VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :GA_AJ_JK_GXH.apk (File not down)
File Size :1401185 byte
File Type :application/zip
MD5:7e37ef06061a9fc3d9cb57478ee84f9d
SHA1:067552f3232c7d21eceda025456378803bbaf451
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-09-15 15:14:13 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23823 0.97.5 2017-09-13 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
    fortinet 1.000, 51.663, 51.597, 51.621 5.4.247 2017-09-15 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14188 25.14188 2017-09-14 Found nothing 12
    ikarus 3.02.08 V1.32.31.0 2017-09-14 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-14 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-14 Found nothing 4
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6071 3.0.21 2017-09-12 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-13 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-13 Found nothing 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 1
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-09-11 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-09-14 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-13 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
  • 文件信息
    安全评分 :
    基本信息
    MD5:7e37ef06061a9fc3d9cb57478ee84f9d
    包名:com.example.dzsjga
    最低运行环境:Android 4.0, 4.0.1, 4.0.2
    版权:
    关键行为
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x0ce41348, EDX = 0x000000b7
    EAX = 0x0ce41394, EDX = 0x000000b7
    EAX = 0x0ce413e0, EDX = 0x000000b7
    EAX = 0x0ce4142c, EDX = 0x000000b7
    EAX = 0x0ce41478, EDX = 0x000000b7
    EAX = 0x0ce414c4, EDX = 0x000000b7
    EAX = 0x0ce41510, EDX = 0x000000b7
    EAX = 0x0ce4155c, EDX = 0x000000b7
    EAX = 0x0ce415a8, EDX = 0x000000b7
    EAX = 0x0ce415f4, EDX = 0x000000b7
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x0001041c, DC = 0x0c01067b.
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2660, ThreadID = 2720, StartAddress = 77DC845A, Parameter = 00000000
    文件行为
    行为描述:创建文件
    详情信息:C:\WINDOWS\system32\SkinH_EL.dll
    行为描述:创建可执行文件
    详情信息:C:\WINDOWS\system32\SkinH_EL.dll
    行为描述:修改文件内容
    详情信息:C:\WINDOWS\system32\SkinH_EL.dll ---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS\system32\SkinH_EL.dll
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996ESrv.exe
    FileName = C:\Documents and Settings
    FileName = C:\DOCUME~1\Administrator
    FileName = C:\DOCUME~1\ADMINI~1\Local Settings
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
    FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
    其他行为
    行为描述:创建互斥体
    详情信息:RasPbFile
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    行为描述:打开互斥体
    详情信息:RasPbFile
    ShimCacheMutex
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
    MSCTF.SendReceive.Event.IOH.IC
    MSCTF.SendReceiveConection.Event.IOH.IC
    行为描述:窗口信息
    详情信息:Pid = 2660, Hwnd=0x1041c, Text = 确定, ClassName = Button.
    Pid = 2660, Hwnd=0x10420, Text = 请勿在压缩包内直接打开,请解压后重试!, ClassName = Static.
    Pid = 2660, Hwnd=0x3036e, Text = 信息:, ClassName = #32770.
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x0001041c, DC = 0x0c01067b.
    行为描述:可执行文件签名信息
    详情信息:C:\WINDOWS\system32\SkinH_EL.dll(签名验证: 未通过)
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    [Window,Class] = [,Afx:400000:8:10011:1900015:0]
    [Window,Class] = [,Afx:400000:b:10011:1900010:0]
    [Window,Class] = [,Button]
    行为描述:可执行文件MD5
    详情信息:C:\WINDOWS\system32\SkinH_EL.dll ---> 1dd2a4a0f4d21eb65db5895fca2ca489
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x0ce41348, EDX = 0x000000b7
    EAX = 0x0ce41394, EDX = 0x000000b7
    EAX = 0x0ce413e0, EDX = 0x000000b7
    EAX = 0x0ce4142c, EDX = 0x000000b7
    EAX = 0x0ce41478, EDX = 0x000000b7
    EAX = 0x0ce414c4, EDX = 0x000000b7
    EAX = 0x0ce41510, EDX = 0x000000b7
    EAX = 0x0ce4155c, EDX = 0x000000b7
    EAX = 0x0ce415a8, EDX = 0x000000b7
    EAX = 0x0ce415f4, EDX = 0x000000b7
    行为描述:加载新释放的文件
    详情信息:Image: C:\WINDOWS\system32\SkinH_EL.dll.
    Activities
    活动名类型
    com.itap.sjga.MainActivityandroid.intent.action.MAIN
    com.itap.sjga.MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getLine1Number获取手机号
    TelephonyManager;->getSimSerialNumber获取SIM序列号
    java/net/URL;->openConnection连接URL
    ContentResolver;->query读取联系人、短信等数据库
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x58674d4f
    META-INF/CERT.SF 0xcd4dcea7
    META-INF/CERT.RSA 0x4065af9
    AndroidManifest.xml 0x7a272a48
    res/anim/dialog_enter.xml 0x5f791fa3
    res/anim/dialog_exit.xml 0x836bd0d2
    res/anim/rotate_animation.xml 0x82df92ce
    res/drawable-hdpi-v4/bg_bombbox.9.png 0x4bd0e541
    res/drawable-hdpi-v4/btn_cancel.9.png 0xb89939cf
    res/drawable-hdpi-v4/btn_cancel_pressed.9.png 0x7628eb61
    res/drawable-hdpi-v4/btn_cancel_selector.xml 0x3e175693
    res/drawable-hdpi-v4/btn_ok_normal.9.png 0xe03428fb
    res/drawable-hdpi-v4/btn_ok_pressed.9.png 0xb7a31fcc
    res/drawable-hdpi-v4/btn_ok_selector.xml 0x64bd9cdc
    res/drawable-hdpi-v4/dialog_bottom_bg.xml 0x626fef86
    res/drawable-hdpi-v4/ic_launcher.png 0xbfc8e15b
    res/drawable-mdpi-v4/ic_launcher.png 0x93ae24ef
    res/drawable-mdpi-v4/sc.png 0xdc7fd3d
    res/drawable-mdpi-v4/yuan.png 0x1fe1336c
    res/drawable-xhdpi-v4/ck_bg.png 0x4a44b405
    res/drawable-xhdpi-v4/closse.png 0xbd65073d
    res/drawable-xhdpi-v4/dialog_loading_img.png 0xbbd1b2b6
    res/drawable-xhdpi-v4/ic_launcher.png 0xa9d43c04
    res/drawable-xhdpi-v4/image_jp.png 0x1743b852
    res/drawable-xhdpi-v4/loading_icon.png 0xfe501fd7
    res/drawable-xhdpi-v4/wuya.png 0xba7d3713
    res/drawable-xhdpi-v4/yc_bg.png 0x2125ad17
    res/drawable-xxhdpi-v4/ic_launcher.png 0xadcd68f3
    res/drawable/bg.xml 0x4fa5112d
    res/drawable/check_left_btn.xml 0x484aeda8
    res/drawable/check_right_btn.xml 0xcadd9c87
    res/drawable/dialog_loading.xml 0x253f5ad0
    res/drawable/diaog_bg.xml 0x4fa5112d
    res/drawable/left_btn.xml 0x3f6a70f3
    res/drawable/left_btn_select.xml 0xfd719a9a
    res/drawable/loading_bg.9.png 0xc258c57e
    res/drawable/popup_bg.9.png 0x925d2101
    res/drawable/right_btn.xml 0xbdfd01dc
    res/drawable/right_btn_select.xml 0x5e7b2c0d
    res/layout-v17/thridlogin_dialog_loading.xml 0x854c144a
    res/layout/activity_main.xml 0x3d88b729
    res/layout/custodialog.xml 0x7f8a570c
    res/layout/customdialog.xml 0xc108b6
    res/layout/dialog_loading.xml 0xded74a8c
    res/layout/dialog_mormal.xml 0xac78e7ac
    res/layout/dialog_normal_layout.xml 0x7faa3037
    res/layout/dialog_sc_layout.xml 0xecadebb9
    res/layout/item_yclb.xml 0x79da42b1
    res/layout/thridlogin_dialog_loading.xml 0xb44ea249
    res/layout/toast_dialog.xml 0x311b027d
    res/menu/main.xml 0x515ae42
    res/raw/aj_jwws_buk 0x68a7547e
    resources.arsc 0x8d3f09f2
    classes.dex 0x7f6a0cd3
    org/apache/http/entity/mime/version.properties 0x9213c4f7
    res/raw/text.txt 0x9e077f52
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号