armo.apk MD5:90a7d24570beb04722f02174ecf958b1 12% Scanner(s) (4/32) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

API

uploader for windows(test)

Powered By

File information

File Name :armo.apk (File not down)

File Size :68631 byte

File Type :application/jar

MD5:90a7d24570beb04722f02174ecf958b1

SHA1:28b55dd8802a9e1fc1715892e8502cf1af8f91f3

扫描结果
权限
文件行为分析

Scanner results

Scanner results:12%Scanner(s) (4/32)found malware!

Behavior analysis report: Habo file analysis

Time: 2016-12-14 16:55:52 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
antiy	AVL SDK 2.0		1970-01-01	Found nothing	5
asquared	9.0.0.4799	9.0.0.4799	2015-03-08	Android.Riskware.AndroRat.A	1
avast	161213-0	4.7.4	2016-12-13	Found nothing	60
avg	2109/13073	10.0.1405	2016-12-11	Found nothing	60
baidu	2.0.1.0	4.1.3.52192	2.0.1.0	Found nothing	38
baidusd	1.0	1.0	2014-04-02	Found nothing	1
bitdefender	7.58879	7.90123	2015-01-16	Found nothing	60
clamav	22697	0.97.5	2016-12-11	Found nothing	60
drweb	5.0.2.3300	5.0.1.1	2016-12-09	Found nothing	60
fortinet	41.333, 41.333, 41.333	5.4.233	2016-12-12	Found nothing	60
fprot	4.6.2.117	6.5.1.5418	2016-02-05	Found nothing	60
fsecure	2015-08-01-02	9.13	2015-08-01	Found nothing	60
gdata	25.8610	25.8610	2016-10-12	Android.Riskware.AndroRat.A	9
ikarus	1.06.01	V1.32.31.0	2016-11-28	Found nothing	60
jiangmin	16.0.100	1.0.0.0	2016-12-01	Found nothing	42
kaspersky	5.5.33	5.5.33	2014-04-01	Found nothing	60
kingsoft	2.1	2.1	2013-09-22	Found nothing	7
mcafee	8254	5400.1158	2016-08-11	Found nothing	60
nod32	1777	3.0.21	2015-06-12	Found nothing	60
panda	9.05.01	9.05.01	2016-12-13	Found nothing	4
pcc	12.954.06	9.500-1005	2016-12-11	Found nothing	60
qh360	1.0.1	1.0.1	1.0.1	Found nothing	3
qqphone	1.0.0.0	1.0.0.0	2015-12-30	Found nothing	60
quickheal	14.00	14.00	2016-12-13	Android.Climap.A (Suspicious)	2
rising	26.28.00.01	26.28.00.01	2016-07-18	Backdoor.Android.Climap.a	1
sophos	5.32	3.65.2	2016-10-10	Found nothing	60
symantec	20151230.005	1.3.0.24	2015-12-30	Found nothing	60
tachyon	9.9.9	9.9.9	2013-12-27	Found nothing	3
thehacker	6.8.0.5	6.8.0.5	2016-12-12	Found nothing	1
tws	17.47.17308	1.0.2.2108	2016-12-13	Found nothing	13
vba	3.12.29.3 beta	3.12.29.3 beta	2016-12-08	Found nothing	60
virusbuster	15.0.985.0	5.5.2.13	2014-12-05	Found nothing	60

■Heuristic/Suspicious ■Exact

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

权限列表
许可名称	信息
android.permission.RECEIVE_SMS	监控接收短信
android.permission.READ_SMS	读取短信
android.permission.SEND_SMS	发送短信
android.permission.READ_PHONE_STATE	读取电话状态
android.permission.PROCESS_OUTGOING_CALLS	监视、修改有关拨出电话
android.permission.ACCESS_NETWORK_STATE	读取网络状态（2G或3G）
android.permission.ACCESS_FINE_LOCATION	获取精确的位置（通过GPS）
android.permission.INTERNET	连接网络（2G或3G）
android.permission.RECORD_AUDIO	录音（使用AudioRecord）
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.CAMERA	访问照相机设备
android.permission.RECEIVE_BOOT_COMPLETED	接收开机启动广播
android.permission.CALL_PHONE	拨打电话
android.permission.READ_CONTACTS	读取联系人信息
android.permission.VIBRATE	允许设备震动

文件信息

安全评分 :

基本信息
MD5:90a7d24570beb04722f02174ecf958b1
包名:my.app.client
最低运行环境:Android 2.2.x
版权:Android

关键行为
行为描述:	查询注册表_检测虚拟机相关
详情信息:	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
行为描述:	获取窗口截图信息
详情信息:	Foreground window Info: HWND = 0x00000000, DC = 0x190104c0.
	Foreground window Info: HWND = 0x00000000, DC = 0x1d010681.
	Foreground window Info: HWND = 0x00000000, DC = 0x92010583.

文件行为
行为描述:	查找文件
详情信息:	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-CN
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-Hans
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CHS
	FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CH

注册表行为
行为描述:	查询注册表_检测虚拟机相关
详情信息:	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

其他行为
行为描述:	创建互斥体
详情信息:	CTF.LBES.MutexDefaultS-*
	CTF.Compart.MutexDefaultS-*
	CTF.Asm.MutexDefaultS-*
	CTF.Layouts.MutexDefaultS-*
	CTF.TMD.MutexDefaultS-*
	CTF.TimListCache.FMPDefaultS-MUTEX.DefaultS-
	MSCTF.Shared.MUTEX.ELH
	MSCTF.Shared.MUTEX.IKJ
行为描述:	创建事件对象
详情信息:	EventName = DINPUTWINMM
	EventName = MSCTF.SendReceive.Event.IKJ.IC
	EventName = MSCTF.SendReceiveConection.Event.IKJ.IC
行为描述:	查找指定窗口
详情信息:	NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
	NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:	窗口信息
详情信息:	Pid = 2468, Hwnd=0x1f02fe, Text = 确定, ClassName = Button.
	Pid = 2468, Hwnd=0xa03ac, Text = 您的系统非NT6以上版本，无法使用本激活！, ClassName = Static.
	Pid = 2468, Hwnd=0x503b2, Text = Oem7, ClassName = #32770.
	Pid = 2468, Hwnd=0x1102aa, Text = 使用我的密钥和证书:, ClassName = TGroupBox.
	Pid = 2468, Hwnd=0xe0372, Text = 导入我的证书, ClassName = TButton.
	Pid = 2468, Hwnd=0xb036a, Text = 浏览文件..., ClassName = TButton.
	Pid = 2468, Hwnd=0x903a4, Text = 导入我的密钥, ClassName = TButton.
	Pid = 2468, Hwnd=0xd0368, Text = 卸载, ClassName = TButton.
	Pid = 2468, Hwnd=0x303d6, Text = 修复引导(可PE下), ClassName = TButton.
	Pid = 2468, Hwnd=0xa03b0, Text = 引导文件设置:, ClassName = TGroupBox.
	Pid = 2468, Hwnd=0x1302fc, Text = 引导保护, ClassName = TCheckBox.
	Pid = 2468, Hwnd=0x403ca, Text = G, ClassName = TComboBox.
	Pid = 2468, Hwnd=0xc038a, Text = N, ClassName = TComboBox.
	Pid = 2468, Hwnd=0xf034a, Text = V, ClassName = TComboBox.
	Pid = 2468, Hwnd=0x16032e, Text = O, ClassName = TComboBox.
行为描述:	打开事件
详情信息:	HookSwitchHookEnabledEvent
	CTF.ThreadMIConnectionEvent.000007B4.00000000.00000054
	CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000054
	MSCTF.SendReceiveConection.Event.ELH.IC
	MSCTF.SendReceive.Event.ELH.IC
行为描述:	枚举窗口
详情信息:	N/A
行为描述:	获取窗口截图信息
详情信息:	Foreground window Info: HWND = 0x00000000, DC = 0x190104c0.
	Foreground window Info: HWND = 0x00000000, DC = 0x1d010681.
	Foreground window Info: HWND = 0x00000000, DC = 0x92010583.
行为描述:	隐藏指定窗口
详情信息:	[Window,Class] = [,ComboLBox]
	[Window,Class] = [Oem7F7 By小马,TForm1]
行为描述:	打开互斥体
详情信息:	ShimCacheMutex

Activities
活动名	类型
my.app.client.LauncherActivity	android.intent.action.MAIN
my.app.client.LauncherActivity	android.intent.category.LAUNCHER

危险函数
函数名称	信息
SmsManager;->sendTextMessage	发送普通短信
SmsManager;->sendMultipartTextMessage	发送彩信
TelephonyManager;->getLine1Number	获取手机号
TelephonyManager;->getDeviceId	搜集用户手机IMEI码、电话号码、系统版本号等信息
TelephonyManager;->getSimSerialNumber	获取SIM序列号
ContentResolver;->query	读取联系人、短信等数据库
Camera;->open	开启相机

启动方式
名称	信息
my.app.client.BootReceiver	开机启动服务

权限列表
许可名称	信息
android.permission.RECEIVE_SMS	监控接收短信
android.permission.READ_SMS	读取短信
android.permission.SEND_SMS	发送短信
android.permission.READ_PHONE_STATE	读取电话状态
android.permission.PROCESS_OUTGOING_CALLS	监视、修改有关拨出电话
android.permission.ACCESS_NETWORK_STATE	读取网络状态（2G或3G）
android.permission.ACCESS_FINE_LOCATION	获取精确的位置（通过GPS）
android.permission.INTERNET	连接网络（2G或3G）
android.permission.RECORD_AUDIO	录音（使用AudioRecord）
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.CAMERA	访问照相机设备
android.permission.RECEIVE_BOOT_COMPLETED	接收开机启动广播
android.permission.CALL_PHONE	拨打电话
android.permission.READ_CONTACTS	读取联系人信息
android.permission.VIBRATE	允许设备震动

服务列表
名称
my.app.client.Client

文件列表
文件名	校验码
META-INF/MANIFEST.MF	0x8f4dd57d
META-INF/CERT.SF	0x843d4eb6
META-INF/CERT.RSA	0x719893d6
res/drawable-ldpi/ic_launcher.png	0xe1c8ce7e
res/xml/preferences.xml	0x810af25d
AndroidManifest.xml	0x8fa1e9da
res/drawable-mdpi/ic_launcher.png	0x9e64017
res/layout/main.xml	0xceedbee
resources.arsc	0x42bcbc42
res/drawable-hdpi/ic_launcher.png	0x6418fece
res/drawable-xhdpi/ic_launcher.png	0x4cf45bd6
classes.dex	0x80781135

运行截图