VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : DyProxy_1.0.2.apk (File not down)
File Size :10494290 byte
File Type :application/zip
MD5:11dfe8d61e02463a51ea72eb4785c2e7
SHA1:79ef820bceee26451ad2bcf6cf041d5b346d780f
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!        Behavior
    Time: 2015-10-23 09:39:04 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 12
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 8
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.4014 25.4014 2015-10-23 Android.Trojan.AutoSMS.QF 19
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 58
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 19
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 6
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 5
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 3
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 4
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 22
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 14
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_PHONE_STATE读取电话状态
  • 文件信息
    安全评分 :
    基本信息
    MD5:11dfe8d61e02463a51ea72eb4785c2e7
    包名:com.android.dyproxy
    最低运行环境:Android 2.2.x
    版权:Android
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.ABG..LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.B.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.C.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.D.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.E.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.F.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.G.LPCHH
    MSCTF.Shared.SFM.ABG
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x7401048e, DC = 0x7401048e.
    Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
    Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
    进程行为
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.ABG..LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.B.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.C.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.D.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.E.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.F.LPCHH
    MSCTF.MarshalInterface.FileMap.ABG.G.LPCHH
    MSCTF.Shared.SFM.ABG
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    网络行为
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = www.47fz.com, PORT = 80
    行为描述:读取网络文件
    详情信息:hFile = 0x00000654, BytesToRead =10240, BytesRead = 10240.
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: www.47fz.com:80/1/1.txt, hConnect = 0x00000658
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x16(565 0)
    其他行为
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 1412, Hwnd=0x202ae, Text = HOME 开启透视 END关闭透视, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x202b0, Text = 申明:本程序的开发只为学习也为了圆小时候的梦想,对于利用本程序对游戏造成的一切后果作者不承担一切法律责任!, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x302b8, Text = 申明:四七辅助永远免费, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x302da, Text = 购买所获得的利润全部用于四七辅助的开发, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x202c6, Text = 购买下稳定的透视自瞄, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x202ca, Text = 手头宽裕的会员宝贝可以到上面的地址, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x202c8, Text = 登陆密码:, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x202c4, Text = 520, ClassName = Edit.
    Pid = 1412, Hwnd=0x202c2, Text = 地址:, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x202d8, Text = http://47fz.cccpan.com/, ClassName = Edit.
    Pid = 1412, Hwnd=0x402dc, Text = 购买稳定透视自瞄支持作者, ClassName = Button.
    Pid = 1412, Hwnd=0x302cc, Text = 清除残留, ClassName = Button.
    Pid = 1412, Hwnd=0x302b2, Text = 流程:激活辅助→提示成功→进入游戏, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x302b4, Text = 注:完美兼容任何系统,修复稳定性, ClassName = Afx:400000:b:10011:1900015:0.
    Pid = 1412, Hwnd=0x402bc, Text = 版本:10.04 sp1, ClassName = Edit.
    行为描述:内联HOOK
    详情信息:C:\WINDOWS\system32\GDI32.dll--->ExtTextOutA Offset = 0x0
    C:\WINDOWS\system32\GDI32.dll--->ExtTextOutW Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetWindowLongA Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->SetWindowLongA Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->SetWindowLongW Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetWindowLongW Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->BeginPaint Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->EndPaint Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetWindowDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->ReleaseDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->WindowFromDC Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetScrollInfo Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetScrollPos Offset = 0x0
    C:\WINDOWS\system32\USER32.dll--->GetScrollRange Offset = 0x0
    行为描述:创建互斥体
    详情信息:RasPbFile
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.ABG
    行为描述:获取窗口截图信息
    详情信息:Foreground window Info: HWND = 0x7401048e, DC = 0x7401048e.
    Foreground window Info: HWND = 0x01010055, DC = 0x01010055.
    Foreground window Info: HWND = 0x01010056, DC = 0x01010056.
    危险行为
    行为描述:执行系统命令
    详情信息:[u'su']
    动态列表行为
    行为描述:调用哈希算法
    详情信息:MD5
    行为描述:读取文件
    详情信息:path:unknown length:5
    path:unknown length:37
    行为描述:写入文件
    详情信息:path:unknown length:7
    path:unknown length:6
    path:unknown length:10
    行为描述:获取root权限
    详情信息:su
    行为描述:执行系统命令
    详情信息:[u'su']
    行为描述:缓冲区读取一行数据
    详情信息:null
    su: uid 10044 not allowed to su
    null
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414d13a0', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810500 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414af990']
    行为描述:初始化Intent
    详情信息:[]
    [u'android.os.Parcel@414ad1b8']
    []
    [u'android.os.Parcel@414ad178']
    行为描述:激活Activity
    详情信息:{"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.android.dyproxy\/com.yougaile.iapp.MainActivity}"}
    {"FLAG":0,"COMPONENT_NAME":"ComponentInfo{com.android.dyproxy\/com.yougaile.iapp.MainActivity}"}
    行为描述:root权限检测
    详情信息:/system/bin/su
    /system/xbin/su
    行为描述:获取设备ID
    详情信息:357143040944263
    Activities
    活动名类型
    com.yougaile.iapp.logoActivityandroid.intent.action.MAIN
    com.yougaile.iapp.logoActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    java/net/URL;->openConnection连接URL
    android/app/NotificationManager;->notify信息通知栏
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    WifiManager;->setWifiEnabled变更WIFI状态
    SmsManager;->sendTextMessage发送普通短信
    TelephonyManager;->getLine1Number获取手机号
    ActivityManager;->killBackgroundProcesses中断进程,可用于关闭杀软
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.READ_PHONE_STATE读取电话状态
    文件列表
    文件名 校验码
    lib/x86/libgdx.so 0x7ec621b5
    lib/armeabi/libgdx.so 0x39a6b20c
    classes.dex 0xc7013d9d
    AndroidManifest.xml 0x79244404
    assets/Userimg/11.png 0xe9d15b2d
    assets/Userimg/1436793463869.png 0x892f5123
    assets/Userimg/icon.png 0xb038e8de
    assets/dyproxy.xml 0xeed7f7da
    assets/dyproxy.zip 0xb2e50c02
    assets/dyproxy_install.sh 0x8ad6411a
    assets/dyproxy_uninstall.sh 0x85f5dac6
    assets/fps_images.png 0x112b3776
    assets/guanyu.so 0x7a73aae3
    assets/help.so 0xde53c171
    assets/idaoyun.so 0xccc0f2e1
    assets/ip.so 0xa512f5bb
    assets/mb.so 0xfcf0b491
    assets/dy.so 0xba6c2455
    res/drawable-hdpi/ic_arrow_left.png 0xede5ec62
    res/drawable-hdpi/icon.png 0xb038e8de
    res/drawable-hdpi/notice_down_icon.png 0x13e56a9c
    res/drawable/hy_xml_ui_user_it32.xml 0x21d7e958
    res/drawable/hy_xml_ui_user_it52.xml 0xb8c8613b
    res/drawable/hy_xml_ui_user_itt.xml 0xfe94a4fa
    res/drawable/hy_xml_ui_user_itt2.xml 0x4e1a3cf8
    res/drawable/hy_xml_ui_user_t.xml 0xabcb17fa
    res/drawable/list_itemshighlighted_translucent.xml 0xaeb7b32c
    res/layout/activity_main.xml 0x3600e315
    res/layout/activity_webview.xml 0xde99f8a3
    resources.arsc 0x2ecb5b0d
    META-INF/MANIFEST.MF 0xc96d1e3f
    META-INF/CERT.SF 0x5e30e2a7
    META-INF/CERT.RSA 0x5c4c3e2f
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号