VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :LockNow一键锁屏.apk (File not down)
File Size :9639 byte
File Type :application/jar
MD5:35269b61fce0e4476334c93f31d52674
SHA1:fe7e1b1b44a8265df0f504db10da90da392e95d9
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2015-10-27 19:08:50 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.4073 25.4073 2015-10-26 Android.Riskware.Agent.gLHN 9
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 48
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 7
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 12
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 1
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 没有相关的权限信息

  • 文件信息
    安全评分 :
    基本信息
    MD5:35269b61fce0e4476334c93f31d52674
    包名:cr5f3n.locknow
    最低运行环境:Android 2.2.x
    版权:
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    MSCTF.MarshalInterface.FileMap.IJL..OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.B.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.C.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.D.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.E.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.F.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.G.OBHGF
    MSCTF.Shared.SFM.IJL
    行为描述:在桌面创建快捷方式
    详情信息:C:\Documents and Settings\Administrator\桌面\万能Flash播放器.lnk
    行为描述:修改注册表_IE首页
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Button]
    [Window,Class] = [Longxi,Static]
    [Window,Class] = [Longxi ,Static]
    [Window,Class] = [,Static]
    [Window,Class] = [把Hao123设为首页,Button]
    [Window,Class] = [,Auto-Suggest Dropdown]
    [Window,Class] = [显示细节(&D),Button]
    进程行为
    行为描述:创建新文件进程
    详情信息:ImagePath = C:\WINDOWS\system32\setup-v1.0-5.exe, CmdLine = C:\WINDOWS\system32\setup-v1.0-5.exe
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    MSCTF.MarshalInterface.FileMap.IJL..OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.B.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.C.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.D.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.E.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.F.OBHGF
    MSCTF.MarshalInterface.FileMap.IJL.G.OBHGF
    MSCTF.Shared.SFM.IJL
    行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
    详情信息:C:\Documents and Settings\Administrator\「开始」菜单\程序\万能Flash播放器\万能Flash播放器.lnk
    C:\Documents and Settings\Administrator\「开始」菜单\程序\万能Flash播放器\帮助.lnk
    C:\Documents and Settings\Administrator\「开始」菜单\程序\万能Flash播放器\卸载.lnk
    行为描述:在桌面创建快捷方式
    详情信息:C:\Documents and Settings\Administrator\桌面\万能Flash播放器.lnk
    行为描述:创建可执行文件
    详情信息:C:\WINDOWS\system32\setup-v1.0-5.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\System.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\InstallOptions.dll
    C:\Program Files\WnFlashPlay\万能Flash播放器.exe
    C:\Program Files\WnFlashPlay\comdlg32.ocx
    C:\Program Files\WnFlashPlay\MSINET.OCX
    C:\WINDOWS\system32\Macromed\Flash\WnFlash11.ocx
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 0
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 36
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\modern-wizard.bmp---> Offset = 35791
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 124
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 43
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 60
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 277
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 323
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 378
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 386
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 398
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 225
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 346
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 635
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\ioSpecial.ini---> Offset = 82
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Macromedia\FlashPlayer\SafeVersions\11.0
    \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.11\
    \REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.11\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ThreadingModel
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID\
    行为描述:删除注册表键值
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel
    行为描述:修改注册表_IE首页
    详情信息:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\Start Page
    行为描述:删除注册表键
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.mfp
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.spl
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.swf
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{31CAF6E4-D6AA-4090-A050-A5AC8972E9EF}
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32
    其他行为
    行为描述:设置对象安全信息
    详情信息:C:\Program Files\Microsoft Office 2007\Office12\ADDINS\Flash11e.ocx
    C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
    MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}
    MACHINE\Software\Classes\CLSID\{D27CDB70-AE6D-11CF-96B8-444553540000}
    MACHINE\Software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}
    MACHINE\Software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}
    MACHINE\Software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}
    MACHINE\Software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}
    C:\WINDOWS\system32\Macromed\Flash\WnFlash11.ocx
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
    CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
    MSCTF.Shared.MUTEX.AEH
    MSCTF.Shared.MUTEX.IJL
    DirectSound DllMain mutex (0x00000B94)
    {1B655094-FE2A-433c-A877-FF9793445069}
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Button]
    [Window,Class] = [Longxi,Static]
    [Window,Class] = [Longxi ,Static]
    [Window,Class] = [,Static]
    [Window,Class] = [把Hao123设为首页,Button]
    [Window,Class] = [,Auto-Suggest Dropdown]
    [Window,Class] = [显示细节(&D),Button]
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:窗口信息
    详情信息:Pid = 2964, Hwnd=0x10356, Text = 下一步(&N) >, ClassName = Button.
    Pid = 2964, Hwnd=0x10358, Text = 取消(&C), ClassName = Button.
    Pid = 2964, Hwnd=0x10364, Text = Longxi , ClassName = Static.
    Pid = 2964, Hwnd=0x10366, Text = Longxi, ClassName = Static.
    Pid = 2964, Hwnd=0x10370, Text = 把Hao123设为首页, ClassName = Button(CheckBox).
    Pid = 2964, Hwnd=0x10378, Text = 欢迎使用“万能Flash播放器 1.0”安装向导, ClassName = Static.
    Pid = 2964, Hwnd=0x1037a, Text = 这个向导将指引你完成“万能Flash播放器 1.0”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新指, ClassName = Static.
    Pid = 2964, Hwnd=0x10350, Text = 万能Flash播放器 1.0 安装, ClassName = #32770.
    Pid = 2964, Hwnd=0x10354, Text = < 上一步(&B), ClassName = Button.
    Pid = 2964, Hwnd=0x10356, Text = 安装(&I), ClassName = Button.
    Pid = 2964, Hwnd=0x1036a, Text = 选择安装位置, ClassName = Static.
    Pid = 2964, Hwnd=0x1036c, Text = 选择“万能Flash播放器 1.0”的安装文件夹。, ClassName = Static.
    Pid = 2964, Hwnd=0x2037a, Text = C:\Program Files\WnFlashPlay, ClassName = Edit.
    Pid = 2964, Hwnd=0x20378, Text = 浏览(&B)..., ClassName = Button.
    Pid = 2964, Hwnd=0x20376, Text = 可用空间: 5.8GB, ClassName = Static.
    行为描述:打开图片文件
    详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu7.tmp\modern-wizard.bmp
    Activities
    活动名类型
    .Main$Lockerandroid.intent.action.MAIN
    .Main$Lockerandroid.intent.category.LAUNCHER
    启动方式
    名称信息
    cr5f3n.locknow.Main
    文件列表
    文件名 校验码
    res/layout/main.xml 0x3aacb1ab
    res/xml/device_admin_sample.xml 0x474ca9ac
    AndroidManifest.xml 0x734dcb19
    resources.arsc 0xa66750bf
    res/drawable-hdpi/ic_lock_power_off.png 0xcc379694
    res/drawable-ldpi/ic_lock_power_off.png 0xcb58a6f6
    res/drawable-mdpi/ic_lock_power_off.png 0x16d860a3
    classes.dex 0xb18e6b9d
    META-INF/MANIFEST.MF 0x219843dc
    META-INF/CERT.SF 0xe89e1c1e
    META-INF/CERT.RSA 0x2b59d67e
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号