VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :LOIC.apk (File not down)
File Size :1821444 byte
File Type :application/jar
MD5:69606f3c06574db1b966123f9a8c68ff
SHA1:b4783ea533e64c482cbb11d600803abbfd13cd0f
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:9%Scanner(s) (3/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2015-10-31 20:04:32 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 HackTool.AndroidOS.xn 37
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Android.HACKTOOL.Doods.a.(kcloud) 7
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 7
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.VIBRATE允许设备震动
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
  • 文件信息
    安全评分 :
    基本信息
    MD5:69606f3c06574db1b966123f9a8c68ff
    包名:genius.mohammad.loic
    最低运行环境:Android 2.1.x
    版权:
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.EBE..FBMGH
    MSCTF.MarshalInterface.FileMap.EBE.B.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.C.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.D.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.E.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.F.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.G.FCMGH
    MSCTF.Shared.SFM.EBE
    行为描述:检测自身是否被调试
    详情信息:N/A
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [AutoIt v3,AutoIt v3]
    [Window,Class] = [ www.Lunhui.net.cn,Static]
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x000202a8, Text = 麦克风测试, ClassName = AutoIt v3 GUI.
    hWnd = 0x000202c4, Text = MCI test, ClassName = #32770.
    进程行为
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.EBE..FBMGH
    MSCTF.MarshalInterface.FileMap.EBE.B.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.C.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.D.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.E.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.F.FCMGH
    MSCTF.MarshalInterface.FileMap.EBE.G.FCMGH
    MSCTF.Shared.SFM.EBE
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut5.tmp---> Offset = 8192
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sound.ico---> Offset = 20480
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mci4.tmp---> Offset = 0
    行为描述:查找文件
    详情信息:FileName = C:\DOCUME~1
    FileName = C:\Documents and Settings\ADMINI~1
    FileName = C:\Documents and Settings\Administrator\LOCALS~1
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1446293976.110177.exe
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sound.ico
    其他行为
    行为描述:检测自身是否被调试
    详情信息:N/A
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.EBE
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [AutoIt v3,AutoIt v3]
    [Window,Class] = [ www.Lunhui.net.cn,Static]
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:获取光标位置
    详情信息:CursorPos = (106,18467), SleepMilliseconds = 10.
    CursorPos = (6399,26500), SleepMilliseconds = 10.
    行为描述:屏蔽窗口关闭消息
    详情信息:hWnd = 0x000202a8, Text = 麦克风测试, ClassName = AutoIt v3 GUI.
    hWnd = 0x000202c4, Text = MCI test, ClassName = #32770.
    行为描述:窗口信息
    详情信息:Pid = 784, Hwnd=0x202b2, Text = Top, ClassName = Button(CheckBox).
    Pid = 784, Hwnd=0x302ba, Text = About, ClassName = Button(CheckBox).
    Pid = 784, Hwnd=0x202d4, Text = www.Lunhui.net.cn, ClassName = Static.
    Pid = 784, Hwnd=0x202a8, Text = 麦克风测试, ClassName = AutoIt v3 GUI.
    Pid = 784, Hwnd=0x202c8, Text = 确定, ClassName = Button.
    Pid = 784, Hwnd=0x202ca, Text = MCI Error Number 328:未安装可按当前格式记录文件的波形设备。要安装波形设备,请转到“控制面板”,单击“打印机和其他硬件”, ClassName = Static.
    Pid = 784, Hwnd=0x202c4, Text = MCI test, ClassName = #32770.
    动态列表行为
    行为描述:窗口信息
    详情信息:{"text": "WARNING!", "class": "android.widget.TextView"}
    {"text": "LOIC is an advanced tool developed for the purpose of stress testing networks. Purposefully attacking private networks is illegal in some countries. The developer assumes no responsibility for the usage of this tool. LOIC responsibly.", "class": "android.widget.TextView"}
    {"text": "Show this warning message again", "class": "android.widget.CheckBox"}
    {"text": "Accept & Continue", "class": "android.widget.TextView"}
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414fdd40', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810500 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414af918']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41513b00', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810100 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414af918']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@4288b010', u'WM.LayoutParams{(0,0)(wrapxwrap) sim=#120 ty=1 fl=#1840022 pfl=0x8 fmt=-3 wanim=0x1030290}', u'android.view.CompatibilityInfoHolder@414af918']
    行为描述:初始化Intent
    详情信息:[u'genius.mohammad.loic.SplashActivity@41549fe8', u'class genius.mohammad.loic.MainActivity']
    [u'android.os.Parcel@414ad150']
    [u'genius.mohammad.loic.MainActivity@414ba460', u'class genius.mohammad.loic.WarningActivity']
    [u'android.os.Parcel@414ad190']
    行为描述:激活Activity
    详情信息:{"FLAG":0,"COMPONENT_NAME":"ComponentInfo{genius.mohammad.loic\/genius.mohammad.loic.MainActivity}"}
    {"FLAG":0,"COMPONENT_NAME":"ComponentInfo{genius.mohammad.loic\/genius.mohammad.loic.WarningActivity}"}
    行为描述:唤醒锁屏
    详情信息:[u'6', u'LOICLock']
    Activities
    活动名类型
    .SplashActivityandroid.intent.action.MAIN
    .SplashActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    ContentResolver;->query读取联系人、短信等数据库
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.VIBRATE允许设备震动
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    文件列表
    文件名 校验码
    res/anim/show.xml 0x922edf73
    res/layout/activity_main.xml 0x516dc763
    res/layout/activity_splash.xml 0x76468c0a
    res/layout/activity_warning.xml 0xf1a166
    AndroidManifest.xml 0xf21bbc05
    resources.arsc 0x3f652f05
    res/drawable-hdpi/banner.png 0xc9385296
    res/drawable-hdpi/ic_action_search.png 0x64275be8
    res/drawable-hdpi/ic_launcher.png 0xec68f9ee
    res/drawable-hdpi/shoot0.png 0x7c362efc
    res/drawable-hdpi/shoot1.png 0x38e0aa8f
    res/drawable-hdpi/splash.png 0x5759c9a2
    res/drawable-hdpi/warning.png 0xb21537c5
    res/drawable-mdpi/ic_action_search.png 0xb4091fdc
    res/drawable-xhdpi/ic_action_search.png 0x3294aee3
    classes.dex 0x7d323a6b
    META-INF/MANIFEST.MF 0x8b4c125
    META-INF/CERT.SF 0x7a64e3b5
    META-INF/CERT.RSA 0xdc4e1167
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号