VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :局域网杀手.apk (File not down)
File Size :9862339 byte
File Type :application/zip
MD5:393ead94d606a117b5dff689f7c72b7d
SHA1:a121b49203e64ce70a57dccedec805ab6132e803
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2018-02-19 20:11:55 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 6
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 2
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14887 10.0.1405 2018-02-10 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 24326 0.97.5 2018-02-18 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2018-02-02 Found nothing 60
    fortinet 1.000, 55.257, 55.162, 55.191 5.4.247 2018-02-19 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.16074 25.16074 2018-02-19 Found nothing 18
    ikarus 4.00.06 V1.32.31.0 2018-02-18 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-12-22 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2018-02-18 Found nothing 6
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6921 3.0.21 2018-02-17 Found nothing 60
    panda 9.05.01 9.05.01 2018-02-18 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-11-18 Found nothing 4
    rising 3241 3241 2017-12-26 Found nothing 3
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2018-02-16 Found nothing 3
    tws 17.47.17308 1.0.2.2108 2018-02-18 Found nothing 16
    vba 3.12.29.5 beta 3.12.29.5 beta 2018-02-16 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.VIBRATE允许设备震动
    android.permission.RESTART_PACKAGES重启其他程序
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.CAMERA访问照相机设备
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.RECORD_AUDIO录音(使用AudioRecord)
  • 文件信息
    安全评分 :
    基本信息
    MD5:393ead94d606a117b5dff689f7c72b7d
    包名:com.liyang.lankiller
    最低运行环境:Android 4.0, 4.0.1, 4.0.2
    版权:we
    关键行为
    行为描述:直接调用系统关键API
    详情信息:Index = 0x000000E9, Name: NtSetLdtEntries, Instruction Address = 0x004011EF
    行为描述:获取TickCount值
    详情信息:TickCount = 230968, SleepMilliseconds = 5000.
    TickCount = 230984, SleepMilliseconds = 5000.
    TickCount = 231000, SleepMilliseconds = 5000.
    TickCount = 231015, SleepMilliseconds = 5000.
    TickCount = 231125, SleepMilliseconds = 5000.
    TickCount = 231203, SleepMilliseconds = 5000.
    TickCount = 231250, SleepMilliseconds = 5000.
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00000000, ResName: , ResType: bin
    行为描述:修改注册表_BHO
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\
    进程行为
    行为描述:创建新文件进程
    详情信息:[0x00000a70]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe"
    行为描述:枚举进程
    详情信息:N/A
    行为描述:创建本地线程
    详情信息:TargetProcess: svchost.exe, InheritedFromPID = 976, ProcessID = 2672, ThreadID = 2892, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: svchost.exe, InheritedFromPID = 976, ProcessID = 2672, ThreadID = 2896, StartAddress = 10012375, Parameter = 003F3F68
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe
    C:\WINDOWS\system32\css2_32.dll
    行为描述:添加计划任务
    详情信息:C:\WINDOWS\Tasks\RhIEc1EAY8.job
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe
    行为描述:复制文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    行为描述:删除文件
    详情信息:C:\WINDOWS\Tasks\RhIEc1EAY8.job
    行为描述:查找文件
    详情信息:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe ---> Offset = 4096
    C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe ---> Offset = 8192
    C:\WINDOWS\Tasks\RhIEc1EAY8.job ---> Offset = 0
    C:\WINDOWS\system32\css2_32.dll ---> Offset = 0
    C:\WINDOWS\system32\css2_32.dll ---> Offset = 77824
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\Install
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\InprocServer32\ThreadingModel
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\ProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\TypeLib\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\VersionIndependentProgID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CSS2.CSS2\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CSS2.CSS2\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CSS2.CSS2\CurVer\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CSS2.CSS2.1\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CSS2.CSS2.1\CLSID\
    \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\
    \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2D0363EE-AC63-41e1-A02D-C996B48B0ED3}\1.0\0\win32\
    行为描述:修改注册表_BHO
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A9077BD-05AE-4fdf-AB2E-4128C43C4635}\
    其他行为
    行为描述:创建互斥体
    详情信息:yDDVZp8djPzA7SQGlLdL
    行为描述:创建事件对象
    详情信息:EventName = Global\userenv: User Profile setup event
    EventName = yDDVZp8djPzA7SQGlLdL
    EventName = ihZQYxojenZyNljY1zPL
    EventName = XpG2Kvk15QlvqE9NhJAj
    EventName = 9RcyjB35774JR9CA7xDx
    行为描述:获取TickCount值
    详情信息:TickCount = 230968, SleepMilliseconds = 5000.
    TickCount = 230984, SleepMilliseconds = 5000.
    TickCount = 231000, SleepMilliseconds = 5000.
    TickCount = 231015, SleepMilliseconds = 5000.
    TickCount = 231125, SleepMilliseconds = 5000.
    TickCount = 231203, SleepMilliseconds = 5000.
    TickCount = 231250, SleepMilliseconds = 5000.
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    行为描述:查找PE资源信息
    详情信息:(FindResourceA) hModule = 0x00000000, ResName: , ResType: bin
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 600000.
    [2]: MilliSeconds = 5000.
    [3]: MilliSeconds = 5000.
    [4]: MilliSeconds = 5000.
    [5]: MilliSeconds = 5000.
    [6]: MilliSeconds = 5000.
    [7]: MilliSeconds = 5000.
    [8]: MilliSeconds = 5000.
    [9]: MilliSeconds = 5000.
    [10]: MilliSeconds = 5000.
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\svchost.exe ---> 369db4c3800acc312ac3b71d1124a24b
    行为描述:直接调用系统关键API
    详情信息:Index = 0x000000E9, Name: NtSetLdtEntries, Instruction Address = 0x004011EF
    行为描述:加载新释放的文件
    详情信息:Image: C:\WINDOWS\system32\css2_32.dll.
    Activities
    活动名类型
    com.liyang.lankiller.activity.SplashActivityandroid.intent.action.MAIN
    com.liyang.lankiller.activity.SplashActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    java/net/URL;->openConnection连接URL
    TelephonyManager;->getLine1Number获取手机号
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    ContentResolver;->query读取联系人、短信等数据库
    HttpClient;->execute请求远程服务器
    java/net/HttpURLConnection;->connect连接URL
    启动方式
    名称信息
    com.liyang.lankiller.service.SpoofService$MesageBroadcastReceiver
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.VIBRATE允许设备震动
    android.permission.RESTART_PACKAGES重启其他程序
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.CAMERA访问照相机设备
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.RECORD_AUDIO录音(使用AudioRecord)
    服务列表
    名称
    com.liyang.lankiller.service.SpoofService
    com.qq.e.comm.DownloadService
    com.alibaba.mtl.appmonitor.AppMonitorService
    Providers
    名字信息
    com.alibaba.sdk.android.feedback.util.FBFileProvider
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xeff979f
    META-INF/LIYANG.SF 0x6853b672
    META-INF/LIYANG.RSA 0x5363f230
    assets/gdt_plugin/gdtadv2.jar 0xc02cc863
    build-data.properties 0x67650867
    classes.dex 0x9e34b5c1
    error_prone/Annotations.gwt.xml 0xc98b56d2
    jsr305_annotations/Jsr305_annotations.gwt.xml 0xda2c535b
    org/jsoup/nodes/entities-base.properties 0xa436299f
    org/jsoup/nodes/entities-full.properties 0x98e43a72
    protobuf.meta 0xd3012844
    res/drawable-hdpi-v4/bg_bottom_line.png 0x8de01972
    res/drawable-hdpi-v4/lvi_line.png 0x4c31d9a5
    res/drawable-hdpi-v4/shadow_bg.png 0x773c3b65
    res/drawable-xhdpi-v4/ali_feedback_common_back_btn_normal.png 0xdb6276ba
    res/drawable-xhdpi-v4/ali_feedback_common_back_btn_pressed.png 0x8f0b7334
    res/drawable-xhdpi-v4/ali_feedback_ic_element_noresult.png 0x34e63812
    res/drawable-xhdpi-v4/ali_feedback_icon_back_white.png 0xb2609f1b
    res/drawable-xhdpi-v4/ali_feedback_icon_more.png 0x752366ba
    res/drawable-xhdpi-v4/ali_feedback_pub_btn_white_nor.9.png 0x3ac9f032
    res/drawable-xhdpi-v4/hardware_computer.png 0x53261289
    res/drawable-xhdpi-v4/hardware_phone.png 0x78752ac2
    res/drawable-xhdpi-v4/hardware_wifi.png 0x2ecb45a1
    res/drawable-xhdpi-v4/ic_launcher.png 0x1e85a1b1
    res/drawable-xxxhdpi-v4/btn_add.png 0x8536c9d4
    res/drawable-xxxhdpi-v4/btn_add1.png 0xe83d83fe
    res/drawable-xxxhdpi-v4/btn_back.png 0xfd46ae76
    res/drawable-xxxhdpi-v4/btn_clear.png 0x19106fb4
    res/drawable-xxxhdpi-v4/btn_copy.png 0x1363ad59
    res/drawable-xxxhdpi-v4/btn_cut.png 0xe818bcbf
    res/drawable-xxxhdpi-v4/btn_feedback.png 0x7a9dad4d
    res/drawable-xxxhdpi-v4/btn_help.png 0x99e70b8c
    res/drawable-xxxhdpi-v4/btn_hide.png 0xe8abf2ee
    res/drawable-xxxhdpi-v4/btn_revive.png 0x1df10685
    res/drawable-xxxhdpi-v4/btn_scan.png 0x5f10d657
    res/drawable-xxxhdpi-v4/btn_setting.png 0x58d9253c
    res/drawable-xxxhdpi-v4/btn_show.png 0x3f6131fc
    res/drawable-xxxhdpi-v4/btn_submit.png 0x652af7e0
    res/drawable-xxxhdpi-v4/btn_toolkit.png 0x778a2e49
    res/drawable-xxxhdpi-v4/btn_toolkit1.png 0x192607ff
    res/drawable-xxxhdpi-v4/btn_update.png 0x74b8d138
    res/drawable-xxxhdpi-v4/checkbox_bg.png 0x5e0edf2
    res/drawable-xxxhdpi-v4/checkbox_bg_checked.png 0x5a662f1a
    res/drawable-xxxhdpi-v4/function_net_speed.png 0x679144d1
    res/drawable-xxxhdpi-v4/function_new_hosts.png 0x5d002865
    res/drawable-xxxhdpi-v4/function_wifi_password.png 0xf1655e38
    res/drawable-xxxhdpi-v4/ic_launcher.png 0x540012d9
    res/drawable-xxxhdpi-v4/icon.png 0x777d051b
    res/drawable-xxxhdpi-v4/icon_online_0.png 0x6876b10f
    res/drawable-xxxhdpi-v4/icon_online_1.png 0x6e76260f
    res/drawable-xxxhdpi-v4/icon_online_2.png 0x2bb477fd
    res/drawable-xxxhdpi-v4/icon_online_3.png 0x90b1a1e9
    res/drawable-xxxhdpi-v4/icon_online_4.png 0x78c050db
    res/drawable-xxxhdpi-v4/icon_online_5.png 0x6f21d6b2
    res/drawable-xxxhdpi-v4/speed_chart_bg.png 0x647688fb
    res/drawable-xxxhdpi-v4/speed_chart_pointer1.png 0xf1e39f20
    res/drawable-xxxhdpi-v4/speed_chart_pointer2.png 0x2c574cd9
    res/drawable-xxxhdpi-v4/splash.png 0x384b1f46
    res/drawable/ali_feedback_common_back_btn_bg.xml 0xbbc98191
    res/drawable/ali_feedback_commont_title_btn_text.xml 0x66490d17
    res/drawable/ali_feedback_icon_redpoint.xml 0x7c281bed
    res/drawable/ali_feedback_popup_bg.xml 0x52d2614a
    res/drawable/ali_feedback_progress_bar_states.xml 0xffffedc5
    res/drawable/layer_list_progressbar.xml 0x24d2d3a7
    res/drawable/selector_button_click.xml 0xf21b2239
    res/drawable/selector_button_show_password.xml 0xc2b18906
    res/drawable/selector_checkbox_bg.xml 0x9fb91cd6
    res/drawable/selector_host_button_click.xml 0xceaaac4f
    res/drawable/selector_item_bg.xml 0xfb97c08
    res/drawable/shape_line_dark.xml 0x6008493f
    res/drawable/shape_line_light.xml 0x75adb8b7
    res/layout-v17/ali_feedback_container_layout.xml 0xfc6376c9
    res/layout/activity_about.xml 0x799ce602
    res/layout/activity_host_detail.xml 0xeacb1cf
    res/layout/activity_hosts_file.xml 0xac7cdba1
    res/layout/activity_hosts_file_edit.xml 0xee3b20ff
    res/layout/activity_main.xml 0x60f4b27b
    res/layout/activity_net_speed.xml 0x43006b8c
    res/layout/activity_setting.xml 0x5b5315b3
    res/layout/activity_splash.xml 0x6dc4e4e2
    res/layout/activity_toolkit.xml 0x5f19089a
    res/layout/activity_wifi.xml 0xb2de51fa
    res/layout/ali_feedback_container_layout.xml 0xe8a44f9f
    res/layout/ali_feedback_error.xml 0x513b4ed0
    res/layout/dialog_remark.xml 0x4fb7f033
    res/layout/grid_item_function.xml 0xb4bec891
    res/layout/listview_item_host.xml 0x948d71da
    res/layout/listview_item_host_port.xml 0xe91e2dc9
    res/layout/listview_item_hosts_file.xml 0x52011306
    res/layout/listview_item_speed_history.xml 0x40d9d87
    res/layout/listview_item_wifi.xml 0x4621e0e9
    res/menu/main.xml 0xb325bf6
    res/raw/a38d30f31eada833e8df8bc4d9925cab 0x89c6d95
    res/raw/a5fec2518d5abb4815b1834903b5bf2f 0x777d52b4
    res/raw/b04814677d2e361ef644823afa044334 0x5112c6cd
    res/raw/b65a99b214ab6ca63aa93753532e9d3c 0xf6c4a8c6
    res/raw/b6fe493214597921598e72948f0ca77d 0x8079d0ff
    res/raw/bac6315f89744eb8020be91da6eeca8d 0xd1782c33
    res/raw/c237548566edd25de44fecf68a3f1cf1 0xa795dcb5
    res/raw/cc24b1cb2b37d2692c35f52014d4f4ac 0x6e07c557
    res/raw/cc819609d8ceb9434b36f47ef2165fe2 0x68cf6fe6
    res/raw/ce219a0c3366ee992cae7275ddc92f73 0x95887de6
    res/raw/d4d1f8182bcf479c72536a69d809bf74 0xae1224a8
    res/raw/d8428b466bd23f67b51610642462fbb3 0xd7cceba3
    res/raw/d8fe28a7f4c7431dbd3cb1d31ab5ca8a 0xdc8388e9
    res/raw/dbae07fd6f1e6e972e92898828e5281e 0xef0dbad9
    res/raw/e5bc7e40d64ef8c003e1249d6b924a87 0xca9d7d07
    res/raw/e8e4eba6dc35ac291f4f3d51bb6b0904 0x14e1ad22
    res/raw/fa322e477faa92500b49ae759079c4dd 0x50a23a00
    res/raw/gdt_file_path.xml 0xb332b87b
    res/xml/alifb_provider_paths.xml 0x49d595d6
    resources.arsc 0x1610c594
    third_party/java_src/error_prone/project/annotations/Annotations.gwt.xml 0x3ddeaac0
    third_party/java_src/error_prone/project/annotations/Google_internal.gwt.xml 0xb127680a
    AndroidManifest.xml 0x5639c
    lib/armeabi/libSecShell-x86.so 0x15c0b188
    lib/armeabi/libSecShell.so 0x24415c5c
    assets/secData0.jar 0xd7ebd955
    assets/meta-data/rsa.sig 0xe1d3a243
    assets/meta-data/rsa.pub 0xcd5ab13c
    assets/meta-data/manifest.mf 0x1f3b9afb
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号