VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :YJ一键抓包.apk (File not down)
File Size :992203 byte
File Type :application/zip
MD5:93954e385848d0296f72a46f49f64361
SHA1:7a81dd31ea44322da78557e2e41e7cda91083523
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2015-10-27 18:56:16 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.4073 25.4073 2015-10-26 Android.Trojan.AutoSMS.QF 8
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 40
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 16
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 13
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_PHONE_STATE读取电话状态
  • 文件信息
    安全评分 :
    基本信息
    MD5:93954e385848d0296f72a46f49f64361
    包名:com.liuyj.zb.cn
    最低运行环境:Android 2.2.x
    版权:Android
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.MFF..DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.B.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.C.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.D.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.E.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.F.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.G.DEHGH
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [帮助,Button]
    行为描述:修改注册表_启动项
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vampiro
    进程行为
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.MFF..DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.B.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.C.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.D.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.E.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.F.DEHGH
    MSCTF.MarshalInterface.FileMap.MFF.G.DEHGH
    行为描述:创建可执行文件
    详情信息:C:\WINDOWS\system32\WDD.EXE
    行为描述:修改新生成的可执行文件
    详情信息:C:\WINDOWS\system32\WDD.EXE---> Offset = 0
    注册表行为
    行为描述:修改注册表_启动项
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vampiro
    其他行为
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    行为描述:窗口信息
    详情信息:Pid = 416, Hwnd=0x202d4, Text = General, ClassName = #32770.
    Pid = 416, Hwnd=0x302dc, Text = S&top scripts after specified number of seconds:, ClassName = Button(CheckBox).
    Pid = 416, Hwnd=0x202d6, Text = 10, ClassName = Edit.
    Pid = 416, Hwnd=0x202d8, Text = Spin1, ClassName = msctls_updown32.
    Pid = 416, Hwnd=0x202c2, Text = Display &logo when scripts executed in command console, ClassName = Button(CheckBox).
    Pid = 416, Hwnd=0x202c4, Text = &Reset to Defaults, ClassName = Button.
    Pid = 416, Hwnd=0x202c8, Text = seconds, ClassName = Static.
    Pid = 416, Hwnd=0x202a8, Text = 确定, ClassName = Button.
    Pid = 416, Hwnd=0x202cc, Text = 取消, ClassName = Button.
    Pid = 416, Hwnd=0x202b4, Text = 应用(&A), ClassName = Button.
    Pid = 416, Hwnd=0x202b2, Text = 帮助, ClassName = Button.
    Pid = 416, Hwnd=0x202a4, Text = Windows Scripting Host, ClassName = #32770.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [帮助,Button]
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    动态列表行为
    行为描述:调用哈希算法
    详情信息:MD5
    行为描述:加载链接库文件
    详情信息:/data/data/com.liuyj.zb.cn/lib/libgreywolf.so
    行为描述:获取加密实例
    详情信息:[u'RSA']
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414d3a70', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810500 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414b8708']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@414c84a8', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810100 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414b8708']
    行为描述:初始化Intent
    详情信息:[]
    [u'android.os.Parcel@414b5fd8']
    []
    [u'android.os.Parcel@414b5f98']
    行为描述:激活Activity
    详情信息:{"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.liuyj.zb.cn\/com.yougaile.iapp.MainActivity}"}
    {"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.liuyj.zb.cn\/com.yougaile.iapp.MainActivity}"}
    行为描述:获取设备ID
    详情信息:357143040944263
    Activities
    活动名类型
    com.yougaile.iapp.logoActivityandroid.intent.action.MAIN
    com.yougaile.iapp.logoActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    SmsManager;->sendTextMessage发送普通短信
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getLine1Number获取手机号
    ActivityManager;->killBackgroundProcesses中断进程,可用于关闭杀软
    java/net/URL;->openConnection连接URL
    android/app/NotificationManager;->notify信息通知栏
    WifiManager;->setWifiEnabled变更WIFI状态
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_PHONE_STATE读取电话状态
    文件列表
    文件名 校验码
    AndroidManifest.xml 0xdb478451
    assets/Userimg/--1444275721.png 0xbc0ee13
    assets/Userimg/jj.png 0xcc733e7
    assets/dk.iyu 0x162e5bc1
    assets/fps_images.png 0x112b3776
    assets/mian.iyu 0xb3fd74de
    assets/tcpdump 0x3fc822be
    assets/yj.iyu 0x6438246
    keys/keystore.ks 0x3d7ea71f
    keys/media.pk8 0xb2ff8b4b
    keys/media.sbt 0x787af273
    keys/media.x509.pem 0xb2b93fdc
    keys/platform.pk8 0x7d91e3b8
    keys/platform.sbt 0x78fc5c38
    keys/platform.x509.pem 0xe2b43571
    keys/shared.pk8 0x44b55be
    keys/shared.sbt 0xcb0d9b76
    keys/shared.x509.pem 0x52234887
    keys/testkey.pk8 0x5c6d8836
    keys/testkey.sbt 0x197cd57f
    keys/testkey.x509.pem 0xc3fc0954
    lib/armeabi/libgdx.so 0x39a6b20c
    lib/armeabi/libgreywolf.so 0x6771a154
    lib/x86/libgdx.so 0x7ec621b5
    res/drawable-hdpi/ic_arrow_left.png 0xede5ec62
    res/drawable-hdpi/icon.png 0x5f434f68
    res/drawable-hdpi/notice_down_icon.png 0x13e56a9c
    res/drawable/hy_xml_ui_user_it32.xml 0x21d7e958
    res/drawable/hy_xml_ui_user_it52.xml 0xb8c8613b
    res/drawable/hy_xml_ui_user_itt.xml 0xfe94a4fa
    res/drawable/hy_xml_ui_user_itt2.xml 0x4e1a3cf8
    res/drawable/hy_xml_ui_user_t.xml 0xabcb17fa
    res/drawable/list_itemshighlighted_translucent.xml 0xaeb7b32c
    res/layout/activity_main.xml 0x3600e315
    res/layout/activity_webview.xml 0xde99f8a3
    resources.arsc 0x6bc2265e
    classes.dex 0x19c48896
    META-INF/MANIFEST.MF 0xd1140d75
    META-INF/CERT.SF 0xe354d212
    META-INF/CERT.RSA 0x3615fbcf
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号