MemoryCleaner_4.apk MD5:5cd3ba37332dded79b4901663f4822f6 0% Scanner(s) (0/32) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

API

uploader for windows(test)

Powered By

File information

File Name :MemoryCleaner_4.apk (File not down)

File Size :540731 byte

File Type :Zip archive data

MD5:5cd3ba37332dded79b4901663f4822f6

SHA1:408332475e6ffd74770a4dbca878f115549efab5

SHA256:0af3a2f76f435e2afce5787dddb6d38f8ffb3a0782a40f82852513d59841a44f

SSDEEP:12288:mLA8GxurKcacvQfXw3g8GYbKheUnojP7b1SHigK5JTr5w:QRGsGcaOQI3pZjUnm7b1SHigKfn5w

扫描结果
权限
文件行为分析

Scanner results

Scanner results:0%Scanner(s) (0/32)found malware!

Behavior analysis report: Habo file analysis

Time: 2016-12-23 15:18:54 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
antiy	AVL SDK 2.0		1970-01-01	Found nothing	5
asquared	9.0.0.4799	9.0.0.4799	2015-03-08	Found nothing	1
avast	161221-0	4.7.4	2016-12-21	Found nothing	60
avg	2109/13100	10.0.1405	2016-12-16	Found nothing	60
baidu	2.0.1.0	4.1.3.52192	2.0.1.0	Found nothing	12
baidusd	1.0	1.0	2014-04-02	Found nothing	1
bitdefender	7.58879	7.90123	2015-01-16	Found nothing	60
clamav	22739	0.97.5	2016-12-19	Found nothing	60
drweb	5.0.2.3300	5.0.1.1	2016-12-09	Found nothing	60
fortinet	41.603, 41.603, 41.603	5.4.233	2016-12-23	Found nothing	60
fprot	4.6.2.117	6.5.1.5418	2016-02-05	Found nothing	60
fsecure	2015-08-01-02	9.13	2015-08-01	Found nothing	60
gdata	25.9689	25.9689	2016-12-23	Found nothing	10
ikarus	1.06.01	V1.32.31.0	2016-11-28	Found nothing	60
jiangmin	16.0.100	1.0.0.0	2016-12-19	Found nothing	39
kaspersky	5.5.33	5.5.33	2014-04-01	Found nothing	60
kingsoft	2.1	2.1	2013-09-22	Found nothing	60
mcafee	8254	5400.1158	2016-08-11	Found nothing	60
nod32	1777	3.0.21	2015-06-12	Found nothing	60
panda	9.05.01	9.05.01	2016-12-21	Found nothing	4
pcc	13.110.07	9.500-1005	2016-12-22	Found nothing	60
qh360	1.0.1	1.0.1	1.0.1	Found nothing	3
qqphone	1.0.0.0	1.0.0.0	2015-12-30	Found nothing	60
quickheal	14.00	14.00	2016-12-22	Found nothing	2
rising	26.28.00.01	26.28.00.01	2016-07-18	Found nothing	1
sophos	5.32	3.65.2	2016-10-10	Found nothing	60
symantec	20151230.005	1.3.0.24	2015-12-30	Found nothing	60
tachyon	9.9.9	9.9.9	2013-12-27	Found nothing	4
thehacker	6.8.0.5	6.8.0.5	2016-12-19	Found nothing	1
tws	17.47.17308	1.0.2.2108	2016-12-22	Found nothing	13
vba	3.12.29.3 beta	3.12.29.3 beta	2016-12-15	Found nothing	60
virusbuster	15.0.985.0	5.5.2.13	2014-12-05	Found nothing	60

■Heuristic/Suspicious ■Exact

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

权限列表
许可名称	信息
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.WAKE_LOCK	手机屏幕关闭后后台进程仍运行

文件信息

安全评分 :

基本信息
MD5:5cd3ba37332dded79b4901663f4822f6
包名:com.drpe26.MemoryCleaner
最低运行环境:Android 2.1.x
版权:Android

关键行为
行为描述:	探测 Virtual PC是否存在
详情信息:	N/A
行为描述:	查询注册表_检测虚拟机相关
详情信息:	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
行为描述:	尝试打开调试器或监控软件的驱动设备对象
详情信息:	\??\SICE
	\??\SIWVID
	\??\NTICE
行为描述:	获取TickCount值
详情信息:	TickCount = 5358721, SleepMilliseconds = 50.
	TickCount = 5359534, SleepMilliseconds = 50.
	TickCount = 5359596, SleepMilliseconds = 50.
	TickCount = 5360378, SleepMilliseconds = 50.
	TickCount = 5360862, SleepMilliseconds = 50.
	TickCount = 5361612, SleepMilliseconds = 50.
	TickCount = 5361628, SleepMilliseconds = 50.
	TickCount = 5361643, SleepMilliseconds = 50.
	TickCount = 5361659, SleepMilliseconds = 50.
	TickCount = 5361675, SleepMilliseconds = 50.
	TickCount = 5361690, SleepMilliseconds = 50.
	TickCount = 5361706, SleepMilliseconds = 50.
	TickCount = 5361721, SleepMilliseconds = 50.
	TickCount = 5361737, SleepMilliseconds = 50.
	TickCount = 5361753, SleepMilliseconds = 50.
行为描述:	直接获取CPU时钟
详情信息:	N/A
行为描述:	查找指定内核模块
详情信息:	lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述:	查找反病毒常用工具窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
	NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
	NtUserFindWindowEx: [Class,Window] = [pediy06,]

进程行为
行为描述:	创建本地线程
详情信息:	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1856, StartAddress = 00DD1D8B, Parameter = 00F67B78
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1140, StartAddress = 00DD1D8B, Parameter = 00F6864C
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1872, StartAddress = 00DD1D8B, Parameter = 00F69751
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 744, StartAddress = 00DD1D8B, Parameter = 00F6A254
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 2044, StartAddress = 00DD1D8B, Parameter = 00F6ACDE
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 160, StartAddress = 00DD1D8B, Parameter = 00F6B694
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1172, StartAddress = 00DD1D8B, Parameter = 00F6C18F
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 280, StartAddress = 00DD1D8B, Parameter = 00F6CC6A
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1388, StartAddress = 00DD1D8B, Parameter = 00F70A4D
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1808, StartAddress = 00DD1D8B, Parameter = 00F71A18
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 764, StartAddress = 00DD1D8B, Parameter = 00F729CB
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 300, StartAddress = 00DD1D8B, Parameter = 00F73A86
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 156, StartAddress = 00DD1D8B, Parameter = 00F74AB6
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1044, StartAddress = 00DD1D8B, Parameter = 00F75C06
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1372, ThreadID = 1128, StartAddress = 00DD1D8B, Parameter = 00F76E0D
行为描述:	枚举进程
详情信息:	N/A

文件行为
行为描述:	覆盖已有文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行为描述:	修改文件内容
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ---> Offset = 0
行为描述:	查找文件
详情信息:	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe

注册表行为
行为描述:	查询注册表_检测虚拟机相关
详情信息:	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

其他行为
行为描述:	探测 Virtual PC是否存在
详情信息:	N/A
行为描述:	创建互斥体
详情信息:	CTF.LBES.MutexDefaultS-*
	CTF.Compart.MutexDefaultS-*
	CTF.Asm.MutexDefaultS-*
	CTF.Layouts.MutexDefaultS-*
	CTF.TMD.MutexDefaultS-*
	CTF.TimListCache.FMPDefaultS-MUTEX.DefaultS-
	ini_read_write
	MSCTF.Shared.MUTEX.ELH
行为描述:	创建事件对象
详情信息:	EventName = DINPUTWINMM
行为描述:	打开互斥体
详情信息:	DBWinMutex
	ShimCacheMutex
行为描述:	查找指定窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:	尝试打开调试器或监控软件的驱动设备对象
详情信息:	\??\SICE
	\??\SIWVID
	\??\NTICE
行为描述:	搜索kernel32.dll基地址
详情信息:	Instruction Address = 0x00dd2a73
行为描述:	调整进程token权限
详情信息:	SE_DEBUG_PRIVILEGE
行为描述:	打开事件
详情信息:	HookSwitchHookEnabledEvent
	CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042
	CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042
	MSCTF.SendReceiveConection.Event.ELH.IC
	MSCTF.SendReceive.Event.ELH.IC
	CTF.ThreadMIConnectionEvent.000007B4.00000000.00000043
	CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000043
行为描述:	隐藏指定窗口
详情信息:	[Window,Class] = [,WindowEx]
	[Window,Class] = [,EditboxEx]
	[Window,Class] = [,ButtonEx]
	[Window,Class] = [,ChoiceboxEx]
行为描述:	获取光标位置
详情信息:	CursorPos = (71,18468), SleepMilliseconds = 50.
	CursorPos = (6364,26501), SleepMilliseconds = 50.
行为描述:	获取TickCount值
详情信息:	TickCount = 5358721, SleepMilliseconds = 50.
	TickCount = 5359534, SleepMilliseconds = 50.
	TickCount = 5359596, SleepMilliseconds = 50.
	TickCount = 5360378, SleepMilliseconds = 50.
	TickCount = 5360862, SleepMilliseconds = 50.
	TickCount = 5361612, SleepMilliseconds = 50.
	TickCount = 5361628, SleepMilliseconds = 50.
	TickCount = 5361643, SleepMilliseconds = 50.
	TickCount = 5361659, SleepMilliseconds = 50.
	TickCount = 5361675, SleepMilliseconds = 50.
	TickCount = 5361690, SleepMilliseconds = 50.
	TickCount = 5361706, SleepMilliseconds = 50.
	TickCount = 5361721, SleepMilliseconds = 50.
	TickCount = 5361737, SleepMilliseconds = 50.
	TickCount = 5361753, SleepMilliseconds = 50.
行为描述:	直接获取CPU时钟
详情信息:	N/A
行为描述:	查找指定内核模块
详情信息:	lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
	lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述:	查找反病毒常用工具窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
	NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
	NtUserFindWindowEx: [Class,Window] = [pediy06,]

Activities
活动名	类型
com.n0n3m4.apkexport.ExportActivity	android.intent.action.MAIN
com.n0n3m4.apkexport.ExportActivity	android.intent.category.LAUNCHER

危险函数
函数名称	信息
android/app/NotificationManager;->notify	信息通知栏
ContentResolver;->query	读取联系人、短信等数据库

权限列表
许可名称	信息
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.WAKE_LOCK	手机屏幕关闭后后台进程仍运行

文件列表
文件名	校验码
AndroidManifest.xml	0x44487abe
assets/busybox	0x8ee15143
assets/executable	0xa4c21844
assets/terminfo.zip	0x2262288e
classes.dex	0x99015f7f
lib/armeabi/libc4droid.so	0x493b91c4
lib/armeabi/libcutehack.so	0x453c8bd9
lib/armeabi/libsdl2util.so	0x4d329c63
lib/armeabi/libterm4c.so	0xb4e911a9
lib/armeabi/libterm4c_dirty.so	0xb1094a7b
res/anim/slide_in_left.xml	0xd6053720
res/anim/slide_out_right.xml	0xe50cdf9d
res/drawable-nodpi-v4/atari_small_nodpi.png	0x3cfe4eac
res/drawable/atari_small.png	0x3cfe4eac
res/drawable/back.png	0xd9e4d781
res/drawable/button.png	0xe45830a3
res/drawable/icon.png	0xe818d4
res/drawable/joystick.png	0x38200772
res/drawable/kbd.png	0x8a82ba84
res/drawable/logo.png	0x93f56092
res/layout/main.xml	0x6a52e71b
res/layout/splash.xml	0xc1db1fe5
res/layout/term_activity.xml	0xb15d62b8
res/menu/main.xml	0x6e916796
res/menu/mainmenu.xml	0xb1d4d429
res/raw/qt_copyright.txt	0x256eccfc
res/xml/preferences.xml	0x53bfe15e
res/xml/sdlprefs.xml	0x2c85110f
resources.arsc	0x6ea5a9d4
META-INF/MANIFEST.MF	0x4228bf72
META-INF/CERT.SF	0xf6c5c67d
META-INF/CERT.RSA	0x28d00a50

运行截图