VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2016-08-14 08:38:03 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 7
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 3
avast 150725-1 4.7.4 2015-07-25 Found nothing 60
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
baidusd 1.0 1.0 2014-04-02 Found nothing 2
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 60
clamav 19861 0.97.5 2014-12-31 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 60
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 60
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 60
gdata 25.7874 25.7874 2016-08-13 Found nothing 15
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 51
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2013-09-22 Found nothing 9
mcafee 7638 5400.1158 2014-11-30 Found nothing 60
nod32 0920 3.0.21 2014-12-23 Found nothing 60
panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 3
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 60
quickheal 14.00 14.00 2015-07-25 Found nothing 6
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 4
sophos 5.08 3.55.0 2014-12-01 Found nothing 60
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 11
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 15
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_MEDIA_STORAGE
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.INTERNET 连接网络(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.VIBRATE 允许设备震动
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
com.android.browser.permission.READ_HISTORY_BOOKMARKS 读取浏览器书签
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS 写浏览器书签
android.permission.READ_CALL_LOG 读取通话记录
android.permission.WRITE_CALL_LOG 写入通话记录
com.android.voicemail.permission.ADD_VOICEMAIL 允许添加声音邮件
com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_SUPERUSER
android.permission.BROADCAST_SMS 收到短信时广播
android.permission.BROADCAST_WAP_PUSH WAP PUSH广播
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:58277965302c271e2a973d5b19cf4089
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.keramidas.TitaniumBackup
最低运行环境:Android 1.5
版权:Jasi2169 Cracker
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 328890, SleepMilliseconds = 2000.
TickCount = 328906, SleepMilliseconds = 2000.
TickCount = 337296, SleepMilliseconds = 8000.
TickCount = 337484, SleepMilliseconds = 8000.
TickCount = 337515, SleepMilliseconds = 8000.
TickCount = 337546, SleepMilliseconds = 8000.
TickCount = 337562, SleepMilliseconds = 8000.
TickCount = 337578, SleepMilliseconds = 8000.
TickCount = 337593, SleepMilliseconds = 8000.
TickCount = 337656, SleepMilliseconds = 8000.
TickCount = 337718, SleepMilliseconds = 8000.
TickCount = 337765, SleepMilliseconds = 8000.
TickCount = 337828, SleepMilliseconds = 8000.
TickCount = 337859, SleepMilliseconds = 8000.
TickCount = 337906, SleepMilliseconds = 8000.
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 获取TickCount值
详情信息: TickCount = 328890, SleepMilliseconds = 2000.
TickCount = 328906, SleepMilliseconds = 2000.
TickCount = 337296, SleepMilliseconds = 8000.
TickCount = 337484, SleepMilliseconds = 8000.
TickCount = 337515, SleepMilliseconds = 8000.
TickCount = 337546, SleepMilliseconds = 8000.
TickCount = 337562, SleepMilliseconds = 8000.
TickCount = 337578, SleepMilliseconds = 8000.
TickCount = 337593, SleepMilliseconds = 8000.
TickCount = 337656, SleepMilliseconds = 8000.
TickCount = 337718, SleepMilliseconds = 8000.
TickCount = 337765, SleepMilliseconds = 8000.
TickCount = 337828, SleepMilliseconds = 8000.
TickCount = 337859, SleepMilliseconds = 8000.
TickCount = 337906, SleepMilliseconds = 8000.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Application Data\kugousafe\io.dat
C:\Documents and Settings\Administrator\Application Data\kugousafe\temp.dat
C:\Documents and Settings\Administrator\Application Data\kugousafe\cross.exe
C:\Documents and Settings\Administrator\Application Data\kugousafe\kugou.dll
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat
C:\Documents and Settings\Administrator\Application Data\kugousafe\kkwoyou.inf
C:\Documents and Settings\Administrator\Application Data\1.jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\cgi_get_portrait[1].fcg
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\kugousafe\cross.exe
C:\Documents and Settings\Administrator\Application Data\kugousafe\kugou.dll
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Application Data\kugousafe\io.dat
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings\Administrator\Application Data\kugousafe\cross.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\rundll32.exe
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Application Data\1.jpg
FileName = C:\Documents and Settings\Administrator\Application Data\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Application Data\kugousafe\temp.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\cgi_get_portrait[1].fcg
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Application Data\kugousafe\io.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\kugousafe\temp.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\kugousafe\cross.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\kugousafe\kugou.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 109
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 208
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 304
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 384
C:\Documents and Settings\Administrator\Application Data\kugousafe\kkwoyou.inf ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 393
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 401
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 390
C:\Documents and Settings\Administrator\Application Data\1.jpg ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\kugousafe\config.dat ---> Offset = 398
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://ww****om/, hInternet = 0x00cc0004, Flags = 0x04000000
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0008, Flags = 0x00000010
InternetOpenUrlA: http://ww****om/, hInternet = 0x00cc0008, Flags = 0x04000000
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x00000010
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x04000000
InternetConnectA: ServerName = us****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0008, hConnect = 0x00cc000c, Flags = 0x04000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/5.0 (compatible; MSIE 11.0; Windows NT 6.1; TencentTraveler 8.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0008
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/5.0 (compatible; MSIE 11.0; Windows NT 6.1; TencentTraveler 8.0), hSession = 0x00cc0008
行为描述: 建立到一个指定的套接字连接
详情信息: URL: wpad, IP: **.133.40.**:128, SOCKET = 0x000004e4
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x000004dc
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x00000640
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000694
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x0000045c
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000054c
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x00000468
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000464
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x000004cc
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000454
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x00000478
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000470
URL: us****om, IP: **.133.40.**:80, SOCKET = 0x00000490
行为描述: 读取网络文件
详情信息: hFile = 0x00cc0010, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
行为描述: 发送HTTP包
详情信息: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET / HTTP/1.1 User-Agent: Mozilla/5.0 (compatible; MSIE 11.0; Windows NT 6.1; TencentTraveler 8.0) Host: ww****om
GET /fcg-bin/cgi_get_portrait.fcg?uins=496038371 HTTP/1.1 Accept: */* Accept-Language: zh-cn If-Modified-Since: 0 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: us****om Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x04000000
HttpOpenRequestA: us****om:80/fcg-bin/cgi_get_portrait.fcg?uins=496038371, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc000c, hRequest = 0x00cc0010, Verb: GET, Referer: , Flags = 0x04000000
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: ww****om
GetAddrInfoW: us****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\rundll32.exe
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\cross\DEBUG\Trace Level
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\cross\DEBUG\Trace Level
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: 9c547c9f891e62172f496038371
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.APH
RasPbFile
MSCTF.Shared.MUTEX.MIF
行为描述: 创建事件对象
详情信息: EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.MIF.IC
EventName = MSCTF.SendReceiveConection.Event.MIF.IC
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [ConsoleWindowClass,]
NtUserFindWindowEx: [Class,Window] = [ShImgVw:CPreviewWnd,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 启动系统服务
详情信息: [服务启动成功]: LocalSystem, Remote Access Connection Manager, C:\WINDOWS\system32\svchost.exe -k netsvcs
行为描述: 获取TickCount值
详情信息: TickCount = 328890, SleepMilliseconds = 2000.
TickCount = 328906, SleepMilliseconds = 2000.
TickCount = 337296, SleepMilliseconds = 8000.
TickCount = 337484, SleepMilliseconds = 8000.
TickCount = 337515, SleepMilliseconds = 8000.
TickCount = 337546, SleepMilliseconds = 8000.
TickCount = 337562, SleepMilliseconds = 8000.
TickCount = 337578, SleepMilliseconds = 8000.
TickCount = 337593, SleepMilliseconds = 8000.
TickCount = 337656, SleepMilliseconds = 8000.
TickCount = 337718, SleepMilliseconds = 8000.
TickCount = 337765, SleepMilliseconds = 8000.
TickCount = 337828, SleepMilliseconds = 8000.
TickCount = 337859, SleepMilliseconds = 8000.
TickCount = 337906, SleepMilliseconds = 8000.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007F0.00000000.0000001E
CTF.ThreadMarshalInterfaceEvent.000007F0.00000000.0000001E
MSCTF.SendReceiveConection.Event.APH.IC
MSCTF.SendReceive.Event.APH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
CTF.ThreadMIConnectionEvent.000007F0.00000000.0000001F
CTF.ThreadMarshalInterfaceEvent.000007F0.00000000.0000001F
行为描述: 可执行文件签名信息
详情信息: C:\Documents and Settings\Administrator\Application Data\kugousafe\cross.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Application Data\kugousafe\kugou.dll(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 2000.
[1]: MilliSeconds = 8000.
[2]: MilliSeconds = 500.
[3]: MilliSeconds = 500.
[4]: MilliSeconds = 500.
[5]: MilliSeconds = 120000.
[6]: MilliSeconds = 2000.
[7]: MilliSeconds = 2000.
[8]: MilliSeconds = 2000.
[9]: MilliSeconds = 2000.
[10]: MilliSeconds = 2000.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [C:\WINDOWS\system32\VBoxService.exe,ConsoleWindowClass]
行为描述: 可执行文件MD5
详情信息: C:\Documents and Settings\Administrator\Application Data\kugousafe\cross.exe ---> 42d63c6b832ee5ef8c84b22b2f86f22a
C:\Documents and Settings\Administrator\Application Data\kugousafe\kugou.dll ---> 77d12344187ad6f7e4ed2a2c7b5f4086
行为描述: 打开互斥体
详情信息: 9c547c9f891e62172f496038371
ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
行为描述: 加载新释放的文件
详情信息: Image: C:\Documents and Settings\Administrator\Application Data\kugousafe\kugou.dll.
Activities
VirSCANVirSCAN
活动名 类型
.MainActivity android.intent.action.MAIN
.MainActivity android.intent.category.LAUNCHER
.MainActivity android.intent.category.MULTIWINDOW_LAUNCHER
.MyWidgetConfigure android.appwidget.action.APPWIDGET_CONFIGURE
.MyDataProfileWidgetConfigure android.appwidget.action.APPWIDGET_CONFIGURE
.ImportBackupActivity android.intent.action.VIEW
.ImportBackupActivity android.intent.category.DEFAULT
.ImportBackupActivity android.intent.category.BROWSABLE
com.dropbox.client2.android.AuthActivity android.intent.action.VIEW
com.dropbox.client2.android.AuthActivity android.intent.category.BROWSABLE
com.dropbox.client2.android.AuthActivity android.intent.category.DEFAULT
.apiBackupRestore.DummyActivity android.intent.action.SEND
.apiBackupRestore.DummyActivity android.intent.action.SENDTO
.apiBackupRestore.DummyActivity android.intent.category.DEFAULT
.apiBackupRestore.DummyActivity android.intent.category.BROWSABLE
危险函数
VirSCANVirSCAN
函数名称 信息
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
java/lang/Runtime;->exec 执行字符串命令
java/net/URL;->openConnection 连接URL
启动方式
VirSCANVirSCAN
名称 信息
com.keramidas.TitaniumBackup.MyWidget 更新应用小部件时启动服务
com.keramidas.TitaniumBackup.MyDataProfileWidget 更新应用小部件时启动服务
com.keramidas.TitaniumBackup.schedules.BootReceiver 开机启动服务
com.keramidas.TitaniumBackup.schedules.BootReceiver
com.keramidas.TitaniumBackup.schedules.BootReceiver
com.keramidas.TitaniumBackup.schedules.BootReceiver
com.keramidas.TitaniumBackup.PackageEventsReceiver 应用安装时启动服务
com.keramidas.TitaniumBackup.PackageEventsReceiver 应用卸载时启动服务
com.keramidas.TitaniumBackup.PackageEventsReceiver
com.keramidas.TitaniumBackup.schedules.WakeUpReceiver
com.keramidas.TitaniumBackup.apiBackupRestore.DummyReceiver
com.keramidas.TitaniumBackup.apiBackupRestore.DummyReceiver
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.READ_EXTERNAL_STORAGE 读外部存储器(如:SD卡)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_MEDIA_STORAGE
android.permission.WRITE_MEDIA_STORAGE
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.INTERNET 连接网络(2G或3G)
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.VIBRATE 允许设备震动
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.GET_ACCOUNTS 访问账户列表
android.permission.USE_CREDENTIALS 获取认证令牌
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
com.android.browser.permission.READ_HISTORY_BOOKMARKS 读取浏览器书签
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS 写浏览器书签
android.permission.READ_CALL_LOG 读取通话记录
android.permission.WRITE_CALL_LOG 写入通话记录
com.android.voicemail.permission.ADD_VOICEMAIL 允许添加声音邮件
com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.ACCESS_SUPERUSER
android.permission.BROADCAST_SMS 收到短信时广播
android.permission.BROADCAST_WAP_PUSH WAP PUSH广播
服务列表
VirSCANVirSCAN
名称
o.ah
o.T
o.爫
com.keramidas.TitaniumBackup.apiBackupRestore.DummyService
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x45055839
META-INF/CERT.SF 0x584b5c4b
META-INF/CERT.RSA 0x8dad6e95
aA 0xc5901885
aB 0x71327ea1
lib/armeabi/libtitanium.so 0x8321bdf1
aC 0xc4af2f2f
assets/busybox.x86 0x95e1b7d8
aD 0x7ba48f45
aE 0x79cb1cec
aF 0x4b26c6bf
aG 0xf38531df
aH 0x8d9a0ea2
aI 0x670c8a41
aJ 0x5fe136b9
aK 0xbd7d8bd
aL 0xeaa91012
aM 0x2e62619b
aN 0xdad051be
aO 0xc0fc3a83
aP 0xbf3ac077
aQ 0xa39a33f8
aR 0x58cf9ab7
aS 0x3a919a85
aT 0xa1c749be
aU 0xda23dbbd
aV 0xa769ef80
aW 0x8030c8bc
aX 0xd3f12f2
aY 0xf373fe17
com/google/api/client/googleapis/google.jks 0xbfb6615b
aZ 0xb9446299
d.xml 0x21e069f1
bA 0x7afbd2a9
aa 0x23afdd2d
bB 0x4c3ad51a
ab 0x3032f690
bC 0x1e6f46e4
assets/reboot.mips.pie 0x69c631c0
ac 0x6ea8134e
bD 0xc4da9745
ad 0xa6a3d4f7
bE 0xa9bec63f
ae 0x7bfbf125
bF 0x2104e9b9
af 0xf06a25b8
bG 0xc13dcb62
ag 0x15f1d27a
bH 0xc8ad376
ah 0x18cc8c64
bI 0xf5937ecf
ai 0xb5908f2b
bJ 0xbe15c3d0
aj 0xb29c383b
bK 0x8e6882c1
ak 0xf76697a
bL 0x4fa55be6
bM 0x5b3150dc
al 0x9fc8cfd6
am 0xa52be2f1
bN 0x4f6774af
an 0xf2e07f00
bO 0xe7706005
bP 0x526c2048
ao 0xc4ecb4
ap 0xcf27f887
bQ 0x6144777f
aq 0x548404f7
bR 0xf2ed2531
ar 0x9694bc1
bS 0xe12f99cb
bT 0x6b1977f0
as 0x32bb9330
at 0xe727fb11
bU 0xda87e892
au 0x78f9ff8a
bV 0x6c455a50
av 0xa80cbe30
bW 0xb3560fe3
aw 0x41f1959
bX 0xab5d57a3
ax 0x6b857a3a
bY 0xb6219026
ay 0x9a9cbd90
bZ 0xccb47cd
az 0xe35146eb
resources.arsc 0xbc32ae91
ba 0x10b7c992
bb 0x4a309d18
bc 0x2df95a20
A 0xb6e8f923
h.xml 0xeeeeaf33
AndroidManifest.xml 0xd3347742
bd 0x3f754199
B 0x94591a84
C 0x974f6f1b
be 0xe6e537c9
D 0x5d4214c4
bf 0xcaa58bc8
E 0x850270bf
bh 0xe59f711
F 0x2ad8c087
G 0x9a4a7976
bi 0x2f734cc7
bj 0x86ff183f
H 0x857aa424
bk 0x7f610e6
I 0x36dbf7e1
J 0x2256c29c
bl 0x97e479a7
K 0xb35a0f4a
bm 0x71c2b0c0
bn 0x4a26c9fc
L 0xc8a04a6c
bo 0xda83958d
M 0x19d75deb
N 0xac5bd8ce
bp 0xc24e7162
O 0xc965f3b0
bq 0x6b870a9c
br 0x4bc6fb1b
P 0x2db08d3a
Q 0x65b6286
bs 0x4af219af
bt 0x190c53f6
R 0x228c1919
S 0xc51520d0
bu 0xc8536416
T 0x6881a06b
bv 0x8b75c12f
U 0xb8acb473
bw 0xfb803621
bx 0x275089d8
V 0xd9676504
by 0xc0900204
W 0xead37af7
lib/mips/libtitanium.so 0xa80b29d6
bz 0x16660fe7
X 0xcb8079a0
Y 0x99e4f19
Z 0xa0fee99d
ca 0xf5406b5d
cb 0x376d60e0
cc 0x473b4e19
a 0xa7f772c1
cd 0x97356fad
b 0x738ab58f
ce 0x2ef5f38e
c 0x151348a1
cf 0xcdedad4c
cg 0xa74cb48c
d 0xd13c8c66
ch 0xd5aa8108
e 0x3f1e8fd8
f 0x2ede9955
ci 0xe2493b1d
a.xml 0x1876b504
g 0x2092d921
h 0x9d8f9a3c
i 0x65f10286
j 0x1be1227b
k 0x3950aa29
l 0xa38c5ca0
m 0x5a1b822d
n 0xeaa4ed87
o 0x13ffc1ca
p 0xb9d3bb84
assets/reboot.mips 0x42fd8d0e
q 0xd68f64b2
r 0xb7bd6bc8
s 0x66fcd3aa
t 0x6852e7c2
u 0x304a2c7a
v 0x256a7622
w 0xd0efc812
x 0xd50c6eb1
y 0xed66bb29
z 0x944a22fe
assets/MarketUpdateHelper.apk 0x731b3f2d
lib/x86/libtitanium.so 0xe087ce16
lib/arm64-v8a/libtitanium.so 0x1c9505ef
e.xml 0xef0ee749
assets/busybox.armeabi.pie 0x3b0cab12
assets/busybox.mips.pie 0xe9937d3a
assets/reboot.armeabi.pie 0xf6c7f4a5
i.xml 0xb57a9923
assets/reboot.x86.pie 0xcc397aeb
org/apache/http/entity/mime/version.properties 0x6ef9dd91
assets/sqlite3.mips 0xcf764e5b
assets/reboot.x86 0x629e83ee
assets/sqlite3.x86.pie 0xf7f72df3
assets/dexopt-wrapper.armeabi.pie 0x34c0e9e0
f.xml 0xe886d300
assets/dexopt-wrapper.mips.pie 0x972fab58
assets/sqlite3.armeabi.pie 0xa5795655
assets/dexopt-wrapper.x86.pie 0x572f1b9f
assets/busybox.armeabi 0x326fc899
assets/reboot.armeabi 0xbc3a6539
j.xml 0xd4d216fd
c.xml 0xe5dd67f3
assets/dexopt-wrapper.armeabi 0x10c55eba
assets/busybox.mips 0xf6f06461
l.xml 0xdf96b3ff
assets/sqlite3.armeabi 0x3bedc65f
assets/sqlite3.mips.pie 0x412de539
assets/sqlite3.x86 0x2af55b2d
g.xml 0xddf6ee42
assets/update-binary.armeabi 0xdbc73334
assets/dexopt-wrapper.mips 0x4ba8e2f
assets/busybox.x86.pie 0xa82bc289
k.xml 0x7d4ca047
b.xml 0x4bd63467
assets/dexopt-wrapper.x86 0xb8d50d77
bg.png 0xd1fe2344
classes.dex 0x2fa6bf43
运行截图
VirSCANVirSCAN
VirSCAN