VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :Autostarts_32.apk (File not down)
File Size :497297 byte
File Type :Zip archive data
MD5:f9e7d2b09b7d899eaf1ac58ddd3555b8
SHA1:956f47e5989752923db9f0cb133a432aee95acae
SHA256:ea317bb22f773b9ca5748749a3bec23dcf820bb41a47071ce1cf521b2986e0f9
SSDEEP:6144:hs9Bp8QOQ11K5dp115uf1unSOh3olSF8PLHUkHH6RxyyGS3yHAlIey1X:hsDp/a8EEDUkN9YIL1X
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-07-25 14:59:24 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14149 10.0.1405 2017-07-04 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23590 0.97.5 2017-07-24 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 50.424, 50.281, 50.305 5.4.247 2017-07-24 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.13539 25.13539 2017-07-24 Found nothing 11
    ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-07-22 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-07-24 Found nothing 4
    mcafee 8261 5400.1158 2016-08-18 Found nothing 60
    nod32 1777 3.0.21 2015-06-12 Found nothing 60
    panda 9.05.01 9.05.01 2017-07-24 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 7
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-07-24 Found nothing 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 2
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
    thehacker 6.8.0.5 6.8.0.5 2017-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-07-25 Found nothing 14
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-17 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.WRITE_SECURE_SETTINGS读写系统敏感设置
    android.permission.CHANGE_COMPONENT_ENABLED_STATE变更组件状态
    android.permission.ACCESS_SUPERUSER
  • 文件信息
    安全评分 :
    基本信息
    MD5:f9e7d2b09b7d899eaf1ac58ddd3555b8
    包名:com.elsdoerfer.android.autostarts
    最低运行环境:Android 3.0.x
    版权:Unknown
    关键行为
    行为描述:直接调用系统关键API
    详情信息:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BF8C12
    Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x00BAB505
    Index = 0x000000B5, Name: NtRaiseException, Instruction Address = 0x00BB6A2E
    Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB5E44
    Index = 0x000000A3, Name: NtQueryObject, Instruction Address = 0x00BB61CF
    Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB6325
    Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BC2C9B
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xbe96157e, EDX = 0x000000b5
    EAX = 0xc936e297, EDX = 0x000000b5
    行为描述:尝试打开调试器或监控软件的驱动设备对象
    详情信息:\??\NTICE
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2844, StartAddress = 00B51399, Parameter = 0019FBF0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2848, StartAddress = 00B51399, Parameter = 0019FC00
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2852, StartAddress = 00B51399, Parameter = 0019FC00
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 2856, StartAddress = 00B51399, Parameter = 0019FBF0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3080, StartAddress = 00B51399, Parameter = 001A65C0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3196, StartAddress = 00B51399, Parameter = 001CEF78
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3228, StartAddress = 00B51399, Parameter = 001CABA8
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3288, StartAddress = 00B51399, Parameter = 001CF888
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3348, StartAddress = 00B51399, Parameter = 001D1F58
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2692, ThreadID = 3352, StartAddress = 00B51399, Parameter = 001CA038
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\DNF.mdb
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\%temp%\DNF.mdb ---> Offset = 0
    其他行为
    行为描述:直接调用系统关键API
    详情信息:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BF8C12
    Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x00BAB505
    Index = 0x000000B5, Name: NtRaiseException, Instruction Address = 0x00BB6A2E
    Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB5E44
    Index = 0x000000A3, Name: NtQueryObject, Instruction Address = 0x00BB61CF
    Index = 0x000000E3, Name: NtSetInformationObject, Instruction Address = 0x00BB6325
    Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x00BC2C9B
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.IIK
    MSCTF.Shared.MUTEX.MHM
    行为描述:创建事件对象
    详情信息:EventName = DINPUTWINMM
    EventName = MSCTF.SendReceive.Event.IIK.IC
    EventName = MSCTF.SendReceiveConection.Event.IIK.IC
    EventName = MSCTF.SendReceive.Event.MHM.IC
    EventName = MSCTF.SendReceiveConection.Event.MHM.IC
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [SysHeader32,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    行为描述:尝试打开调试器或监控软件的驱动设备对象
    详情信息:\??\NTICE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000012
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000012
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000013
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000013
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000014
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000014
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000015
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000015
    行为描述:窗口信息
    详情信息:Pid = 2692, Hwnd=0x104ac, Text = 物品查询结果框, ClassName = _EL_Label.
    Pid = 2692, Hwnd=0x10478, Text = 当前版本:4.10终极版, ClassName = msctls_statusbar32.
    Pid = 2692, Hwnd=0x1040c, Text = 鸣谢, ClassName = Button.
    Pid = 2692, Hwnd=0x103aa, Text = D点余额, ClassName = _EL_Label.
    Pid = 2692, Hwnd=0x104b2, Text = 在总物品数据库里(十万条数据)提供毫秒级搜索速度 输入关键词精确查找,无关键词加载整表, ClassName = _EL_Label.
    Pid = 2692, Hwnd=0x104b0, Text = 发送情况, ClassName = _EL_Label.
    Pid = 2692, Hwnd=0x104a0, Text = 时装邮件, ClassName = Button(RadioButton).
    Pid = 2692, Hwnd=0x104a6, Text = 天, ClassName = _EL_Label.
    Pid = 2692, Hwnd=0x104a2, Text = 使用时限, ClassName = _EL_Label.
    Pid = 2692, Hwnd=0x1049c, Text = D点, ClassName = Button(RadioButton).
    Pid = 2692, Hwnd=0x1049a, Text = 单独金币, ClassName = Button(RadioButton).
    Pid = 2692, Hwnd=0x10498, Text = 宠物邮件, ClassName = Button(RadioButton).
    Pid = 2692, Hwnd=0x10496, Text = 普通邮件, ClassName = Button(RadioButton).
    Pid = 2692, Hwnd=0x10490, Text = 在线玩家充值, ClassName = Button.
    Pid = 2692, Hwnd=0x1048e, Text = 非常感谢您的支持,GM工具的功能会越来越强大的!有什么BUG或建议请您及时反馈, ClassName = Edit.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,ComboLBox]
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xbe96157e, EDX = 0x000000b5
    EAX = 0xc936e297, EDX = 0x000000b5
    Activities
    活动名类型
    .ListActivityandroid.intent.action.MAIN
    .ListActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    权限列表
    许可名称信息
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.WRITE_SECURE_SETTINGS读写系统敏感设置
    android.permission.CHANGE_COMPONENT_ENABLED_STATE变更组件状态
    android.permission.ACCESS_SUPERUSER
    服务列表
    名称
    com.elsdoerfer.android.autostarts.ToggleService
    文件列表
    文件名 校验码
    AndroidManifest.xml 0xb0ee8c91
    res/drawable-hdpi-v4/ic_action_action_help.png 0x71d9c72d
    res/drawable-hdpi-v4/ic_action_action_info.png 0x12c73d10
    res/drawable-hdpi-v4/ic_action_action_search.png 0xa223395b
    res/drawable-hdpi-v4/ic_action_action_view_column.png 0xa0217fdf
    res/drawable-hdpi-v4/ic_action_action_view_list.png 0xef99f422
    res/drawable-hdpi-v4/ic_action_image_remove_red_eye.png 0x9b64003a
    res/drawable-hdpi-v4/ic_action_navigation_expand_less.png 0x7f0fe161
    res/drawable-hdpi-v4/ic_action_navigation_expand_more.png 0x9c163398
    res/drawable-hdpi-v4/ic_action_navigation_refresh.png 0xd8887b3f
    res/drawable-hdpi-v4/ic_collapse_expand.png 0x640d6457
    res/drawable-hdpi-v4/ic_dialog_alert.png 0x6af2f3cc
    res/drawable-hdpi-v4/ic_dialog_info.png 0x8094e82b
    res/drawable-hdpi-v4/ic_dialog_info_btn_normal.png 0x62100914
    res/drawable-hdpi-v4/ic_dialog_info_btn_pressed.png 0x98f550d5
    res/drawable-hdpi-v4/ic_menu_help.png 0x9c385d1e
    res/drawable-hdpi-v4/ic_menu_refresh.png 0x65ad3899
    res/drawable-hdpi-v4/ic_menu_view.png 0x9c329a2b
    res/drawable-hdpi-v4/ic_menu_windows.png 0xe4a16889
    res/drawable-hdpi-v4/icon.png 0xb7554329
    res/drawable-mdpi-v4/ic_action_action_help.png 0xa144b5ba
    res/drawable-mdpi-v4/ic_action_action_info.png 0x47aaf82f
    res/drawable-mdpi-v4/ic_action_action_search.png 0x97e4fb0e
    res/drawable-mdpi-v4/ic_action_action_view_column.png 0xc9e8da8f
    res/drawable-mdpi-v4/ic_action_action_view_list.png 0xbd1a86eb
    res/drawable-mdpi-v4/ic_action_image_remove_red_eye.png 0xba9296fb
    res/drawable-mdpi-v4/ic_action_navigation_expand_less.png 0xdf0c815e
    res/drawable-mdpi-v4/ic_action_navigation_expand_more.png 0x92bbe5da
    res/drawable-mdpi-v4/ic_action_navigation_refresh.png 0x74fd541e
    res/drawable-mdpi-v4/icon.png 0xf0801d50
    res/drawable-xhdpi-v4/ic_action_action_help.png 0x5398b36f
    res/drawable-xhdpi-v4/ic_action_action_info.png 0x88b0e255
    res/drawable-xhdpi-v4/ic_action_action_search.png 0xb4fb05d6
    res/drawable-xhdpi-v4/ic_action_action_view_column.png 0x8b1856f0
    res/drawable-xhdpi-v4/ic_action_action_view_list.png 0xe17ab9dc
    res/drawable-xhdpi-v4/ic_action_image_remove_red_eye.png 0x7aeb7074
    res/drawable-xhdpi-v4/ic_action_navigation_expand_less.png 0x264353c1
    res/drawable-xhdpi-v4/ic_action_navigation_expand_more.png 0xad23221d
    res/drawable-xhdpi-v4/ic_action_navigation_refresh.png 0x391f0a9
    res/drawable-xhdpi-v4/icon.png 0x6d37a94d
    res/drawable-xxhdpi-v4/ic_action_action_help.png 0x8ac37aa5
    res/drawable-xxhdpi-v4/ic_action_action_info.png 0x69de03d
    res/drawable-xxhdpi-v4/ic_action_action_search.png 0x9d888d4f
    res/drawable-xxhdpi-v4/ic_action_action_view_column.png 0xee7ffd72
    res/drawable-xxhdpi-v4/ic_action_action_view_list.png 0xbb1c08c
    res/drawable-xxhdpi-v4/ic_action_image_remove_red_eye.png 0xdf179eff
    res/drawable-xxhdpi-v4/ic_action_navigation_expand_less.png 0x4604c6b9
    res/drawable-xxhdpi-v4/ic_action_navigation_expand_more.png 0xd5e05303
    res/drawable-xxhdpi-v4/ic_action_navigation_refresh.png 0x712f4670
    res/drawable-xxhdpi-v4/icon.png 0xf7aff73
    res/drawable/ic_dialog_alert.png 0xea43276c
    res/drawable/ic_dialog_info_btn.xml 0x8c5ab4cb
    res/layout/by_act_child_row.xml 0xd865229f
    res/layout/by_act_group_row.xml 0x3e400ec5
    res/layout/by_pkg_child_row.xml 0xf456b741
    res/layout/by_pkg_group_row.xml 0x5ad9178a
    res/layout/detail_toast.xml 0x9a244ed7
    res/layout/help.xml 0x8994b1df
    res/layout/list.xml 0x3fc08279
    res/layout/receiver_info_panel.xml 0xcca4fa7c
    res/menu/actionbar.xml 0x2707a6a0
    resources.arsc 0xd76b4b7a
    classes.dex 0xda8c50f5
    META-INF/MANIFEST.MF 0x63aa74a3
    META-INF/CERT.SF 0x1aa42e7f
    META-INF/CERT.RSA 0x21e5f454
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号