VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :4307.apk (File not down)
File Size :455510 byte
File Type :Zip archive data
MD5:92b1dad744be995bcfcd38adaa6f6a07
SHA1:c3d37de639c0909ad78cec8c52f63f04742fbe6b
SHA256:4f1cbb091dcde0cd0e8fe0d4bd27134750bac6711029e0a37179832ad3698ea9
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:56%Scanner(s) (18/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2019-06-10 01:27:42 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 AVL SDK 3.0 2019-06-09 Trojan/Android.KungFu 1
    avast 18.4.3895.0 18.4.3895.0 2019-06-10 Found nothing 46
    avg 10.0.1405 10.0.1405 2019-06-10 Found nothing 1
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 2
    baidusd 1.0 1.0 2019-06-09 Found nothing 1
    bitdefender 7.141118 7.141118 2019-06-09 Found nothing 1
    clamav 25474 0.100.2 2019-06-08 Andr.Trojan.DroidKungFu-1 1
    drweb 11.0.10.1810231600 11.0.10.1810231600 2019-06-09 Android.Gongfu.2.origin 10
    emsisoft 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    fortinet 1.000, 69.111, 69.017, 69.041 5.4.247 2019-06-10 Android/DroidKungFu.CZ!tr 1
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 ANDR/DroidFu.B 1
    fsecure 2015-08-01-02 9.13 2019-06-10 Found nothing 56
    gdata 25.22306 25.22306 2019-06-09 Android.Trojan.DroidKungFu.D 16
    ikarus 5.01.05 V1.32.39.0 2019-06-09 PUA.AndroidOS.Wooboo 4
    jiangmin 16.0.100 1.0.0.0 2019-06-09 Backdoor/AndroidOS.bj 2
    kaspersky 5.5.33 5.5.33 2019-06-09 Backdoor.AndroidOS.KungFu.cz 20
    kingsoft 2.1 2.1 2013-09-22 Found nothing 8
    mcafee 9256 5400.1158 2019-05-13 Found nothing 12
    nod32 9446 4.5.15 2019-05-31 multiple threats 1
    panda 9.05.01 9.05.01 2019-05-29 Found nothing 4
    pcc 13.302.06 9.500-1005 2019-06-09 Android.67EF8F3F 2
    qh360 1.0.1 1.0.1 2019-06-09 Trojan.Android.Gen 3
    qqphone 2.0.0.0 2.0.0.0 2019-06-09 a.system.safesys.e 1
    quickheal 14.00 14.00 2019-02-10 Android.Kungfu.L 3
    rising 5134 5134 2019-06-08 System.Fokonge 3
    sophos 4.62 3.16.1 2016-09-20 Andr/KongFu-I 10
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 1
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2017-03-30 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2019-06-08 Android.M.yrum 7
    vba 4.0.0 4.0.0 2019-06-07 Backdoor.AndroidOS.KungFu.aj 4
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 3
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_NETWORK_STATE变更网络状态
    android.permission.READ_LOGS读取系统日志
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.GET_PACKAGE_SIZE获取应用大小
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
  • 文件信息
    安全评分 :
    基本信息
    MD5:92b1dad744be995bcfcd38adaa6f6a07
    包名:com.safesys.viruskiller
    最低运行环境:Android 1.5
    版权:
    关键行为
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x0001033c, Text = 客户端2019-6-10, ClassName = WTWindow.
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00010342, DC = 0x01010055.
    Foreground window Info: HWND = 0x00010388, DC = 0x0a010375.
    Foreground window Info: HWND = 0x00010348, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00010342, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00010388, DC = 0x01010057.
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2612, ThreadID = 2688, StartAddress = 719CD33A, Parameter = 0022AF50
    网络行为
    行为描述:连接指定站点
    详情信息:WinHttpConnect: ServerName = **.89.19.**, PORT = 80, UserName = , Password = , hSession = 0x01743100, hConnect = 0x01743200, Flags = 0x00000000
    WinHttpConnect: ServerName = **.89.19.**, PORT = 80, UserName = , Password = , hSession = 0x01743100, hConnect = 0x01743300, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x01743100
    行为描述:建立到一个指定的套接字连接
    详情信息:IP: **.89.19.**:2007, SOCKET = 0x000000cc
    IP: **.89.19.**:80, SOCKET = 0x00000184
    IP: **.89.19.**:80, SOCKET = 0x00000194
    IP: **.89.19.**:80, SOCKET = 0x00000180
    行为描述:发送HTTP包
    详情信息:GET /tonggao.txt HTTP/1.1 Accept: */* Referer: http://118.89.19.73/tonggao.txt Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: **.89.19.** Connection: Keep-Alive
    POST /niuniu.php HTTP/1.1 Accept: */* Referer: http://118.89.19.73/niuniu.php Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Content-Length: 23 Host: **.89.19.** Connection: Keep-Alive DATA=GETRAND?1560102122
    POST /niuniu.php HTTP/1.1 Accept: */* Referer: http://118.89.19.73/niuniu.php Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Content-Length: 341 Host: **.89.19.** Connection: Keep-Alive DATA=3246303A48512B10100A7178145045BFB5E5F08DEEC5644D300F51BC95F4A5BD0F5F150E4C9289C277F87496978F637049118ABAA86B87AFE601321BA70D391DACE05E9B1FDF8A46D0E75431170B56A9F15DF5982938115B4426629C632EE44ABB6D5114555C3005AFE3DC84139F4837601E6CA27DEB50AEB7DF2B88CF9C5171BBE25CCF78F20AFD58ACD7A8A6F2D1BB15C1631051ADA3EE1EB668CBC78DBFC995B4C858709DB870
    行为描述:打开HTTP请求
    详情信息:WinHttpOpenRequest: **.89.19.**:80/tonggao.txt, hConnect = 0x01743200, hRequest = 0x01790000, Verb: GET, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: **.89.19.**:80/niuniu.php, hConnect = 0x01743300, hRequest = 0x01790000, Verb: POST, Referer: , Flags = 0x00000080
    WinHttpOpenRequest: **.89.19.**:80/niuniu.php, hConnect = 0x01743200, hRequest = 0x01790000, Verb: POST, Referer: , Flags = 0x00000080
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.IDK
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = 牛牛客户端niuniu
    EventName = MSCTF.SendReceive.Event.IDK.IC
    EventName = MSCTF.SendReceiveConection.Event.IDK.IC
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    牛牛客户端niuniu
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x0001033c, Text = 客户端2019-6-10, ClassName = WTWindow.
    行为描述:窗口信息
    详情信息:Pid = 2612, Hwnd=0x10418, Text = 极少数直接复制的账号信息无法正常查课,另存记事本编码为Ansi 或 手动输入账号即可, ClassName = _EL_Label.
    Pid = 2612, Hwnd=0x10416, Text = 直接第二行输[学校 学号 密码]或[手机 密码]查课,中间空格隔开,校名不对先搜索学校, ClassName = _EL_Label.
    Pid = 2612, Hwnd=0x10414, Text = 若不清楚校名,可输入关键词下拉选择, ClassName = _EL_Label.
    Pid = 2612, Hwnd=0x1040c, Text = 查 课, ClassName = Button.
    Pid = 2612, Hwnd=0x10408, Text = 所需费用 ▼, ClassName = _EL_Label.
    Pid = 2612, Hwnd=0x103fe, Text = 开始挂课, ClassName = Button.
    Pid = 2612, Hwnd=0x103fa, Text = 账号信息:, ClassName = _EL_Label.
    Pid = 2612, Hwnd=0x103f8, Text = 搜索学校:, ClassName = _EL_Label.
    Pid = 2612, Hwnd=0x10572, Text = NEP专本衔接, ClassName = Button.
    Pid = 2612, Hwnd=0x10570, Text = 知识产权教育, ClassName = Button.
    Pid = 2612, Hwnd=0x10568, Text = iSmart·外语, ClassName = Button.
    Pid = 2612, Hwnd=0x10566, Text = 我要安全培训, ClassName = Button.
    Pid = 2612, Hwnd=0x10564, Text = 人 卫 慕 课, ClassName = Button.
    Pid = 2612, Hwnd=0x1055c, Text = 卓越网课4.0, ClassName = Button.
    Pid = 2612, Hwnd=0x10554, Text = 冷 门 备 用, ClassName = Button.
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x00010342, DC = 0x01010055.
    Foreground window Info: HWND = 0x00010388, DC = 0x0a010375.
    Foreground window Info: HWND = 0x00010348, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00010342, DC = 0x0c0101e7.
    Foreground window Info: HWND = 0x00010388, DC = 0x01010057.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [用户帐号:,_EL_Label]
    [Window,Class] = [,Edit]
    [Window,Class] = [原始密码:,_EL_Label]
    [Window,Class] = [新 密 码:,_EL_Label]
    [Window,Class] = [重新密码:,_EL_Label]
    [Window,Class] = [修 改 密 码,Button]
    [Window,Class] = [,_EL_ClientSock]
    [Window,Class] = [118.89.19.236,_EL_Label]
    [Window,Class] = [20190610,_EL_Label]
    [Window,Class] = [,_EL_Timer]
    [Window,Class] = [ 1、软件被杀软误报属正常现象,软件被误删解决办法:病毒查杀→隔离区→勾选被删文件→点恢复→勾选添加进信任区→点确定(以电脑管家为例)。 2、超星大量查课容易出现验证码导致查课数据缺失,请尽量使用校园网,若使用校外网推荐使用手机热点,勤换IP以避免验证码。小技巧:当确保自己手机流量足够时,打开手机热点连接电脑,当IP被封时将打开手机飞行模式后关闭飞行模式并重连即可切换IP。 3、若极少数订单出现异常,请勤检查[订单反馈]系统,并及时处理,待处理完毕点右键标记
    [Window,Class] = [下线代理帐号:,_EL_Label]
    [Window,Class] = [下线代理密码:,_EL_Label]
    [Window,Class] = [开户卡号:,_EL_Label]
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Activities
    活动名类型
    .MainActivityandroid.intent.action.MAIN
    .MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    WifiManager;->setWifiEnabled变更WIFI状态
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getLine1Number获取手机号
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    TelephonyManager;->getSimSerialNumber获取SIM序列号
    LocationManager;->getLastKnownLocation获取地址位置
    android/app/NotificationManager;->notify信息通知栏
    启动方式
    名称信息
    com.google.update.Receiver
    com.google.update.Receiver
    com.google.update.Receiver开机启动服务
    com.safesys.viruskiller.ScanningReciever开机启动服务
    com.safesys.viruskiller.ScanPackageBroadcast应用安装时启动服务
    com.safesys.viruskiller.ScanPackageBroadcast应用卸载时启动服务
    com.safesys.viruskiller.ScanPackageBroadcast
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_NETWORK_STATE变更网络状态
    android.permission.READ_LOGS读取系统日志
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.GET_PACKAGE_SIZE获取应用大小
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    服务列表
    名称
    com.google.update.UpdateService
    com.safesys.viruskiller.ScanningManagerService
    com.safesys.viruskiller.DownloadManageService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x6d9bb093
    META-INF/SEXY_COM.SF 0x6920a587
    META-INF/SEXY_COM.RSA 0x28eb28b4
    assets/db.init 0x92c96d6d
    assets/myicon 0xaaa6e076
    assets/secbino 0xb94f88d5
    assets/starter 0x5fcc6fc6
    lib/armeabi/libScanController.so 0x456e352a
    lib/armeabi/libScanVirus.so 0x308a582
    lib/armeabi/libVirusBackRunner.so 0x7163515f
    lib/armeabi/libnative.so 0xb84e347f
    lib/armeabi/libopenterm.so 0xf790cb13
    res/anim/popup_enter.xml 0xe5332761
    res/anim/popup_exit.xml 0x3b7b4b07
    res/drawable/background_focused.9.png 0x8ec346a5
    res/drawable/background_introduce.png 0xaafc5120
    res/drawable/background_pressed.9.png 0x5b00bb0
    res/drawable/background_segregate_bottom.png 0xb4c668eb
    res/drawable/background_word.xml 0xc5145dd8
    res/drawable/bg_in_small_processbar.9.png 0x604eeeb3
    res/drawable/bg_out_small_processbar.9.png 0x9c278adf
    res/drawable/btn_donation_minus.xml 0xdd017b49
    res/drawable/btn_donation_minus_no.png 0xcb1959bf
    res/drawable/btn_donation_minus_pressed.png 0x4c98ff27
    res/drawable/btn_donation_plus.xml 0x1e73f4ea
    res/drawable/btn_donation_plus_no.png 0xd6d87a08
    res/drawable/btn_donation_plus_pressed.png 0x49458aa4
    res/drawable/btn_donation_return.xml 0x5b2c0247
    res/drawable/btn_donation_return_no.png 0xfe1e99e2
    res/drawable/btn_donation_return_pressed.png 0x89f5ac34
    res/drawable/btn_item_background.xml 0x5fd912ec
    res/drawable/btn_item_background_no.png 0x5e25db80
    res/drawable/btn_item_background_pressed.png 0x1c855977
    res/drawable/btn_recovery.xml 0xe53ec679
    res/drawable/btn_recovery_no.png 0x7affdb6b
    res/drawable/btn_recovery_pressed.png 0xfedc1
    res/drawable/btn_seg_back.xml 0x24d0beb
    res/drawable/btn_seg_back_no.png 0x8a5b9adf
    res/drawable/btn_seg_back_pressed.png 0x6663724b
    res/drawable/btn_seg_delete.xml 0xf92118e1
    res/drawable/btn_seg_delete_no.png 0x68b94897
    res/drawable/btn_seg_delete_pressed.png 0x5a2d4a87
    res/drawable/btn_trust_delete.xml 0x88f2e6b1
    res/drawable/btn_trust_delete_no.png 0xa8e24ae4
    res/drawable/btn_trust_delete_pressed.png 0x3c6bd154
    res/drawable/donation_background.png 0x4094235f
    res/drawable/donation_count_background.png 0x26e75c99
    res/drawable/fun_autoupdate.png 0x16fda641
    res/drawable/fun_autoupdate_pressed.png 0x47d48b6
    res/drawable/fun_defense.png 0xca4eca67
    res/drawable/fun_defense_pressed.png 0xe020a5b5
    res/drawable/fun_killing.png 0x17ae150f
    res/drawable/fun_killing_pressed.png 0x7e21418b
    res/drawable/fun_poweredup.png 0xa1bab423
    res/drawable/fun_poweredup_pressed.png 0x306f37ab
    res/drawable/icon.png 0x1ba2c36b
    res/drawable/info.png 0xf831ec53
    res/drawable/list_item_background.png 0x81997083
    res/drawable/main_background.png 0x18c09f1e
    res/drawable/main_bottom_background.png 0x65986de
    res/drawable/main_button_back.xml 0x3a30f5e9
    res/drawable/main_button_back_no.png 0x31785763
    res/drawable/main_button_back_pressed.png 0x9847cb22
    res/drawable/main_button_donation.xml 0x664a2bec
    res/drawable/main_button_donation_no.png 0xed0f0c30
    res/drawable/main_button_donation_pressed.png 0xbb07a6e4
    res/drawable/main_button_global.xml 0x3e68c691
    res/drawable/main_button_global_no.png 0xa79f814e
    res/drawable/main_button_global_p.xml 0x51aaf59d
    res/drawable/main_button_global_pressed.png 0x8264b2a7
    res/drawable/main_button_rapid.xml 0x85956af8
    res/drawable/main_button_rapid_no.png 0xcc71bb52
    res/drawable/main_button_rapid_p.xml 0xea5759f4
    res/drawable/main_button_rapid_pressed.png 0x873557c5
    res/drawable/main_button_segregate.xml 0x5a110ce0
    res/drawable/main_button_segregate_no.png 0xf2fbe6cc
    res/drawable/main_button_segregate_p.xml 0x35d33fec
    res/drawable/main_button_segregate_pressed.png 0xf9c1c897
    res/drawable/main_button_super.xml 0xf6a544e4
    res/drawable/main_button_super_no.png 0x42c1fb28
    res/drawable/main_button_super_p.xml 0x996777e8
    res/drawable/main_button_super_pressed.png 0x59c44947
    res/drawable/main_button_trust.xml 0xf767217c
    res/drawable/main_button_trust_no.png 0xe4a8abd1
    res/drawable/main_button_trust_pressed.png 0x47cf535
    res/drawable/main_point_no.png 0xf9c03c73
    res/drawable/main_point_yes.png 0x16c8e872
    res/drawable/main_scan_believe.xml 0x1c8678ba
    res/drawable/main_scan_believe_no.png 0xf3cb9961
    res/drawable/main_scan_believe_pressed.png 0xafff0357
    res/drawable/main_scan_filecheck.png 0x9588b4be
    res/drawable/main_scan_handle.xml 0x519f2b71
    res/drawable/main_scan_handle_no.png 0x89717017
    res/drawable/main_scan_handle_pressed.png 0xf21b16
    res/drawable/main_scan_not.png 0x3cf9bcc9
    res/drawable/main_scan_pause.xml 0x69a09641
    res/drawable/main_scan_pause_no.png 0x6d786f4
    res/drawable/main_scan_pause_pressed.png 0x68edafe3
    res/drawable/main_scan_quit.xml 0x18736811
    res/drawable/main_scan_quit_no.png 0xa7d239b
    res/drawable/main_scan_quit_pressed.png 0xfd6652c8
    res/drawable/main_scaned_warning.png 0x91a0ecb3
    res/drawable/main_scanning_list_background.png 0xd99d5e26
    res/drawable/main_title_background.png 0xb2785702
    res/drawable/mk_recommend.png 0x68a9468b
    res/drawable/sign_choice.png 0x6982c86a
    res/drawable/sign_choice_no.png 0x6b5779a5
    res/layout/main.xml 0x1c0712aa
    res/layout/payment.xml 0x4fb4bdf2
    res/layout/quarantine_row.xml 0xd0be5e6d
    res/layout/scan_result_row.xml 0x6d535ac8
    res/raw/mycfg 0xfcc7107c
    res/raw/myvr 0x4e89d6c4
    res/raw/vrcore 0xe450b061
    AndroidManifest.xml 0xa2f406cc
    classes.dex 0xb169999d
    resources.arsc 0x50538526
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号