VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : 51.apk (File not down)
File Size :407579 byte
File Type :application/jar
MD5:37821dcdfec146f839c73431ad8e3f08
SHA1:639e8fe712cf0bcd6de89f7eee2ef6ccd3570ba1
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:6%Scanner(s) (2/32)found malware!        Behavior
    Time: 2015-10-17 14:48:24 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.3911 25.3911 2015-10-17 Android.Adware.Youmi.A 9
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 7
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 5
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 8
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2014-12-08 Android.Adware.Youmi.B.hdgb 13
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
  • 文件信息
    安全评分 :
    基本信息
    MD5:37821dcdfec146f839c73431ad8e3f08
    包名:com.jiaofamily.android.boottimer
    最低运行环境:Android 2.1.x
    版权:jiaofamily
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:设置特殊文件属性
    详情信息:C:\cmdtools.exe
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,_EL_ClientSock]
    [Window,Class] = [,_EL_Timer]
    行为描述:检测自身是否被调试
    详情信息:N/A
    进程行为
    行为描述:创建进程
    详情信息:ImagePath = C:\WINDOWS\system32\attrib.exe, CmdLine = attrib +s +h C:\cmdtools.exe
    行为描述:创建新文件进程
    详情信息:ImagePath = C:\cmdtools.exe, CmdLine = C:\cmdtools.exe
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    行为描述:设置特殊文件属性
    详情信息:C:\cmdtools.exe
    行为描述:创建可执行文件
    详情信息:C:\cmdtools.exe
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS
    FileName = C:\WINDOWS\system32
    FileName = C:\WINDOWS\system32\attrib.exe
    FileName = C:\cmdtools.exe
    网络行为
    行为描述:建立到一个指定的套接字连接
    详情信息:127.0.0.1:15487
    其他行为
    行为描述:探测 Virtual PC是否存在
    详情信息:N/A
    行为描述:样本控制台输出内容
    详情信息:N/A
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,_EL_ClientSock]
    [Window,Class] = [,_EL_Timer]
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    SHIMLIB_LOG_MUTEX
    行为描述:检测自身是否被调试
    详情信息:N/A
    危险行为
    行为描述:执行系统命令
    详情信息:[u'su']
    [u'sh']
    动态列表行为
    行为描述:Toast->makeText弹出提示
    详情信息:text:First time to run, all values are zero! duration:0
    行为描述:读取文件
    详情信息:path:/data/app/com.jiaofamily.android.boottimer-1.apk length:9
    path:/data/app/com.jiaofamily.android.boottimer-1.apk length:23
    path:/data/app/com.jiaofamily.android.boottimer-1.apk length:69
    path:/data/app/com.jiaofamily.android.boottimer-1.apk length:7
    path:unknown length:5
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:unknown length:6
    path:/proc/meminfo length:69
    path:/proc/meminfo length:69
    path:/proc/meminfo length:69
    path:/proc/meminfo length:69
    行为描述:解析通用资源标识符
    详情信息:geo:0,0?q=donuts
    market://search?q=pname:com.google
    tel://6509313940
    market://details?id=com.jrummy.busybox.installer
    http://market.android.com/details?id=com.jrummy.busybox.installer
    行为描述:注册广播接收器
    详情信息:[u'android.webkit.WebViewClassic$PackageListener@415f0510', u'android.content.IntentFilter@415ee370']
    [u'android.webkit.WebViewClassic$ProxyReceiver@415f3cd8', u'android.content.IntentFilter@415f26c8']
    [u'android.webkit.WebViewClassic$TrustStorageListener@415fae00', u'android.content.IntentFilter@415fabf0']
    [u'com.google.ads.util.AdUtil$UserActivityReceiver@414d6f18', u'android.content.IntentFilter@414e2960']
    行为描述:读取系统设置
    详情信息:[u'android.app.ContextImpl$ApplicationContentResolver@414b0c78', u'show_password']
    [u'android.app.ContextImpl$ApplicationContentResolver@414b0c78', u'show_password']
    [u'android.app.ContextImpl$ApplicationContentResolver@414b0c78', u'show_password']
    [u'android.app.ContextImpl$ApplicationContentResolver@4151abf0', u'sound_effects_enabled']
    [u'android.app.ContextImpl$ApplicationContentResolver@414b0c78', u'show_password']
    [u'android.app.ContextImpl$ApplicationContentResolver@414b0c78', u'show_password']
    行为描述:激活Activity
    详情信息:{"SCHEME":"market","ACTION":"android.intent.action.VIEW","DATA":"market:\/\/details?id=com.jrummy.busybox.installer","FLAG":0}
    {"SCHEME":"http","ACTION":"android.intent.action.VIEW","DATA":"http:\/\/market.android.com\/details?id=com.jrummy.busybox.installer","FLAG":0}
    行为描述:初始化URL
    详情信息:[u'file', u'', u'-1', u'/data/app/com.jiaofamily.android.boottimer-1.apk', u'null']
    [u'jar:file:/data/app/com.jiaofamily.android.boottimer-1.apk!/org/achartengine/image/zoom_in.png']
    [u'file', u'', u'-1', u'/data/app/com.jiaofamily.android.boottimer-1.apk', u'null']
    [u'jar:file:/data/app/com.jiaofamily.android.boottimer-1.apk!/org/achartengine/image/zoom_out.png']
    [u'file', u'', u'-1', u'/data/app/com.jiaofamily.android.boottimer-1.apk', u'null']
    [u'jar:file:/data/app/com.jiaofamily.android.boottimer-1.apk!/org/achartengine/image/zoom-1.png']
    行为描述:执行系统命令
    详情信息:[u'su']
    [u'sh']
    行为描述:获取root权限
    详情信息:su
    行为描述:初始化IntentFilter
    详情信息:[u'android.intent.action.PACKAGE_ADDED']
    行为描述:读取URL数据
    详情信息:[]
    []
    []
    行为描述:窗口信息
    详情信息:{"text": "BusyBox is needed", "class": "android.widget.TextView"}
    {"text": "Confirm", "class": "android.widget.Button"}
    {"text": "Back", "class": "android.widget.Button"}
    {"text": "BusyBox is needed", "class": "android.widget.TextView"}
    {"text": "Confirm", "class": "android.widget.Button"}
    {"text": "Back", "class": "android.widget.Button"}
    行为描述:调用哈希算法
    详情信息:SHA1
    MD5
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414c4d40', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#8010100 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414afb60']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41584ab0', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#8020002 pfl=0x8 fmt=-2 wanim=0x1030002}', u'android.view.CompatibilityInfoHolder@414afb60']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@414be560', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#8020002 pfl=0x8 fmt=-2 wanim=0x1030002}', u'android.view.CompatibilityInfoHolder@414afb60']
    [u'android.widget.LinearLayout@4151c5b8', u'WM.LayoutParams{(0,128)(wrapxwrap) gr=#51 ty=2005 fl=#98 fmt=-3 wanim=0x1030004}']
    行为描述:执行SQL查询
    详情信息:[u'select min(UPTIME) from HISTORY', u'null']
    [u'select max(UPTIME) from HISTORY', u'null']
    [u'select avg(UPTIME) from HISTORY', u'null']
    [u'select count(*) from HISTORY', u'null']
    [u'select sum(UPTIME) from HISTORY', u'null']
    [u'select UPTIME from HISTORY order by rowid desc', u'null']
    行为描述:Android运行时错误
    详情信息:E/AndroidRuntime( 1540): FATAL EXCEPTION: main
    E/AndroidRuntime( 1540): java.lang.RuntimeException: Unable to instantiate service com.jiaofamily.android.boottimerpro.TimerService: java.lang.ClassNotFoundException: com.jiaofamily.android.boottimerpro.TimerService
    E/AndroidRuntime( 1540): at android.app.ActivityThread.handleCreateService(ActivityThread.java:2347)
    E/AndroidRuntime( 1540): at android.app.ActivityThread.access$1600(ActivityThread.java:130)
    E/AndroidRuntime( 1540): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1277)
    E/AndroidRuntime( 1540): at android.os.Handler.dispatchMessage(Handler.java:99)
    E/AndroidRuntime( 1540): at android.os.Looper.loop(Looper.java:137)
    E/AndroidRuntime( 1540): at android.app.ActivityThread.main(ActivityThread.java:4745)
    E/AndroidRuntime( 1540): at java.lang.reflect.Method.invokeNative(Native Method)
    E/AndroidRuntime( 1540): at java.lang.reflect.Method.invoke(Method.java:511)
    E/AndroidRuntime( 1540): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:786)
    E/AndroidRuntime( 1540): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
    E/AndroidRuntime( 1540): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:135)
    E/AndroidRuntime( 1540): at dalvik.system.NativeStart.main(Native Method)
    E/AndroidRuntime( 1540): Caused by: java.lang.ClassNotFoundException: com.jiaofamily.android.boottimerpro.TimerService
    E/AndroidRuntime( 1540): at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:61)
    E/AndroidRuntime( 1540): at java.lang.ClassLoader.loadClass(ClassLoader.java:501)
    E/AndroidRuntime( 1540): at java.lang.ClassLoader.loadClass(ClassLoader.java:461)
    E/AndroidRuntime( 1540): at android.app.ActivityThread.handleCreateService(ActivityThread.java:2344)
    E/AndroidRuntime( 1540): ... 11 more
    行为描述:初始化Intent
    详情信息:[u'android.app.Application@414b0cb0', u'class com.google.ads.AdActivity']
    [u'android.intent.action.VIEW', u'geo:0,0?q=donuts']
    [u'android.intent.action.VIEW', u'market://search?q=pname:com.google']
    [u'android.intent.action.VIEW', u'tel://6509313940']
    [u'android.intent.action.VIEW', u'market://details?id=com.jrummy.busybox.installer']
    [u'android.intent.action.VIEW', u'http://market.android.com/details?id=com.jrummy.busybox.installer']
    [u'android.os.Parcel@414ad200']
    [u'android.os.Parcel@414ad200']
    行为描述:获取网络状态信息[*]
    详情信息:NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    行为描述:数据库查询
    详情信息:[u'HISTORY', u'null', u'null', u'null', u'null', u'null', u'null']
    [u'formurl', u'null', u'null', u'null', u'null', u'null', u'null']
    行为描述:写入文件
    详情信息:path:unknown length:13
    path:unknown length:18
    Activities
    活动名类型
    BootTimerandroid.intent.action.MAIN
    BootTimerandroid.intent.category.DEFAULT
    BootTimerandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    android/app/NotificationManager;->notify信息通知栏
    WifiManager;->setWifiEnabled变更WIFI状态
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    LocationManager;->getLastKnownLocation获取地址位置
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    TelephonyManager;->getLine1Number获取手机号
    启动方式
    名称信息
    com.jiaofamily.android.boottimer.BootCompleteReceiver开机启动服务
    广告信息
    名称信息
    com.google.adsAdMob
    net.youmi有米广告
    权限列表
    许可名称信息
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    服务列表
    名称
    com.jiaofamily.android.boottimerpro.TimerService
    文件列表
    文件名 校验码
    assets/about-zh.html 0xd6a587b5
    assets/about.html 0x506fefbc
    res/layout/datastore.xml 0x90012301
    res/layout/layout_content_explorer.xml 0x62f2261a
    res/layout/layout_explorer.xml 0x360d20e7
    res/layout/layout_help.xml 0xab07dcea
    res/layout/layout_main.xml 0x3391dc75
    res/layout/layout_main_free.xml 0x76fbb67c
    res/layout/poweroptions.xml 0x54b9e545
    res/layout/switch_layout.xml 0x8c486fc3
    res/xml/setting.xml 0x38728062
    AndroidManifest.xml 0xd189b22
    resources.arsc 0x74a815f4
    res/drawable-hdpi/icon.png 0xdd52f0fd
    res/drawable-ldpi/icon.png 0xb9c0825b
    res/drawable-mdpi/about.png 0xc92cd626
    res/drawable-mdpi/custom.PNG 0x9a74692f
    res/drawable-mdpi/customlogo.png 0xf132fc06
    res/drawable-mdpi/database.png 0xa89441c1
    res/drawable-mdpi/denote.png 0xa7390a51
    res/drawable-mdpi/email.png 0x3f92690f
    res/drawable-mdpi/exit.png 0x591ed84c
    res/drawable-mdpi/file.png 0x2b5e5cca
    res/drawable-mdpi/folder.png 0xe23fa852
    res/drawable-mdpi/gomarket.png 0xd9f5384a
    res/drawable-mdpi/icon.png 0xe026541a
    res/drawable-mdpi/setting.png 0x3ceaf0ac
    classes.dex 0x32ef3b63
    res/drawable/icon.png 0xec598086
    res/layout/main.xml 0xc53c3548
    res/values/strings.xml 0x9b62d7be
    com/wiyun/ad/HtmlCharacterEntityReferences.properties 0xc672f592
    com/wiyun/ad/sdk.properties 0xc52521ec
    com/wiyun/ad/sdk_zh.properties 0x5a6423a4
    org/achartengine/image/zoom-1.png 0x474c0862
    org/achartengine/image/zoom_in.png 0x6cbca6b4
    org/achartengine/image/zoom_out.png 0xad161e40
    META-INF/MANIFEST.MF 0x1c8349e4
    META-INF/CERT.SF 0x540c9c48
    META-INF/CERT.RSA 0x551c1c5e
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号