VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :KISS_KMS_v1.0.1.apk (File not down)
File Size :208234 byte
File Type :application/zip
MD5:59c98b494cad643c320a4c9468e4c900
SHA1:013c8932c8e47b78132a938c8c228ee2ba848deb
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-09-09 20:20:49 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14366 10.0.1405 2017-08-23 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 11
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23788 0.97.5 2017-09-07 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 1.000, 51.524, 51.433, 51.290 5.4.247 2017-09-09 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14109 25.14109 2017-09-08 Found nothing 11
    ikarus 1.06.01 V1.32.31.0 2017-09-07 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-08 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-08 Found nothing 6
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6045 3.0.21 2017-09-07 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-08 Found nothing 3
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-07 Found nothing 2
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-09-07 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2017-09-08 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-07 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
  • 文件信息
    安全评分 :
    基本信息
    MD5:59c98b494cad643c320a4c9468e4c900
    包名:android.kmsapp
    最低运行环境:Android 2.3, 2.3.1, 2.3.2
    版权:Myorg
    关键行为
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00400000, ResName: UNPACK, ResType:
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00000000, DC = 0xb001057a.
    Foreground window Info: HWND = 0x00000000, DC = 0xe6010577.
    Foreground window Info: HWND = 0x00000000, DC = 0xd4010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xd7010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xd8010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xd9010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xda010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xdb010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xdc010516.
    行为描述:获取TickCount值
    详情信息:TickCount = 5428204, SleepMilliseconds = 1.
    TickCount = 5428219, SleepMilliseconds = 1.
    TickCount = 5428235, SleepMilliseconds = 1.
    TickCount = 5428251, SleepMilliseconds = 1.
    TickCount = 5428266, SleepMilliseconds = 1.
    TickCount = 5428282, SleepMilliseconds = 1.
    TickCount = 5428297, SleepMilliseconds = 1.
    TickCount = 5428313, SleepMilliseconds = 1.
    TickCount = 5428329, SleepMilliseconds = 1.
    TickCount = 5428344, SleepMilliseconds = 1.
    TickCount = 5428360, SleepMilliseconds = 1.
    TickCount = 5428376, SleepMilliseconds = 1.
    TickCount = 5428391, SleepMilliseconds = 1.
    TickCount = 5428407, SleepMilliseconds = 1.
    TickCount = 5428422, SleepMilliseconds = 1.
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\unpack.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\Resume.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\splash.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\presetup.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\presetup\readme.txt
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\presetup\license.txt
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\lng\Enu.lng
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\db.pdb
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\main.pdb
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\lng\Enu.lng
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\Uninstall.exe
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\unpack.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\Resume.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\Uninstall.exe
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\unpack.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\Resume.exe ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\splash.bmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\splash.bmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\splash.bmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\splash.bmp ---> Offset = 98304
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\splash.bmp ---> Offset = 131072
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\presetup.bmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\presetup.bmp ---> Offset = 27274
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\presetup\readme.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\presetup\license.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll ---> Offset = 683
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll ---> Offset = 33451
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll ---> Offset = 66219
    行为描述:查找文件
    详情信息:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2FU12V9S
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2FU12V9S\2FU12VD0
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2FU12V9S\2FU12VG6
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2FU12V9S\2FU12VJA
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.sss
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\桌面
    FileName = C:\WINDOWS
    FileName = C:\WINDOWS\Fonts
    FileName = C:\Documents and Settings\Administrator\NetHood
    FileName = C:\Documents and Settings\Administrator\「开始」菜单
    FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
    FileName = C:\Documents and Settings\Administrator\Recent
    FileName = C:\Documents and Settings\Administrator\SendTo
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.MFM
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Button]
    [Window,Class] = [WinPcap 3.0 setup,#32770]
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
    CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
    MSCTF.SendReceiveConection.Event.ELH.IC
    MSCTF.SendReceive.Event.ELH.IC
    行为描述:获取TickCount值
    详情信息:TickCount = 5428204, SleepMilliseconds = 1.
    TickCount = 5428219, SleepMilliseconds = 1.
    TickCount = 5428235, SleepMilliseconds = 1.
    TickCount = 5428251, SleepMilliseconds = 1.
    TickCount = 5428266, SleepMilliseconds = 1.
    TickCount = 5428282, SleepMilliseconds = 1.
    TickCount = 5428297, SleepMilliseconds = 1.
    TickCount = 5428313, SleepMilliseconds = 1.
    TickCount = 5428329, SleepMilliseconds = 1.
    TickCount = 5428344, SleepMilliseconds = 1.
    TickCount = 5428360, SleepMilliseconds = 1.
    TickCount = 5428376, SleepMilliseconds = 1.
    TickCount = 5428391, SleepMilliseconds = 1.
    TickCount = 5428407, SleepMilliseconds = 1.
    TickCount = 5428422, SleepMilliseconds = 1.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:窗口信息
    详情信息:Pid = 3160, Hwnd=0x2102bc, Text = "Welcome to the Installation Wizard","This wizard will guide you through the entire WinPcap 3.0 installation.", ClassName = Static.
    Pid = 3160, Hwnd=0xf034a, Text = Ghost Installer Wizard,http://www.ginstall.com, ClassName = GIUrlLink.
    Pid = 3160, Hwnd=0x603c6, Text = < Back, ClassName = Button.
    Pid = 3160, Hwnd=0xc038a, Text = Next >, ClassName = Button.
    Pid = 3160, Hwnd=0x15030c, Text = Cancel, ClassName = Button.
    Pid = 3160, Hwnd=0x403ca, Text = Welcome to the WinPcap 3.0 Setup program. This program will install WinPcap 3.0 on your computer. It is strongly recommended that you exit all Windows programs before running this Setup program. Click Cancel to quit Setup and close any programs you have ru, ClassName = Static.
    Pid = 3160, Hwnd=0x403dc, Text = WinPcap 3.0 setup, ClassName = #32770.
    Pid = 3160, Hwnd=0x220324, Text = WinPcap 3.0 setup, ClassName = STDUIMainWindow.
    Pid = 3160, Hwnd=0x40394, Text = "License Agreement","Please read the following license agreement carefully.", ClassName = Static.
    Pid = 3160, Hwnd=0x503b2, Text = Ghost Installer Wizard,http://www.ginstall.com, ClassName = GIUrlLink.
    Pid = 3160, Hwnd=0x1f02fe, Text = < Back, ClassName = Button.
    Pid = 3160, Hwnd=0xa03ac, Text = Next >, ClassName = Button.
    Pid = 3160, Hwnd=0x100398, Text = Cancel, ClassName = Button.
    Pid = 3160, Hwnd=0x170340, Text = Please closely read the following license agreement. Do you accept all the terms of the following license agreement?, ClassName = Static.
    Pid = 3160, Hwnd=0xf03c8, Text = Copyright (c) 2003 NetGroup, Politecnico di Torino. All rights reserved. Redistribution and use in source and binary forms, w, ClassName = RichEdit20A.
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00400000, ResName: UNPACK, ResType:
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00000000, DC = 0xb001057a.
    Foreground window Info: HWND = 0x00000000, DC = 0xe6010577.
    Foreground window Info: HWND = 0x00000000, DC = 0xd4010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xd7010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xd8010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xd9010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xda010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xdb010516.
    Foreground window Info: HWND = 0x00000000, DC = 0xdc010516.
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\unpack.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\Resume.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\Uninstall.exe(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 100.
    [2]: MilliSeconds = 1.
    [3]: MilliSeconds = 1.
    [4]: MilliSeconds = 1.
    [5]: MilliSeconds = 1.
    [6]: MilliSeconds = 1.
    [7]: MilliSeconds = 1.
    [8]: MilliSeconds = 1.
    [9]: MilliSeconds = 1.
    [10]: MilliSeconds = 1.
    行为描述:创建事件对象
    详情信息:EventName = MSCTF.SendReceive.Event.MFM.IC
    EventName = MSCTF.SendReceiveConection.Event.MFM.IC
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\unpack.dll ---> 28081b50c9ae9199a323a26d83ab17dd
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\Resume.exe ---> 6d4f464b6fa679d864ecf899299079a1
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\plugins\0\StdUI.dll ---> 2f9dddf04288d83a16ba60258dabe0d4
    C:\Documents and Settings\Administrator\Local Settings\Temp\2FU12V9S\996E\Uninstall.exe ---> 2b18a2894f1cf613b7c56a7d125ca3c0
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    行为描述:加载新释放的文件
    详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2FU12V9S\unpack.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\2FU12V9S\996E\plugins\0\StdUI.dll.
    Activities
    活动名类型
    android.KmsApp.MainActivityandroid.intent.action.MAIN
    android.KmsApp.MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    文件列表
    文件名 校验码
    AndroidManifest.xml 0xe2b787e0
    META-INF/CERT.RSA 0x66501acb
    META-INF/CERT.SF 0x9694db
    META-INF/MANIFEST.MF 0xb36d3c5f
    classes.dex 0x5cf9388d
    lib/arm64-v8a/libvlmcsd_pie.so 0x472391ce
    lib/armeabi-v7a/libvlmcsd.so 0x5a7c4aba
    lib/armeabi-v7a/libvlmcsd_pie.so 0x5a7c4aba
    lib/armeabi/libvlmcsd.so 0xa5468385
    res/drawable-hdpi-v4/ic_launcher.png 0x86452ef8
    res/drawable-mdpi-v4/ic_launcher.png 0x27828fd6
    res/drawable-xhdpi-v4/ic_launcher.png 0xcae05efd
    res/drawable-xxhdpi-v4/ic_launcher.png 0x8bedb24e
    res/drawable-xxxhdpi-v4/ic_launcher.png 0x8c5e2dd4
    res/layout-sw384dp-v13/activity_main.xml 0xe9958896
    res/layout/activity_main.xml 0xeba38a5
    resources.arsc 0x16548b15
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号