VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :1111.apk (File not down)
File Size :1535171 byte
File Type :application/zip
MD5:66c49f5094229e7c54da24ea214fbaae
SHA1:342f6eb2f4d65ad2ddece5dc8fbcc141774c5d89
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2016-12-08 11:04:08 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 161207-0 4.7.4 2016-12-07 Found nothing 60
    avg 2109/13037 10.0.1405 2016-12-05 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 44
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 22673 0.97.5 2016-12-07 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2016-12-07 Found nothing 60
    fortinet 41.256, 41.256, 41.256 5.4.233 2016-12-08 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.8610 25.8610 2016-10-12 Found nothing 10
    ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2016-12-01 Found nothing 38
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2013-09-22 Found nothing 45
    mcafee 8254 5400.1158 2016-08-11 Found nothing 60
    nod32 1777 3.0.21 2015-06-12 Found nothing 60
    panda 9.05.01 9.05.01 2016-12-07 Found nothing 4
    pcc 12.943.00 9.500-1005 2016-12-06 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 60
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2016-12-06 Found nothing 2
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2016-11-29 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2016-12-07 Found nothing 14
    vba 3.12.29.3 beta 3.12.29.3 beta 2016-12-05 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.READ_LOGS读取系统日志
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    ACCESS_WIFI_STATE
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.CALL_PHONE拨打电话
    android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.MODIFY_PHONE_STATE修改电话状态
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.VIBRATE允许设备震动
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.READ_CALL_LOG读取通话记录
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
  • 文件信息
    安全评分 :
    基本信息
    MD5:66c49f5094229e7c54da24ea214fbaae
    包名:com.duanxin
    最低运行环境:Android 2.2.x
    版权:E4A
    关键行为
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x6a010568.
    Foreground window Info: HWND = 0x00000000, DC = 0xc8010577.
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3604, StartAddress = 7CAA2A19, Parameter = 0007D7F0
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3608, StartAddress = 765E964D, Parameter = 000FACD8
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3616, StartAddress = 7C949B6F, Parameter = 00000000
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3620, StartAddress = 759D8761, Parameter = 00000000
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3636, StartAddress = 757D4D37, Parameter = 0013F528
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3656, StartAddress = 757D4D37, Parameter = 00146AB0
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3660, StartAddress = 757D4D37, Parameter = 001433C8
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3664, StartAddress = 757D4D37, Parameter = 001433C8
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3668, StartAddress = 77E56C7D, Parameter = 0012E770
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3672, StartAddress = 769AE43B, Parameter = 0014D3F8
    TargetProcess: msiexec.exe, InheritedFromPID = 1944, ProcessID = 3572, ThreadID = 3676, StartAddress = 77E56C7D, Parameter = 001621D8
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab51.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar52.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab53.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar54.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab55.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar56.tmp
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab51.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar52.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab53.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar54.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab55.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar56.tmp
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\Cab51.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar52.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab53.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar54.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab55.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar56.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi ---> Offset = 79728
    C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi ---> Offset = 145264
    C:\Documents and Settings\Administrator\Local Settings\Temp\52ddaf.msi ---> Offset = 159456
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab51.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar52.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar52.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar52.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar52.tmp ---> Offset = 98304
    C:\Documents and Settings\Administrator\Local Settings\Temp\Cab53.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar54.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar54.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar54.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\Tar54.tmp ---> Offset = 98304
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.msi
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates\*
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs\*
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs\*
    FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
    FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
    网络行为
    行为描述:连接指定站点
    详情信息:WinHttpConnect: ServerName = ca****om, PORT = 80, UserName = , Password = , hSession = 0x01d92000, hConnect = 0x01d92100, Flags = 0x00000000
    WinHttpConnect: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x01d92000, hConnect = 0x01d92100, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x01d92000
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: ca****om, IP: **.133.40.**:80, SOCKET = 0x000002d4
    URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000027c
    行为描述:发送HTTP包
    详情信息:GET /DigiCertHighAssuranceEVRootCA.crt HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: ca****om Connection: Keep-Alive
    GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: ww****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache
    行为描述:打开HTTP请求
    详情信息:WinHttpOpenRequest: ca****om:80/digicerthighassuranceevrootca.crt, hConnect = 0x01d92100, hRequest = 0x01e00000, Verb: GET, Referer: , Flags = 0x00000000
    WinHttpOpenRequest: ww****om:80/msdownload/update/v3/static/trustedr/en/authrootseq.txt, hConnect = 0x01d92100, hRequest = 0x01e00000, Verb: GET, Referer: , Flags = 0x00000100
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ca****om
    GetAddrInfoW: ww****om
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    RasPbFile
    MSCTF.Shared.MUTEX.IPN
    Global\_MSIExecute
    行为描述:创建事件对象
    详情信息:EventName = Global\crypt32LogoffEvent
    EventName = MSCTF.SendReceive.Event.IPN.IC
    EventName = MSCTF.SendReceiveConection.Event.IPN.IC
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:打开事件
    详情信息:CTF.ThreadMIConnectionEvent.000007B4.00000000.00000054
    CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000054
    MSCTF.SendReceiveConection.Event.ELH.IC
    MSCTF.SendReceive.Event.ELH.IC
    Global\crypt32LogoffEvent
    Global\userenv: Machine Group Policy has been applied
    userenv: User Group Policy has been applied
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    \INSTALLATION_SECURITY_HOLD
    Global\SvcctrlStartEvent_A3752DX
    MSFT.VSA.COM.DISABLE.3572
    MSFT.VSA.IEC.STATUS.6c736db0
    行为描述:调整进程token权限
    详情信息:SE_SHUTDOWN_PRIVILEGE
    SE_INCREASE_QUOTA_PRIVILEGE
    SE_CREATE_TOKEN_PRIVILEGE
    行为描述:窗口信息
    详情信息:Pid = 3572, Hwnd=0x60380, Text = Cancel, ClassName = Button.
    Pid = 3572, Hwnd=0x140306, Text = Preparing to install..., ClassName = Static.
    Pid = 3572, Hwnd=0x1f0324, Text = Windows Installer, ClassName = #32770.
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00000000, DC = 0x6a010568.
    Foreground window Info: HWND = 0x00000000, DC = 0xc8010577.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [Windows Installer,#32770]
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    RasPbFile
    Activities
    活动名类型
    com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.android.StartActivityandroid.intent.category.LAUNCHER
    com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    权限列表
    许可名称信息
    android.permission.READ_LOGS读取系统日志
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    ACCESS_WIFI_STATE
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.CALL_PHONE拨打电话
    android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.MODIFY_PHONE_STATE修改电话状态
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.VIBRATE允许设备震动
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.READ_CALL_LOG读取通话记录
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    服务列表
    名称
    com.duanxin.后台服务操作
    文件列表
    文件名 校验码
    AndroidManifest.xml 0xd3dc882c
    assets/ 0x0
    assets/111.jpg 0x63c3c027
    assets/beijing.jpg 0x58d1868f
    assets/qidong01.png 0x4870fda9
    assets/signal.png 0x35977eb8
    assets/umeng_update_wifi_disable.png 0x930c3748
    classes.dex 0x221664fd
    lib/ 0x0
    lib/armeabi/ 0x0
    lib/armeabi/libBugly.so 0x1ddd8547
    lib/armeabi/libhobi.so 0x40561824
    lib/armeabi/libshella-2.7.2.0.so 0xf3f9bb5a
    lib/armeabi/libshellx-2.7.2.0.so 0x285888f8
    lib/armeabi/mix.dex 0xa3517ce0
    lib/armeabi/mixz.dex 0xa67045c7
    META-INF/ 0x0
    META-INF/HONGZ.RSA 0x3282a746
    META-INF/HONGZ.SF 0xab5e3ed6
    META-INF/MANIFEST.MF 0x7fa59186
    res/ 0x0
    resources.arsc 0xfd538c18
    res/anim/ 0x0
    res/anim/dialog_scale_in.xml 0xd1205a18
    res/anim/dialog_scale_out.xml 0xe4110112
    res/anim/error_frame_in.xml 0x6dfac1ce
    res/anim/error_x_in.xml 0x75ae2b72
    res/anim/success_bow_roate.xml 0x868ab202
    res/anim/success_mask_layout.xml 0x803af484
    res/drawable/ 0x0
    res/drawable-hdpi/ 0x0
    res/drawable-hdpi/background_toast.xml 0x178e945c
    res/drawable-hdpi/custom_img.jpg 0x63d0eda4
    res/drawable-hdpi/default_toast.xml 0x7a23122d
    res/drawable-hdpi/error_toast.xml 0x868e74ab
    res/drawable-hdpi/info_toast.xml 0xcfbefc80
    res/drawable-hdpi/success_toast.xml 0x810563ca
    res/drawable-hdpi/warning_toast.xml 0xd235369d
    res/drawable/blue_button_background.xml 0x667588f4
    res/drawable/dialog_background.xml 0x4fd129b
    res/drawable/error_center_x.xml 0x1381f6c6
    res/drawable/error_circle.xml 0x4f7dd542
    res/drawable/gray_button_background.xml 0x49ead617
    res/drawable/icon.png 0x95b019b4
    res/drawable/red_button_background.xml 0x8b2a8fda
    res/drawable/success_bow.xml 0x6cb0041
    res/drawable/success_circle.xml 0x8889b17f
    res/drawable/warning_circle.xml 0x95a6aa47
    res/drawable/warning_sigh.xml 0xd0915a0
    res/layout/ 0x0
    res/layout/alert_dialog.xml 0x9e134a81
    res/layout/default_toast_layout.xml 0x7b7c4303
    res/layout/error_toast_layout.xml 0x505975b5
    res/layout/info_toast_layout.xml 0xd9be5970
    res/layout/success_toast_layout.xml 0x9a8e81fd
    res/layout/warning_toast_layout.xml 0x4d4a2556
    tencent_stub 0x43970722
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号