VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load


File information
File Name : 59.apk (File not down)
File Size :489160 byte
File Type :application/zip
MD5:cd6713f7fa34208b600cf9379460b690
SHA1:ee67f63d76eaec2457d09b0041e13c79c16b209c
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!        Behavior
    Time: 2015-10-17 21:40:08 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 8
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.3911 25.3911 2015-10-17 Found nothing 9
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 21
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 2
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 7
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 3
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 13
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_ACCOUNTS访问账户列表
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
  • 文件信息
    安全评分 :
    基本信息
    MD5:cd6713f7fa34208b600cf9379460b690
    包名:net.andwy.autoairplane
    最低运行环境:Android 2.1.x
    版权:
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.MFF..ALHGH
    MSCTF.MarshalInterface.FileMap.MFF.B.AMHGH
    MSCTF.MarshalInterface.FileMap.MFF.C.AMHGH
    MSCTF.MarshalInterface.FileMap.MFF.D.AMHGH
    MSCTF.MarshalInterface.FileMap.MFF.E.ANHGH
    MSCTF.MarshalInterface.FileMap.MFF.F.ANHGH
    MSCTF.MarshalInterface.FileMap.MFF.G.ANHGH
    MSCTF.Shared.SFM.MFF
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ListBox]
    [Window,Class] = [BTN_PATCH_UP,Static]
    [Window,Class] = [BTN_ABOUT_UP,Static]
    [Window,Class] = [BTN_EXIT_UP,Static]
    [Window,Class] = [<scrolltext placeholder>,Static]
    进程行为
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    MSCTF.MarshalInterface.FileMap.MFF..ALHGH
    MSCTF.MarshalInterface.FileMap.MFF.B.AMHGH
    MSCTF.MarshalInterface.FileMap.MFF.C.AMHGH
    MSCTF.MarshalInterface.FileMap.MFF.D.AMHGH
    MSCTF.MarshalInterface.FileMap.MFF.E.ANHGH
    MSCTF.MarshalInterface.FileMap.MFF.F.ANHGH
    MSCTF.MarshalInterface.FileMap.MFF.G.ANHGH
    MSCTF.Shared.SFM.MFF
    行为描述:创建可执行文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dup2patcher.dll
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bassmod.dll
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Visitor -BRK-.FON---> Offset = 0
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    MSCTF.Shared.MUTEX.MFF
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ListBox]
    [Window,Class] = [BTN_PATCH_UP,Static]
    [Window,Class] = [BTN_ABOUT_UP,Static]
    [Window,Class] = [BTN_EXIT_UP,Static]
    [Window,Class] = [<scrolltext placeholder>,Static]
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:获取TickCount值
    详情信息:TickCount = 485296, SleepMilliseconds = 500.
    TickCount = 485312, SleepMilliseconds = 500.
    TickCount = 485328, SleepMilliseconds = 500.
    TickCount = 495373, SleepMilliseconds = 30.
    TickCount = 495389, SleepMilliseconds = 30.
    TickCount = 503280, SleepMilliseconds = 30.
    行为描述:窗口信息
    详情信息:Pid = 416, Hwnd=0x202a6, Text = _BACK, ClassName = Static.
    Pid = 416, Hwnd=0x202a8, Text = ALL Products Tipard Media, ClassName = Static.
    Pid = 416, Hwnd=0x202b4, Text = http://www.tipard.com/products.html, ClassName = Static.
    Pid = 416, Hwnd=0x202b2, Text = For all friends, ClassName = Static.
    Pid = 416, Hwnd=0x302ba, Text = June 04, ClassName = Static.
    Pid = 416, Hwnd=0x302dc, Text = 殃铒桊钼囹?镟蝼 ?滂疱牝铕棹 镳钽疣祆? To copy the Patch in a program directory Target Framework.dll , ClassName = Edit.
    Pid = 416, Hwnd=0x202d6, Text = BTN_PATCH_UP, ClassName = Static.
    Pid = 416, Hwnd=0x202d8, Text = BTN_ABOUT_UP, ClassName = Static.
    Pid = 416, Hwnd=0x202c2, Text = BTN_EXIT_UP, ClassName = Static.
    Pid = 416, Hwnd=0x202c4, Text = <scrolltext placeholder>, ClassName = Static.
    Pid = 416, Hwnd=0x202a2, Text = Tipard, ClassName = #32770.
    行为描述:样本控制台输出内容
    详情信息:N/A
    动态列表行为
    行为描述:调用哈希算法
    详情信息:MD5
    行为描述:读取文件
    详情信息:path:/proc/cpuinfo length:69
    path:unknown length:6
    行为描述:写入系统设置
    详情信息:[u'android.app.ContextImpl$ApplicationContentResolver@4152d068', u'airplane_mode_radios', u'cell,bluetooth,wifi']
    行为描述:注册广播接收器
    详情信息:[u'net.andwy.publicite.receiver.Receiver@4152bbb8', u'android.content.IntentFilter@41514620']
    [u'net.andwy.publicite.receiver.PackageInfoReceiver@4155d4a8', u'android.content.IntentFilter@41534150']
    行为描述:获取当前连接的Wifi热点信息
    详情信息:[]
    行为描述:读取系统设置
    详情信息:[u'android.app.ContextImpl$ApplicationContentResolver@4152d068', u'font_scale']
    [u'android.app.ContextImpl$ApplicationContentResolver@4152d068', u'font_scale']
    行为描述:查询上次位置信息
    详情信息:[u'gps']
    [u'network']
    行为描述:模拟器驱动文件初始化
    详情信息:/proc/cpuinfo
    行为描述:窗口信息
    详情信息:{"text": "Auto Airplane Setting", "class": "android.widget.TextView"}
    {"text": "Enable Auto Airplane开启定时省电", "class": "android.widget.TextView"}
    {"text": "Start Time", "class": "android.widget.TextView"}
    {"text": "00:00", "class": "android.widget.TextView"}
    {"text": "End Time", "class": "android.widget.TextView"}
    {"text": "07:00", "class": "android.widget.TextView"}
    {"text": "Stop items", "class": "android.widget.TextView"}
    {"text": "Set the Airplane options", "class": "android.widget.TextView"}
    行为描述:获取本机电话号码
    详情信息:13661158120
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@415083f8', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#8010100 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414afa00']
    行为描述:初始化Intent
    详情信息:[u'android.os.Parcel@414ad148']
    [u'android.os.Parcel@414ad188']
    [u'android.os.Parcel@414ad188']
    [u'android.os.Parcel@414ad148']
    [u'android.os.Parcel@414ad148']
    行为描述:缓冲区读取一行数据
    详情信息:Processor : ARMv7 Processor rev 0 (v7l)
    行为描述:获取网络状态信息[*]
    详情信息:NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    行为描述:获取设备ID
    详情信息:357143040944263
    357143040944263
    357143040944263
    357143040944263
    行为描述:写入文件
    详情信息:path:/data/data/net.andwy.autoairplane/shared_prefs/net.andwy.autoairplane_preferences.xml length:127
    path:/data/data/net.andwy.autoairplane/shared_prefs/net.andwy.autoairplane_preferences.xml length:167
    path:/data/data/net.andwy.autoairplane/shared_prefs/net.andwy.autoairplane_preferences.xml length:208
    path:/data/data/net.andwy.autoairplane/shared_prefs/net.andwy.autoairplane_preferences.xml length:261
    path:/data/data/net.andwy.autoairplane/shared_prefs/net.andwy.autoairplane.xml length:129
    path:/data/data/net.andwy.autoairplane/shared_prefs/mobclick_agent_state_net.andwy.autoairplane.xml length:232
    path:unknown length:6
    path:/data/data/net.andwy.autoairplane/files/mobclick_agent_cached_net.andwy.autoairplane length:69
    Activities
    活动名类型
    net.andwy.autoairplane.MainActivityandroid.intent.action.MAIN
    net.andwy.autoairplane.MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    ContentResolver;->query读取联系人、短信等数据库
    HttpClient;->execute请求远程服务器
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    LocationManager;->getLastKnownLocation获取地址位置
    android/app/NotificationManager;->notify信息通知栏
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    TelephonyManager;->getLine1Number获取手机号
    启动方式
    名称信息
    net.andwy.autoairplane.BootCompletedReceiver开机启动服务
    net.andwy.publicite.receiver.Receiver屏幕解锁启动服务
    net.andwy.publicite.receiver.Receiver网络连接改变时启动服务
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.GET_ACCOUNTS访问账户列表
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    服务列表
    名称
    net.andwy.publicite.service.AsentaaService
    com.umeng.common.net.DownloadingService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x458d869c
    META-INF/AUTOAIRP.SF 0xe094ff5d
    META-INF/AUTOAIRP.RSA 0x9449e7be
    res/anim/publicite_activity_from_left_in.xml 0x16df5f44
    res/anim/publicite_activity_from_right_in.xml 0x5d6abf63
    res/anim/publicite_activity_from_top_out.xml 0x8115dccd
    res/anim/publicite_activity_to_left_out.xml 0xe844fc63
    res/anim/publicite_activity_to_right_out.xml 0x25d6b7f9
    res/drawable/back.png 0x536b5f43
    res/drawable/default_bg.png 0x38981053
    res/drawable/icon.png 0xb2757495
    res/drawable/publicite_download_style.xml 0x3c8a7c65
    res/drawable/publicite_list_bg_focused.png 0x38bd602a
    res/drawable/publicite_list_bg_normal.png 0xd49bcc08
    res/drawable/publicite_list_bg_pressed.png 0x2338dabd
    res/drawable/publicite_list_item_divider.9.png 0xc4e9a605
    res/drawable/publicite_list_item_divider_vertical.9.png 0x7cc87bf3
    res/drawable/publicite_notification_icon_1.png 0x8d9e9340
    res/drawable/publicite_notification_icon_10.png 0xaee309ad
    res/drawable/publicite_notification_icon_11.png 0x3e2cd2a4
    res/drawable/publicite_notification_icon_12.png 0xc62d00c6
    res/drawable/publicite_notification_icon_13.png 0x5026b72
    res/drawable/publicite_notification_icon_14.png 0x1e6241b9
    res/drawable/publicite_notification_icon_15.png 0x89a5119
    res/drawable/publicite_notification_icon_16.png 0x3cf743d8
    res/drawable/publicite_notification_icon_17.png 0xdc4d882e
    res/drawable/publicite_notification_icon_18.png 0x7d7f3141
    res/drawable/publicite_notification_icon_19.png 0x68af1b6d
    res/drawable/publicite_notification_icon_2.png 0x4055806f
    res/drawable/publicite_notification_icon_20.png 0x6bc5b7b6
    res/drawable/publicite_notification_icon_3.png 0xbac26f1e
    res/drawable/publicite_notification_icon_4.png 0x6609c153
    res/drawable/publicite_notification_icon_5.png 0x2d02b47c
    res/drawable/publicite_notification_icon_6.png 0xfa90b6f6
    res/drawable/publicite_notification_icon_7.png 0xd3471882
    res/drawable/publicite_notification_icon_8.png 0xb1a71c13
    res/drawable/publicite_notification_icon_9.png 0xdf1f391c
    res/drawable/publicite_softlist_item_bkg.xml 0x3c8a7c65
    res/drawable/publicite_title_bg.9.png 0x84bf1003
    res/drawable/publicite_update_style.xml 0x3c8a7c65
    res/drawable/umeng_common_gradient_green.xml 0x962bb903
    res/drawable/umeng_common_gradient_orange.xml 0xd5106ae2
    res/drawable/umeng_common_gradient_red.xml 0x133ade08
    res/drawable/umeng_fb_bar_bg.9.png 0x382879f2
    res/drawable/umeng_fb_blank_selector.xml 0x2363eea2
    res/drawable/umeng_fb_bottom_banner.xml 0xee926e82
    res/drawable/umeng_fb_dev_bubble.9.png 0x8493510f
    res/drawable/umeng_fb_gradient_green.xml 0x962bb903
    res/drawable/umeng_fb_gradient_orange.xml 0xd5106ae2
    res/drawable/umeng_fb_gray_frame.xml 0xd1c4cb2
    res/drawable/umeng_fb_list_item.9.png 0x1dd77523
    res/drawable/umeng_fb_list_item_pressed.9.png 0xdcc0e0d
    res/drawable/umeng_fb_list_item_selector.xml 0xd3efe122
    res/drawable/umeng_fb_point_new.xml 0xb0b65b88
    res/drawable/umeng_fb_point_normal.xml 0xd54fcdde
    res/drawable/umeng_fb_see_list_normal.png 0x6d9ee2f3
    res/drawable/umeng_fb_see_list_pressed.png 0x3ff6d161
    res/drawable/umeng_fb_see_list_selector.xml 0x15142682
    res/drawable/umeng_fb_statusbar_icon.png 0x6eefda9a
    res/drawable/umeng_fb_submit_selector.xml 0x16932df
    res/drawable/umeng_fb_top_banner.xml 0xf7574374
    res/drawable/umeng_fb_user_bubble.9.png 0x23cfe9b2
    res/drawable/umeng_fb_write_normal.png 0xf3083af7
    res/drawable/umeng_fb_write_pressed.png 0x10dae61
    res/drawable/umeng_fb_write_selector.xml 0x8fe4f15
    res/layout/publicite_classify.xml 0x92bcc7e1
    res/layout/publicite_classify_item.xml 0xf069d962
    res/layout/publicite_detail.xml 0xc2c9e086
    res/layout/publicite_loading.xml 0xef7518a6
    res/layout/publicite_loading_view.xml 0xfbf53f35
    res/layout/publicite_main.xml 0x1e34479a
    res/layout/publicite_notification.xml 0x36f4d1ce
    res/layout/publicite_notification_9.xml 0xaed6fb14
    res/layout/publicite_softitem.xml 0xc21758dd
    res/layout/publicite_tab.xml 0x4dbca962
    res/layout/publicite_top_notifly.xml 0xa6dfd84f
    res/layout/publicite_top_notifly_left.xml 0x449cd5a4
    res/layout/push_layout.xml 0x2369b7f8
    res/layout/umeng_common_download_notification.xml 0x1e52336a
    res/layout/umeng_fb_atom.xml 0xacd7768e
    res/layout/umeng_fb_conversation.xml 0x8ee00d05
    res/layout/umeng_fb_conversation_item.xml 0xce376b38
    res/layout/umeng_fb_conversations.xml 0xde1f3168
    res/layout/umeng_fb_conversations_item.xml 0x73c7a9be
    res/layout/umeng_fb_list_item.xml 0x396a9e95
    res/layout/umeng_fb_new_reply_alert_dialog.xml 0x90e93ea
    res/layout/umeng_fb_send_feedback.xml 0x1169a86e
    res/xml/preferences.xml 0xbfb89e43
    AndroidManifest.xml 0x9483de35
    resources.arsc 0xd5fe0cd5
    res/drawable-hdpi/publicite_download.png 0x9c897157
    res/drawable-hdpi/publicite_downloading.png 0x504a6e9
    res/drawable-hdpi/publicite_img_loading.png 0x5a4bc731
    res/drawable-hdpi/publicite_installed.png 0x2df4213
    res/drawable-hdpi/publicite_progress.png 0xe0a50936
    res/drawable-hdpi/publicite_setting_right_forward.png 0xe386512
    res/drawable-hdpi/publicite_title_bg.9.png 0x84bf1003
    res/drawable-hdpi/publicite_top_notifly.xml 0xf2208538
    res/drawable-hdpi/publicite_top_notifly_new_content.png 0x2b0d6b2
    res/drawable-hdpi/publicite_update.png 0xdbf97f9c
    res/drawable-ldpi/publicite_title_bg.9.png 0x84bf1003
    res/drawable-mdpi/publicite_title_bg.9.png 0x84bf1003
    res/drawable-xhdpi/publicite_top_notifly_normal.png 0xb3d95564
    res/drawable-xhdpi/publicite_top_notifly_pressed.png 0x4588ec3c
    res/drawable-xhdpi/publicite_top_notifly_up_part.png 0xf61e9882
    classes.dex 0xc4e96437
    VERSION 0x1e114ed7
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号