VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:33%Scanner(s) (13/39)found malware!
Behavior analysis report:         Habo file analysis
Time: 2014-11-12 14:13:52 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 5
antivir 1.9.2.0 1.9.159.0 7.11.184.98 Found nothing 12
antiy 112741 AVL141110 2014-11-11 Found nothing 5
arcavir 1.0 2011 2014-05-30 Found nothing 8
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Android.Trojan.SmsSpy.CV 1
avast 141111-0 4.7.4 2014-11-11 Android:Agent-DBH [Trj] 9
avg 2109/8019 10.0.1405 2014-11-06 Found nothing 1
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 2
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.57661 7.90123 2014-11-10 Android.Trojan.SmsSpy.CV 6
clamav 19608 0.97.5 2014-11-10 Found nothing 1
comodo 15023 5.1 2014-11-11 Found nothing 3
ctch 4.6.5 5.3.14 2013-12-01 Found nothing 1
drweb 5.0.2.3300 5.0.1.1 2014-10-31 Found nothing 30
fortinet 23.159, 23.159 5.1.158 2014-11-11 Android/Agent.DN!tr 1
fprot 4.6.2.117 6.5.1.5418 2014-11-11 Found nothing 1
fsecure 2014-04-02-01 9.13 2014-04-02 Trojan:Android/SmsSend.MI 1
gdata 24.4908 24.4908 2014-11-12 Android.Trojan.SmsSpy.CV 8
hauri 2.73 2.73 2014-11-11 Found nothing 1
ikarus 1.06.01 V1.32.31.0 2014-11-11 Trojan.AndroidOS.Agent 14
jiangmin 16.0.100 1.0.0.0 2014-08-20 Found nothing 40
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 20
kingsoft 2.1 2.1 2013-09-22 Android.Troj.at_jkpoae.a.(kcloud) 3
mcafee 7520 5400.1158 2014-08-04 Found nothing 8
nod32 0436 3.0.21 2014-09-18 a variant of Android/Agent.DN trojan 1
panda 9.05.01 9.05.01 2014-11-11 Found nothing 6
pcc 11.270.05 9.500-1005 2014-11-11 Found nothing 1
qh360 1.0.1 1.0.1 1.0.1 Win32/Trojan.Spy.be2 13
qqphone 1.0.0.0 1.0.0.0 2014-11-12 a.expense.updateservice 1
quickheal 14.00 14.00 2014-11-10 Android.Agent.JZ 2
rising 25.40.00.04 25.40.00.04 2014-11-10 Found nothing 1
sophos 5.04 3.51.0 2014-08-05 Andr/SMSSpy-BU 6
sunbelt 3.9.2595.2 3.9.2595.2 2014-11-10 Found nothing 1
symantec 20141110.003 1.3.0.24 2014-11-10 Found nothing 1
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 3
thehacker 6.8.0.5 6.8.0.5 2014-11-10 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-11-11 Found nothing 6
vba 3.12.26.3 3.12.26.3 2014-11-11 Found nothing 3
virusbuster 15.0.965.0 5.5.2.13 2014-11-11 Found nothing 15
权限列表
许可名称 信息
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.READ_LOGS 读取系统日志
android.permission.WRITE_SMS 写短信
android.permission.READ_SMS 读取短信
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.BROADCAST_SMS 收到短信时广播
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.RECEIVE_MMS 接收彩信
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.MODIFY_PHONE_STATE 修改电话状态
android.permission.CALL_PHONE 拨打电话
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.RESTART_PACKAGES 重启其他程序
文件信息
VirSCANVirSCAN
安全评分 :87
基本信息
VirSCANVirSCAN
MD5:b1f620822db72ddc8008acfb3765c0d9
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.android.android.kernel
最低运行环境:
版权:oe
动态列表行为
VirSCANVirSCAN
行为描述: 读取文件
详情信息: path:/proc/783/cmdline length:105
path:/proc/meminfo length:105
path:/proc/799/cmdline length:105
path:/proc/811/cmdline length:105
path:/proc/841/cmdline length:105
path:/proc/854/cmdline length:105
path:/proc/meminfo length:105
path:/data/data/com.android.mms/shared_prefs/_has_set_default_values.xml length:105
path:/proc/896/cmdline length:105
path:/proc/898/cmdline length:105
path:/proc/899/cmdline length:105
path:/data/data/com.android.mms/shared_prefs/com.android.mms_preferences.xml length:105
path:/proc/1025/cmdline length:105
path:/proc/1027/cmdline length:105
行为描述: 启动服务
详情信息: com.android.musicfx.Compatibility$Service
c.PSS
c.KS
c.TS
com.android.contacts.calllog.CallLogNotificationsService
com.android.providers.downloads.DownloadService
c.CCS
com.android.mms.transaction.SmsReceiverService
行为描述: 数据加密
详情信息: {u'operation': u'keyalgo', u'algorithm': u'AES', u'key': u'100, 117, 101, 119, 38, 94, 37, 53, 100, 53, 52, 110, 99, 39, 75, 72'}
{u'operation': u'decryption', u'data': u'android.provider.Telephony.SMS_RECEIVED', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://telephony/carriers/preferapn', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://telephony/carriers_gemini/preferapn', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'http://', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'46003', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'46001', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'46002', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'46000', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'http://mmsc.vnet.mobi', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'10.0.0.200', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'http://mmsc.myuni.com.cn', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'010.000.000.172', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'10.0.0.172', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'http://mmsc.monternet.com', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'wifi', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'text', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'enclosed', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'regex', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'left', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'right', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'proxy', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.intent.action.SCREEN_ON', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.intent.action.SCREEN_OFF', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.intent.action.TIME_TICK', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.intent.action.BATTERY_CHANGED', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.intent.action.USER_PRESENT', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.net.conn.CONNECTIVITY_CHANGE', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://settings/system', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'setRadio', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'gprs_connection_sim_setting', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getDeviceIdGemini', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getSubscriberIdGemini', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://telephony/siminfo', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.telephony.SmsManager', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getDefault', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getDefaultSim', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getLine1NumberGemini', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getSimOperatorGemini', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getSimStateGemini', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.telephony.TelephonyManager', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.os.ServiceManager', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'isms', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'isms2', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getService', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'7148979C6D6E4DFA8754911EBA8C68B4', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'x.6gservice.com', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'http.connection.timeout', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'http.socket.timeout', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://mms/inbox', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://sms/inbox', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'android.provider.Telephony.WAP_PUSH_RECEIVED', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://sms/', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'data', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'getPone', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'address', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'body', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://sms/conversations/', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'hostName', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'PREF_INTERVAL', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'PREF_PROCESS_TIME', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://telephony/carriers_gemini', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'content://telephony/carriers', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'Accept-Encoding', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'gzip', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'pdus', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'Accept', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'Accept-Language', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'user-agent', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'Mozilla/5.0(Linux;U;Android 2.1-update1;zh-cn;ZTE-C_N600/ZTE-C_N600V1.0.0B02;240*320;CTC/2.0)AppleWebkit/530.17(KHTML,like Gecko) Version/4.0 Mobile Safari/530.17', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'*/*, application/vnd.wap.mms-message, application/vnd.wap.sic', u'algorithm': u'AES'}
{u'operation': u'decryption', u'data': u'http.route.default-proxy', u'algorithm': u'AES'}
行为描述: 类加载
详情信息: path:/system/app/PicoTts.apk
path:/system/app/MusicFX.apk
path:/system/framework/am.jar
path:/data/app/com.android.android.kernel-1.apk
path:/system/app/Mms.apk
行为描述: 写入文件
详情信息: path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
path:/data/data/com.android.android.kernel/shared_prefs/OPQRVSGdddd.xml length:105
path:/data/data/com.android.android.kernel/shared_prefs/OPQRVSG.xml length:105
path:/data/data/com.android.android.kernel/shared_prefs/....xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.android.kernel/shared_prefs/sessionName.xml length:105
path:/data/data/com.android.providers.contacts/shared_prefs/com.android.providers.contacts_preferences.xml length:105
Activities
VirSCANVirSCAN
活动名 类型
c.FA android.intent.action.MAIN
危险函数
VirSCANVirSCAN
函数名称 信息
ContentResolver;->delete 删除短信、联系人
ContentResolver;->query 读取联系人、短信等数据库
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
ActivityManager;->killBackgroundProcesses 中断进程,可用于关闭杀软
HttpClient;->execute 请求远程服务器
DefaultHttpClient;->execute 发送HTTP请求
WifiManager;->setWifiEnabled 变更WIFI状态
SmsManager;->sendTextMessage 发送普通短信
启动方式
VirSCANVirSCAN
名称 信息
c.SR 监控短信(收到短信)启动服务
c.BCR 开机启动服务
c.PSB WIFI状态改变时启动服务
c.PSB WIFI状态改变时启动服务
c.PSB 网络连接改变时启动服务
c.PSB 屏幕解锁启动服务
c.CCR 网络连接改变时启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.READ_LOGS 读取系统日志
android.permission.WRITE_SMS 写短信
android.permission.READ_SMS 读取短信
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.BROADCAST_SMS 收到短信时广播
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.RECEIVE_MMS 接收彩信
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.MODIFY_PHONE_STATE 修改电话状态
android.permission.CALL_PHONE 拨打电话
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
android.permission.RESTART_PACKAGES 重启其他程序
服务列表
VirSCANVirSCAN
名称
c.TS
c.PSS
c.KS
c.CCS
c.MS
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0xe5228d4b
META-INF/XAWUY.SF 0xc2e74037
META-INF/XAWUY.RSA 0x33ff07f0
AndroidManifest.xml 0x61d2ed0e
resources.arsc 0xb753ccb5
classes.dex 0x934cbb54
运行截图
VirSCANVirSCAN
VirSCAN