手机内存互换（请关注贴吧：矛君吧）.apk MD5:2e6b10234515593932f1984d36381de0 0% Scanner(s) (0/32) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

API

uploader for windows(test)

Powered By

File information

File Name :手机内存互换（请关注贴吧：矛君吧）.apk (File not down)

File Size :2027938 byte

File Type :application/zip

MD5:2e6b10234515593932f1984d36381de0

SHA1:9c5a71ee11d9ce25aee738c455abbb1d7de42923

扫描结果
权限
文件行为分析

Scanner results

Scanner results:0%Scanner(s) (0/32)found malware!

Behavior analysis report: Habo file analysis

Time: 2016-08-17 23:26:46 (CST)

Scanner	Engine Ver	Sig Ver	Sig Date	Scan result	Time
antiy	AVL SDK 3.0		1970-01-01	Found nothing	5
asquared	9.0.0.4324	9.0.0.4324	2014-07-03	Found nothing	2
avast	150725-1	4.7.4	2015-07-25	Found nothing	60
avg	2109/8133	10.0.1405	2014-11-26	Found nothing	60
baidu	2.0.1.0	4.1.3.52192	2.0.1.0	Found nothing	15
baidusd	1.0	1.0	2014-04-02	Found nothing	1
bitdefender	7.58469	7.90123	2014-12-25	Found nothing	60
clamav	19861	0.97.5	2014-12-31	Found nothing	60
drweb	5.0.2.3300	5.0.1.1	2014-12-31	Found nothing	60
fortinet	23.345, 23.345	5.1.158	2014-12-08	Found nothing	60
fprot	4.6.2.117	6.5.1.5418	2014-12-31	Found nothing	60
fsecure	2014-04-02-01	9.13	2014-04-02	Found nothing	60
gdata	25.7912	25.7912	2016-08-17	Found nothing	10
ikarus	1.06.01	V1.32.31.0	2014-12-08	Found nothing	60
jiangmin	16.0.100	1.0.0.0	2015-07-25	Found nothing	42
kaspersky	5.5.33	5.5.33	2014-04-01	Found nothing	60
kingsoft	2.1	2.1	2013-09-22	Found nothing	60
mcafee	7638	5400.1158	2014-11-30	Found nothing	60
nod32	0920	3.0.21	2014-12-23	Found nothing	60
panda	9.05.01	9.05.01	2015-07-26	Found nothing	4
pcc	11.380.07	9.500-1005	2014-12-31	Found nothing	60
qh360	1.0.1	1.0.1	1.0.1	Found nothing	8
qqphone	1.0.0.0	1.0.0.0	2014-12-09	Found nothing	60
quickheal	14.00	14.00	2015-07-25	Found nothing	2
rising	25.76.04.01	25.76.04.01	2015-07-24	Found nothing	1
sophos	5.08	3.55.0	2014-12-01	Found nothing	60
symantec	20141230.001	1.3.0.24	2014-12-30	Found nothing	60
tachyon	9.9.9	9.9.9	2013-12-27	Found nothing	5
thehacker	6.8.0.5	6.8.0.5	2015-07-23	Found nothing	2
tws	17.47.17308	1.0.2.2108	2014-12-08	Found nothing	13
vba	3.12.26.3	3.12.26.3	2014-12-31	Found nothing	60
virusbuster	15.0.985.0	5.5.2.13	2014-12-05	Found nothing	60

■Heuristic/Suspicious ■Exact

NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

权限列表
许可名称	信息
android.permission.INTERNET	连接网络（2G或3G）
android.permission.RECEIVE_BOOT_COMPLETED	接收开机启动广播
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.READ_EXTERNAL_STORAGE	读外部存储器（如：SD卡）
com.android.launcher.permission.INSTALL_SHORTCUT	创建快捷方式
android.permission.READ_PHONE_STATE	读取电话状态
android.permission.ACCESS_NETWORK_STATE	读取网络状态（2G或3G）
android.permission.ACCESS_WIFI_STATE	读取wifi网络状态
android.permission.SYSTEM_ALERT_WINDOW	显示系统窗口
android.permission.GET_TASKS	获取有关当前或最近运行的任务信息
android.permission.ACCESS_FINE_LOCATION	获取精确的位置（通过GPS）
android.permission.WAKE_LOCK	手机屏幕关闭后后台进程仍运行

文件信息

安全评分 :

基本信息
MD5:2e6b10234515593932f1984d36381de0
包名:eu.codlab.int2ext
最低运行环境:Android 4.0, 4.0.1, 4.0.2
版权:Android

关键行为
行为描述:	探测 Virtual PC是否存在
详情信息:	N/A
行为描述:	获取TickCount值
详情信息:	TickCount = 5380765, SleepMilliseconds = 30000.
	TickCount = 5380796, SleepMilliseconds = 30000.
	TickCount = 5410953, SleepMilliseconds = 60000.
	TickCount = 5411281, SleepMilliseconds = 60000.
	TickCount = 5411296, SleepMilliseconds = 60000.
	TickCount = 5411609, SleepMilliseconds = 60000.
	TickCount = 5411921, SleepMilliseconds = 60000.
	TickCount = 5411937, SleepMilliseconds = 60000.
	TickCount = 5412265, SleepMilliseconds = 60000.
	TickCount = 5412281, SleepMilliseconds = 60000.
	TickCount = 5412593, SleepMilliseconds = 60000.
	TickCount = 5412906, SleepMilliseconds = 60000.
	TickCount = 5413218, SleepMilliseconds = 60000.
	TickCount = 5413531, SleepMilliseconds = 60000.
	TickCount = 5413843, SleepMilliseconds = 60000.
行为描述:	利用进程调试属性使系统蓝屏
详情信息:	N/A
行为描述:	创建系统服务
详情信息:	[服务创建成功]: LittleBoy, C:\WINDOWS\temp\svchost.exe
行为描述:	自删除
详情信息:	C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe

进程行为
行为描述:	隐藏窗口创建进程
详情信息:	ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~0.bat"
行为描述:	创建进程
详情信息:	ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~0.bat" "
行为描述:	创建新文件进程
详情信息:	ImagePath = C:\WINDOWS\Temp\svchost.exe, CmdLine = "C:\WINDOWS\temp\svchost.exe" -install
	ImagePath = C:\WINDOWS\Temp\svchost.exe, CmdLine = C:\WINDOWS\temp\svchost.exe
行为描述:	枚举进程
详情信息:	N/A
行为描述:	创建本地线程
详情信息:	TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 1004, StartAddress = 77DC3519, Parameter = 00187ED0
	TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 1856, StartAddress = 77C0A1D7, Parameter = 003F71F8
	TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 1140, StartAddress = 77C0A1D7, Parameter = 003F7288
	TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 744, StartAddress = 77C0A341, Parameter = 003F7288
	TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1456, ThreadID = 160, StartAddress = 765E964D, Parameter = 001B6510

文件行为
行为描述:	创建文件
详情信息:	C:\WINDOWS\Temp\svchost.exe
	C:\Documents and Settings\Administrator\Local Settings\Temp\~0.bat
	C:\WINDOWS\Temp\~DFREG0.tmp
行为描述:	创建可执行文件
详情信息:	C:\WINDOWS\Temp\svchost.exe
行为描述:	复制文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\WINDOWS\temp\svchost.exe
行为描述:	删除文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temp\~0.bat
行为描述:	查找文件
详情信息:	FileName = C:\WINDOWS
	FileName = C:\WINDOWS\temp
	FileName = C:\WINDOWS\temp\svchost.exe
	FileName = C:\WINDOWS\Temp
	FileName = C:\WINDOWS\Temp\svchost.exe
	FileName = C:\Documents and Settings
	FileName = C:\Documents and Settings\Administrator
	FileName = C:\Documents and Settings\Administrator\My Documents
	FileName = C:\Documents and Settings\All Users
	FileName = C:\Documents and Settings\All Users\Documents
	FileName = C:\Documents and Settings\Administrator\桌面
	FileName = C:\Documents and Settings\All Users\桌面
	FileName = C:\DOCUME~1
	FileName = C:\DOCUME~1\ADMINI~1
	FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
行为描述:	修改BAT脚本文件
详情信息:	C:\Documents and Settings\Administrator\Local Settings\Temp\~0.bat ---> Offset = 0
行为描述:	修改文件内容
详情信息:	C:\WINDOWS\Temp\svchost.exe ---> Offset = 0
	C:\WINDOWS\Temp\svchost.exe ---> Offset = 65536
	C:\WINDOWS\Temp\svchost.exe ---> Offset = 4096
	C:\WINDOWS\Temp\svchost.exe ---> Offset = 8192
	C:\WINDOWS\Temp\~DFREG0.tmp ---> Offset = 0
	C:\WINDOWS\Temp\~DFREG0.tmp ---> Offset = 4096
行为描述:	自删除
详情信息:	C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe

网络行为
行为描述:	按名称获取主机地址
详情信息:	DnsQuery_W: www.ddostmd.com
	DnsQuery_W: www.33rbb.com

注册表行为
行为描述:	修改注册表
详情信息:	\REGISTRY\USER\.DEFAULT\Config\
	\REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~0.bat
行为描述:	通过配置文件还原注册表键
详情信息:	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\LittleBoy\

其他行为
行为描述:	探测 Virtual PC是否存在
详情信息:	N/A
行为描述:	创建互斥体
详情信息:	CTF.LBES.MutexDefaultS-*
	CTF.Compart.MutexDefaultS-*
	CTF.Asm.MutexDefaultS-*
	CTF.Layouts.MutexDefaultS-*
	CTF.TMD.MutexDefaultS-*
	CTF.TimListCache.FMPDefaultS-MUTEX.DefaultS-
	Local\ZonesCounterMutex
	Local\ZoneAttributeCacheCounterMutex
	Local\ZonesCacheCounterMutex
	Local\ZonesLockedCacheCounterMutex
行为描述:	创建事件对象
详情信息:	EventName = Global\crypt32LogoffEvent
行为描述:	启动系统服务
详情信息:	[服务启动成功]: LocalSystem, LittleBoy Tools, C:\WINDOWS\temp\svchost.exe
行为描述:	获取TickCount值
详情信息:	TickCount = 5380765, SleepMilliseconds = 30000.
	TickCount = 5380796, SleepMilliseconds = 30000.
	TickCount = 5410953, SleepMilliseconds = 60000.
	TickCount = 5411281, SleepMilliseconds = 60000.
	TickCount = 5411296, SleepMilliseconds = 60000.
	TickCount = 5411609, SleepMilliseconds = 60000.
	TickCount = 5411921, SleepMilliseconds = 60000.
	TickCount = 5411937, SleepMilliseconds = 60000.
	TickCount = 5412265, SleepMilliseconds = 60000.
	TickCount = 5412281, SleepMilliseconds = 60000.
	TickCount = 5412593, SleepMilliseconds = 60000.
	TickCount = 5412906, SleepMilliseconds = 60000.
	TickCount = 5413218, SleepMilliseconds = 60000.
	TickCount = 5413531, SleepMilliseconds = 60000.
	TickCount = 5413843, SleepMilliseconds = 60000.
行为描述:	调整进程token权限
详情信息:	SE_LOAD_DRIVER_PRIVILEGE
	SE_BACKUP_PRIVILEGE
	SE_RESTORE_PRIVILEGE
行为描述:	打开事件
详情信息:	HookSwitchHookEnabledEvent
	Global\SvcctrlStartEvent_A3752DX
	_fCanRegisterWithShellService
	\SECURITY\LSA_AUTHENTICATION_INITIALIZED
	Global\crypt32LogoffEvent
行为描述:	利用进程调试属性使系统蓝屏
详情信息:	N/A
行为描述:	可执行文件签名信息
详情信息:	C:\WINDOWS\Temp\svchost.exe(签名验证: 未通过)
行为描述:	调用Sleep函数
详情信息:	[1]: MilliSeconds = 30000.
	[2]: MilliSeconds = 30000.
	[3]: MilliSeconds = 60000.
	[4]: MilliSeconds = 30000.
	[5]: MilliSeconds = 30000.
	[6]: MilliSeconds = 60000.
	[7]: MilliSeconds = 30000.
	[8]: MilliSeconds = 30000.
	[9]: MilliSeconds = 60000.
	[10]: MilliSeconds = 30000.
行为描述:	可执行文件MD5
详情信息:	C:\WINDOWS\Temp\svchost.exe ---> 2716d60983196159b9ee71b39ee7adf6
行为描述:	打开互斥体
详情信息:	ShimCacheMutex
	Local\!IETld!Mutex
行为描述:	创建系统服务
详情信息:	[服务创建成功]: LittleBoy, C:\WINDOWS\temp\svchost.exe

Activities
活动名	类型
eu.codlab.int2ext.Int2ExtActivity	android.intent.action.MAIN
eu.codlab.int2ext.Int2ExtActivity	android.intent.category.LAUNCHER
eu.codlab.int2ext.c.Oj	android.intent.action.MAIN

危险函数
函数名称	信息
ContentResolver;->query	读取联系人、短信等数据库
TelephonyManager;->getDeviceId	搜集用户手机IMEI码、电话号码、系统版本号等信息
HttpClient;->execute	请求远程服务器
java/net/URL;->openConnection	连接URL
android/app/NotificationManager;->notify	信息通知栏
java/net/HttpURLConnection;->connect	连接URL
LocationManager;->getLastKnownLocation	获取地址位置
getRuntime	获取命令行环境
java/lang/Runtime;->exec	执行字符串命令

启动方式
名称	信息
eu.codlab.int2ext.SwitchAtBootReceiver	开机启动服务
vdc.od.f.Years	网络连接改变时启动服务
eu.codlab.int2ext.a.Me	网络连接改变时启动服务
eu.codlab.int2ext.b.Wu	网络连接改变时启动服务
eu.codlab.int2ext.c.Sop	网络连接改变时启动服务
eu.codlab.int2ext.d.Sk	网络连接改变时启动服务
eu.codlab.int2ext.e.Lsk	网络连接改变时启动服务
com.baidu.appx.app_download.CompleteReceiver
com.baidu.appx.app_download.CompleteReceiver
com.baidu.appx.app_download.CompleteReceiver	应用安装时启动服务
com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver
com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver
com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver
com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver

广告信息
名称	信息
com.baidu	百度

权限列表
许可名称	信息
android.permission.INTERNET	连接网络（2G或3G）
android.permission.RECEIVE_BOOT_COMPLETED	接收开机启动广播
android.permission.WRITE_EXTERNAL_STORAGE	写外部存储器（如：SD卡）
android.permission.READ_EXTERNAL_STORAGE	读外部存储器（如：SD卡）
com.android.launcher.permission.INSTALL_SHORTCUT	创建快捷方式
android.permission.READ_PHONE_STATE	读取电话状态
android.permission.ACCESS_NETWORK_STATE	读取网络状态（2G或3G）
android.permission.ACCESS_WIFI_STATE	读取wifi网络状态
android.permission.SYSTEM_ALERT_WINDOW	显示系统窗口
android.permission.GET_TASKS	获取有关当前或最近运行的任务信息
android.permission.ACCESS_FINE_LOCATION	获取精确的位置（通过GPS）
android.permission.WAKE_LOCK	手机屏幕关闭后后台进程仍运行

服务列表
名称
vdc.od.f.Really
lvvd.tfz.gfm.lr.sw
xxf.ze.vbd.ooz.dn.rxl
eu.codlab.int2ext.a.Gtq
eu.codlab.int2ext.b.Df
eu.codlab.int2ext.c.Wjr
eu.codlab.int2ext.d.Co
eu.codlab.int2ext.e.Nmq
eufu.CVfX.hBmj.LxBg
tk.ta.qp.Ups
xjxe.vpqsx.qszrj

文件列表
文件名	校验码
resources.arsc	0x3cb64c9f
AndroidManifest.xml	0xe06a1651
assets/KnIrE	0xb8763abe
assets/daemon	0xe39b6a09
assets/eu.jpg	0x9c88cb59
classes.dex	0xbdc04927
lib/armeabi/libMD5_v1.so	0xba6758cc
lib/armeabi/libbase64encoder_v1_4.so	0x8c697cea
lib/armeabi/libjllot.so	0x760868e9
lib/armeabi/libnchsd.so	0x1a107901
lib/armeabi/libxoyq.so	0x88149c0f
lib/x86/libMD5_v1.so	0x8b8b743f
lib/x86/libbase64encoder_v1_4.so	0x33e763dd
res/anim/slidein_fromtop.xml	0x573d857b
res/anim/slideout_totop.xml	0x60754a3
res/anim/slidestill.xml	0x66b1874b
res/drawable-hdpi-v4/ic_action_search.png	0x64275be8
res/drawable-hdpi-v4/ic_launcher.png	0xeb882319
res/drawable-ldpi-v4/ic_launcher.png	0x92b94dfe
res/drawable-mdpi-v4/ic_action_search.png	0xb4091fdc
res/drawable-mdpi-v4/ic_launcher.png	0x86793abb
res/drawable-xhdpi-v4/ic_action_search.png	0x3294aee3
res/drawable-xhdpi-v4/ic_launcher.png	0x1a95bd72
res/drawable/download.png	0x649451d9
res/drawable/paypal_button.png	0x836716fd
res/layout/activity_int2_ext_acitivty.xml	0x2884c8c2
res/layout/choicefragment.xml	0xefaa98cc
res/layout/custom_toast.xml	0xab851510
res/menu/activity_int2_ext_activity.xml	0xaa98489b
res/menu/activity_prefs.xml	0x7dfb03f3
res/xml/preferences.xml	0x2ee43ced
META-INF/MANIFEST.MF	0xce5db187
META-INF/CERT.SF	0x74074940
META-INF/CERT.RSA	0xbdcfe3f5

运行截图