VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :超级管理器(功夫木马)-安卓博客.apk (File not down)
File Size :323662 byte
File Type :application/zip
MD5:81afb7eae29ea63ec453f17131a90412
SHA1:da1c0e0bf21bddad8a1dfe97c42889ee16a781d7
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:56%Scanner(s) (22/39)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2014-12-05 22:13:43 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 3
    antivir 1.9.2.0 1.9.159.0 7.11.192.154 Found nothing 15
    antiy 112618 AVL141123 2014-11-24 Found nothing 1
    arcavir 1.0 2011 2014-05-30 Found nothing 8
    asquared 9.0.0.4157 9.0.0.4157 2014-07-30 Android.Trojan.DroidKungFu.D 1
    avast 141204-0 4.7.4 2014-12-04 Android:Agent-DHZ [PUP] 29
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 1
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2014-04-02 HEUR:Backdoor.AndroidOS.KungFu.a 1
    bitdefender 7.57701 7.90123 2014-11-13 Android.Trojan.DroidKungFu.D 6
    clamav 19719 0.97.5 2014-12-03 Andr.KungFu-58 1
    comodo 15023 5.1 2014-11-24 Found nothing 3
    ctch 4.6.5 5.3.14 2013-12-01 Found nothing 1
    drweb 5.0.2.3300 5.0.1.1 2014-10-31 Found nothing 39
    fortinet 23.317, 23.317 5.1.158 2014-12-05 Android/DroidKungFu.CZ!tr 1
    fprot 4.6.2.117 6.5.1.5418 2014-12-04 Found nothing 1
    fsecure 2014-04-02-01 9.13 2014-04-02 Trojan:Android/DroidKungFu.C 7
    gdata 24.3819 24.3819 2014-08-29 Android.Trojan.DroidKungFu.D 7
    hauri 2.73 2.73 2014-06-13 Found nothing 1
    ikarus 1.06.01 V1.32.31.0 2014-12-04 Backdoor.AndroidOS.KungFu 13
    jiangmin 16.0.100 1.0.0.0 2014-07-28 Found nothing 18
    kaspersky 5.5.33 5.5.33 2014-04-01 Backdoor.AndroidOS.KungFu.cz 20
    kingsoft 2.1 2.1 2013-09-22 Android.Troj.kungfu.d.(kcloud) 2
    mcafee 7638 5400.1158 2014-11-30 Found nothing 6
    nod32 0801 3.0.21 2014-11-29 multiple threats 1
    panda 9.05.01 9.05.01 2014-06-15 Found nothing 7
    pcc 11.316.06 9.500-1005 2014-12-03 Android.67EF8F3F 2
    qh360 1.0.1 1.0.1 1.0.1 Win32/Trojan.274 12
    qqphone 1.0.0.0 1.0.0.0 2014-12-05 a.system.safesys.e 2
    quickheal 14.00 14.00 2014-06-14 Android.Kungfu.C 4
    rising 25.17.00.04 25.17.00.04 2014-06-02 Trojan.Fokonge!553B 1
    sophos 5.08 3.55.0 2014-12-01 Andr/KongFu-I 9
    sunbelt 3.9.2589.2 3.9.2589.2 2014-06-13 Trojan.AndroidOS.DroidKungFu.c 1
    symantec 20141203.001 1.3.0.24 2014-12-03 Android.Fokonge 1
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2014-06-12 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-06-16 Android.M.zzrg 7
    vba 3.12.26.3 3.12.26.3 2014-12-04 Backdoor.AndroidOS.KungFu.ck 4
    virusbuster 15.0.983.0 5.5.2.13 2014-12-03 Found nothing 15
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
  • 文件信息
    安全评分 :76
    基本信息
    MD5:81afb7eae29ea63ec453f17131a90412
    包名:com.safesys.superexplorer
    最低运行环境:Android 1.1
    版权:
    关键行为
    行为描述:检测自身是否被调试
    详情信息:N/A
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,#32770]
    [Window,Class] = [,ShadowWnd_UI]
    [Window,Class] = [,Shell Embedding]
    [Window,Class] = [用户中心,Button]
    [Window,Class] = [注销,Button]
    [Window,Class] = [注册信息,Button]
    [Window,Class] = [解绑,Button]
    [Window,Class] = [注册,Button]
    [Window,Class] = [充值,Static]
    [Window,Class] = [购买,Static]
    [Window,Class] = [留言,Button]
    [Window,Class] = [登录,Button]
    行为描述:设置消息钩子
    详情信息:C:\WINDOWS\system32\DINPUT8.dll
    c:\monitor\cfgdll.dll
    文件行为
    行为描述:写权限映射文件
    详情信息:\WINDOWS\system32\zh-cn\ieframe.dll.mui
    482014MMRunning
    d
    DfRoot0000BE9BB
    行为描述:创建可执行文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mymacro_errinfo.exe
    C:\monitor\plugin\REGDLL.DLL
    C:\monitor\cfgdll.dll
    C:\Documents and Settings\Administrator\Application Data\mymacro\qdisp.dll
    C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD001.dat
    C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD002.dat
    C:\WINDOWS\tmp\dm\dm.dll
    C:\WINDOWS\tmp\RegDll.dll
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac2.tmp---> Offset = 0
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mac3.tmp---> Offset = 12288
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\plugin.zip---> Offset = 4096
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mymacro.zip---> Offset = 0
    C:\monitor\ShieldModule.dat---> Offset = 12288
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\62e4.tmp---> Offset = 524288
    C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD000.dat---> Offset = 32768
    C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD003.dat---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\qmacro\shield\SD004.dat---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\qmacro\shield\Shield.ini---> Offset = 0
    C:\monitor\sample.ini---> Offset = 0
    C:\monitor\sample.ini---> Offset = 57
    C:\monitor\sample.ini---> Offset = 75
    C:\monitor\sample.ini---> Offset = 90
    C:\monitor\sample.ini---> Offset = 108
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    网络行为
    行为描述:联网打开网址
    详情信息:InternetOpenUrlA: http://c.nishuoa.com/banner/Q09982.htm hInternet = 0x000004c0
    InternetOpenUrlA: http://c.nishuoa.com/c2/MymacroidSalesUrl.aspx?mymacroid=Q09982&ct=1031 hInternet = 0x000004c8
    行为描述:读取网络文件
    详情信息:hFile = 0x000004c0, BytesToRead =4096, BytesRead = 4096.
    hFile = 0x000004c8, BytesToRead =4096, BytesRead = 4096.
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMVBSRoutine\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMVBSRoutine\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\ProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InProcServer32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\ProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InProcServer32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMLibrary\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMLibrary\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\ProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EBEB87A6-E151-4054-AB45-A6E094C5334B}\InProcServer32\
    其他行为
    行为描述:检测自身是否被调试
    详情信息:N/A
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,#32770]
    [Window,Class] = [,ShadowWnd_UI]
    [Window,Class] = [,Shell Embedding]
    [Window,Class] = [用户中心,Button]
    [Window,Class] = [注销,Button]
    [Window,Class] = [注册信息,Button]
    [Window,Class] = [解绑,Button]
    [Window,Class] = [注册,Button]
    [Window,Class] = [充值,Static]
    [Window,Class] = [购买,Static]
    [Window,Class] = [留言,Button]
    [Window,Class] = [登录,Button]
    行为描述:设置消息钩子
    详情信息:C:\WINDOWS\system32\DINPUT8.dll
    c:\monitor\cfgdll.dll
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    行为描述:窗口信息
    详情信息:Pid = 1652, Hwnd=0xd01a4, Text = sample, ClassName = Static.
    Pid = 1652, Hwnd=0xb0164, Text = 用户中心, ClassName = Button.
    Pid = 1652, Hwnd=0xb016c, Text = 注销, ClassName = Button.
    Pid = 1652, Hwnd=0xd0190, Text = 登录, ClassName = Button.
    Pid = 1652, Hwnd=0xe01b8, Text = 注册信息, ClassName = Button.
    Pid = 1652, Hwnd=0xb01a2, Text = 解绑, ClassName = Button.
    Pid = 1652, Hwnd=0xc01b2, Text = 注册, ClassName = Button.
    Pid = 1652, Hwnd=0xb018a, Text = 设置, ClassName = Button.
    Pid = 1652, Hwnd=0xc01da, Text = 留言, ClassName = Button.
    Pid = 1652, Hwnd=0xb0200, Text = 您好 欢迎使用本产品,请先注册后再使用!, ClassName = Static.
    Pid = 1652, Hwnd=0xc017a, Text = 充值, ClassName = Static.
    Pid = 1652, Hwnd=0xd01c4, Text = 购买, ClassName = Static.
    Pid = 1652, Hwnd=0xa039e, Text = VitualTab, ClassName = AfxWnd42.
    Pid = 1652, Hwnd=0xa03a6, Text = 没有使用说明。, ClassName = Edit.
    Pid = 1652, Hwnd=0xa03c2, Text = List1, ClassName = SysListView32.
    行为描述:打开图片文件
    详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\background.bmp
    \windows\tmp\关闭.bmp
    \windows\tmp\饥饿度.bmp
    \windows\tmp\饥饿度red.bmp
    \windows\tmp\口粮c.bmp
    \windows\tmp\血.bmp
    危险行为
    行为描述:执行系统命令
    详情信息:/system/xbin/su
    动态列表行为
    行为描述:执行系统命令
    详情信息:/system/xbin/su
    行为描述:启动服务
    详情信息:com.android.musicfx.Compatibility$Service
    com.android.mms.transaction.SmsReceiverService
    行为描述:读取文件
    详情信息:path:pipe:[3516] length:105
    path:/proc/783/cmdline length:105
    path:/proc/799/cmdline length:105
    path:/proc/811/cmdline length:105
    path:/proc/841/cmdline length:105
    path:/proc/853/cmdline length:105
    path:/proc/883/cmdline length:105
    path:/proc/885/cmdline length:105
    行为描述:类加载
    详情信息:path:/system/app/PicoTts.apk
    path:/system/app/MusicFX.apk
    path:/system/framework/am.jar
    path:/data/app/com.safesys.superexplorer-1.apk
    行为描述:写入文件
    详情信息:path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
    path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
    path:pipe:[3505] length:16
    path:pipe:[3510] length:16
    path:pipe:[3510] length:9
    path:pipe:[3510] length:18
    path:pipe:[3510] length:23
    path:pipe:[3515] length:23
    path:pipe:[3515] length:16
    path:pipe:[3515] length:18
    path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
    Activities
    活动名类型
    .RootExplorerandroid.intent.action.MAIN
    .RootExplorerandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    WifiManager;->setWifiEnabled变更WIFI状态
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getLine1Number获取手机号
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    TelephonyManager;->getSimSerialNumber获取SIM序列号
    LocationManager;->getLastKnownLocation获取地址位置
    ContentResolver;->query读取联系人、短信等数据库
    启动方式
    名称信息
    com.google.update.Receiver开机启动服务
    权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    服务列表
    名称
    com.google.update.UpdateService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x2317a97
    META-INF/SEXY_COM.SF 0xb585eda0
    META-INF/SEXY_COM.RSA 0x36343bcf
    assets/db.init 0x92c96d6d
    assets/myicon 0xaaa6e076
    assets/secbino 0xb94f88d5
    assets/starter 0x5fcc6fc6
    lib/armeabi/libnative.so 0xb84e347f
    res/drawable/android.png 0x6d2c1233
    res/drawable/browser.png 0xa124f5e2
    res/drawable/btn_check_buttonless_off.png 0xd434be9
    res/drawable/btn_check_buttonless_on.png 0x34c08814
    res/drawable/button_default_small.xml 0xc543df0b
    res/drawable/camera.png 0x5a7eedd
    res/drawable/database.png 0xeba63d3b
    res/drawable/default1.png 0x8bc059ed
    res/drawable/default2.png 0x8d4914f
    res/drawable/excel_icon1.png 0x5cc4d3d4
    res/drawable/file_manager.png 0xa1d90551
    res/drawable/file_manager_r.png 0xe9361c76
    res/drawable/folder.png 0xe23fa852
    res/drawable/gallery.png 0x9f2159aa
    res/drawable/home.png 0xee2bf81f
    res/drawable/ic_menu_add.png 0x17d7ad63
    res/drawable/ic_menu_archive.png 0x4d5bc4e
    res/drawable/ic_menu_bookmark.png 0xfcf73664
    res/drawable/ic_menu_help.png 0xc92cd626
    res/drawable/ic_menu_home.png 0x58465ade
    res/drawable/ic_menu_info_details.png 0xab72a09e
    res/drawable/ic_menu_preferences.png 0x3ceaf0ac
    res/drawable/ic_menu_refresh.png 0xd8e13f97
    res/drawable/ic_menu_save.png 0xb61e0a7d
    res/drawable/ic_menu_search.png 0xd012d05d
    res/drawable/ic_menu_view.png 0x2e7fd16f
    res/drawable/icon.png 0xedc5602
    res/drawable/music.png 0x91c54f9a
    res/drawable/notes.png 0xbab6324e
    res/drawable/pdf_icon.png 0x7def91b5
    res/drawable/powerpoint_icon1.png 0xd5f4fc0e
    res/drawable/settings.png 0x480e12bb
    res/drawable/video_camera.png 0x29d1bd4a
    res/drawable/video_player.png 0x4aace4df
    res/drawable/word_icon1.png 0x4a93a022
    res/drawable/zip_icon.png 0xd308ab6
    res/drawable-hdpi/btn_default_small_normal.9.png 0xf1298eb5
    res/drawable-hdpi/btn_default_small_pressed.9.png 0x19abf8b0
    res/drawable-hdpi/file_manager.png 0x1ca3f13f
    res/drawable-hdpi/file_manager_r.png 0x43f71dd1
    res/layout/bookmarks.xml 0xfa30dc8a
    res/layout/create_zip.xml 0xa40410b8
    res/layout/database_records.xml 0xff14f9b3
    res/layout/database_tables.xml 0xd4e9727b
    res/layout/display_text.xml 0xb9bdf15a
    res/layout/enter_name.xml 0xf8c9a375
    res/layout/grid_item.xml 0xe0402678
    res/layout/list_item_details.xml 0x5c2e8df1
    res/layout/list_item_simple.xml 0x634046a6
    res/layout/main_p.xml 0xb909094a
    res/layout/main_x10.xml 0xf03ae646
    res/layout/permissions.xml 0x1bd38535
    res/layout/run_script.xml 0xda435956
    res/layout/search_prompt.xml 0x4902f5d1
    res/layout/sql_editor_ad.xml 0x59c3fd7b
    res/layout/table_list_item.xml 0xa21582a0
    res/layout/thumbnail_grid.xml 0xabebe563
    res/xml/preferences.xml 0x95a0c874
    AndroidManifest.xml 0xab86cc92
    classes.dex 0x3fead6dd
    resources.arsc 0x5c3c14f1
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号