VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :78.apk (File not down)
File Size :915601 byte
File Type :application/zip
MD5:d41a9ff7ee15626b816936d6852834cc
SHA1:bdaff2cdb4d0470a9cb51e419fdde0a5c0019ddb
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:0%Scanner(s) (0/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2015-10-17 21:56:09 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 3.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 2
    avast 150725-1 4.7.4 2015-07-25 Found nothing 0
    avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 5
    baidusd 1.0 1.0 2014-04-02 Found nothing 1
    bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
    clamav 19861 0.97.5 2014-12-31 Found nothing 0
    drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
    fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
    fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
    fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
    gdata 25.3911 25.3911 2015-10-17 Found nothing 9
    ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
    jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 60
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
    kingsoft 2.1 2.1 2013-09-22 Found nothing 22
    mcafee 7638 5400.1158 2014-11-30 Found nothing 0
    nod32 0920 3.0.21 2014-12-23 Found nothing 0
    panda 9.05.01 9.05.01 2015-07-26 Found nothing 5
    pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 6
    qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
    quickheal 14.00 14.00 2015-07-25 Found nothing 2
    rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
    sophos 5.08 3.55.0 2014-12-01 Found nothing 0
    symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 7
    thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 3
    tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 13
    vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.DISABLE_KEYGUARD禁用键盘锁
    android.permission.CAMERA访问照相机设备
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
  • 文件信息
    安全评分 :
    基本信息
    MD5:d41a9ff7ee15626b816936d6852834cc
    包名:com.gmail.raulrojomartin79.shutdown.restar.recovery
    最低运行环境:Android 1.6
    版权:Android Developers
    关键行为
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    \WINDOWS\system32\zh-cn\ieframe.dll.mui
    AtlDebugAllocator_FileMappingNameStatic3_96c
    Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
    Local\UrlZonesSM_Administrator
    AtlDebugAllocator_FileMappingNameStatic3_930
    Local\!PrivacIE!SharedMem!Counter
    MSCTF.MarshalInterface.FileMap.IBE..NPBJH
    \WINDOWS\system32\zh-cn\mshtml.dll.mui
    MSCTF.MarshalInterface.FileMap.IBE.B.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.C.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.D.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.E.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.F.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.G.DFLHI
    行为描述:修改HOST文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\hosts---> Offset = 0
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    行为描述:按名称获取主机地址
    详情信息:mxbl.cn
    www.baidu.com
    进程行为
    行为描述:创建进程
    详情信息:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c ECHO y|cacls %windir%\System32\drivers\etc\hosts /g everyone:f & attrib /s /d -s -h %windir%\System32\drivers\etc\hosts & move hosts %windir%\System32\drivers\etc\ & ipconfig /flushdns
    ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = C:\WINDOWS\system32\cmd.exe /S /D /c" ECHO y"
    ImagePath = C:\WINDOWS\system32\cacls.exe, CmdLine = cacls C:\WINDOWS\System32\drivers\etc\hosts /g everyone:f
    ImagePath = C:\WINDOWS\system32\attrib.exe, CmdLine = attrib /s /d -s -h C:\WINDOWS\System32\drivers\etc\hosts
    ImagePath = C:\WINDOWS\system32\ipconfig.exe, CmdLine = ipconfig /flushdns
    行为描述:枚举进程
    详情信息:N/A
    文件行为
    行为描述:创建可执行文件
    详情信息:C:\WINDOWS\HYDati.dll
    C:\WINDOWS\mydll.dll
    C:\WINDOWS\ByPass.dll
    C:\WINDOWS\xunyou.dll
    C:\WINDOWS\haoi.dll
    C:\WINDOWS\dinput8.dll
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS
    FileName = C:\WINDOWS\system32
    FileName = C:\WINDOWS\system32\cmd.exe
    FileName = C:\DOCUME~1
    FileName = C:\DOCUME~1\ADMINI~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cacls.*
    FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\cacls
    FileName = C:\Python27\cacls.*
    FileName = C:\Python27\cacls
    FileName = C:\Python27\Scripts\cacls.*
    FileName = C:\Python27\Scripts\cacls
    FileName = C:\WINDOWS\system32\cacls.*
    行为描述:修改HOST文件
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\hosts---> Offset = 0
    行为描述:写权限映射文件
    详情信息:CiceroSharedMemDefaultS-*
    \WINDOWS\system32\zh-cn\ieframe.dll.mui
    AtlDebugAllocator_FileMappingNameStatic3_96c
    Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
    Local\UrlZonesSM_Administrator
    AtlDebugAllocator_FileMappingNameStatic3_930
    Local\!PrivacIE!SharedMem!Counter
    MSCTF.MarshalInterface.FileMap.IBE..NPBJH
    \WINDOWS\system32\zh-cn\mshtml.dll.mui
    MSCTF.MarshalInterface.FileMap.IBE.B.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.C.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.D.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.E.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.F.DFLHI
    MSCTF.MarshalInterface.FileMap.IBE.G.DFLHI
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    行为描述:修改文件内容
    详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\hosts---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[2]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]---> Offset = 0
    网络行为
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = www.mxbl.cn, PORT = 80
    行为描述:下载文件
    详情信息:URLDownloadToFileW: http://www.mxbl.cn/version.ini ---> c://version.ini
    C:\version.ini
    行为描述:建立到一个指定的套接字连接
    详情信息:110.110.110.110:80
    127.0.0.1:1032
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: www.mxbl.cn:80/, hConnect = 0x00000450
    行为描述:按名称获取主机地址
    详情信息:mxbl.cn
    www.baidu.com
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig\DEBUG\Trace Level
    行为描述:删除注册表键值
    详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\ipconfig\DEBUG\Trace Level
    行为描述:删除注册表键值_IE连接设置
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    其他行为
    行为描述:创建互斥体
    详情信息:oleacc-msaa-loaded
    SHIMLIB_LOG_MUTEX
    CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    RasPbFile
    client
    Local\c:!documents and settings!administrator!ietldcache!
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    行为描述:内联HOOK
    详情信息:C:\WINDOWS\system32\kernel32.dll--->WaitForSingleObjectEx Offset = 0x28c
    C:\WINDOWS\system32\SHELL32.dll--->SHLockShared Offset = 0x5635201
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    NtUserFindWindowEx: [Class,Window] = [#32770,Windows 任务管理器]
    NtUserFindWindowEx: [Class,Window] = [#32770,]
    NtUserFindWindowEx: [Class,Window] = [SysListView32,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 872, Hwnd=0x602c8, Text = 是(&Y), ClassName = Button.
    Pid = 872, Hwnd=0x302da, Text = 否(&N), ClassName = Button.
    Pid = 872, Hwnd=0x202b0, Text = 本软件仅用于研究与测试,不得用于商业用途.请在试用后自行销毁. 软件版权属各自产权人所有.超出个人研究范围所引发的版权及责任等问题的争, ClassName = Static.
    Pid = 872, Hwnd=0x170142, Text = ★★★★★★★★★★★★★★★免责条款★★★★★★★★★★★★★★★, ClassName = #32770.
    Pid = 872, Hwnd=0x202cc, Text = 启动游戏, ClassName = Button.
    Pid = 872, Hwnd=0x202b4, Text = 检查更新, ClassName = Button.
    Pid = 872, Hwnd=0x202b2, Text = 设置游戏目录, ClassName = Button.
    Pid = 872, Hwnd=0x202d4, Text = 七彩冒险岛 经验:20000倍 爆率/金钱:2000倍 上线送极品32767装备 官方网站:www.qcmxd.com 群号:148421114, ClassName = Static.
    Pid = 872, Hwnd=0x302dc, Text = 急速代练全区全服接单1-120 8元起,1-150 1-210特价 淘宝ID:冒险老范。QQ594881067 群240040992, ClassName = Static.
    Pid = 872, Hwnd=0x202d6, Text = 多开模式, ClassName = Button(CheckBox).
    Pid = 872, Hwnd=0x202a6, Text = DEIF0UyHDMHxC6CBnrfSiGldqu, ClassName = #32770.
    Pid = 872, Hwnd=0x1032a, Text = 确定, ClassName = Button.
    Pid = 872, Hwnd=0x1032e, Text = 因为未设置游戏目录,所以无法运行!, ClassName = Static.
    Pid = 872, Hwnd=0x10328, Text = 996E, ClassName = #32770.
    Pid = 872, Hwnd=0x10346, Text = 确定, ClassName = Button.
    行为描述:获取系统权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    SE_DEBUG_PRIVILEGE
    行为描述:获取TickCount值
    详情信息:TickCount = 490703, SleepMilliseconds = 1000.
    TickCount = 490781, SleepMilliseconds = 1000.
    TickCount = 490812, SleepMilliseconds = 1000.
    TickCount = 490843, SleepMilliseconds = 1000.
    TickCount = 490890, SleepMilliseconds = 1000.
    TickCount = 491015, SleepMilliseconds = 1000.
    TickCount = 491031, SleepMilliseconds = 1000.
    TickCount = 491125, SleepMilliseconds = 1000.
    TickCount = 491140, SleepMilliseconds = 1000.
    TickCount = 491171, SleepMilliseconds = 1000.
    TickCount = 491234, SleepMilliseconds = 1000.
    TickCount = 491281, SleepMilliseconds = 1000.
    TickCount = 491296, SleepMilliseconds = 1000.
    TickCount = 491312, SleepMilliseconds = 1000.
    TickCount = 491343, SleepMilliseconds = 1000.
    行为描述:获取光标位置
    详情信息:CursorPos = (106,18467), SleepMilliseconds = 1000.
    CursorPos = (6399,26500), SleepMilliseconds = 1000.
    CursorPos = (19234,15724), SleepMilliseconds = 1000.
    CursorPos = (11543,29358), SleepMilliseconds = 60000.
    CursorPos = (27027,24464), SleepMilliseconds = 60000.
    CursorPos = (5770,28145), SleepMilliseconds = 60000.
    CursorPos = (23346,16827), SleepMilliseconds = 60000.
    CursorPos = (10026,491), SleepMilliseconds = 60000.
    CursorPos = (3060,11942), SleepMilliseconds = 60000.
    CursorPos = (4892,5436), SleepMilliseconds = 60000.
    CursorPos = (32456,14604), SleepMilliseconds = 60000.
    CursorPos = (3967,153), SleepMilliseconds = 60000.
    CursorPos = (357,12382), SleepMilliseconds = 60000.
    行为描述:枚举窗口
    详情信息:N/A
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 1000.
    [2]: MilliSeconds = 1000.
    [3]: MilliSeconds = 1000.
    [4]: MilliSeconds = 1000.
    [5]: MilliSeconds = 1000.
    [6]: MilliSeconds = 1000.
    [7]: MilliSeconds = 60000.
    [8]: MilliSeconds = 1000.
    [9]: MilliSeconds = 1000.
    [10]: MilliSeconds = 1000.
    危险行为
    行为描述:执行系统命令
    详情信息:[u'sh']
    [u'sh']
    [u'sh']
    [u'sh']
    动态列表行为
    行为描述:传递附加信息
    详情信息:android.intent.extra.alarm.HOUR:0
    android.intent.extra.alarm.MINUTES:0
    android.intent.extra.alarm.SKIP_UI:true
    android.intent.extra.alarm.HOUR:0
    android.intent.extra.alarm.MINUTES:0
    android.intent.extra.alarm.SKIP_UI:true
    行为描述:读取文件
    详情信息:path:unknown length:61
    path:unknown length:5
    path:/data/data/com.gmail.raulrojomartin79.shutdown.restar.recovery/shared_prefs/net.dinglisch.android.tasker.preffy.xml length:261
    path:/data/data/com.gmail.raulrojomartin79.shutdown.restar.recovery/shared_prefs/net.dinglisch.android.tasker.statey.xml length:196
    行为描述:解析通用资源标识符
    详情信息:file:///mnt/sdcard
    file:///mnt/sdcard
    行为描述:Android运行时错误
    详情信息:E/AndroidRuntime( 1528): FATAL EXCEPTION: main
    E/AndroidRuntime( 1528): java.lang.ExceptionInInitializerError
    E/AndroidRuntime( 1528): at net.dinglisch.android.tasker.vm.b(Unknown Source)
    E/AndroidRuntime( 1528): at net.dinglisch.android.tasker.vm.a(Unknown Source)
    E/AndroidRuntime( 1528): at net.dinglisch.android.tasker.vm.d(Unknown Source)
    E/AndroidRuntime( 1528): at net.dinglisch.android.tasker.Kid.onCreate(Unknown Source)
    E/AndroidRuntime( 1528): at android.app.Activity.performCreate(Activity.java:5008)
    E/AndroidRuntime( 1528): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1079)
    E/AndroidRuntime( 1528): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2023)
    E/AndroidRuntime( 1528): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2084)
    E/AndroidRuntime( 1528): at android.app.ActivityThread.access$600(ActivityThread.java:130)
    E/AndroidRuntime( 1528): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1195)
    E/AndroidRuntime( 1528): at android.os.Handler.dispatchMessage(Handler.java:99)
    E/AndroidRuntime( 1528): at android.os.Looper.loop(Looper.java:137)
    E/AndroidRuntime( 1528): at android.app.ActivityThread.main(ActivityThread.java:4745)
    E/AndroidRuntime( 1528): at java.lang.reflect.Method.invokeNative(Native Method)
    E/AndroidRuntime( 1528): at java.lang.reflect.Method.invoke(Method.java:511)
    E/AndroidRuntime( 1528): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:786)
    E/AndroidRuntime( 1528): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
    E/AndroidRuntime( 1528): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:135)
    E/AndroidRuntime( 1528): at dalvik.system.NativeStart.main(Native Method)
    E/AndroidRuntime( 1528): Caused by: java.lang.VerifyError: net/dinglisch/android/tasker/qq
    E/AndroidRuntime( 1528): at net.dinglisch.android.tasker.mh.<clinit>(Unknown Source)
    E/AndroidRuntime( 1528): ... 19 more
    E/AndroidRuntime( 1662): FATAL EXCEPTION: main
    E/AndroidRuntime( 1662): java.lang.ExceptionInInitializerError
    E/AndroidRuntime( 1662): at net.dinglisch.android.tasker.vm.b(Unknown Source)
    E/AndroidRuntime( 1662): at net.dinglisch.android.tasker.vm.a(Unknown Source)
    E/AndroidRuntime( 1662): at net.dinglisch.android.tasker.vm.d(Unknown Source)
    E/AndroidRuntime( 1662): at net.dinglisch.android.tasker.MonitorService.a(Unknown Source)
    E/AndroidRuntime( 1662): at net.dinglisch.android.tasker.MonitorService.onCreate(Unknown Source)
    E/AndroidRuntime( 1662): at android.app.ActivityThread.handleCreateService(ActivityThread.java:2363)
    E/AndroidRuntime( 1662): at android.app.ActivityThread.access$1600(ActivityThread.java:130)
    E/AndroidRuntime( 1662): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1277)
    E/AndroidRuntime( 1662): at android.os.Handler.dispatchMessage(Handler.java:99)
    E/AndroidRuntime( 1662): at android.os.Looper.loop(Looper.java:137)
    E/AndroidRuntime( 1662): at android.app.ActivityThread.main(ActivityThread.java:4745)
    E/AndroidRuntime( 1662): at java.lang.reflect.Method.invokeNative(Native Method)
    E/AndroidRuntime( 1662): at java.lang.reflect.Method.invoke(Method.java:511)
    E/AndroidRuntime( 1662): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:786)
    E/AndroidRuntime( 1662): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
    E/AndroidRuntime( 1662): at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:135)
    E/AndroidRuntime( 1662): at dalvik.system.NativeStart.main(Native Method)
    E/AndroidRuntime( 1662): Caused by: java.lang.VerifyError: net/dinglisch/android/tasker/qq
    E/AndroidRuntime( 1662): at net.dinglisch.android.tasker.mh.<clinit>(Unknown Source)
    E/AndroidRuntime( 1662): ... 17 more
    行为描述:判断手机是否为待机状态
    详情信息:false
    行为描述:执行系统命令
    详情信息:[u'sh']
    [u'sh']
    [u'sh']
    [u'sh']
    行为描述:缓冲区读取一行数据
    详情信息:/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
    null
    /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
    null
    /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
    null
    /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
    null
    行为描述:写入文件
    详情信息:path:/data/data/com.gmail.raulrojomartin79.shutdown.restar.recovery/shared_prefs/net.dinglisch.android.tasker.preffy.xml length:107
    path:unknown length:52
    path:unknown length:16
    path:unknown length:10
    path:/data/data/com.gmail.raulrojomartin79.shutdown.restar.recovery/shared_prefs/net.dinglisch.android.tasker.preffy.xml length:261
    path:/data/data/com.gmail.raulrojomartin79.shutdown.restar.recovery/shared_prefs/net.dinglisch.android.tasker.statey.xml length:196
    path:/data/data/com.gmail.raulrojomartin79.shutdown.restar.recovery/shared_prefs/net.dinglisch.android.tasker.statey.xml length:196
    path:/data/data/com.gmail.raulrojomartin79.shutdown.restar.recovery/shared_prefs/net.dinglisch.android.tasker.statey.xml length:233
    行为描述:初始化Intent
    详情信息:[u'com.twofortyfouram.locale.intent.action.EDIT_SETTING']
    [u'com.twofortyfouram.locale.intent.action.EDIT_CONDITION']
    [u'android.settings.APPLICATION_DEVELOPMENT_SETTINGS', u'null']
    [u'android.settings.INTERNAL_STORAGE_SETTINGS', u'null']
    [u'android.settings.WIFI_SETTINGS', u'null']
    [u'android.settings.AIRPLANE_MODE_SETTINGS', u'null']
    [u'android.settings.SETTINGS', u'null']
    [u'android.settings.DATE_SETTINGS', u'null']
    [u'android.settings.APN_SETTINGS', u'null']
    [u'android.settings.ADD_ACCOUNT_SETTINGS', u'null']
    [u'android.settings.DEVICE_INFO_SETTINGS', u'null']
    [u'android.settings.DATA_ROAMING_SETTINGS', u'null']
    [u'android.settings.DISPLAY_SETTINGS', u'null']
    []
    [u'android.settings.APPLICATION_SETTINGS', u'null']
    [u'android.settings.BLUETOOTH_SETTINGS', u'null']
    [u'android.settings.WIFI_IP_SETTINGS', u'null']
    [u'android.settings.WIRELESS_SETTINGS', u'null']
    [u'android.settings.LOCATION_SOURCE_SETTINGS', u'null']
    [u'android.settings.INPUT_METHOD_SETTINGS', u'null']
    [u'android.settings.SYNC_SETTINGS', u'null']
    [u'android.settings.PRIVACY_SETTINGS', u'null']
    [u'android.settings.ACCESSIBILITY_SETTINGS', u'null']
    [u'android.settings.USER_DICTIONARY_SETTINGS', u'null']
    [u'android.settings.SOUND_SETTINGS', u'null']
    [u'android.search.action.SEARCH_SETTINGS', u'null']
    [u'android.settings.SECURITY_SETTINGS', u'null']
    [u'android.settings.QUICK_LAUNCH_SETTINGS', u'null']
    [u'android.settings.NETWORK_OPERATOR_SETTINGS', u'null']
    [u'android.settings.MEMORY_CARD_SETTINGS', u'null']
    [u'android.settings.MANAGE_APPLICATIONS_SETTINGS', u'null']
    [u'android.settings.LOCALE_SETTINGS', u'null']
    []
    [u'com.android.internal.telephony.MODIFY_NETWORK_MODE']
    [u'android.intent.action.MEDIA_MOUNTED']
    [u'android.intent.action.SET_ALARM']
    [u'android.speech.action.RECOGNIZE_SPEECH']
    [u'android.os.Parcel@414adf80']
    [u'com.twofortyfouram.locale.intent.action.EDIT_SETTING']
    [u'com.twofortyfouram.locale.intent.action.EDIT_CONDITION']
    [u'android.settings.APPLICATION_DEVELOPMENT_SETTINGS', u'null']
    [u'android.settings.INTERNAL_STORAGE_SETTINGS', u'null']
    [u'android.settings.WIFI_SETTINGS', u'null']
    [u'android.settings.AIRPLANE_MODE_SETTINGS', u'null']
    [u'android.settings.SETTINGS', u'null']
    [u'android.settings.DATE_SETTINGS', u'null']
    [u'android.settings.APN_SETTINGS', u'null']
    [u'android.settings.ADD_ACCOUNT_SETTINGS', u'null']
    [u'android.settings.DEVICE_INFO_SETTINGS', u'null']
    [u'android.settings.DATA_ROAMING_SETTINGS', u'null']
    [u'android.settings.DISPLAY_SETTINGS', u'null']
    []
    [u'android.settings.APPLICATION_SETTINGS', u'null']
    [u'android.settings.BLUETOOTH_SETTINGS', u'null']
    [u'android.settings.WIFI_IP_SETTINGS', u'null']
    [u'android.settings.WIRELESS_SETTINGS', u'null']
    [u'android.settings.LOCATION_SOURCE_SETTINGS', u'null']
    [u'android.settings.INPUT_METHOD_SETTINGS', u'null']
    [u'android.settings.SYNC_SETTINGS', u'null']
    [u'android.settings.PRIVACY_SETTINGS', u'null']
    [u'android.settings.ACCESSIBILITY_SETTINGS', u'null']
    [u'android.settings.USER_DICTIONARY_SETTINGS', u'null']
    [u'android.settings.SOUND_SETTINGS', u'null']
    [u'android.search.action.SEARCH_SETTINGS', u'null']
    [u'android.settings.SECURITY_SETTINGS', u'null']
    [u'android.settings.QUICK_LAUNCH_SETTINGS', u'null']
    [u'android.settings.NETWORK_OPERATOR_SETTINGS', u'null']
    [u'android.settings.MEMORY_CARD_SETTINGS', u'null']
    [u'android.settings.MANAGE_APPLICATIONS_SETTINGS', u'null']
    [u'android.settings.LOCALE_SETTINGS', u'null']
    []
    [u'com.android.internal.telephony.MODIFY_NETWORK_MODE']
    [u'android.intent.action.MEDIA_MOUNTED']
    [u'android.intent.action.SET_ALARM']
    [u'android.speech.action.RECOGNIZE_SPEECH']
    [u'android.os.Parcel@414adf80']
    Activities
    活动名类型
    net.dinglisch.android.tasker.Kidandroid.intent.action.MAIN
    net.dinglisch.android.tasker.Kidandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    Camera;->open开启相机
    WifiManager;->setWifiEnabled变更WIFI状态
    java/net/URL;->openConnection连接URL
    java/net/HttpURLConnection;->connect连接URL
    android/app/NotificationManager;->notify信息通知栏
    ActivityManager;->restartPackage中断进程,可用于关闭杀软
    SmsManager;->sendTextMessage发送普通短信
    SmsManager;->sendMultipartTextMessage发送彩信
    MediaRecorder;->setAudioSource开启录音功能
    ContentResolver;->delete删除短信、联系人
    SmsManager;->sendDataMessage发送二进制消息
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    ContentResolver;->query读取联系人、短信等数据库
    LocationManager;->getLastKnownLocation获取地址位置
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    TelephonyManager;->getLine1Number获取手机号
    TelephonyManager;->getSimSerialNumber获取SIM序列号
    启动方式
    名称信息
    net.dinglisch.android.tasker.ReceiverStaticAlwaysOn开机启动服务
    net.dinglisch.android.tasker.ReceiverStaticAlwaysOn应用安装时启动服务
    net.dinglisch.android.tasker.ReceiverStaticAlwaysOn应用卸载时启动服务
    权限列表
    许可名称信息
    android.permission.DISABLE_KEYGUARD禁用键盘锁
    android.permission.CAMERA访问照相机设备
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    服务列表
    名称
    net.dinglisch.android.tasker.ExecuteService
    net.dinglisch.android.tasker.MonitorService
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0xdaa3c996
    META-INF/CERT.SF 0x959e5c01
    META-INF/CERT.RSA 0x8a19e056
    AndroidManifest.xml 0x389a9c3b
    assets/kid/data.xml 0x5f5eba
    assets/values/strings.xml 0x3c02a643
    classes.dex 0x9d8c23aa
    res/color/black_text_orange_selected.xml 0xcd66f58f
    res/color/faded_blue_text_orange_focused.xml 0x7093e58c
    res/color/faded_text_dark_focused.xml 0x6e742446
    res/color/faded_text_orange_focused.xml 0xc3dbed51
    res/color/green_text_orange_focused.xml 0xfed154b2
    res/color/primary_text_orange_focused.xml 0xb76781b1
    res/color/title_text_orange_focused.xml 0xf8d9f155
    res/drawable-xhdpi/icon_tasker.png 0x9ca26117
    res/drawable/actionedit_help_text_border.xml 0x0
    res/drawable/actionicon.png 0xa3ff2c44
    res/drawable/appwidgetcountdown_background.xml 0x0
    res/drawable/background_appwidget_label.xml 0x0
    res/drawable/context_enter.png 0xdd2b826e
    res/drawable/context_exit.png 0x83aefe07
    res/drawable/contextapp.png 0x0
    res/drawable/contextday.png 0x0
    res/drawable/contextevent.png 0x0
    res/drawable/contextloc.png 0x0
    res/drawable/contextstate.png 0x0
    res/drawable/contexttime.png 0x0
    res/drawable/dateitemborder_selected.xml 0x0
    res/drawable/dateitemborder_unselected.xml 0x0
    res/drawable/edit_task_background.xml 0x0
    res/drawable/fileselect_item_background_hidden.xml 0x0
    res/drawable/fileselect_item_background_normal.xml 0x0
    res/drawable/ic_menu_block.png 0x0
    res/drawable/icon_app_settings.png 0x0
    res/drawable/icon_battery_small.png 0x0
    res/drawable/icon_camera.png 0x0
    res/drawable/icon_closed.png 0x0
    res/drawable/icon_coffee_small.png 0x0
    res/drawable/icon_connect.png 0x0
    res/drawable/icon_display.png 0x0
    res/drawable/icon_dontsave.png 0x0
    res/drawable/icon_file_locked.png 0x0
    res/drawable/icon_folder_cyan.png 0x0
    res/drawable/icon_hardware_small.png 0x0
    res/drawable/icon_help.png 0x0
    res/drawable/icon_home_small.png 0x0
    res/drawable/icon_html_file.png 0x0
    res/drawable/icon_image_file.png 0x0
    res/drawable/icon_level.png 0x0
    res/drawable/icon_lock_small.png 0x0
    res/drawable/icon_new.png 0x0
    res/drawable/icon_not_editcut.png 0x0
    res/drawable/icon_not_email.png 0x0
    res/drawable/icon_not_energy.png 0x0
    res/drawable/icon_not_gimp.png 0x0
    res/drawable/icon_not_password.png 0x0
    res/drawable/icon_not_success.png 0x0
    res/drawable/icon_not_usb.png 0x0
    res/drawable/icon_notify_bear.png 0x0
    res/drawable/icon_notify_bug.png 0x0
    res/drawable/icon_notify_cookie.png 0x0
    res/drawable/icon_notify_hippo.png 0x0
    res/drawable/icon_notify_info.png 0x0
    res/drawable/icon_notify_panda.png 0x0
    res/drawable/icon_notify_penguin.png 0x0
    res/drawable/icon_notify_star.png 0x0
    res/drawable/icon_open.png 0x0
    res/drawable/icon_perm_notify_small.png 0x0
    res/drawable/icon_play.png 0x0
    res/drawable/icon_plugin_small.png 0x0
    res/drawable/icon_plus_small.png 0x0
    res/drawable/icon_question.png 0x0
    res/drawable/icon_refresh_small.png 0x0
    res/drawable/icon_save.png 0x0
    res/drawable/icon_sound.png 0x0
    res/drawable/icon_task_properties_small.png 0x0
    res/drawable/icon_tasker.png 0x0
    res/drawable/icon_text_file.png 0x0
    res/drawable/icon_timer.png 0x0
    res/drawable/icon_transparent.png 0xf6346996
    res/drawable/icon_trash_small.png 0x0
    res/drawable/icon_variable.png 0x0
    res/drawable/icon_variable_small.png 0x0
    res/drawable/icon_zip.png 0x0
    res/drawable/image_select_indicator.xml 0x0
    res/drawable/locale_border.9.png 0x0
    res/drawable/macro_handle_exe.png 0x0
    res/drawable/macro_handle_menu.png 0x0
    res/drawable/macrolistitem_background.xml 0x0
    res/drawable/popuptextbackground.xml 0x0
    res/drawable/profile_disabled_small.png 0x0
    res/drawable/profile_list_tab_background.xml 0x0
    res/drawable/profilelistcontextpanel_background.xml 0x0
    res/drawable/profilelistitem_background.xml 0x0
    res/drawable/profilelistitem_background_active.xml 0x0
    res/drawable/profilelisttaskpanel_background.xml 0x0
    res/drawable/radiodialog_title_background.xml 0x0
    res/drawable/satellite.png 0x0
    res/drawable/settingicon.png 0x0
    res/drawable/streetview.png 0x0
    res/drawable/tab_dark.xml 0x0
    res/drawable/tab_orange.xml 0x0
    res/drawable/tab_silver.xml 0x0
    res/drawable/tab_white.xml 0x0
    res/drawable/task_repeat_abort.png 0x0
    res/drawable/task_repeat_after.png 0x0
    res/drawable/task_repeat_replace.png 0x0
    res/drawable/timepicker_down_btn.xml 0x0
    res/drawable/timepicker_down_disabled.9.png 0x0
    res/drawable/timepicker_down_disabled_focused.9.png 0x0
    res/drawable/timepicker_down_normal.9.png 0x0
    res/drawable/timepicker_down_pressed.9.png 0x0
    res/drawable/timepicker_down_selected.9.png 0x0
    res/drawable/timepicker_input.xml 0x0
    res/drawable/timepicker_input_disabled.9.png 0x0
    res/drawable/timepicker_input_normal.9.png 0x0
    res/drawable/timepicker_input_pressed.9.png 0x0
    res/drawable/timepicker_input_selected.9.png 0x0
    res/drawable/timepicker_up_btn.xml 0x0
    res/drawable/timepicker_up_disabled.9.png 0x0
    res/drawable/timepicker_up_disabled_focused.9.png 0x0
    res/drawable/timepicker_up_normal.9.png 0x0
    res/drawable/timepicker_up_pressed.9.png 0x0
    res/drawable/timepicker_up_selected.9.png 0x0
    res/drawable/zza_icon_openlock_small.png 0x0
    res/drawable/zzb_choose_small.png 0x0
    res/drawable/zzc_down_not_small.png 0x0
    res/drawable/zzd_up_not_small.png 0x0
    res/drawable/zze_export.png 0x0
    res/drawable/zzf_name.png 0x0
    res/drawable/zzg_clone.png 0x0
    res/drawable/zzh_icon_icon.png 0x0
    res/drawable/zzi_edit.png 0x0
    res/drawable/zzk_right.png 0x0
    res/drawable/zzl_left.png 0x0
    res/drawable/zzn_icon_zoom.png 0x0
    res/drawable/zzp_input_small.png 0x0
    res/drawable/zzq_icon_perm_notify_gingerbread_small.png 0x0
    res/drawable/zzr_icon_sysmonitor_small.png 0x0
    res/drawable/zzs_icon_done.png 0x0
    res/drawable/zzt_icon_add_green.png 0x0
    res/drawable/zzu_icon_clipboard.png 0x0
    res/drawable/zzv_ambilwarna_hue.png 0x0
    res/drawable/zzw_target.png 0x0
    res/drawable/zzx_icon_minus_small.png 0x0
    res/drawable/zzy_whiteborder.xml 0x0
    res/drawable/zzz_arrow_clear_down.png 0x0
    res/drawable/zzz_arrow_clear_left.png 0x0
    res/drawable/zzz_brush_small.png 0x0
    res/drawable/zzz_doodle_effect_small.png 0x0
    res/drawable/zzz_export_clipboard_small.png 0x0
    res/drawable/zzz_export_sd_small.png 0x0
    res/drawable/zzz_eyes.png 0x0
    res/drawable/zzz_icon_crop.png 0x0
    res/drawable/zzz_icon_expand_small.png 0x0
    res/drawable/zzz_icon_image_small.png 0x0
    res/drawable/zzz_icon_levels_small.png 0x0
    res/drawable/zzz_icon_shapes_small.png 0x0
    res/drawable/zzz_paste_small.png 0x0
    res/drawable/zzz_scene_left_not_small.png 0x0
    res/drawable/zzz_scene_right_not_small.png 0x0
    res/drawable/zzz_undo.png 0x0
    res/drawable/zzz_warning.png 0x0
    res/drawable/zzz_web.png 0x0
    res/drawable/zzza_notify_icon_background_ics.xml 0x0
    res/drawable/zzza_notify_icon_bg_ics.png 0x0
    res/drawable/zzzb_private_small.png 0x0
    res/drawable/zzzb_public_small.png 0x0
    res/layout/toastwithimage.xml 0xc751dd32
    res/xml/accessibilityservice.xml 0x7269ef72
    res/xml/usb_device_filter.xml 0x3b31ac8b
    resources.arsc 0x2abfe1a8
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号