VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : 31.apk (File not down)
File Size :189706 byte
File Type :application/jar
MD5:d2044bad633fcfc84cc07be99c706091
SHA1:888aed683dc8f15a56332530cb9f0b113a17c0c0
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!        Behavior
    Time: 2015-10-17 14:19:37 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.3911 25.3911 2015-10-17 Android.Riskware.Agent.gXAXA 8
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 20
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    com.android.browser.permission.READ_HISTORY_BOOKMARKS读取浏览器书签
    com.android.browser.permission.WRITE_HISTORY_BOOKMARKS写浏览器书签
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.READ_LOGS读取系统日志
  • 文件信息
    安全评分 :
    基本信息
    MD5:d2044bad633fcfc84cc07be99c706091
    包名:wab.plane
    最低运行环境:Android 2.1.x
    版权:azrj
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    \WINDOWS\system32\zh-cn\ieframe.dll.mui
    AtlDebugAllocator_FileMappingNameStatic3_96c
    Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
    Local\UrlZonesSM_Administrator
    AtlDebugAllocator_FileMappingNameStatic3_930
    Local\!PrivacIE!SharedMem!Counter
    MSCTF.MarshalInterface.FileMap.IBE..NPBJH
    \WINDOWS\system32\zh-cn\mshtml.dll.mui
    MSCTF.MarshalInterface.FileMap.IBE.B.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.C.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.D.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.E.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.F.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.G.DFLHI
    行为描述:修改HOST文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\hosts---> Offset = 0
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    行为描述:按名称获取主机地址
    详情信息:mxbl.cn
    www.baidu.com
    进程行为
    行为描述:创建进程
    详情信息:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c ECHO y|cacls %windir%\System32\drivers\etc\hosts /g everyone:f & attrib /s /d -s -h %windir%\System32\drivers\etc\hosts & move hosts %windir%\System32\drivers\etc\ & ipconfig /flushdns
    ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /S /D /c" ECHO y"
    ImagePath = C:\WINDOWS\system32\cacls.exe, CmdLine = cacls C:\WINDOWS\System32\drivers\etc\hosts /g everyone:f
    ImagePath = C:\WINDOWS\system32\attrib.exe, CmdLine = attrib /s /d -s -h C:\WINDOWS\System32\drivers\etc\hosts
    ImagePath = C:\WINDOWS\system32\ipconfig.exe, CmdLine = ipconfig /flushdns
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:创建可执行文件
    详情信息:C:\WINDOWS\HYDati.dll
    C:\WINDOWS\mydll.dll
    C:\WINDOWS\ByPass.dll
    C:\WINDOWS\xunyou.dll
    C:\WINDOWS\haoi.dll
    C:\WINDOWS\dinput8.dll
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS
    FileName = C:\WINDOWS\system32
    FileName = C:\WINDOWS\system32\cmd.exe
    FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cacls.*
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cacls
    FileName = C:\Python27\cacls.*
    FileName = C:\Python27\cacls
    FileName = C:\Python27\Scripts\cacls.*
    FileName = C:\Python27\Scripts\cacls
    FileName = C:\WINDOWS\system32\cacls.*
    行为描述:修改HOST文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\hosts---> Offset = 0
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    \WINDOWS\system32\zh-cn\ieframe.dll.mui
    AtlDebugAllocator_FileMappingNameStatic3_96c
    Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
    Local\UrlZonesSM_Administrator
    AtlDebugAllocator_FileMappingNameStatic3_930
    Local\!PrivacIE!SharedMem!Counter
    MSCTF.MarshalInterface.FileMap.IBE..NPBJH
    \WINDOWS\system32\zh-cn\mshtml.dll.mui
    MSCTF.MarshalInterface.FileMap.IBE.B.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.C.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.D.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.E.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.F.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.G.DFLHI
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\hosts---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[2]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]---> Offset = 0
    网络行为
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = www.mxbl.cn, PORT = 80
    行为描述:下载文件
    详情信息:URLDownloadToFileW: http://www.mxbl.cn/version.ini ---> c://version.ini
    C:\version.ini
    行为描述:建立到一个指定的套接字连接
    详情信息:110.110.110.110:80
    127.0.0.1:1032
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: www.mxbl.cn:80/, hConnect = 0x00000450
    行为描述:按名称获取主机地址
    详情信息:mxbl.cn
    www.baidu.com
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig\DEBUG\Trace Level
    行为描述:删除注册表键值
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig\DEBUG\Trace Level
    行为描述:删除注册表键值_IE连接设置
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    其他行为
    行为描述:创建互斥体
    详情信息:oleacc-msaa-loaded
    SHIMLIB_LOG_MUTEX
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    RasPbFile
    client
    Local\c:!documents and settings!administrator!ietldcache!
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    行为描述:内联HOOK
    详情信息:C:\WINDOWS\system32\kernel32.dll--->WaitForSingleObjectEx Offset = 0x28c
    C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635201
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    NtUserFindWindowEx: [Class,Window] = [#32770,Windows 任务管理器]
    NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [SysListView32,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 872, Hwnd=0x602c8, Text = 是(&Y), ClassName = Button.
    Pid = 872, Hwnd=0x302da, Text = 否(&N), ClassName = Button.
    Pid = 872, Hwnd=0x202b0, Text = 本软件仅用于研究与测试,不得用于商业用途.请在试用后自行销毁. 软件版权属各自产权人所有.超出个人研究范围所引发的版权及责任等问题的争, ClassName = Static.
    Pid = 872, Hwnd=0x170142, Text = ★★★★★★★★★★★★★★★免责条款★★★★★★★★★★★★★★★, ClassName = #32770.
    Pid = 872, Hwnd=0x202cc, Text = 启动游戏, ClassName = Button.
    Pid = 872, Hwnd=0x202b4, Text = 检查更新, ClassName = Button.
    Pid = 872, Hwnd=0x202b2, Text = 设置游戏目录, ClassName = Button.
    Pid = 872, Hwnd=0x202d4, Text = 七彩冒险岛 经验:20000倍 爆率/金钱:2000倍 上线送极品32767装备 官方网站:www.qcmxd.com 群号:148421114, ClassName = Static.
    Pid = 872, Hwnd=0x302dc, Text = 急速代练全区全服接单1-120 8元起,1-150 1-210特价 淘宝ID:冒险老范。QQ594881067 群240040992, ClassName = Static.
    Pid = 872, Hwnd=0x202d6, Text = 多开模式, ClassName = Button(CheckBox).
    Pid = 872, Hwnd=0x202a6, Text = DEIF0UyHDMHxC6CBnrfSiGldqu, ClassName = #32770.
    Pid = 872, Hwnd=0x1032a, Text = 确定, ClassName = Button.
    Pid = 872, Hwnd=0x1032e, Text = 因为未设置游戏目录,所以无法运行!, ClassName = Static.
    Pid = 872, Hwnd=0x10328, Text = 996E, ClassName = #32770.
    Pid = 872, Hwnd=0x10346, Text = 确定, ClassName = Button.
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    行为描述:获取TickCount值
    详情信息:TickCount = 490703, SleepMilliseconds = 1000.
    TickCount = 490781, SleepMilliseconds = 1000.
    TickCount = 490812, SleepMilliseconds = 1000.
    TickCount = 490843, SleepMilliseconds = 1000.
    TickCount = 490890, SleepMilliseconds = 1000.
    TickCount = 491015, SleepMilliseconds = 1000.
    TickCount = 491031, SleepMilliseconds = 1000.
    TickCount = 491125, SleepMilliseconds = 1000.
    TickCount = 491140, SleepMilliseconds = 1000.
    TickCount = 491171, SleepMilliseconds = 1000.
    TickCount = 491234, SleepMilliseconds = 1000.
    TickCount = 491281, SleepMilliseconds = 1000.
    TickCount = 491296, SleepMilliseconds = 1000.
    TickCount = 491312, SleepMilliseconds = 1000.
    TickCount = 491343, SleepMilliseconds = 1000.
    行为描述:获取光标位置
    详情信息:CursorPos = (106,18467), SleepMilliseconds = 1000.
    CursorPos = (6399,26500), SleepMilliseconds = 1000.
    CursorPos = (19234,15724), SleepMilliseconds = 1000.
    CursorPos = (11543,29358), SleepMilliseconds = 60000.
    CursorPos = (27027,24464), SleepMilliseconds = 60000.
    CursorPos = (5770,28145), SleepMilliseconds = 60000.
    CursorPos = (23346,16827), SleepMilliseconds = 60000.
    CursorPos = (10026,491), SleepMilliseconds = 60000.
    CursorPos = (3060,11942), SleepMilliseconds = 60000.
    CursorPos = (4892,5436), SleepMilliseconds = 60000.
    CursorPos = (32456,14604), SleepMilliseconds = 60000.
    CursorPos = (3967,153), SleepMilliseconds = 60000.
    CursorPos = (357,12382), SleepMilliseconds = 60000.
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 1000.
    [2]: MilliSeconds = 1000.
    [3]: MilliSeconds = 1000.
    [4]: MilliSeconds = 1000.
    [5]: MilliSeconds = 1000.
    [6]: MilliSeconds = 1000.
    [7]: MilliSeconds = 60000.
    [8]: MilliSeconds = 1000.
    [9]: MilliSeconds = 1000.
    [10]: MilliSeconds = 1000.
    动态列表行为
    行为描述:调用哈希算法
    详情信息:MD5
    行为描述:读取文件
    详情信息:path:/proc/cpuinfo length:69
    行为描述:解析通用资源标识符
    详情信息:content://browser/bookmarks
    content://browser/searches
    行为描述:模拟器驱动文件初始化
    详情信息:/proc/cpuinfo
    行为描述:读取系统设置
    详情信息:[u'android.app.ContextImpl$ApplicationContentResolver@414bdb00', u'font_scale']
    [u'android.app.ContextImpl$ApplicationContentResolver@414bdb00', u'font_scale']
    行为描述:窗口信息
    详情信息:{"text": "定时开关机", "class": "android.widget.TextView"}
    {"text": "定时飞行模式", "class": "android.widget.TextView"}
    {"text": "开启或关闭定时飞行模式功能", "class": "android.widget.TextView"}
    {"text": "开启时间", "class": "android.widget.TextView"}
    {"text": "00:00", "class": "android.widget.TextView"}
    {"text": "关闭时间", "class": "android.widget.TextView"}
    {"text": "7:00", "class": "android.widget.TextView"}
    {"text": "分享软件", "class": "android.widget.TextView"}
    {"text": "更多精品软件", "class": "android.widget.TextView"}
    {"text": "关于", "class": "android.widget.TextView"}
    行为描述:缓冲区读取一行数据
    详情信息:Processor : ARMv7 Processor rev 0 (v7l)
    行为描述:添加View
    详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@41538fd0', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#8010100 pfl=0x8 wanim=0x1030001}', u'android.view.CompatibilityInfoHolder@414af6f0']
    行为描述:查询App共享数据
    详情信息:[u'content://browser/bookmarks', u'[url]', u'url=?', u'[http://apkrj.com/apk/link/linkin_stat/56]', u'null']
    [u'content://browser/bookmarks', u'[url]', u'url=?', u'[http://apkyx.com/apk/link/linkin_stat/29]', u'null']
    [u'content://browser/bookmarks', u'[url]', u'url=?', u'[http://tgwap.com/wap/goods/activity_info/45?lnkId=70]', u'null']
    行为描述:初始化Intent
    详情信息:[u'android.os.Parcel@414ad060']
    [u'android.os.Parcel@414ad020']
    [u'android.app.ReceiverRestrictedContext@415157c8', u'class wab.plane.AlarmReceiver']
    行为描述:获取网络状态信息[*]
    详情信息:NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true
    行为描述:获取设备ID
    详情信息:357143040944263
    357143040944263
    357143040944263
    357143040944263
    行为描述:写入文件
    详情信息:path:/data/data/wab.plane/shared_prefs/applist_wab.plane.xml length:261
    path:/data/data/wab.plane/shared_prefs/AdConfig.xml length:124
    path:/data/data/wab.plane/shared_prefs/mobclick_agent_state_wab.plane.xml length:261
    path:/data/data/wab.plane/shared_prefs/mobclick_agent_header_wab.plane.xml length:261
    path:/data/data/wab.plane/files/mobclick_agent_cached_wab.plane length:69
    path:/data/data/wab.plane/shared_prefs/AdConfig.xml length:155
    path:/data/data/wab.plane/shared_prefs/AdConfig.xml length:194
    Activities
    活动名类型
    .PlaneClockActivityandroid.intent.action.MAIN
    .PlaneClockActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    android/app/NotificationManager;->notify信息通知栏
    HttpClient;->execute请求远程服务器
    ContentResolver;->query读取联系人、短信等数据库
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    LocationManager;->getLastKnownLocation获取地址位置
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    启动方式
    名称信息
    android.ad.InstallReceiver应用安装时启动服务
    android.ad.InstallReceiver网络连接改变时启动服务
    wab.plane.BootReceiver开机启动服务
    权限列表
    许可名称信息
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    com.android.browser.permission.READ_HISTORY_BOOKMARKS读取浏览器书签
    com.android.browser.permission.WRITE_HISTORY_BOOKMARKS写浏览器书签
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.READ_LOGS读取系统日志
    服务列表
    名称
    android.ad.PService
    文件列表
    文件名 校验码
    res/layout/android_ad_notify.xml 0x5dea7a89
    res/layout/android_ad_push_layout.xml 0xcbde7ccc
    res/layout/android_ad_recommend_item.xml 0xfded9f7
    res/layout/android_ad_report_layout.xml 0x53995543
    res/layout/layout_share_items_menu.xml 0x4be9b83c
    res/layout/main.xml 0xba689b7b
    res/layout/start.xml 0xaa751e50
    res/xml/preference.xml 0x8fc4efb8
    AndroidManifest.xml 0xab26c42d
    resources.arsc 0x4acd34cc
    res/drawable-hdpi/android_ad_back.xml 0x6734c0a9
    res/drawable-hdpi/android_ad_back_f.png 0xc33be9c2
    res/drawable-hdpi/android_ad_back_n.png 0x5a4d29f8
    res/drawable-hdpi/android_ad_bg.png 0x3626ca5a
    res/drawable-hdpi/android_ad_blue_bt_selector.xml 0xbdd8df65
    res/drawable-hdpi/android_ad_bt.xml 0x58ab381c
    res/drawable-hdpi/android_ad_bt_f.png 0x49f03709
    res/drawable-hdpi/android_ad_bt_n.png 0x8cf0c9f9
    res/drawable-hdpi/android_ad_divider.png 0x3860c21c
    res/drawable-hdpi/android_ad_downloading.png 0xdd3905df
    res/drawable-hdpi/android_ad_feedback.xml 0xbdd8df65
    res/drawable-hdpi/android_ad_feedback_f.png 0x293919c5
    res/drawable-hdpi/android_ad_feedback_n.png 0x9fae2391
    res/drawable-hdpi/android_ad_free.png 0x85b20b3a
    res/drawable-hdpi/android_ad_hide.png 0xc124568c
    res/drawable-hdpi/android_ad_loading.png 0x905b2cc5
    res/drawable-hdpi/android_ad_push0 0x654e82a6
    res/drawable-hdpi/android_ad_push1 0x6d7cf5a0
    res/drawable-hdpi/android_ad_push2 0xd363b743
    res/drawable-hdpi/android_ad_push3 0xa79d7ee8
    res/drawable-hdpi/android_ad_scroll_bg.9.png 0xbfefa5b7
    res/drawable-hdpi/android_ad_titlebar_bg.png 0xc6f019c0
    res/drawable-hdpi/android_ad_update.xml 0xed4ef80a
    res/drawable-hdpi/android_ad_update_f.png 0xcea02265
    res/drawable-hdpi/android_ad_update_n.png 0x1c618535
    res/drawable-hdpi/ha.jpg 0x10502335
    res/drawable-hdpi/ic_launcher.png 0x3c13576b
    res/drawable-hdpi/logo.png 0x488f4b31
    res/drawable-hdpi/selector_bg_layout_send.xml 0xde9b0857
    res/drawable-hdpi/shape_file.xml 0xe1a6d37b
    res/drawable-ldpi/ic_launcher.png 0x8ef78580
    res/drawable-ldpi/logo.png 0x488f4b31
    res/drawable-mdpi/ic_launcher.png 0x99a4f90b
    res/drawable-mdpi/logo.png 0x488f4b31
    classes.dex 0xbf2bdeb1
    META-INF/MANIFEST.MF 0xbb97aa96
    META-INF/CERT.SF 0xc6895af9
    META-INF/CERT.RSA 0x2adb3fe9
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号