VirSCAN VirSCAN

1, Sie können jede Datei UPLOADEN, aber beachten Sie das 20 MB Limit pro Datei.
2, VirSCAN unterstützt ZIP und RAR mit weniger als 20 Dateien im Archiv
3, VirSCAN unterstützt die Standard Passwörter 'infected' und 'virus' bei Archiven.

Sprache
Server Auslastung
Server Load

Datei Informationen
Dateiname :qqq.apk (File not down)
Größe :33703 byte
Typ :Zip archive data
MD5:77b0105632e309b48e66f7cdb4678e02
SHA1:4de0d8997949265a4b5647bb9f9d42926bd88191
SHA256:1944d8ee5bdda3a1bd06555fdb10d3267ab0cc4511d1e40611baf3ce1b81e5e8
SSDEEP:768:FNUTaaDYLxDDK4PK1Fs0m3NrfYz2CflomSn6vnNY3icisEda:8evxQmdYv9onGnS3pEc
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scan Ergebnis
    Scan Ergebnis:34%der Scanner (11/32)haben Malware gefunden!
    Verhaltensanalysebericht:         Habo-Dateianalyse
    Zeit: 2016-04-06 17:46:07 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Datum Scan Ergebnis Zeit
    antiy AVL SDK 3.0 1970-01-01 Nichts gefunden 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Trojan.Adrd.A 1
    avast 150725-1 4.7.4 2015-07-25 Nichts gefunden 23
    avg 2109/8133 10.0.1405 2014-11-26 Nichts gefunden 7
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Nichts gefunden 16
    baidusd 1.0 1.0 2014-04-02 Nichts gefunden 1
    bitdefender 7.58469 7.90123 2014-12-25 Nichts gefunden 1
    clamav 19861 0.97.5 2014-12-31 Nichts gefunden 1
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Nichts gefunden 46
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Nichts gefunden 1
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Nichts gefunden 3
    fsecure 2014-04-02-01 9.13 2014-04-02 Trojan:Android/Adrd.A 10
    gdata 25.6066 25.6066 2016-04-06 Android.Trojan.Adrd.A 9
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Nichts gefunden 10
    jiangmin 16.0.100 1.0.0.0 2015-07-25 TrojanSpy.AndroidOS.fj 44
    kaspersky 5.5.33 5.5.33 2014-04-01 Trojan-Spy.AndroidOS.Adrd.ao 39
    kingsoft 2.1 2.1 2013-09-22 Troj.Adrd.a.(kcloud) 6
    mcafee 7638 5400.1158 2014-11-30 Nichts gefunden 35
    nod32 0920 3.0.21 2014-12-23 Nichts gefunden 1
    panda 9.05.01 9.05.01 2015-07-26 Nichts gefunden 4
    pcc 11.380.07 9.500-1005 2014-12-31 AndroidOS_ADRD.X 2
    qh360 1.0.1 1.0.1 1.0.1 Win32/Trojan.376 2
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Nichts gefunden 1
    quickheal 14.00 14.00 2015-07-25 Android.Adrd.A 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Nichts gefunden 1
    sophos 5.08 3.55.0 2014-12-01 Nichts gefunden 5
    symantec 20141230.001 1.3.0.24 2014-12-30 Nichts gefunden 1
    tachyon 9.9.9 9.9.9 2013-12-27 Nichts gefunden 3
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Nichts gefunden 1
    tws 17.47.17308 1.0.2.2108 2014-12-08 Android.M.ilto 14
    vba 3.12.26.3 3.12.26.3 2014-12-31 Trojan-Spy.AndroidOS.Adrd.ao 21
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Nichts gefunden 34
    Heuristic/Suspicious Exact
    ACHTUNG: Wenn nur wenige Scanner etwas finden ist es möglicherweise ein Fehlalarm. Entscheiden Sie selbst.
  • 权限列表
    许可名称信息
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SEND_SMS发送短信
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
  • 文件信息
    安全评分 :
    基本信息
    MD5:77b0105632e309b48e66f7cdb4678e02
    包名:com.tt.yy
    最低运行环境:Android 1.5
    版权:kdsjfkl
    进程行为
    行为描述:创建本地线程
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.218914.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.219248.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.219568.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.219888.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.220207.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.220527.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.220850.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.221169.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.221484.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\1459881098.221803.exe
    行为描述:进程退出
    详情信息:N/A
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.lib
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\readme.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\readme.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\readme.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew-rus.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\Contributors.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\gpl-2.0.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\License.txt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc036-eng.htm
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc040-rus.htm
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.htm
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\avg.rb
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\maketest.rb
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\arc.custom-log.lua
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.lib ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\readme.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\readme.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\readme.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew-rus.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\Contributors.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\gpl-2.0.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\License\License.txt ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc036-eng.htm ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\FreeArc040-rus.htm ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Documentation\whatsnew.htm ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\avg.rb ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\Benchmarking\maketest.rb ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\scripts\arc.custom-log.lua ---> Offset = 0
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.ELH
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    行为描述:窗口信息
    详情信息:Pid = 648, Hwnd=0x202a6, Text = Destination folder:, ClassName = Static.
    Pid = 648, Hwnd=0x202a8, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E, ClassName = Edit.
    Pid = 648, Hwnd=0x202cc, Text = Browse, ClassName = Button.
    Pid = 648, Hwnd=0x202b4, Text = OK, ClassName = Button.
    Pid = 648, Hwnd=0x202b2, Text = Cancel, ClassName = Button.
    Pid = 648, Hwnd=0x302ba, Text = Welcome to FreeArc 0.666 alpha. FreeArc is an archiver featuring: * best speed and compression ratio among all practical arch, ClassName = RichEdit20W.
    Pid = 648, Hwnd=0x202d4, Text = http://freearc.org, ClassName = Static.
    Pid = 648, Hwnd=0x202a2, Text = %temp%\1459881098.224001.exe - FreeArc self-extracting archive, ClassName = #32770.
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll(签名验证: 未通过)
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\FAR MultiArc plugin\FreeArc.fmt ---> 817f96021be6d05cb758540f0ea9c261
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\Arc.exe ---> 7fbda96d3a9d3eb0442d1e1a4ca334a5
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\unarc.exe ---> 99a7a301a29441db95bf25f2d6e7037d
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-mini.sfx ---> 6973659897f30fb6350a0502a77f5f18
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc-tiny.sfx ---> 34d594fbac4a71614beebc9939943f76
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\arc.sfx ---> 4c2250580688aea532f28279937f3bca
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer-nodelete.sfx ---> 4500d67f590b25206aa89364b0faef12
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-installer.sfx ---> 8185e464dd2a4748abff383b75ae90e8
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-mini.sfx ---> 1b1a4f6596d89d9fe894f5bcca7c9f80
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc-tiny.sfx ---> 3563fbef365eacc38484d0c1310fc8b0
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\freearc.sfx ---> bf8b9ad7d82b2553cdec97fa4fd34e94
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\CLS\cls-test.dll ---> 2e623331902fc9676cba93fc8d7819dd
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\Addons\InnoSetup\unarc.dll ---> 0b21c6017129d22eddda38d445091dcc
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress.dll ---> 512d1d3b063031e1f8d13bf4fd2b640b
    C:\Documents and Settings\Administrator\Local Settings\%temp%\996E\bin\facompress_mt.dll ---> 1e2ffc79a73817f882eaaee0a7b76c1d
    行为描述:样本控制台输出内容
    详情信息:N/A
    Activities
    活动名类型
    .loginActivityandroid.intent.action.MAIN
    .loginActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    HttpClient;->execute请求远程服务器
    DefaultHttpClient;->execute发送HTTP请求
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    ContentResolver;->delete删除短信、联系人
    ContentResolver;->query读取联系人、短信等数据库
    SmsManager;->sendTextMessage发送普通短信
    启动方式
    名称信息
    com.xxx.yyy.MyBoolService开机启动服务
    com.xxx.yyy.MyAlarmReceiver
    权限列表
    许可名称信息
    android.permission.RECEIVE_BOOT_COMPLETED接收开机启动广播
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.SEND_SMS发送短信
    android.permission.RECEIVE_SMS监控接收短信
    android.permission.READ_SMS读取短信
    android.permission.WRITE_SMS写短信
    服务列表
    名称
    com.xxx.yyy.MyService
    文件列表
    文件名 校验码
    res/drawable/icon.png 0xa68bd0c5
    res/layout/l_login.xml 0xdf35d954
    res/layout/l_webview.xml 0x2a4db95f
    res/layout/list_13.xml 0xc4253acb
    res/layout/list_items.xml 0xb8f5d6e
    res/layout/main.xml 0x8ae7db9b
    AndroidManifest.xml 0x7eaaff2a
    resources.arsc 0x7fc54f93
    classes.dex 0x5cf1e333
    META-INF/MANIFEST.MF 0x7faea73a
    META-INF/CERT.SF 0x240722cb
    META-INF/CERT.RSA 0xa758d449
    运行截图
    VirSCAN

Über VirSCAN | Datenschutz | Kontakt | Freundliche Verbindung | VirSCAN unterstützen
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号