VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:3%Antivirus software(1/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-07-29 11:18:38 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 5
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14245 10.0.1405 2017-07-27 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
baidusd 1.0 1.0 2017-03-22 Found nothing 2
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23605 0.97.5 2017-07-29 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 50.497, 50.449, 50.473 5.4.247 2017-07-28 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13595 25.13595 2017-07-28 Found nothing 13
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-07-25 Found nothing 2
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-07-28 Found nothing 4
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-07-28 Found nothing 4
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-07-28 Android.Kuguo.I (AdWare) 3
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 6
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2017-07-27 Found nothing 3
tws 17.47.17308 1.0.2.2108 2017-07-28 Found nothing 16
vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-25 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
权限列表
许可名称 信息
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:bed39b1322111842e6b10485702189ea
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:tom.tafasdfasfffdfffheji
最低运行环境:Android 2.1.x
版权:gz
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x73dbe4ae, EDX = 0x000000b4
EAX = 0x73dbe4fa, EDX = 0x000000b4
EAX = 0x812fb143, EDX = 0x000000b4
EAX = 0x812fb18f, EDX = 0x000000b4
EAX = 0x8ba54eb5, EDX = 0x000000b4
EAX = 0x8ba54f01, EDX = 0x000000b4
EAX = 0x8ba54f4d, EDX = 0x000000b4
EAX = 0x8ba54f99, EDX = 0x000000b4
EAX = 0xa0bbb98c, EDX = 0x000000b4
EAX = 0xa0bbb9d8, EDX = 0x000000b4
行为描述: 获取TickCount值
详情信息: TickCount = 277968, SleepMilliseconds = 60000.
TickCount = 278000, SleepMilliseconds = 60000.
TickCount = 278031, SleepMilliseconds = 60000.
TickCount = 278046, SleepMilliseconds = 60000.
TickCount = 278062, SleepMilliseconds = 60000.
TickCount = 278093, SleepMilliseconds = 60000.
TickCount = 278125, SleepMilliseconds = 60000.
TickCount = 278203, SleepMilliseconds = 60000.
TickCount = 278343, SleepMilliseconds = 60000.
TickCount = 278500, SleepMilliseconds = 60000.
TickCount = 278671, SleepMilliseconds = 60000.
TickCount = 278703, SleepMilliseconds = 60000.
TickCount = 278812, SleepMilliseconds = 60000.
TickCount = 278828, SleepMilliseconds = 60000.
TickCount = 278843, SleepMilliseconds = 60000.
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x73dbe4ae, EDX = 0x000000b4
EAX = 0x73dbe4fa, EDX = 0x000000b4
EAX = 0x812fb143, EDX = 0x000000b4
EAX = 0x812fb18f, EDX = 0x000000b4
EAX = 0x8ba54eb5, EDX = 0x000000b4
EAX = 0x8ba54f01, EDX = 0x000000b4
EAX = 0x8ba54f4d, EDX = 0x000000b4
EAX = 0x8ba54f99, EDX = 0x000000b4
EAX = 0xa0bbb98c, EDX = 0x000000b4
EAX = 0xa0bbb9d8, EDX = 0x000000b4
行为描述: 获取TickCount值
详情信息: TickCount = 277968, SleepMilliseconds = 60000.
TickCount = 278000, SleepMilliseconds = 60000.
TickCount = 278031, SleepMilliseconds = 60000.
TickCount = 278046, SleepMilliseconds = 60000.
TickCount = 278062, SleepMilliseconds = 60000.
TickCount = 278093, SleepMilliseconds = 60000.
TickCount = 278125, SleepMilliseconds = 60000.
TickCount = 278203, SleepMilliseconds = 60000.
TickCount = 278343, SleepMilliseconds = 60000.
TickCount = 278500, SleepMilliseconds = 60000.
TickCount = 278671, SleepMilliseconds = 60000.
TickCount = 278703, SleepMilliseconds = 60000.
TickCount = 278812, SleepMilliseconds = 60000.
TickCount = 278828, SleepMilliseconds = 60000.
TickCount = 278843, SleepMilliseconds = 60000.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\_system.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\st_bulletin_board_template1
C:\Documents and Settings\Administrator\Local Settings\Temp\skyav.png
C:\Documents and Settings\Administrator\Local Settings\Temp\st_html_bulletin1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ok[1].jpg
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730\index.dat
行为描述: 覆盖已有文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行为描述: 查找文件
详情信息: FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ok[1].jpg
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\index.dat
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temp\_system.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\st_bulletin_board_template1 ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\skyav.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\st_html_bulletin1 ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730\index.dat ---> Offset = 0
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = sk****me, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = sb****me, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ww****et, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = 52****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
行为描述: 建立到一个指定的套接字连接
详情信息: IP: **.250.65.**:80, SOCKET = 0x00000310
URL: sk****me, IP: **.133.40.**:80, SOCKET = 0x000005a4
URL: sb****me, IP: **.133.40.**:80, SOCKET = 0x000005ac
URL: ww****et, IP: **.133.40.**:80, SOCKET = 0x000005ac
URL: 52****om, IP: **.133.40.**:80, SOCKET = 0x000005a8
URL: sk****me, IP: **.133.40.**:80, SOCKET = 0x000005ac
URL: 52****om, IP: **.133.40.**:80, SOCKET = 0x000005ac
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =8192, BytesRead = 8192.
行为描述: 发送HTTP包
详情信息: GET /m/text.html HTTP/1.1 Host: **.250.65.** Connection: Keep-Alive
GET /resources/img/ok.jpg HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: sk****me Connection: Keep-Alive
GET /images/ok.jpg HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****et Connection: Keep-Alive
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: sk****me:80/resources/img/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: sb****me:80/resources/img/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****et:80/images/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: 52****om:80/images/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: sk****me
GetAddrInfoW: sb****me
GetAddrInfoW: ww****et
GetAddrInfoW: 52****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CacheRepair
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091220160913\
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: IsDebuggerPresent
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
Local\c:!documents and settings!administrator!ietldcache!
MSCTF.Shared.MUTEX.IOH
MSIMGSIZECacheMutex
行为描述: 创建事件对象
详情信息: EventName = Global\CPFATE_2628_v4.0.30319
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceiveConection.Event.IEK.IC
EventName = MSCTF.SendReceive.Event.IEK.IC
行为描述: 打开互斥体
详情信息: ShimCacheMutex
RasPbFile
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
Local\c:!documents and settings!administrator!ietldcache!
CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012017072920170730!
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 窗口信息
详情信息: Pid = 2628, Hwnd=0x1034e, Text = Help, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
Pid = 2628, Hwnd=0x1034c, Text = 魔王在线发布工具, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r19_ad1.
行为描述: 获取TickCount值
详情信息: TickCount = 277968, SleepMilliseconds = 60000.
TickCount = 278000, SleepMilliseconds = 60000.
TickCount = 278031, SleepMilliseconds = 60000.
TickCount = 278046, SleepMilliseconds = 60000.
TickCount = 278062, SleepMilliseconds = 60000.
TickCount = 278093, SleepMilliseconds = 60000.
TickCount = 278125, SleepMilliseconds = 60000.
TickCount = 278203, SleepMilliseconds = 60000.
TickCount = 278343, SleepMilliseconds = 60000.
TickCount = 278500, SleepMilliseconds = 60000.
TickCount = 278671, SleepMilliseconds = 60000.
TickCount = 278703, SleepMilliseconds = 60000.
TickCount = 278812, SleepMilliseconds = 60000.
TickCount = 278828, SleepMilliseconds = 60000.
TickCount = 278843, SleepMilliseconds = 60000.
行为描述: 调整进程token权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 打开事件
详情信息: Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2628
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
\INSTALLATION_SECURITY_HOLD
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 0.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = -1.
[6]: MilliSeconds = 20.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
行为描述: 获取光标位置
详情信息: CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x73dbe4ae, EDX = 0x000000b4
EAX = 0x73dbe4fa, EDX = 0x000000b4
EAX = 0x812fb143, EDX = 0x000000b4
EAX = 0x812fb18f, EDX = 0x000000b4
EAX = 0x8ba54eb5, EDX = 0x000000b4
EAX = 0x8ba54f01, EDX = 0x000000b4
EAX = 0x8ba54f4d, EDX = 0x000000b4
EAX = 0x8ba54f99, EDX = 0x000000b4
EAX = 0xa0bbb98c, EDX = 0x000000b4
EAX = 0xa0bbb9d8, EDX = 0x000000b4
Activities
VirSCANVirSCAN
活动名 类型
com.itxinke.doudizhu.MainActivity android.intent.action.MAIN
com.itxinke.doudizhu.MainActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
HttpClient;->execute 请求远程服务器
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
ActivityManager;->restartPackage 中断进程,可用于关闭杀软
java/net/URL;->openConnection 连接URL
android/app/NotificationManager;->notify 信息通知栏
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
java/net/HttpURLConnection;->connect 连接URL
启动方式
VirSCANVirSCAN
名称 信息
tom.tafasdfasfffdfffheji.iyxj.arrgd 应用安装时启动服务
tom.tafasdfasfffdfffheji.iyxj.arrgd 网络连接改变时启动服务
tom.tafasdfasfffdfffheji.iyxj.arrgd 屏幕解锁启动服务
tom.tafasdfasfffdfffheji.blfzz.tnbvq 应用安装时启动服务
tom.tafasdfasfffdfffheji.blfzz.tnbvq 网络连接改变时启动服务
tom.tafasdfasfffdfffheji.blfzz.tnbvq 屏幕解锁启动服务
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.INTERNET 连接网络(2G或3G)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.KILL_BACKGROUND_PROCESSES 关闭后台进程
服务列表
VirSCANVirSCAN
名称
tom.tafasdfasfffdfffheji.iyxj.oryt
tom.tafasdfasfffdfffheji.iyxj.bwrci
tom.tafasdfasfffdfffheji.iyxj.elo
tom.tafasdfasfffdfffheji.iyxj.fsh
tom.tafasdfasfffdfffheji.iyxj.fmri
tom.tafasdfasfffdfffheji.iyxj.tacu
tom.tafasdfasfffdfffheji.blfzz.qhbaf
tom.tafasdfasfffdfffheji.blfzz.jwzjc
文件列表
VirSCANVirSCAN
文件名 校验码
META-INF/MANIFEST.MF 0x5679a97a
META-INF/BBB.SF 0xec925cba
META-INF/BBB.RSA 0x4d300bd4
assets/audio/back.mp3 0xf6cc350d
assets/audio/fapai.ogg 0x6ee0f85c
assets/audio/female_bomb.ogg 0x7ccb4754
assets/audio/female_call0.ogg 0xc24a7091
assets/audio/female_call1.ogg 0xf06b0432
assets/audio/female_call2.ogg 0x2c82c77a
assets/audio/female_call3.ogg 0x82ac959
assets/audio/female_list.ogg 0xf9e28b90
assets/audio/female_pass.ogg 0xbe34630c
assets/audio/female_rocket.ogg 0xb491f401
assets/audio/lose.ogg 0x7617a3a3
assets/audio/man_bomb.ogg 0x1c88e3c0
assets/audio/man_call0.ogg 0x624b985c
assets/audio/man_call1.ogg 0x19355bf7
assets/audio/man_call2.ogg 0x95f2b7ef
assets/audio/man_call3.ogg 0x83902a37
assets/audio/man_list.ogg 0x488bab4f
assets/audio/man_pass.ogg 0xd7fe1a61
assets/audio/man_rocket.ogg 0xca213890
assets/audio/win.ogg 0x799eabbb
assets/font/font.ttf 0x2a0bab79
assets/gfx/back.png 0xa3c7408e
assets/gfx/backbig.png 0xc287dfaa
assets/gfx/backmiddle.png 0xaa69691e
assets/gfx/bg0.jpg 0xaa253052
assets/gfx/bg1.jpg 0x3f7e429e
assets/gfx/bg2.jpg 0xadd9dd60
assets/gfx/bg3.jpg 0xddfec9c4
assets/gfx/boss.png 0xa34f75ac
assets/gfx/button0.png 0x58e9e6cb
assets/gfx/button1.png 0xe8a36719
assets/gfx/button2.png 0x8950ba7c
assets/gfx/button3.png 0x1d220efd
assets/gfx/button4.png 0x6c281a0d
assets/gfx/button5.png 0xd66018c6
assets/gfx/button6.png 0x4a99a5bf
assets/gfx/difen.png 0x6e54e36f
assets/gfx/effectoff.png 0x33999961
assets/gfx/effecton.png 0x498f2b19
assets/gfx/gameover.png 0x7d6bf109
assets/gfx/musicoff.png 0x5a0aa19f
assets/gfx/musicon.png 0x15bf9698
assets/gfx/num.png 0x7aac1951
assets/gfx/player0.png 0xe25fb971
assets/gfx/player1.png 0x3569a6d4
assets/gfx/player2.png 0x83d28e84
assets/gfx/playerlevel.png 0x8b070f09
assets/gfx/poke0.png 0xb1f79a5d
assets/gfx/poke1.png 0xa5b280a4
assets/gfx/poke10.png 0xda283ee8
assets/gfx/poke11.png 0xa6403e4f
assets/gfx/poke12.png 0xe2c0237e
assets/gfx/poke13.png 0xe414815e
assets/gfx/poke14.png 0xfb17d03c
assets/gfx/poke15.png 0xd2e46026
assets/gfx/poke16.png 0x24a2429e
assets/gfx/poke17.png 0x5ec0be11
assets/gfx/poke18.png 0x94611528
assets/gfx/poke19.png 0x5756fa37
assets/gfx/poke2.png 0x26938819
assets/gfx/poke20.png 0x2b10ad85
assets/gfx/poke21.png 0xb6b6c543
assets/gfx/poke22.png 0x4449f249
assets/gfx/poke23.png 0xeb7d29fa
assets/gfx/poke24.png 0x30597aa2
assets/gfx/poke25.png 0xe3574ded
assets/gfx/poke26.png 0x632b12c0
assets/gfx/poke27.png 0xb2c1d309
assets/gfx/poke28.png 0x23efebf4
assets/gfx/poke29.png 0x975279ce
assets/gfx/poke3.png 0xb968aade
assets/gfx/poke30.png 0x415f9ed1
assets/gfx/poke31.png 0x2f4d9abc
assets/gfx/poke32.png 0xa46c83fb
assets/gfx/poke33.png 0x29497dba
assets/gfx/poke34.png 0xb74e4c0c
assets/gfx/poke35.png 0xff428c8a
assets/gfx/poke36.png 0x8cca9d0e
assets/gfx/poke37.png 0xf6505a31
assets/gfx/poke38.png 0x96ccde63
assets/gfx/poke39.png 0x606def84
assets/gfx/poke4.png 0x526ba4b7
assets/gfx/poke40.png 0xf3c3c2ba
assets/gfx/poke41.png 0xc63368ba
assets/gfx/poke42.png 0x3afcd1fa
assets/gfx/poke43.png 0x3f16580
assets/gfx/poke44.png 0x4ced60f7
assets/gfx/poke45.png 0xe54655a8
assets/gfx/poke46.png 0x5daeb4bd
assets/gfx/poke47.png 0x2f137204
assets/gfx/poke48.png 0x88306cc5
assets/gfx/poke49.png 0xde568fa0
assets/gfx/poke5.png 0x4733b14e
assets/gfx/poke50.png 0x751de30e
assets/gfx/poke51.png 0x677ea166
assets/gfx/poke52.png 0xb53fe039
assets/gfx/poke53.png 0xfb431580
assets/gfx/poke6.png 0x404d43b9
assets/gfx/poke7.png 0x117065be
assets/gfx/poke8.png 0xc7c583a
assets/gfx/poke9.png 0x5f2dc24f
assets/gfx/pokeback.png 0xaa69691e
assets/gfx/reset.png 0xa3126ef4
assets/gyil 0xb89e85f7
assets/ief 0xbb68bbf0
assets/java_test.zip 0xf60f1bb7
lib/armeabi/libxmp.so 0x9e3c8f1
res/drawable-hdpi/icon.png 0xa94381fe
res/drawable-ldpi/icon.png 0xa94381fe
res/drawable-mdpi/icon.png 0xa94381fe
res/drawable-mdpi/loading.png 0x827b6420
res/drawable-mdpi/mainbg.jpg 0xce09163a
res/drawable-mdpi/more.png 0xcc53c310
res/drawable-mdpi/more_down.png 0x1760fcb1
res/drawable-mdpi/morebutton.xml 0x4c8580c2
res/drawable-mdpi/musicon_down.png 0x8293282b
res/drawable-mdpi/setbutton.xml 0x58f8949f
res/drawable-mdpi/start.png 0x4fbc7670
res/drawable-mdpi/start_down.png 0xaec135ba
res/drawable-mdpi/startbutton.xml 0xf84a36f4
res/drawable-mdpi/theme.png 0x545e04de
res/drawable-mdpi/theme_down.png 0xf9040aea
res/drawable-nodpi/base_button.xml 0xb27999e9
res/drawable-nodpi/button_bg.png 0x1c20da42
res/drawable-nodpi/button_color.xml 0x24082139
res/drawable-nodpi/button_color2.xml 0xc845a7d1
res/drawable-nodpi/buttoncrush.png 0xc9da5a60
res/drawable-nodpi/exit_bg.xml 0xc8fc1d8f
res/drawable-nodpi/fivestar.png 0x66e02db7
res/drawable-nodpi/fruitbreak.png 0xc8cdf6e9
res/drawable-nodpi/fruitcrush.png 0xa8f786af
res/drawable-nodpi/fruitmania.png 0x7de82437
res/drawable-nodpi/fruitmania2.png 0x7b5aaa5a
res/drawable-nodpi/item_bg.png 0xd94bcb99
res/drawable-nodpi/jewelmatch2.png 0x33112302
res/drawable-nodpi/jewelmatch3.png 0x1679eb2c
res/drawable-nodpi/jewelquest2.png 0xc5d43862
res/drawable-nodpi/jewelquest3.png 0x40431d09
res/drawable-nodpi/jewelquest4.png 0xf8e77e72
res/drawable-nodpi/jewelquest5.png 0x8619275
res/drawable-nodpi/jewelsquest.png 0xbffd0fd8
res/drawable-nodpi/traffic.png 0x63d1b5c3
res/layout/game.xml 0x36da38d7
res/layout/main.xml 0x189f1022
res/layout-nodpi/exit_dialog.xml 0x418a798a
res/layout-nodpi/list_item.xml 0x2343fec7
AndroidManifest.xml 0x541097aa
classes.dex 0x324d9e6e
resources.arsc 0xe0c70a6d
运行截图
VirSCANVirSCAN
VirSCAN