VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name :shuazan.apk (File not down)
File Size :2791455 byte
File Type :application/zip
MD5:59c27f184929112d02ce4b572000164a
SHA1:b0a2b2aa1aba59058e0161b3e351c2d03e8306a8
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:6%Scanner(s) (2/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2015-10-17 12:34:29 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Adware.Dowgin.AW 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.3911 25.3911 2015-10-17 Android.Adware.Dowgin.AW 8
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 41
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 11
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 7
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 3
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 14
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.CALL_PHONE拨打电话
    android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.MODIFY_PHONE_STATE修改电话状态
    android.permission.ACCESS_WIFI_STATE.android.permission.READ_PHONE_STATE
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.CHANGE_WIFI_STATE改变WIFI连接状态
    android.permission.ACCESS_LOCATION_EXTRA_COMMANDS访问额外的定位指令
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.VIBRATE允许设备震动
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.READ_CALL_LOG读取通话记录
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    android.permission.RESTART_PACKAGES重启其他程序
    com.android.launcher.permission.WRITE_SETTINGS
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.INSTALL_SHORTCUT
  • 文件信息
    安全评分 :
    基本信息
    MD5:59c27f184929112d02ce4b572000164a
    包名:com.suzhuan
    最低运行环境:Android 2.2.x
    版权:E4A
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.IDC..JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.B.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.C.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.D.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.E.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.F.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.G.JNIGH
    MSCTF.Shared.SFM.IDC
    MSCTF.MarshalInterface.FileMap.IDC.H.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.I.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.J.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.K.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.L.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.M.FICLH
    行为描述:DLL样本(x86)
    详情信息:N/A
    行为描述:修改注册表_启动项
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Report\
    进程行为
    行为描述:创建进程
    详情信息:ImagePath = C:\WINDOWS\system32\Regsvr32.exe, CmdLine = Regsvr32.exe c:\docume~1\admini~1\locals~1\%temp%\996e.dll
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.IDC..JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.B.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.C.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.D.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.E.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.F.JNIGH
    MSCTF.MarshalInterface.FileMap.IDC.G.JNIGH
    MSCTF.Shared.SFM.IDC
    MSCTF.MarshalInterface.FileMap.IDC.H.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.I.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.J.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.K.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.L.FHCLH
    MSCTF.MarshalInterface.FileMap.IDC.M.FICLH
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32C50D96-7A9E-4F3E-8763-F74D86AFEDC2}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32C50D96-7A9E-4F3E-8763-F74D86AFEDC2}\InprocServer32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32C50D96-7A9E-4F3E-8763-F74D86AFEDC2}\InprocServer32\ThreadingModel
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32C50D96-7A9E-4F3E-8763-F74D86AFEDC2}\TypeLib\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{32C50D96-7A9E-4F3E-8763-F74D86AFEDC2}\Version\
    \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2A47137C-F777-419F-A47A-7C8BB9B8F796}\1.0\
    \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2A47137C-F777-419F-A47A-7C8BB9B8F796}\1.0\FLAGS\
    \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2A47137C-F777-419F-A47A-7C8BB9B8F796}\1.0\0\win32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2A47137C-F777-419F-A47A-7C8BB9B8F796}\1.0\HELPDIR\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C43FB2DE-5D41-45ED-B3CC-E2FCBCEBA42A}\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C43FB2DE-5D41-45ED-B3CC-E2FCBCEBA42A}\ProxyStubClsid\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C43FB2DE-5D41-45ED-B3CC-E2FCBCEBA42A}\ProxyStubClsid32\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C43FB2DE-5D41-45ED-B3CC-E2FCBCEBA42A}\TypeLib\
    \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C43FB2DE-5D41-45ED-B3CC-E2FCBCEBA42A}\TypeLib\Version
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32C50D96-7A9E-4F3E-8763-F74D86AFEDC2}
    行为描述:修改注册表_启动项
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Report\
    其他行为
    行为描述:创建互斥体
    详情信息:SHIMLIB_LOG_MUTEX
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.IDC
    行为描述:DLL样本(x86)
    详情信息:N/A
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    动态列表行为
    行为描述:获取加密实例
    详情信息:[u'AES/ECB/PKCS7Padding']
    [u'DES/CBC/PKCS5Padding']
    [u'PBEWITHMD5andDES']
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414c49a8', u'WM.LayoutParams{(0,0)(fillxfill) sim=#120 ty=1 fl=#9010100 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414af928']
    [u'com.android.internal.policy.impl.PhoneWindow$DecorView@41512568', u'WM.LayoutParams{(0,0)(wrapxwrap) gr=#11 sim=#120 ty=2 fl=#9020002 pfl=0x8 fmt=-2 wanim=0x1030290}', u'android.view.CompatibilityInfoHolder@414af928']
    行为描述:root权限检测
    详情信息:/system/bin/su
    /system/xbin/su
    行为描述:读取文件
    详情信息:path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:6
    path:/system/build.prop length:5
    path:/mnt/sdcard/Android/data/.class/android length:38
    path:/mnt/sdcard/Android/data/.class/android length:5
    行为描述:监听手机SIM卡或者移动网络信息
    详情信息:[u'com.e4a.runtime.components.impl.android.n9.\u624b\u673aImpl$MyPhoneStateListener@415a9470', u'32']
    行为描述:初始化Intent
    详情信息:[u'android.os.Parcel@414ad150']
    [u'android.os.Parcel@414ad110']
    [u'android.os.Parcel@414ad110']
    [u'com.e4a.runtime.android.E4Aapplication@41537658', u'class net.youmi.android.AdService']
    [u'android.os.Parcel@414ad110']
    [u'ep_a5bc16abc828fde8']
    [u'android.os.Parcel@414ad110']
    [u'android.os.Parcel@414ad110']
    [u'android.os.Parcel@414ad150']
    行为描述:传递附加信息
    详情信息:uMJpK6hDkTmz:net.youmi.android.offers.f@41d7c900
    行为描述:调用哈希算法
    详情信息:MD5
    SHA
    行为描述:注册广播接收器
    详情信息:[u'com.e4a.runtime.components.impl.android.n9.\u624b\u673aImpl$1@415bfbf8', u'android.content.IntentFilter@415c1660']
    [u'net.youmi.android.spot.l@41cbeab0', u'android.content.IntentFilter@41cbeac8']
    [u'net.youmi.android.offers.e@41d20eb8', u'android.content.IntentFilter@417d4088']
    [u'net.youmi.android.a.a.g.e.g@42143b00', u'android.content.IntentFilter@41d84948']
    [u'com.an.home.n.f$b@417ad450', u'android.content.IntentFilter@417ad468']
    行为描述:访问URL
    详情信息:http://app.wapx.cn/action/connect/active?app_id=cfe82aa8af872202d7e4a25912b032f5&udid=357143040944263&imsi=460000043140572&net=wifi&base=wapx.cn&app_version=1.2.0&sdk_version=2.2.