VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load



File information
File Name : woniu.apk (File not down)
File Size :6776304 byte
File Type :application/zip
MD5:fef2e1bf9bf57599f8bb6e9fa486a74f
SHA1:06ffe56df65b8a49e186af2afb017b9b0cc42d10
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!        Behavior
    Time: 2017-09-20 17:17:59 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 6
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 4
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14460 10.0.1405 2017-09-14 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
    baidusd 1.0 1.0 2017-03-22 Found nothing 1
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23849 0.97.5 2017-09-18 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-09-11 Found nothing 60
    fortinet 1.000, 51.764, 51.597, 51.621 5.4.247 2017-09-20 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.14248 25.14248 2017-09-20 Found nothing 18
    ikarus 3.02.09 V1.32.31.0 2017-09-19 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-09-19 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-09-19 Found nothing 15
    mcafee 8620 5400.1158 2017-08-12 Found nothing 60
    nod32 6100 3.0.21 2017-09-18 Found nothing 60
    panda 9.05.01 9.05.01 2017-09-19 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Android mobile malware 6
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-09-19 Found nothing 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 4
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 8
    thehacker 6.8.0.5 6.8.0.5 2017-09-16 Found nothing 2
    tws 17.47.17308 1.0.2.2108 2017-09-19 Found nothing 5
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-09-19 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
    Copy to clipboard
  • 权限列表
    许可名称信息
    android.permission.READ_LOGS读取系统日志
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.SET_WALLPAPER设置桌面壁纸
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.CALL_PHONE拨打电话
    android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.DISABLE_KEYGUARD禁用键盘锁
    android.permission.READ_PHONE_STATE读取电话状态
    android.hardware.camera
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.MODIFY_PHONE_STATE修改电话状态
    android.permission.CAMERA访问照相机设备
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.VIBRATE允许设备震动
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.READ_CALL_LOG读取通话记录
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.FLASHLIGHT访问闪光灯
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    android.permission.READ_SETTINGS
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
  • 文件信息
    安全评分 :
    基本信息
    MD5:fef2e1bf9bf57599f8bb6e9fa486a74f
    包名:com.top.wawakj
    最低运行环境:Android 2.2.x
    版权:E4A
    关键行为
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017092020170921
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xbceee03d, EDX = 0x000000c8
    EAX = 0xcfd3dad9, EDX = 0x000000c8
    EAX = 0xd25baa62, EDX = 0x000000c8
    EAX = 0xe56bd4f1, EDX = 0x000000c8
    行为描述:在桌面创建文件
    详情信息:C:\Documents and Settings\All Users\桌面\CCleaner.lnk
    行为描述:获取TickCount值
    详情信息:TickCount = 233787, SleepMilliseconds = 100.
    TickCount = 233834, SleepMilliseconds = 100.
    TickCount = 233865, SleepMilliseconds = 100.
    TickCount = 233881, SleepMilliseconds = 100.
    TickCount = 233896, SleepMilliseconds = 100.
    TickCount = 233912, SleepMilliseconds = 100.
    TickCount = 233943, SleepMilliseconds = 100.
    TickCount = 233975, SleepMilliseconds = 100.
    TickCount = 234021, SleepMilliseconds = 100.
    TickCount = 234037, SleepMilliseconds = 100.
    TickCount = 234053, SleepMilliseconds = 100.
    TickCount = 234084, SleepMilliseconds = 100.
    TickCount = 234100, SleepMilliseconds = 100.
    TickCount = 234115, SleepMilliseconds = 100.
    TickCount = 234131, SleepMilliseconds = 100.
    进程行为
    行为描述:隐藏窗口创建进程
    详情信息:ImagePath = , CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\ns6.tmp" ping -n 1 -w 5000 www.piriform.com
    行为描述:创建进程
    详情信息:[0x00000ff8]ImagePath = C:\WINDOWS\system32\ping.exe, CmdLine = ping -n 1 -w 5000 www.piriform.com
    行为描述:创建新文件进程
    详情信息:[0x00000ff0]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\ns6.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\ns6.tmp" ping -n 1 -w 5000 www.piriform.com
    [0x00000b04]ImagePath = C:\Program Files\CCleaner\CCleaner.exe, CmdLine = "C:\Program Files\CCleaner\CCleaner.exe"
    行为描述:枚举进程
    详情信息:N/A
    行为描述:创建本地线程
    详情信息:TargetProcess: ccsetup507pro.exe, InheritedFromPID = 2000, ProcessID = 3740, ThreadID = 4004, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: ccsetup507pro.exe, InheritedFromPID = 2000, ProcessID = 3740, ThreadID = 4036, StartAddress = 6359727B, Parameter = 002841A0
    TargetProcess: ccsetup507pro.exe, InheritedFromPID = 2000, ProcessID = 3740, ThreadID = 4040, StartAddress = 6359727B, Parameter = 010900C0
    TargetProcess: ccsetup507pro.exe, InheritedFromPID = 2000, ProcessID = 3740, ThreadID = 4044, StartAddress = 004051A7, Parameter = 00040380
    TargetProcess: ccsetup507pro.exe, InheritedFromPID = 2000, ProcessID = 3740, ThreadID = 112, StartAddress = 01291D79, Parameter = 000C038A
    TargetProcess: ccsetup507pro.exe, InheritedFromPID = 2000, ProcessID = 3740, ThreadID = 1944, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: ccsetup507pro.exe, InheritedFromPID = 2000, ProcessID = 3740, ThreadID = 1928, StartAddress = 7C930230, Parameter = 00000000
    TargetProcess: CCleaner.exe, InheritedFromPID = 3740, ProcessID = 2820, ThreadID = 3072, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: CCleaner.exe, InheritedFromPID = 3740, ProcessID = 2820, ThreadID = 2888, StartAddress = 4AEA7456, Parameter = 00000000
    TargetProcess: CCleaner.exe, InheritedFromPID = 3740, ProcessID = 2820, ThreadID = 2728, StartAddress = 0050A75A, Parameter = 01A02FC8
    TargetProcess: CCleaner.exe, InheritedFromPID = 3740, ProcessID = 2820, ThreadID = 3044, StartAddress = 765E964D, Parameter = 001AAF18
    TargetProcess: CCleaner.exe, InheritedFromPID = 3740, ProcessID = 2820, ThreadID = 3048, StartAddress = 7C949B6F, Parameter = 00000000
    TargetProcess: CCleaner.exe, InheritedFromPID = 3740, ProcessID = 2820, ThreadID = 3060, StartAddress = 759D8761, Parameter = 00000000
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\System.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\UserInfo.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcombo\ComboOffer.html
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcombo\combo-offer.png
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\pfWWW.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\modern-header.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\modern-wizard.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ButtonEvent.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsDialogs.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcombo\ChromeLogo.bmp
    行为描述:在系统敏感位置(如开始菜单等)释放链接或快捷方式
    详情信息:C:\Documents and Settings\All Users\「开始」菜单\程序\CCleaner\CCleaner.lnk
    C:\Documents and Settings\All Users\「开始」菜单\程序\CCleaner\CCleaner Homepage.url
    行为描述:创建可执行文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\System.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\UserInfo.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\pfWWW.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ButtonEvent.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsDialogs.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsProcess.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsExec.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ns6.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\inetc.dll
    C:\Program Files\CCleaner\CheckUpdate.log
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\CCleaner\branding.dll
    C:\Program Files\CCleaner\Lang\lang-1031.dll
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\modern-wizard.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ns6.tmp
    行为描述:查找文件
    详情信息:FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner Professional Plus v.5.07.5261 Multilenguaje + KeyGen_DnGnMsTr
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\CCleaner Professional Plus v.5.07.5261 Multilenguaje + KeyGen_DnGnMsTr\Instalador
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\g
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1
    FileName = C:\Documents and Settings\ADMINI~1
    行为描述:复制文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\nsExec.dll ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\ns6.tmp
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk3.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\index.dat
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\installcheck[1].aspx
    C:\Program Files\CCleaner\CheckUpdate.log
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ButtonEvent.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcombo\ChromeLogo.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcombo\combo-offer.png
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcombo\ComboOffer.html
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcombo\ComboText.bmp
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\pfWWW.dll
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\inetc.dll
    行为描述:在桌面创建文件
    详情信息:C:\Documents and Settings\All Users\桌面\CCleaner.lnk
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017092020170921
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp ---> Offset = 98304
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsf4.tmp ---> Offset = 131072
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\System.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\UserInfo.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll ---> Offset = 16384
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll ---> Offset = 32768
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll ---> Offset = 49152
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll ---> Offset = 65536
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll ---> Offset = 16384
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll ---> Offset = 32768
    网络行为
    行为描述:下载文件
    详情信息:C:\Program Files\CCleaner\CheckUpdate.log
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = se****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:InternetOpenA: UserAgent: NSIS, hSession = 0x00cc0004
    行为描述:建立到一个指定的套接字连接
    详情信息:URL: se****om, IP: **.133.40.**:80, SOCKET = 0x00000414
    行为描述:读取网络文件
    详情信息:hFile = 0x00cc000c, BytesToRead =8192, BytesRead = 8192.
    行为描述:发送HTTP包
    详情信息:GET /installcheck.aspx?p=1&v=5.07.5261&vx=&l=1033&b=1&o=5.1W3&g=7&i=1&a=3 HTTP/1.1 User-Agent: NSIS Host: se****om Connection: Keep-Alive Cache-Control: no-cache
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: se****om:80/installcheck.aspx?p=1&v=5.07.5261&vx=&l=1033&b=1&o=5.1w3&g=7&i=1&a=3, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80400000
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: ww****om
    GetAddrInfoW: se****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Google\Google Toolbar\test
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017092020170921\CachePath
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017092020170921\CachePrefix
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017092020170921\CacheLimit
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017092020170921\CacheOptions
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017092020170921\CacheRepair
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command\
    \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command\
    \REGISTRY\MACHINE\SOFTWARE\Piriform\CCleaner\UpdateCheck
    \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\
    \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\
    \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\
    \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command\
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe\
    行为描述:删除注册表键值
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Google\Google Toolbar\test
    \REGISTRY\MACHINE\SOFTWARE\Google\No Toolbar Offer Until\Piriform Ltd
    \REGISTRY\MACHINE\SOFTWARE\Google\No Chrome Offer Until\Piriform Ltd
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner\InstallDate
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\CCleaner\DEBUG\Trace Level
    行为描述:修改注册表_延迟重命名项
    详情信息:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
    行为描述:修改注册表_URL协议关联
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\URL Protocol
    行为描述:删除注册表键
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Google\Google Toolbar\
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091220160913\
    其他行为
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    MSCTF.Shared.MUTEX.IOH
    MSCTF.Shared.MUTEX.AKO
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    Local\!PrivacIE!SharedMemory!Mutex
    _!SHMSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012017092020170921!
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Button]
    [Window,Class] = [www.piriform.com,Static]
    [Window,Class] = [www.piriform.com ,Static]
    [Window,Class] = [,Static]
    [Window,Class] = [,ComboLBox]
    [Window,Class] = [Cancel,Button]
    [Window,Class] = [Advanced,Button]
    [Window,Class] = [Install Options,Static]
    [Window,Class] = [,pfBrowser]
    [Window,Class] = [,Shell Embedding]
    [Window,Class] = [,Internet Explorer_Server]
    [Window,Class] = [Show &details,Button]
    [Window,Class] = [,SysListView32]
    [Window,Class] = [,msctls_progress32]
    [Window,Class] = [Downloading installation files...,Static]
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0xbceee03d, EDX = 0x000000c8
    EAX = 0xcfd3dad9, EDX = 0x000000c8
    EAX = 0xd25baa62, EDX = 0x000000c8
    EAX = 0xe56bd4f1, EDX = 0x000000c8
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    NtUserFindWindowEx: [Class,Window] = [PiriformRegistration,]
    NtUserFindWindowEx: [Class,Window] = [#32770,Piriform CCleaner]
    NtUserFindWindowEx: [Class,Window] = [ThunderRT6FormDC,CCleaner]
    NtUserFindWindowEx: [Class,Window] = [PiriformCCleaner,]
    NtUserFindWindowEx: [Class,Window] = [SysListView32,]
    行为描述:窗口信息
    详情信息:Pid = 3740, Hwnd=0x20344, Text = &Next >, ClassName = Button.
    Pid = 3740, Hwnd=0x2034c, Text = Cancel, ClassName = Button.
    Pid = 3740, Hwnd=0x1035a, Text = www.piriform.com , ClassName = Static.
    Pid = 3740, Hwnd=0x1035c, Text = www.piriform.com, ClassName = Static.
    Pid = 3740, Hwnd=0x1036e, Text = Advanced, ClassName = Button.
    Pid = 3740, Hwnd=0x1037c, Text = View license agreement, ClassName = Button.
    Pid = 3740, Hwnd=0x1037e, Text = View privacy policy, ClassName = Button.
    Pid = 3740, Hwnd=0x10382, Text = English, ClassName = ComboBox.
    Pid = 3740, Hwnd=0x10380, Text = Select your language:, ClassName = Static.
    Pid = 3740, Hwnd=0x10376, Text = Welcome to the CCleaner Professional Setup, ClassName = Static.
    Pid = 3740, Hwnd=0x10378, Text = Setup will guide you through the installation of CCleaner Professional. Click Next to continue., ClassName = Static.
    Pid = 3740, Hwnd=0x1037a, Text = By installing this product you agree to our license agreement and privacy policy., ClassName = Static.
    Pid = 3740, Hwnd=0x2034a, Text = CCleaner Professional Setup, ClassName = #32770.
    Pid = 3740, Hwnd=0x20346, Text = < &Back, ClassName = Button.
    Pid = 3740, Hwnd=0x10360, Text = Install Options, ClassName = Static.
    行为描述:获取TickCount值
    详情信息:TickCount = 233787, SleepMilliseconds = 100.
    TickCount = 233834, SleepMilliseconds = 100.
    TickCount = 233865, SleepMilliseconds = 100.
    TickCount = 233881, SleepMilliseconds = 100.
    TickCount = 233896, SleepMilliseconds = 100.
    TickCount = 233912, SleepMilliseconds = 100.
    TickCount = 233943, SleepMilliseconds = 100.
    TickCount = 233975, SleepMilliseconds = 100.
    TickCount = 234021, SleepMilliseconds = 100.
    TickCount = 234037, SleepMilliseconds = 100.
    TickCount = 234053, SleepMilliseconds = 100.
    TickCount = 234084, SleepMilliseconds = 100.
    TickCount = 234100, SleepMilliseconds = 100.
    TickCount = 234115, SleepMilliseconds = 100.
    TickCount = 234131, SleepMilliseconds = 100.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_RESTORE_PRIVILEGE
    行为描述:打开事件
    详情信息:HookSwitchHookEnabledEvent
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceiveConection.Event.IOH.IC
    MSCTF.SendReceive.Event.IOH.IC
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
    Global\SvcctrlStartEvent_A3752DX
    \INSTALLATION_SECURITY_HOLD
    Global\crypt32LogoffEvent
    Global\userenv: Machine Group Policy has been applied
    userenv: User Group Policy has been applied
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000014
    行为描述:导入密钥
    详情信息:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x001934B0, DataLen: 276, Flags: 0x00000000
    [CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x001EB1F8, DataLen: 148, Flags: 0x00000000
    行为描述:可执行文件签名信息
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\System.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\UserInfo.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll(签名验证: 通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\pfWWW.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ButtonEvent.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsDialogs.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsProcess.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsExec.dll(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ns6.tmp(签名验证: 未通过)
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\inetc.dll(签名验证: 未通过)
    C:\Program Files\CCleaner\CheckUpdate.log(签名验证: 未通过)
    C:\Program Files\CCleaner\CCleaner.exe(签名验证: 通过)
    C:\Program Files\CCleaner\branding.dll(签名验证: 通过)
    C:\Program Files\CCleaner\Lang\lang-1031.dll(签名验证: 未通过)
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 100.
    [2]: MilliSeconds = 100.
    [3]: MilliSeconds = 100.
    [4]: MilliSeconds = 100.
    [5]: MilliSeconds = 100.
    [1]: MilliSeconds = 50.
    [2]: MilliSeconds = 50.
    行为描述:创建事件对象
    详情信息:EventName = Global\userenv: User Profile setup event
    EventName = DINPUTWINMM
    EventName = MSCTF.SendReceive.Event.AKO.IC
    EventName = MSCTF.SendReceiveConection.Event.AKO.IC
    EventName = Global\crypt32LogoffEvent
    行为描述:可执行文件MD5
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\System.dll ---> bf712f32249029466fa86756f5546950
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\UserInfo.dll ---> c7ce0e47c83525983fd2c4c9566b4aad
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gtapi_signed.dll ---> 61bc40d1fad9e0faa9a07219b90ba0e4
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\gcapi_dll.dll ---> d496480a00abde0655c0fdce9530b43e
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\g\pfWWW.dll ---> 1bf8a77ace38e746320dc8d67b2e7236
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ButtonEvent.dll ---> c24568a3b0d7c8d7761e684eb77252b5
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsDialogs.dll ---> 4ccc4a742d4423f2f0ed744fd9c81f63
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsProcess.dll ---> f0438a894f3a7e01a4aae8d1b5dd0289
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\nsExec.dll ---> 132e6153717a7f9710dcea4536f364cd
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\ns6.tmp ---> 132e6153717a7f9710dcea4536f364cd
    C:\Documents and Settings\Administrator\Local Settings\Temp\nsk5.tmp\inetc.dll ---> 7760daf1b6a7f13f06b25b5a09137ca1
    C:\Program Files\CCleaner\CheckUpdate.log ---> fe1d0ee5901dd167ee9b28eece31786c
    C:\Program Files\CCleaner\CCleaner.exe ---> 文件过大!
    C:\Program Files\CCleaner\branding.dll ---> 18dfb2b493bf96def88da65c92e68e98
    C:\Program Files\CCleaner\Lang\lang-1031.dll ---> 1af01b5c1a75b3ca76b2786d3a335ef5
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    Local\WininetStartupMutex
    Local\_!MSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
    Local\c:!documents and settings!administrator!cookies!
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    Local\!IETld!Mutex
    CtfmonInstMutexDefaultS-*
    _!SHMSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012017092020170921!
    RasPbFile
    行为描述:加载新释放的文件
    详情信息:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\System.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\UserInfo.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\g\gtapi_signed.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\g\gcapi_dll.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\ButtonEvent.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\nsDialogs.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\g\pfWWW.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\nsProcess.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\nsExec.dll.
    Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsk5.tmp\inetc.dll.
    Image: C:\Program Files\CCleaner\branding.dll.
    Activities
    活动名类型
    com.e4a.runtime.android.StartActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.StartActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.android.StartActivityandroid.intent.category.LAUNCHER
    com.e4a.runtime.android.mainActivityandroid.intent.action.MAIN
    com.e4a.runtime.android.mainActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.components.impl.android.n86.VideoViewPlayingActivityandroid.intent.action.VIEW
    com.e4a.runtime.components.impl.android.n86.VideoViewPlayingActivityandroid.intent.category.DEFAULT
    com.e4a.runtime.components.impl.android.n86.VideoViewPlayingActivityandroid.intent.category.BROWSABLE
    com.tencent.smtt.sdk.VideoActivitycom.tencent.smtt.tbs.video.PLAY
    com.tencent.smtt.sdk.VideoActivityandroid.intent.category.DEFAULT
    危险函数
    函数名称信息
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    权限列表
    许可名称信息
    android.permission.READ_LOGS读取系统日志
    com.android.launcher.permission.INSTALL_SHORTCUT创建快捷方式
    android.permission.SET_WALLPAPER设置桌面壁纸
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.PROCESS_OUTGOING_CALLS监视、修改有关拨出电话
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
    android.permission.CALL_PHONE拨打电话
    android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.DISABLE_KEYGUARD禁用键盘锁
    android.permission.READ_PHONE_STATE读取电话状态
    android.hardware.camera
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.MODIFY_PHONE_STATE修改电话状态
    android.permission.CAMERA访问照相机设备
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.WRITE_SETTINGS读写系统设置项
    android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
    android.permission.VIBRATE允许设备震动
    com.android.launcher.permission.READ_SETTINGS读取快捷方式信息
    android.permission.READ_CALL_LOG读取通话记录
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.FLASHLIGHT访问闪光灯
    android.permission.CHANGE_CONFIGURATION修改当前设置(如:本地化)
    android.permission.READ_SETTINGS
    android.permission.READ_EXTERNAL_STORAGE读外部存储器(如:SD卡)
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xc68b8a58
    META-INF/9823381.SF 0xe3dc5e60
    META-INF/9823381.RSA 0xb2f7cd8b
    assets/201601181810763528.jpg 0xa90b9d4d
    assets/WEB_HTML.txt 0x6eb82b0
    assets/ac5_71x72x256.png 0xd19b45b1
    assets/acg_71x72x256.png 0xde70ad78
    assets/acm_71x72x256.png 0x4ec8463c
    assets/acq_71x72x256.png 0x62f6ac26
    assets/aqy.png 0x62e94395
    assets/beijing.png 0x85c1b5c2
    assets/beijing2.png 0xbbb40db2
    assets/beijingse_5.png 0xa74b2a46
    assets/bolang.jpg 0x2fa4c246
    assets/btn_homdiscover.png 0xb24e7b0e
    assets/btn_homediscover01.png 0x51d9d436
    assets/btn_homefollow.png 0x804ecf62
    assets/btn_homefollow01.png 0xc03454d9
    assets/btn_homemessage.png 0x6d1868dd
    assets/btn_homemessage01.png 0xd589afa
    assets/btn_homeprofile.png 0x10aebad1
    assets/btn_homeprofile01.png 0x93545367
    assets/btn_hometakephoto.png 0xa41f4102
    assets/btn_hometakephoto01.png 0x8f526d3d
    assets/dianshizhibo.jpg 0xd54e3975
    assets/icon_001_1.png 0x930abd2
    assets/icon_001_2.png 0x31cb32a
    assets/icon_002_1.png 0x10a7a60b
    assets/icon_002_2.png 0x782397d7
    assets/icon_003_1.png 0x91a1b7f7
    assets/icon_003_2.png 0x73c2b6bc
    assets/icon_help_1.png 0xee52c175
    assets/icon_help_2.png 0xb09dfb9f
    assets/icon_kandan.png 0x7c370b32
    assets/icon_kandan2.png 0x7ebc7652
    assets/icon_list_folder.png 0x3c16f1e3
    assets/icon_list_folder2.png 0x2cf67023
    assets/icon_list_folder3.png 0x8f63dec
    assets/icon_setting_1.png 0xd0ecb075
    assets/icon_setting_2.png 0x700d5ce
    assets/icon_share_black_bold.png 0xca044fcf
    assets/icon_share_black_bold2.png 0xa553cc77
    assets/icon_videoinfo_download_n.png 0xf8af9870
    assets/icon_videoinfo_download_n2.png 0x3d676c25
    assets/icon_vip.png 0x24289ec3
    assets/icon_zuojiantou.png 0x511ae77e
    assets/icon_zuojiantou10.png 0xab21f8dc
    assets/le.png 0xb71401b5
    assets/list_iqiyi.png 0xab87e1ef
    assets/list_letv.png 0x127c1ee7
    assets/list_lianjie.png 0xa9154fd
    assets/list_mgtv.png 0xdd4aa7eb
    assets/list_qq.png 0xdfa570da
    assets/list_sohu.png 0x6c4a925b
    assets/list_youku.png 0x1f92dab1
    assets/mg.png 0xf81090cf
    assets/player_beijing.png 0xe01071ff
    assets/player_icon_back.png 0xe0886da3
    assets/player_icon_fangda.png 0xb9852f63
    assets/player_icon_fullscreen.png 0xdc2ef56b
    assets/player_icon_pause.png 0xe9ed88e5
    assets/player_icon_play.png 0x6098f785
    assets/player_icon_tv.png 0xdd9c2a21
    assets/player_icon_unlock.png 0xd8b8d821
    assets/player_icon_unlock2.png 0x80d60c77
    assets/sh.png 0x744d711d
    assets/test.htm 0x8574f7f1
    assets/top_alipay.png 0x5379f6c0
    assets/top_qqpay.png 0xc7727bda
    assets/top_tupian100001.jpg 0x1652a707
    assets/top_tupian100002.jpg 0x57b6b89c
    assets/top_weixin.png 0x9532e796
    assets/top_xuanzhong.png 0x3c5992b5
    assets/tubiao30.png 0x2efd768b
    assets/tubiao31.png 0x3c16f1e3
    assets/tubiao_fanhui2.png 0x6eec19fa
    assets/tubiao_guanbi.png 0x19afa1f9
    assets/tubiao_guanbi10.png 0xf62d36f4
    assets/tubiao_jiexi.png 0xdc511b66
    assets/tubiao_jx01.png 0xbf082b8
    assets/tubiao_jx01_1.png 0x1de3f01e
    assets/tubiao_jx02.png 0x5b8d76e4
    assets/tubiao_jx02_2.png 0x60b89c29
    assets/tubiao_jx03.png 0x52c05fee
    assets/tubiao_jx03_3.png 0xa13f4dcc
    assets/tubiao_jx04.png 0x1ef2b43b
    assets/tubiao_jx04_4.png 0xfde7bb09
    assets/tubiao_jx05.png 0xb81815c9
    assets/tubiao_jx05_5.png 0xba79754f
    assets/tubiao_jx06.png 0xd011cba4
    assets/tubiao_jx06_6.png 0xfb8bf24d
    assets/tubiao_kaiguan.png 0x364c0381
    assets/tubiao_kaiguan2.png 0x66c69265
    assets/tubiao_kaiguan3.png 0xb21c5d6f
    assets/tubiao_kaiguan4.png 0x35cd7d07
    assets/tubiao_list_chunse.png 0x4c6e9009
    assets/tubiao_so.png 0x79b3659a
    assets/tubiao_so2.png 0x89e46172
    assets/tubiao_sqyinzhang.png 0x4ceddbfd
    assets/tubiao_sqyinzhang2.png 0x1657697a
    assets/tupian10000.png 0x10d48460
    assets/tupian80005.jpg 0x7f5052bc
    assets/tupian_beijingse.png 0xe1bbf55
    assets/tx.png 0x9148c50
    assets/yk.png 0xe98274cc
    classes.dex 0xd3351973
    lib/armeabi-v7a/libcyberplayer-core.so 0x78585e97
    lib/armeabi-v7a/libcyberplayer.so 0xe63e3a77
    lib/armeabi-v7a/libshella-2.10.5.8.so 0x8126232
    lib/armeabi/liblbs.so 0xbe8edb00
    lib/armeabi/libshella-2.10.5.8.so 0x8126232
    lib/armeabi/libshellx-2.10.5.8.so 0x35e7ebbd
    lib/armeabi/mix.dex 0xa3517ce0
    lib/armeabi/mixz.dex 0xa67045c7
    res/anim/fade_in_center.xml 0x1a1c525
    res/anim/fade_out_center.xml 0x35fa271a
    res/anim/slide_in_bottom.xml 0x698d7fa5
    res/anim/slide_out_bottom.xml 0xf3b1b994
    res/drawable-hdpi/cyberplayer_listbtn_normal.png 0xa2be03dc
    res/drawable-hdpi/cyberplayer_listbtn_pressed.png 0x21de95cb
    res/drawable-hdpi/cyberplayer_next_play.png 0x4dbc08ae
    res/drawable-hdpi/cyberplayer_next_play_disable.png 0xd9509e6a
    res/drawable-hdpi/cyberplayer_next_play_pressed.png 0xecd2fb3a
    res/drawable-hdpi/cyberplayer_play_media.png 0x7825fccf
    res/drawable-hdpi/cyberplayer_play_media_disable.png 0xd06ad4ea
    res/drawable-hdpi/cyberplayer_play_media_pressed.png 0x754abc4d
    res/drawable-hdpi/cyberplayer_retreat_media.png 0xc1863e71
    res/drawable-hdpi/cyberplayer_retreat_media_disable.png 0x105d69ea
    res/drawable-hdpi/cyberplayer_retreat_media_pressed.png 0x107d406d
    res/drawable-hdpi/cyberplayer_seekbar_background.png 0x470141ee
    res/drawable-hdpi/cyberplayer_seekbar_background_normal.9.png 0xb682f96c
    res/drawable-hdpi/cyberplayer_seekbar_background_process.9.png 0x525e50fe
    res/drawable-hdpi/cyberplayer_seekbar_background_sound_normal.9.png 0xf670f95b
    res/drawable-hdpi/cyberplayer_seekbar_background_sound_process.9.png 0x5e8b1ec9
    res/drawable-hdpi/cyberplayer_seekbar_cache.png 0x273eb0ec
    res/drawable-hdpi/cyberplayer_seekbar_normal.png 0x60b412f3
    res/drawable-hdpi/cyberplayer_seekbar_ratio.png 0x8ec16bd1
    res/drawable-hdpi/cyberplayer_seekbar_ratio_white.png 0xa7a8ded9
    res/drawable-hdpi/cyberplayer_stop_media.png 0x6395a790
    res/drawable-hdpi/cyberplayer_stop_media_disable.png 0xbaafc338
    res/drawable-hdpi/cyberplayer_stop_media_pressed.png 0x520b1252
    res/drawable-hdpi/cyberplayer_textbtn_background_blue.9.png 0x84105c73
    res/drawable-hdpi/cyberplayer_titlebar_return.png 0xaafad296
    res/drawable-hdpi/cyberplayer_volumebar_background.9.png 0xd4992489
    res/drawable/aa.png 0xb4e4753e
    res/drawable/alipay.png 0xbd127ca4
    res/drawable/alipay_weixin.png 0xce9be18b
    res/drawable/anniu10.xml 0xcfd1eaee
    res/drawable/anniu1a00001.xml 0xd2834406
    res/drawable/anniu1b00001.xml 0x4c90ecd4
    res/drawable/anniu2.xml 0x6a68948d
    res/drawable/anniu20.xml 0x81ff5010
    res/drawable/anniu3.xml 0x303cdf6b
    res/drawable/bb.png 0x4e325f24
    res/drawable/beijing2.png 0xa8bfaf42
    res/drawable/beijingse10.png 0x69295961
    res/drawable/bg_actionsheet_cancel.xml 0x72f99eb8
    res/drawable/bg_actionsheet_header.xml 0x91856b2b
    res/drawable/bg_alertbutton_bottom.xml 0x4add86d2
    res/drawable/bg_alertbutton_left.xml 0x79fac8bc
    res/drawable/bg_alertbutton_none.xml 0x68a4ec65
    res/drawable/bg_alertbutton_right.xml 0x81b993ec
    res/drawable/bg_alertview_alert.xml 0x5805a1b5
    res/drawable/bjk2.xml 0xcbfd00f2
    res/drawable/bjk3.xml 0x9a5274a1
    res/drawable/bjk4.xml 0x73c1e94d
    res/drawable/bjk_tp1a0001.xml 0x6ca8d7b2
    res/drawable/bjk_tp1a0002.xml 0x780900b0
    res/drawable/bjk_tp1b0001.xml 0x6ca8d7b2
    res/drawable/bjk_tp1c0001.xml 0x8be025c9
    res/drawable/cc.png 0xaf709172
    res/drawable/color_progressbar.xml 0x3226ff2e
    res/drawable/e4alistview_new_message.png 0x1cdc5409
    res/drawable/ee.jpg 0x666d824c
    res/drawable/icon.png 0x2886f323
    res/drawable/icon_1.png 0xa8855a47
    res/drawable/icon_2.png 0xeb43fe13
    res/drawable/icon_3.png 0x20c33ae9
    res/drawable/icon_4.png 0x552d7eb7
    res/drawable/icon_5.png 0x20031721
    res/drawable/palyer_b.png 0x7276dc5b
    res/drawable/palyer_q.png 0x61932d3b
    res/drawable/palyer_qw.png 0x79308213
    res/drawable/palyer_tew.png 0x5319325a
    res/drawable/s320x480.png 0xe7371a9e
    res/drawable/top_gridview_style.xml 0xffde915c
    res/drawable/top_gridview_style2.xml 0x941ebcd9
    res/drawable/tupian_10.png 0xa6b10956
    res/drawable/tupian_appxiazaierweima.png 0xff459367
    res/drawable/weixin.png 0xb3a4c34d
    res/drawable/xsearch_loading.png 0x575b24df
    res/drawable/xsearch_msg_pull_arrow_down.png 0xa94f8937
    res/layout/alertext_form.xml 0x4479169d
    res/layout/controllerplaying.xml 0x33ac2eb9
    res/layout/include_alertheader.xml 0x920a71d9
    res/layout/item_alertbutton.xml 0x5d9a2329
    res/layout/layout_alertview.xml 0xbee36203
    res/layout/layout_alertview_actionsheet.xml 0x5eee24bc
    res/layout/layout_alertview_alert.xml 0x1ce4b990
    res/layout/layout_alertview_alert_horizontal.xml 0x3857878a
    res/layout/layout_alertview_alert_vertical.xml 0xcc1979ce
    res/layout/prom_dialog.xml 0x6f8c4535
    res/layout/refresh_layout.xml 0xe7542530
    resources.arsc 0xda33e7ff
    tencent_stub 0x72865af8
    AndroidManifest.xml 0x182e4b21
    lib/armeabi-v7a/libBugly.so 0xbe5077f9
    lib/armeabi/libBugly.so 0x1ddd8547
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号