VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :com.rookiestudio.perfectviewer_071737.apk (File not down)
File Size :7208351 byte
File Type :application/jar
MD5:ebed07bd42c57e0da9c1855a4b46e5f5
SHA1:97169e7b8c3136b663237e4f2353d226225b718a
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2015-10-25 04:54:15 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 7
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 5
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 4
    baidusd 1.0 1.0 2014-04-02 Found nothing 6
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.4043 25.4043 2015-10-25 Found nothing 21
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 57
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 7
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 5
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 16
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 26
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 9
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 24
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.SET_WALLPAPER设置桌面壁纸
    android.permission.SET_WALLPAPER_HINTS设置壁纸提示
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.GET_ACCOUNTS访问账户列表
    android.permission.USE_CREDENTIALS获取认证令牌
    android.permission.INTERNET连接网络(2G或3G)
  • 文件信息
    安全评分 :
    基本信息
    MD5:ebed07bd42c57e0da9c1855a4b46e5f5
    包名:com.rookiestudio.perfectviewer
    最低运行环境:Android 2.2.x
    版权:RookieStudio
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.AFH..JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.B.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.C.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.D.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.E.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.F.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.G.JNIGH
    MSCTF.Shared.SFM.AFH
    MSCTF.MarshalInterface.FileMap.AFH.H.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.I.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.J.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.K.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.L.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.M.HIPKH
    行为描述:DLL样本(x86)
    详情信息:N/A
    进程行为
    行为描述:创建进程
    详情信息:ImagePath = C:\WINDOWS\system32\Regsvr32.exe, CmdLine = Regsvr32.exe c:\docume~1\admini~1\locals~1\%temp%\996e.dll
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.AFH..JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.B.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.C.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.D.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.E.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.F.JNIGH
    MSCTF.MarshalInterface.FileMap.AFH.G.JNIGH
    MSCTF.Shared.SFM.AFH
    MSCTF.MarshalInterface.FileMap.AFH.H.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.I.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.J.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.K.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.L.HIPKH
    MSCTF.MarshalInterface.FileMap.AFH.M.HIPKH
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03be3ac4-84b7-4e0e-a78d-d3524e60395a}\InprocServer32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\DirectShow\MediaObjects\03be3ac4-84b7-4e0e-a78d-d3524e60395a\
    \REGISTRY\MACHINE\SOFTWARE\Classes\DirectShow\MediaObjects\03be3ac4-84b7-4e0e-a78d-d3524e60395a\InputTypes
    \REGISTRY\MACHINE\SOFTWARE\Classes\DirectShow\MediaObjects\03be3ac4-84b7-4e0e-a78d-d3524e60395a\OutputTypes
    行为描述:删除注册表键
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\DirectShow\MediaObjects\03be3ac4-84b7-4e0e-a78d-d3524e60395a
    其他行为
    行为描述:创建互斥体
    详情信息:SHIMLIB_LOG_MUTEX
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.AFH
    行为描述:DLL样本(x86)
    详情信息:N/A
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    危险行为
    行为描述:执行系统命令
    详情信息:[u'cat /proc/meminfo']
    动态列表行为
    行为描述:传递附加信息
    详情信息:StackTrace:java.lang.NullPointerException --------- Stack trace --------- com.rookiestudio.perfectviewer.TScanBookService$TScanBookThread.ScanEnd(TScanBookService.java:589) com.rookiestudio.perfectviewer.TScanBookService$TScanBookThread.run(TScanBookService.java:534) java.lang.Thread.run(Thread.java:856)
    Activity:com.rookiestudio.perfectviewer.TViewerMain
    CPU:armeabi-v7a
    行为描述:创建数据库
    详情信息:/data/data/com.rookiestudio.perfectviewer/files/perfectviewer.db
    行为描述:执行系统命令
    详情信息:[u'cat /proc/meminfo']
    行为描述:读取文件
    详情信息:path:/proc/cpuinfo length:69
    path:unknown length:69
    path:/data/data/com.rookiestudio.perfectviewer/shared_prefs/perfect_viewer_settings.xml length:261
    行为描述:加载链接库文件
    详情信息:/data/data/com.rookiestudio.perfectviewer/lib/libimage_processor_neon.so
    行为描述:模拟器驱动文件初始化
    详情信息:/proc/cpuinfo
    行为描述:读取系统设置
    详情信息:[u'android.app.ContextImpl$ApplicationContentResolver@414ff1d8', u'sound_effects_enabled']
    [u'android.app.ContextImpl$ApplicationContentResolver@414ff1d8', u'sound_effects_enabled']
    行为描述:初始化IntentFilter
    详情信息:[u'android.intent.action.BATTERY_CHANGED']
    [u'android.net.conn.CONNECTIVITY_CHANGE']
    [u'android.intent.action.BATTERY_CHANGED']
    [u'android.net.conn.CONNECTIVITY_CHANGE']
    [u'android.intent.action.BATTERY_CHANGED']
    [u'android.net.conn.CONNECTIVITY_CHANGE']
    行为描述:注册广播接收器
    详情信息:[u'com.rookiestudio.perfectviewer.utils.TSDCardStatus@4152f9e0', u'android.content.IntentFilter@41596950']
    [u'com.rookiestudio.perfectviewer.TPerfectViewer$1@41524750', u'android.content.IntentFilter@414a7208']
    [u'com.rookiestudio.perfectviewer.TPerfectViewer$2@415311d0', u'android.content.IntentFilter@414a8440']
    [u'com.rookiestudio.perfectviewer.utils.TSDCardStatus@4156ba30', u'android.content.IntentFilter@41528440']
    [u'com.rookiestudio.perfectviewer.TPerfectViewer$1@4158eca8', u'android.content.IntentFilter@41526b78']
    [u'com.rookiestudio.perfectviewer.TPerfectViewer$2@4158efc0', u'android.content.IntentFilter@415a6120']
    [u'com.rookiestudio.perfectviewer.utils.TSDCardStatus@41567320', u'android.content.IntentFilter@4153bc48']
    [u'com.rookiestudio.perfectviewer.TPerfectViewer$1@41599b18', u'android.content.IntentFilter@41575d60']
    [u'com.rookiestudio.perfectviewer.TPerfectViewer$2@41599e30', u'android.content.IntentFilter@41553e20']
    行为描述:窗口信息
    详情信息:{"text": "Perfect Viewer 2.7.1.5", "class": "android.widget.TextView"}
    {"text": "©2010-2015 RookieStudio All rights reserved.
    This software is free for use.
    If you think Perfect Viewer is useful software and would like to help us make it even better. please make a donation.
    Thank you very much!
    RookieStudio", "class": "android.widget.TextView"}
    {"text": "Changelog", "class": "android.widget.Button"}
    {"text": "Donate", "class": "android.widget.Button"}
    {"text": "OK", "class": "android.widget.Button"}
    {"text": "Quick setup", "class": "android.widget.TextView"}
    {"text": "Select mode", "class": "android.widget.TextView"}
    {"text": "Comic mode", "class": "android.widget.TextView"}
    {"text": "Touch zone style", "class": "android.widget.TextView"}
    {"text": "Normal", "class": "android.widget.TextView"}
    {"text": "Startup screen", "class": "android.widget.TextView"}
    {"text": "Default", "class": "android.widget.TextView"}
    {"text": "Reading direction", "class": "android.widget.TextView"}
    {"text": "Right to left", "class": "android.widget.RadioButton"}
    {"text": "Left to right", "class": "android.widget.RadioButton"}
    {"text": "Choose bookshelf folder", "class": "android.widget.Button"}
    {"text": "Bookshelf folder:Not specified", "class": "android.widget.TextView"}
    {"text": "Cancel", "class": "android.widget.Button"}
    {"text": "OK", "class": "android.widget.Button"}
    行为描述:缓冲区读取一行数据
    详情信息:Processor : ARMv7 Processor rev 0 (v7l)
    BogoMIPS : 369.45
    Features : swp half thumb fastmult vfp edsp neon vfpv3
    MemTotal: 841036 kB
    Processor : ARMv7 Processor rev 0 (v7l)
    BogoMIPS : 369.45
    Features : swp half thumb fastmult vfp edsp neon vfpv3
    Processor : ARMv7 Processor rev 0 (v7l)
    BogoMIPS : 369.45
    Features : swp half thumb fastmult vfp edsp neon vfpv3
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@4151bb60', u'WM.LayoutParams{(0,0)(fillxfill) ty=1 fl=#1810500 pfl=0x8 wanim=0x103028f sbrt=-0.01}', u'android.view.CompatibilityInfoHolder@414b8a10']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@4154b468', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#1820002 pfl=0x8 fmt=-3 wanim=0x7f0a0080}', u'android.view.CompatibilityInfoHolder@414b8a10']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41c322c0', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#1820002 pfl=0x8 fmt=-3 wanim=0x7f0a0080}', u'android.view.CompatibilityInfoHolder@414b8a10']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41c3dda8', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#1820002 pfl=0x8 fmt=-3 wanim=0x7f0a0080}', u'android.view.CompatibilityInfoHolder@414b8a10']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41532d38', u'WM.LayoutParams{(0,0)(wrapxwrap) sim=#120 ty=1 fl=#1800002 pfl=0x8 fmt=-3 wanim=0x7f0a0080}', u'android.view.CompatibilityInfoHolder@414b0a70']
    行为描述:写入文件
    详情信息:path:/data/data/com.rookiestudio.perfectviewer/shared_prefs/perfect_viewer_settings.xml length:119
    path:/data/data/com.rookiestudio.perfectviewer/shared_prefs/perfect_viewer_settings.xml length:162
    path:/data/data/com.rookiestudio.perfectviewer/shared_prefs/perfect_viewer_settings.xml length:261
    path:/data/data/com.rookiestudio.perfectviewer/shared_prefs/perfect_viewer_settings.xml length:261
    行为描述:调用Intent的setAction
    详情信息:[u'null']
    行为描述:激活Activity
    详情信息:{"FLAG":196608,"COMPONENT_NAME":"ComponentInfo{com.rookiestudio.perfectviewer\/com.rookiestudio.perfectviewer.TViewerMain}"}
    {"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.rookiestudio.perfectviewer\/com.rookiestudio.perfectviewer.CrashHandler}","EXTRAS":{"CPU":"armeabi-v7a","Activity":"com.rookiestudio.perfectviewer.TViewerMain","StackTrace":"java.lang.NullPointerException\n\n--------- Stack trace ---------\n\n com.rookiestudio.perfectviewer.TScanBookService$TScanBookThread.ScanEnd(TScanBookService.java:589)\n com.rookiestudio.perfectviewer.TScanBookService$TScanBookThread.run(TScanBookService.java:534)\n java.lang.Thread.run(Thread.java:856)\n"}}
    行为描述:初始化Intent
    详情信息:[u'android.os.Parcel@414b5fe8']
    [u'android.os.Parcel@414b6028']
    [u'com.rookiestudio.perfectviewer.TStartup@4159c998', u'class com.rookiestudio.perfectviewer.TViewerMain']
    [u'android.os.Parcel@414b6028']
    [u'android.os.Parcel@414b6028']
    [u'com.rookiestudio.perfectviewer.TViewerMain@41573740', u'class com.rookiestudio.perfectviewer.CrashHandler']
    [u'android.os.Parcel@414adf90']
    [u'android.os.Parcel@414adfd0']
    [u'android.os.Parcel@414aedc0']
    [u'android.os.Parcel@414aed80']
    Activities
    活动名类型
    com.rookiestudio.perfectviewer.TStartupandroid.intent.action.MAIN
    com.rookiestudio.perfectviewer.TStartupandroid.intent.action.VIEW
    com.rookiestudio.perfectviewer.TStartupandroid.intent.action.SET_WALLPAPER
    com.rookiestudio.perfectviewer.TStartupandroid.intent.category.LAUNCHER
    com.rookiestudio.perfectviewer.TStartupandroid.intent.category.LEANBACK_LAUNCHER
    com.rookiestudio.perfectviewer.TStartupandroid.intent.category.MULTIWINDOW_LAUNCHER
    com.rookiestudio.perfectviewer.TStartupandroid.intent.category.DEFAULT
    com.rookiestudio.perfectviewer.plugin.TPluginInitActivityandroid.intent.action.VIEW
    com.rookiestudio.perfectviewer.plugin.TPluginInitActivityandroid.intent.category.BROWSABLE
    com.rookiestudio.perfectviewer.plugin.TPluginInitActivityandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    ContentResolver;->query读取联系人、短信等数据库
    LocationManager;->getLastKnownLocation获取地址位置
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    ContentResolver;->delete删除短信、联系人
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    HttpClient;->execute请求远程服务器
    启动方式
    名称信息
    com.rookiestudio.perfectviewer.TBootReceiver开机启动服务
    权限列表
    许可名称信息
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.SET_WALLPAPER设置桌面壁纸
    android.permission.SET_WALLPAPER_HINTS设置壁纸提示
    android.permission.WRITE_EXTERNAL_STORAGE写外