VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :手机内存互换 (请关注贴吧:矛君吧).apk (File not down)
File Size :2027938 byte
File Type :application/zip
MD5:2e6b10234515593932f1984d36381de0
SHA1:9c5a71ee11d9ce25aee738c455abbb1d7de42923
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2016-08-17 23:26:46 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 2
    avast 150725-1 4.7.4 2015-07-25 Found nothing 60
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 15
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
    clamav 19861 0.97.5 2014-12-31 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
    gdata 25.7912 25.7912 2016-08-17 Found nothing 10
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 42
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2013-09-22 Found nothing 60
    mcafee 7638 5400.1158 2014-11-30 Found nothing 60
    nod32 0920 3.0.21 2014-12-23 Found nothing 60
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 8
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 60
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 5
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 13
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
  • 文件信息
    安全评分 :
    基本信息
    MD5:2e6b10234515593932f1984d36381de0
    包名:eu.codlab.int2ext
    最低运行环境:Android 4.0, 4.0.1, 4.0.2
    版权:Android
    关键行为
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:获取TickCount值
    详情信息:TickCount = 5380765, SleepMilliseconds = 30000.
    TickCount = 5380796, SleepMilliseconds = 30000.
    TickCount = 5410953, SleepMilliseconds = 60000.
    TickCount = 5411281, SleepMilliseconds = 60000.
    TickCount = 5411296, SleepMilliseconds = 60000.
    TickCount = 5411609, SleepMilliseconds = 60000.
    TickCount = 5411921, SleepMilliseconds = 60000.
    TickCount = 5411937, SleepMilliseconds = 60000.
    TickCount = 5412265, SleepMilliseconds = 60000.
    TickCount = 5412281, SleepMilliseconds = 60000.
    TickCount = 5412593, SleepMilliseconds = 60000.
    TickCount = 5412906, SleepMilliseconds = 60000.
    TickCount = 5413218, SleepMilliseconds = 60000.
    TickCount = 5413531, SleepMilliseconds = 60000.
    TickCount = 5413843, SleepMilliseconds = 60000.
    行为描述:利用进程调试属性使系统蓝屏
    详情信息:N/A
    行为描述:创建系统服务
    详情信息:[服务创建成功]: LittleBoy, C:\WINDOWS\temp\svchost.exe
    行为描述:自删除
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~0.bat"
    行为描述:创建进程
    详情信息:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c ""C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~0.bat" "
    行为描述:创建新文件进程
    详情信息:ImagePath = C:\WINDOWS\Temp\svchost.exe, CmdLine = "C:\WINDOWS\temp\svchost.exe" -install
    ImagePath = C:\WINDOWS\Temp\svchost.exe, CmdLine = C:\WINDOWS\temp\svchost.exe
    行为描述:枚举进程
    详情信息:N/A
    行为描述:创建本地线程
    详情信息:TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 1004, StartAddress = 77DC3519, Parameter = 00187ED0
    TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 1856, StartAddress = 77C0A1D7, Parameter = 003F71F8
    TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 1140, StartAddress = 77C0A1D7, Parameter = 003F7288
    TargetProcess: svchost.exe, InheritedFromPID = 656, ProcessID = 556, ThreadID = 744, StartAddress = 77C0A341, Parameter = 003F7288
    TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1456, ThreadID = 160, StartAddress = 765E964D, Parameter = 001B6510
    文件行为
    行为描述:创建文件
    详情信息:C:\WINDOWS\Temp\svchost.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\~0.bat
    C:\WINDOWS\Temp\~DFREG0.tmp
    行为描述:创建可执行文件
    详情信息:C:\WINDOWS\Temp\svchost.exe
    行为描述:复制文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\WINDOWS\temp\svchost.exe
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\~0.bat
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS
    FileName = C:\WINDOWS\temp
    FileName = C:\WINDOWS\temp\svchost.exe
    FileName = C:\WINDOWS\Temp
    FileName = C:\WINDOWS\Temp\svchost.exe
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\My Documents
    FileName = C:\Documents and Settings\All Users
    FileName = C:\Documents and Settings\All Users\Documents
    FileName = C:\Documents and Settings\Administrator\桌面
    FileName = C:\Documents and Settings\All Users\桌面
    FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    行为描述:修改BAT脚本文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\~0.bat ---> Offset = 0
    行为描述:修改文件内容
    详情信息:C:\WINDOWS\Temp\svchost.exe ---> Offset = 0
    C:\WINDOWS\Temp\svchost.exe ---> Offset = 65536
    C:\WINDOWS\Temp\svchost.exe ---> Offset = 4096
    C:\WINDOWS\Temp\svchost.exe ---> Offset = 8192
    C:\WINDOWS\Temp\~DFREG0.tmp ---> Offset = 0
    C:\WINDOWS\Temp\~DFREG0.tmp ---> Offset = 4096
    行为描述:自删除
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
    网络行为
    行为描述:按名称获取主机地址
    详情信息:DnsQuery_W: www.ddostmd.com
    DnsQuery_W: www.33rbb.com
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\.DEFAULT\Config\
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~0.bat
    行为描述:通过配置文件还原注册表键
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\LittleBoy\
    其他行为
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    行为描述:创建事件对象
    详情信息:EventName = Global\crypt32LogoffEvent
    行为描述:启动系统服务
    详情信息:[服务启动成功]: LocalSystem, LittleBoy Tools, C:\WINDOWS\temp\svchost.exe
    行为描述:获取TickCount值
    详情信息:TickCount = 5380765, SleepMilliseconds = 30000.
    TickCount = 5380796, SleepMilliseconds = 30000.
    TickCount = 5410953, SleepMilliseconds = 60000.
    TickCount = 5411281, SleepMilliseconds = 60000.
    TickCount = 5411296, SleepMilliseconds = 60000.
    TickCount = 5411609, SleepMilliseconds = 60000.
    TickCount = 5411921, SleepMilliseconds = 60000.
    TickCount = 5411937, SleepMilliseconds = 60000.
    TickCount = 5412265, SleepMilliseconds = 60000.
    TickCount = 5412281, SleepMilliseconds = 60000.
    TickCount = 5412593, SleepMilliseconds = 60000.
    TickCount = 5412906, SleepMilliseconds = 60000.
    TickCount = 5413218, SleepMilliseconds = 60000.
    TickCount = 5413531, SleepMilliseconds = 60000.
    TickCount = 5413843, SleepMilliseconds = 60000.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_BACKUP_PRIVILEGE
    SE_RESTORE_PRIVILEGE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    Global\SvcctrlStartEvent_A3752DX
    _fCanRegisterWithShellService
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    Global\crypt32LogoffEvent
    行为描述:利用进程调试属性使系统蓝屏
    详情信息:N/A
    行为描述:可执行文件签名信息
    详情信息:C:\WINDOWS\Temp\svchost.exe(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 30000.
    [2]: MilliSeconds = 30000.
    [3]: MilliSeconds = 60000.
    [4]: MilliSeconds = 30000.
    [5]: MilliSeconds = 30000.
    [6]: MilliSeconds = 60000.
    [7]: MilliSeconds = 30000.
    [8]: MilliSeconds = 30000.
    [9]: MilliSeconds = 60000.
    [10]: MilliSeconds = 30000.
    行为描述:可执行文件MD5
    详情信息:C:\WINDOWS\Temp\svchost.exe ---> 2716d60983196159b9ee71b39ee7adf6
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Local\!IETld!Mutex
    行为描述:创建系统服务
    详情信息:[服务创建成功]: LittleBoy, C:\WINDOWS\temp\svchost.exe
    Activities
    活动名类型
    eu.codlab.int2ext.Int2ExtActivityandroid.intent.action.MAIN
    eu.codlab.int2ext.Int2ExtActivityandroid.intent.category.LAUNCHER
    eu.codlab.int2ext.c.Ojandroid.intent.action.MAIN
    危险函数
    函数名称信息
    ContentResolver;->query读取联系人、短信等数据库
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    HttpClient;->execute请求远程服务器
    java/net/URL;->openConnection连接URL
    android/app/NotificationManager;->notify信息通知栏
    java/net/HttpURLConnection;->connect连接URL
    LocationManager;->getLastKnownLocation获取地址位置
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    启动方式
    名称信息
    eu.codlab.int2ext.SwitchAtBootReceiver开机启动服务
    vdc.od.f.Years网络连接改变时启动服务
    eu.codlab.int2ext.a.Me网络连接改变时启动服务
    eu.codlab.int2ext.b.Wu网络连接改变时启动服务
    eu.codlab.int2ext.c.Sop网络连接改变时启动服务
    eu.codlab.int2ext.d.Sk网络连接改变时启动服务
    eu.codlab.int2ext.e.Lsk网络连接改变时启动服务
    com.baidu.appx.app_download.CompleteReceiver
    com.baidu.appx.app_download.CompleteReceiver
    com.baidu.appx.app_download.CompleteReceiver应用安装时启动服务
    com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver
    com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver
    com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver
    com.baidu.autoupdatesdk.receiver.BDBroadcastReceiver
    广告信息
    名称信息
    com.baidu百度
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    服务列表
    名称
    vdc.od.f.Really
    lvvd.tfz.gfm.lr.sw
    xxf.ze.vbd.ooz.dn.rxl
    eu.codlab.int2ext.a.Gtq
    eu.codlab.int2ext.b.Df
    eu.codlab.int2ext.c.Wjr
    eu.codlab.int2ext.d.Co
    eu.codlab.int2ext.e.Nmq
    eufu.CVfX.hBmj.LxBg
    tk.ta.qp.Ups
    xjxe.vpqsx.qszrj
    文件列表
    文件名 校验码
    resources.arsc 0x3cb64c9f
    AndroidManifest.xml 0xe06a1651
    assets/KnIrE 0xb8763abe
    assets/daemon 0xe39b6a09
    assets/eu.jpg 0x9c88cb59
    classes.dex 0xbdc04927
    lib/armeabi/libMD5_v1.so 0xba6758cc
    lib/armeabi/libbase64encoder_v1_4.so 0x8c697cea
    lib/armeabi/libjllot.so 0x760868e9
    lib/armeabi/libnchsd.so 0x1a107901
    lib/armeabi/libxoyq.so 0x88149c0f
    lib/x86/libMD5_v1.so 0x8b8b743f
    lib/x86/libbase64encoder_v1_4.so 0x33e763dd
    res/anim/slidein_fromtop.xml 0x573d857b
    res/anim/slideout_totop.xml 0x60754a3
    res/anim/slidestill.xml 0x66b1874b
    res/drawable-hdpi-v4/ic_action_search.png 0x64275be8
    res/drawable-hdpi-v4/ic_launcher.png 0xeb882319
    res/drawable-ldpi-v4/ic_launcher.png 0x92b94dfe
    res/drawable-mdpi-v4/ic_action_search.png 0xb4091fdc
    res/drawable-mdpi-v4/ic_launcher.png 0x86793abb
    res/drawable-xhdpi-v4/ic_action_search.png 0x3294aee3
    res/drawable-xhdpi-v4/ic_launcher.png 0x1a95bd72
    res/drawable/download.png 0x649451d9
    res/drawable/paypal_button.png 0x836716fd
    res/layout/activity_int2_ext_acitivty.xml 0x2884c8c2
    res/layout/choicefragment.xml 0xefaa98cc
    res/layout/custom_toast.xml 0xab851510
    res/menu/activity_int2_ext_activity.xml 0xaa98489b
    res/menu/activity_prefs.xml 0x7dfb03f3
    res/xml/preferences.xml 0x2ee43ced
    META-INF/MANIFEST.MF 0xce5db187
    META-INF/CERT.SF 0x74074940
    META-INF/CERT.RSA 0xbdcfe3f5
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号