dcb6422e3628e84dfdde4ebb6888b9
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\BORLNDMM.DLL ---> f585e57ef674643e2aefbda6debe2854
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    MSFT.VSA.COM.DISABLE.3236
    MSFT.VSA.IEC.STATUS.6c736db0
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    行为描述:获取TickCount值
    详情信息:TickCount = 280031, SleepMilliseconds = 60000.
    TickCount = 280046, SleepMilliseconds = 60000.
    TickCount = 240453, SleepMilliseconds = 20000.
    TickCount = 222968, SleepMilliseconds = 2000.
    TickCount = 222984, SleepMilliseconds = 2000.
    TickCount = 223046, SleepMilliseconds = 2000.
    TickCount = 223156, SleepMilliseconds = 2000.
    TickCount = 223203, SleepMilliseconds = 2000.
    TickCount = 223218, SleepMilliseconds = 2000.
    TickCount = 223234, SleepMilliseconds = 2000.
    TickCount = 223281, SleepMilliseconds = 2000.
    TickCount = 223296, SleepMilliseconds = 2000.
    TickCount = 223312, SleepMilliseconds = 2000.
    TickCount = 223328, SleepMilliseconds = 2000.
    TickCount = 223359, SleepMilliseconds = 2000.
    行为描述:窗口信息
    详情信息:Pid = 3248, Hwnd=0x10348, Text = HDD Regenerator 2014, ClassName = TMainForm.
    行为描述:修改后的可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\HDD Regenerator.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\BORLNDMM.DLL(签名验证: 未通过)
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\硬盘再生器.exe(签名验证: 未通过)
    C:\WINDOWS\Media\ActiveX.ocx(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 60000.
    [2]: MilliSeconds = 20000.
    [3]: MilliSeconds = 2000.
    [4]: MilliSeconds = 10.
    [5]: MilliSeconds = 10.
    [6]: MilliSeconds = 10.
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\硬盘再生器(HDD Regenerator)V2014汉化绿化版\硬盘再生器.exe ---> 1fef9f9e3ad79430ed692a1b63dfa4b5
    C:\WINDOWS\Media\ActiveX.ocx ---> ee10d290a563ac310dbc41d0a743f5ba
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [,Information]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:加载新释放的文件
    详情信息:Image: C:\WINDOWS\Media\ActiveX.ocx.
    Activities
    活动名类型
    .Mainandroid.intent.action.MAIN
    .Mainandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    SmsManager;->sendTextMessage发送普通短信
    android/app/NotificationManager;->notify信息通知栏
    启动方式
    名称信息
    com.software.apk.Notifier开机启动服务
    权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SEND_SMS发送短信
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xddeafc93
    META-INF/CERT.SF 0x9e64108c
    META-INF/CERT.RSA 0xde3eea3d
    0.temp 0x88a24ad9
    1.temp 0x88a24ad9
    10.temp 0x88a24ad9
    11.temp 0x88a24ad9
    12.temp 0x88a24ad9
    13.temp 0x88a24ad9
    14.temp 0x88a24ad9
    15.temp 0x88a24ad9
    16.temp 0x88a24ad9
    17.temp 0x88a24ad9
    18.temp 0x88a24ad9
    19.temp 0x88a24ad9
    2.temp 0x88a24ad9
    20.temp 0x88a24ad9
    21.temp 0x88a24ad9
    22.temp 0x88a24ad9
    23.temp 0x88a24ad9
    24.temp 0x88a24ad9
    25.temp 0x88a24ad9
    26.temp 0x88a24ad9
    27.temp 0x88a24ad9
    28.temp 0x88a24ad9
    29.temp 0x88a24ad9
    3.temp 0x88a24ad9
    30.temp 0x88a24ad9
    31.temp 0x88a24ad9
    32.temp 0x88a24ad9
    33.temp 0x88a24ad9
    34.temp 0x88a24ad9
    35.temp 0x88a24ad9
    36.temp 0x88a24ad9
    37.temp 0x88a24ad9
    38.temp 0x88a24ad9
    39.temp 0x88a24ad9
    4.temp 0x88a24ad9
    40.temp 0x88a24ad9
    41.temp 0x88a24ad9
    42.temp 0x88a24ad9
    43.temp 0x88a24ad9
    44.temp 0x88a24ad9
    45.temp 0x88a24ad9
    46.temp 0x88a24ad9
    47.temp 0x88a24ad9
    48.temp 0x88a24ad9
    49.temp 0x88a24ad9
    5.temp 0x88a24ad9
    50.temp 0x88a24ad9
    51.temp 0x88a24ad9
    52.temp 0x88a24ad9
    53.temp 0x88a24ad9
    54.temp 0x88a24ad9
    55.temp 0x88a24ad9
    56.temp 0x88a24ad9
    57.temp 0x88a24ad9
    58.temp 0x88a24ad9
    59.temp 0x88a24ad9
    6.temp 0x88a24ad9
    60.temp 0x88a24ad9
    61.temp 0x88a24ad9
    62.temp 0x88a24ad9
    63.temp 0x88a24ad9
    64.temp 0x88a24ad9
    65.temp 0x88a24ad9
    66.temp 0x88a24ad9
    67.temp 0x88a24ad9
    68.temp 0x88a24ad9
    69.temp 0x88a24ad9
    7.temp 0x88a24ad9
    70.temp 0x88a24ad9
    71.temp 0x88a24ad9
    72.temp 0x88a24ad9
    73.temp 0x88a24ad9
    74.temp 0x88a24ad9
    75.temp 0x88a24ad9
    76.temp 0x88a24ad9
    77.temp 0x88a24ad9
    78.temp 0x88a24ad9
    79.temp 0x88a24ad9
    8.temp 0x88a24ad9
    80.temp 0x88a24ad9
    81.temp 0x88a24ad9
    82.temp 0x88a24ad9
    83.temp 0x88a24ad9
    84.temp 0x88a24ad9
    85.temp 0x88a24ad9
    86.temp 0x88a24ad9
    87.temp 0x88a24ad9
    88.temp 0x88a24ad9
    89.temp 0x88a24ad9
    9.temp 0x88a24ad9
    90.temp 0x88a24ad9
    91.temp 0x88a24ad9
    92.temp 0x88a24ad9
    93.temp 0x88a24ad9
    94.temp 0x88a24ad9
    95.temp 0x88a24ad9
    96.temp 0x88a24ad9
    97.temp 0x88a24ad9
    98.temp 0x88a24ad9
    99.temp 0x88a24ad9
    AndroidManifest.xml 0x1f5a337b
    classes.dex 0x61c0413c
    res/ 0x0
    res/raw/ 0x0
    res/raw/act_schemes.cfg 0x65b66be4
    res/xml/ 0x0
    res/xml/countries.xml 0xfbc9c140
    res/xml/texts.xml 0x93e9a30f
    res/layout/ 0x0
    res/layout/offert.xml 0xf8090406
    res/layout/off.xml 0xf8090406
    res/layout/main.xml 0xf8a838f0
    res/layout/grant_access_to_content.xml 0x9a9bb54
    res/menu/ 0x0
    res/menu/main_menu.xml 0x834453fd
    res/drawable-hdpi/ 0x0
    res/drawable-hdpi/icon.png 0xc7b73ba
    res/drawable/ 0x0
    res/drawable/icon_warning.png 0xcb028128
    res/drawable/icon.png 0x99a4f90b
    res/drawable/ic_dialog_info.png 0xab72a09e
    res/drawable-ldpi/ 0x0
    res/drawable-ldpi/icon.png 0xc7b73ba
    res/drawable-mdpi/ 0x0
    res/drawable-mdpi/icon.png 0xc7b73ba
    resources.arsc 0x7962290
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号