VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : 猪神版本.apk (File not down)
File Size :1427623 byte
File Type :application/jar
MD5:e4472223dd0ad31025c98be73e448e5f
SHA1:59ca1a91d0b73bf086f5e2ece08c5f851cf2af58
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!        Behavior
    Time: 2015-10-31 21:56:40 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.4136 25.4136 2015-10-31 Found nothing 9
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 43
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 32
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
  • 文件信息
    安全评分 :
    基本信息
    MD5:e4472223dd0ad31025c98be73e448e5f
    包名:cl.jixingda.wziptv
    最低运行环境:Android 2.2.x
    版权:Android
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.EPD..LNHIH
    MSCTF.MarshalInterface.FileMap.EPD.B.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.C.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.D.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.E.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.F.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.G.KOHIH
    MSCTF.Shared.SFM.EPD
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [Downloading translations...,Static]
    [Window,Class] = [,msctls_progress32]
    行为描述:按名称获取主机地址
    详情信息:router.utorrent.com
    router.bittorrent.com
    computer
    utorrent.com
    i-50.b-000.xyz.bench.utorrent.com
    download-lb.utorrent.com
    进程行为
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.EPD..LNHIH
    MSCTF.MarshalInterface.FileMap.EPD.B.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.C.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.D.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.E.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.F.KOHIH
    MSCTF.MarshalInterface.FileMap.EPD.G.KOHIH
    MSCTF.Shared.SFM.EPD
    行为描述:重命名文件
    详情信息:C:\Documents and Settings\Administrator\Application Data\uTorrent\settings.dat.new ---> C:\Documents and Settings\Administrator\Application Data\uTorrent\settings.dat
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\utt3.tmp---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\1f91d2d17ea675d4c2c3192e241743f9_dcff734b-bc3f-43cb-8911-9b5d467629cf---> Offset = 0
    C:\Documents and Settings\Administrator\Application Data\uTorrent\settings.dat.new---> Offset = 0
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HYD4.tmp.1446300585\index.hta.log---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-*\1f91d2d17ea675d4c2c3192e241743f9_*
    网络行为
    行为描述:发送一个已连接的套接字数据
    详情信息:SOCKET = 0x0000049c, TotalSize = 323, Offset = 0, ReadSize = 323.
    SOCKET = 0x00000484, TotalSize = 221, Offset = 0, ReadSize = 221.
    SOCKET = 0x00000490, TotalSize = 337, Offset = 0, ReadSize = 337.
    行为描述:建立到一个指定的套接字连接
    详情信息:110.110.110.110:80
    行为描述:按名称获取主机地址
    详情信息:router.utorrent.com
    router.bittorrent.com
    computer
    utorrent.com
    i-50.b-000.xyz.bench.utorrent.com
    download-lb.utorrent.com
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*_CLASSES\FalconBetaAccount\remote_access_client_id
    \REGISTRY\USER\S-*\Software\BitTorrent\uTorrent\OfferProvider
    \REGISTRY\USER\S-*\Software\BitTorrent\uTorrent\OfferName
    \REGISTRY\USER\S-*\Software\BitTorrent\uTorrent\OfferAccepted
    \REGISTRY\USER\S-*\Software\BitTorrent\uTorrent\OfferViaCAU
    其他行为
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 1208, Hwnd=0x202a6, Text = Please choose your language, ClassName = Static.
    Pid = 1208, Hwnd=0x202a8, Text = Chinese (Simplified), ClassName = ComboBox.
    Pid = 1208, Hwnd=0x202b4, Text = Downloading translations..., ClassName = Static.
    Pid = 1208, Hwnd=0x302ba, Text = &OK, ClassName = Button.
    Pid = 1208, Hwnd=0x302bc, Text = Cancel, ClassName = Button.
    Pid = 1208, Hwnd=0x1d0142, Text = Choose Language, ClassName = #32770.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [Downloading translations...,Static]
    [Window,Class] = [,msctls_progress32]
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.EPD
    Local\%temp%\1446300617.883534.exe
    Local\µTorrent4823DF041B09
    行为描述:获取系统权限
    详情信息:SE_MANAGE_VOLUME_PRIVILEGE
    危险行为
    行为描述:执行系统命令
    详情信息:[u'netstat']
    动态列表行为
    行为描述:创建数据库
    详情信息:/mnt/sdcard/jixingda.db
    行为描述:读取文件
    详情信息:path:/sys/class/net/lo/ifindex length:7
    path:/sys/class/net/lo/ifindex length:5
    path:/proc/net/if_inet6 length:69
    path:/proc/net/if_inet6 length:5
    path:/sys/class/net/eth0/ifindex length:7
    path:/sys/class/net/eth0/ifindex length:5
    path:/sys/class/net/sit0/ifindex length:7
    path:/sys/class/net/sit0/ifindex length:5
    path:unknown length:69
    path:unknown length:5
    行为描述:加载链接库文件
    详情信息:/data/data/cl.jixingda.wziptv/lib/libp2p.so
    行为描述:获取加密实例
    详情信息:[u'AES/CBC/NoPadding']
    行为描述:Android运行时错误
    详情信息:E/AndroidRuntime( 1541): FATAL EXCEPTION: main
    E/AndroidRuntime( 1541): java.lang.RuntimeException: Unable to instantiate service cl.jixingda.wziptv.OnbootService: java.lang.ClassNotFoundException: cl.jixingda.wziptv.OnbootService
    E/AndroidRuntime( 1541): at android.app.ActivityThread.handleCreateService(ActivityThread.java:2347)
    E/AndroidRuntime( 1541): at android.app.ActivityThread.access$1600(ActivityThread.java:130)
    E/AndroidRuntime( 1541): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1277)
    E/AndroidRuntime( 1541): at android.os.Handler.dispatchMessage(Handler.java:99)
    E/AndroidRuntime( 1541): at android.os.Looper.loop(Looper.java:137)
    E/AndroidRuntime( 1541): at android.app.ActivityThread.main(ActivityThread.java:4745)
    E/AndroidRuntime( 1541): at java.lang.reflect.Method.invokeNative(Native Method)
    E/AndroidRuntime( 1541): at java.lang.reflect.Method.invoke(Method.java:511)
    E/AndroidRuntime( 1541): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:786)
    E/AndroidRuntime( 1541): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
    E/AndroidRuntime( 1541): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:135)
    E/AndroidRuntime( 1541): at dalvik.system.NativeStart.main(Native Method)
    E/AndroidRuntime( 1541): Caused by: java.lang.ClassNotFoundException: cl.jixingda.wziptv.OnbootService
    E/AndroidRuntime( 1541): at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:61)
    E/AndroidRuntime( 1541): at java.lang.ClassLoader.loadClass(ClassLoader.java:501)
    E/AndroidRuntime( 1541): at java.lang.ClassLoader.loadClass(ClassLoader.java:461)
    E/AndroidRuntime( 1541): at android.app.ActivityThread.handleCreateService(ActivityThread.java:2344)
    E/AndroidRuntime( 1541): ... 11 more
    行为描述:执行系统命令
    详情信息:[u'netstat']
    行为描述:窗口信息
    详情信息:{"text": "高清直播", "class": "android.widget.TextView"}
    {"text": "所有頻道", "class": "android.widget.TextView"}
    {"text": "SN:f7bfbb19bb(10.0.2.15)", "class": "android.widget.TextView"}
    行为描述:缓冲区读取一行数据
    详情信息:00000000000000000000000000000001 01 80 10 80 lo
    fe80000000000000505400fffe123456 02 40 20 80 eth0
    null
    00000000000000000000000000000001 01 80 10 80 lo
    fe80000000000000505400fffe123456 02 40 20 80 eth0
    null
    00000000000000000000000000000001 01 80 10 80 lo
    fe80000000000000505400fffe123456 02 40 20 80 eth0
    null
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 127.0.0.1:5037 0.0.0.0:* LISTEN
    tcp 0 0 0.0.0.0:5555 0.0.0.0:* LISTEN
    tcp 0 0 10.0.2.15:5555 10.0.2.2:60271 ESTABLISHED
    null
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@4150c488', u'WM.LayoutParams{(0,0)(fillxfill) ty=1 fl=#1810580 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414af9f8']
    行为描述:初始化Intent
    详情信息:[u'android.os.Parcel@414ad1a8']
    [u'android.os.Parcel@414ad1a8']
    行为描述:获取网络状态信息[*]
    详情信息:NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    Activities
    活动名类型
    com.jixingda.wziptv.MainActivityandroid.intent.action.MAIN
    com.jixingda.wziptv.MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    ContentResolver;->query读取联系人、短信等数据库
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    java/net/URL;->openConnection连接URL
    java/net/URLConnection;->connect连接URL
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    启动方式
    名称信息
    com.jixingda.wziptv.CommonReceiver开机启动服务
    权限列表
    许可名称信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    服务列表
    名称
    cl.jixingda.wziptv.OnbootService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x8b8bac30
    META-INF/CERT.SF 0x5c8932a4
    META-INF/CERT.RSA 0xb852c014
    res/drawable/buttonborder01.xml 0x42b31bd8
    res/layout/activity_fullscreen.xml 0x68f906a4
    AndroidManifest.xml 0x9d6f77e2
    res/drawable/webborder.xml 0xde2d36c0
    res/drawable/channelbar.xml 0x1595f124
    res/drawable/fade_in.xml 0x81948066
    res/drawable-hdpi-v4/ic_launcher.png 0xb7efb32f
    res/drawable/menubar.xml 0x7a81881a
    res/drawable/fade_out.xml 0x2fd2b4bf
    res/drawable-mdpi-v4/ic_launcher.png 0xb7efb32f
    res/menu/main.xml 0xc53ff43b
    lib/armeabi/libp2p.so 0x6cb6bfeb
    res/drawable/buttonborder.xml 0x7095008e
    res/drawable/channelbar01.xml 0x5a70df9a
    res/drawable-xhdpi-v4/ic_launcher.png 0xb7efb32f
    res/drawable/right.png 0x6c65e54b
    lib/mips/libp2p.so 0x2d0d360e
    res/drawable/left.png 0x728db8e3
    resources.arsc 0xbebc9fd6
    res/drawable/sansanlogo.png 0xb7efb32f
    res/layout/mytest.xml 0x6eb4180d
    classes.dex 0x9e660465
    res/drawable-xxhdpi-v4/ic_launcher.png 0xb7efb32f
    res/layout/password.xml 0xd202d39f
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号