VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:2%Antivirus software(1/39)found malware!
Behavior analysis report:         Habo file analysis
Time: 2014-11-06 16:59:00 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 4
antivir 1.9.2.0 1.9.159.0 7.11.183.62 Found nothing 50
antiy 114701 AVL141003 2014-10-04 Found nothing 7
arcavir 1.0 2011 2014-05-30 Found nothing 12
asquared 9.0.0.4157 9.0.0.4157 2014-07-30 Found nothing 5
avast 141105-0 4.7.4 2014-11-05 Found nothing 45
avg 2109/7906 10.0.1405 2014-10-17 Found nothing 11
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 1
baidusd 1.0 1.0 2014-04-02 Found nothing 60
bitdefender 7.57568 7.90123 2014-11-05 Found nothing 13
clamav 19588 0.97.5 2014-11-05 Found nothing 16
comodo 15023 5.1 2014-10-03 Found nothing 3
ctch 4.6.5 5.3.14 2013-12-01 Found nothing 3
drweb 5.0.2.3300 5.0.1.1 2014-10-31 Found nothing 58
fortinet 23.123, 23.123 5.1.158 2014-11-06 Found nothing 3
fprot 4.6.2.117 6.5.1.5418 2014-11-05 Found nothing 11
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 48
gdata 24.3819 24.3819 2014-08-29 Found nothing 14
hauri 2.73 2.73 2014-06-13 Found nothing 1
ikarus 1.06.01 V1.32.31.0 2014-11-05 Found nothing 58
jiangmin 16.0.100 1.0.0.0 2014-07-28 Found nothing 14
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 56
kingsoft 2.1 2.1 2013-09-22 Found nothing 10
mcafee 7520 5400.1158 2014-08-04 Found nothing 40
nod32 0436 3.0.21 2014-09-18 a variant of Android/SystemMonitor.A application 12
panda 9.05.01 9.05.01 2014-06-15 Found nothing 4
pcc 11.258.05 9.500-1005 2014-11-05 Found nothing 7
qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
qqphone 1.0.0.0 1.0.0.0 2014-11-06 Found nothing 1
quickheal 14.00 14.00 2014-06-14 Found nothing 9
rising 25.17.00.04 25.17.00.04 2014-06-02 Found nothing 20
sophos 5.04 3.51.0 2014-08-05 Found nothing 41
sunbelt 3.9.2589.2 3.9.2589.2 2014-06-13 Found nothing 8
symantec 20141104.004 1.3.0.24 2014-11-04 Found nothing 2
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 16
thehacker 6.8.0.5 6.8.0.5 2014-06-12 Found nothing 11
tws 17.47.17308 1.0.2.2108 2014-06-16 Found nothing 14
vba 3.12.26.3 3.12.26.3 2014-11-05 Found nothing 19
virusbuster 15.0.959.0 5.5.2.13 2014-11-05 Found nothing 55
权限列表
许可名称 信息
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.FORCE_STOP_PACKAGES
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.INTERNET 连接网络(2G或3G)
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.SET_WALLPAPER_HINTS 设置壁纸提示
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.VIBRATE 允许设备震动
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.INSTALL_PACKAGES 安装应用
android.permission.GET_PACKAGE_SIZE 获取应用大小
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.CAMERA 访问照相机设备
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.READ_LOGS 读取系统日志
android.permission.PACKAGE_USAGE_STATS
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.EXPAND_STATUS_BAR 操控状态栏
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.CALL_PHONE 拨打电话
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.FLASHLIGHT 访问闪光灯
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
com.android.alarm.permission.SET_ALARM 设置闹铃提醒
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.SET_ACTIVITY_WATCHER 设置Activity观察器
android.permission.DELETE_PACKAGES 删除应用
android.permission.CHANGE_COMPONENT_ENABLED_STATE 变更组件状态
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
com.android.launcher.permission.CREATE_SHORTCUT
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
com.motorola.dlauncher.permission.READ_SETTINGS
com.motorola.dlauncher.permission.WRITE_SETTINGS
com.motorola.mmsp.motoswitch.permission.READ_SETTINGS
com.motorola.mmsp.motoswitch.permission.WRITE_SETTINGS
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.WRITE_SETTINGS
com.aspire.mm.permission.READ_SETTINGS
com.aspire.mm.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.WRITE_SETTINGS
com.sonyericsson.homescreen.permission.READ_SETTINGS
com.sonyericsson.homescreen.permission.WRITE_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
com.oppo.launcher.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.WRITE_SETTINGS
com.huawei.launcher2.permission.READ_SETTINGS
com.huawei.launcher2.permission.WRITE_SETTINGS
com.huawei.launcher3.permission.READ_SETTINGS
com.huawei.launcher3.permission.WRITE_SETTINGS
com.baiqi.weather.permission.READ_SETTINGS
com.baiqi.weather.permission.WRITE_SETTINGS
com.fede.launcher.permission.READ_SETTINGS
com.fede.launcher.permission.WRITE_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.READ_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.WRITE_SETTINGS
com.motorola.dock.DesktopDock.permission.READ_SETTINGS
com.motorola.dock.DesktopDock.permission.WRITE_SETTINGS
com.lge.launcher.permission.READ_SETTINGS
com.lge.launcher.permission.WRITE_SETTINGS
com.thunderst.launcher.permission.READ_SETTINGS
com.thunderst.launcher.permission.WRITE_SETTINGS
com.sec.android.app.twlauncher.permission.READ_SETTINGS
com.sec.android.app.twlauncher.permission.WRITE_SETTINGS
org.adwfreak.launcher.permission.READ_SETTINGS
org.adwfreak.launcher.permission.WRITE_SETTINGS
org.adw.launcher.permission.READ_SETTINGS
org.adw.launcher.permission.WRITE_SETTINGS
net.qihoo.launcher.permission.READ_SETTINGS
net.qihoo.launcher.permission.WRITE_SETTINGS
com.bbk.launcher2.permission.READ_SETTINGS
com.bbk.launcher2.permission.WRITE_SETTINGS
android.permission.BATTERY_STATS 电量统计
文件信息
VirSCANVirSCAN
安全评分 :85
基本信息
VirSCANVirSCAN
MD5:b39ba8d8eb1f58f1baee6473bf9202ae
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.dragon.android.pandaspace
最低运行环境:Android 2.2.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 286720
行为描述: 跨进程写入数据
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 81920
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 45056
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [Windows Internet Explorer,IEFrame]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 创建远程线程
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\%temp%\1415240608.935915.exe
行为描述: 设置启动项
详情信息: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\arpproducticon.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut1_edd4abb1c1b34a9d84ce33fbfb5d3639.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut2_e88611396ff84afcb2ee5c1594058e02.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut311_0951773981fa4ab2bc21b7dcec95892a.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut31_2f252077ba3f4362913955273a708467.exe
\device\harddiskvolume1\windows\system32\calc.exe
\device\harddiskvolume1\windows\system32\mynotepad.exe
\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述: 关闭系统文件保护
详情信息: N/A
行为描述: 插入APC(异步过程调用)
详情信息: C:\Program Files\Internet Explorer\iexplore.exe
C:\%temp%\1415240684.695371.exe
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 通过内存映射跨进程修改内存
详情信息: TargetProcess = [System Process]
TargetProcess = iexplore.exe
TargetProcess = AutoMonCtl.exe
行为描述: 按名称获取主机地址
详情信息: ilo.brenz.pl
supnewdmn.com
google.com
wpad
tvrstrynyvwstrtve.com
www.yixun.com
rtvwerjyuver.com
ant.trenz.pl
wqerveybrstyhcerveantbe.com
进程行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 286720
行为描述: 跨进程写入数据
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 81920
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 45056
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [Windows Internet Explorer,IEFrame]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 创建远程线程
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\%temp%\1415240608.935915.exe
行为描述: 设置启动项
详情信息: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\arpproducticon.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut1_edd4abb1c1b34a9d84ce33fbfb5d3639.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut2_e88611396ff84afcb2ee5c1594058e02.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut311_0951773981fa4ab2bc21b7dcec95892a.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut31_2f252077ba3f4362913955273a708467.exe
\device\harddiskvolume1\windows\system32\calc.exe
\device\harddiskvolume1\windows\system32\mynotepad.exe
\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述: 关闭系统文件保护
详情信息: N/A
行为描述: 插入APC(异步过程调用)
详情信息: C:\Program Files\Internet Explorer\iexplore.exe
C:\%temp%\1415240684.695371.exe
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 通过内存映射跨进程修改内存
详情信息: TargetProcess = [System Process]
TargetProcess = iexplore.exe
TargetProcess = AutoMonCtl.exe
行为描述: 按名称获取主机地址
详情信息: ilo.brenz.pl
supnewdmn.com
google.com
wpad
tvrstrynyvwstrtve.com
www.yixun.com
rtvwerjyuver.com
ant.trenz.pl
wqerveybrstyhcerveantbe.com
文件行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 286720
行为描述: 创建可执行文件
详情信息: C:\monitor\samplemgr.exe
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\CDTAQBbQ.exe
C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 设置启动项
详情信息: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\arpproducticon.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut1_edd4abb1c1b34a9d84ce33fbfb5d3639.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut2_e88611396ff84afcb2ee5c1594058e02.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut311_0951773981fa4ab2bc21b7dcec95892a.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut31_2f252077ba3f4362913955273a708467.exe
\device\harddiskvolume1\windows\system32\calc.exe
\device\harddiskvolume1\windows\system32\mynotepad.exe
\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 修改原系统的可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll---> Offset = 557056
行为描述: 写权限映射文件
详情信息: {2872B863-CECA-E562-CC5C-4F1A2BD10E1C}
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
\WINDOWS\system32\calc.exe
Local\UrlZonesSM_Administrator
\Documents and Settings\Administrator\Application Data\SogouExplorer\Bin\flash_wk.dll
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000B5C-0000-0000-0000-000000000000)
Local\SqmData_IESQM-2908_S-1-5-21-1482476501-1645522239-1417001333-500
ie_lcie_main_b5c
Isolation Process Registry (C302EA59-655B-11E4-B5D3-000C2938259F)
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Program Files\Internet Explorer\dmlconf.dat---> Offset = 0
C:\WINDOWS\Prefetch\CONIME.EXE-13EEEA1A.pf---> Offset = 0
C:\WINDOWS\autorun.inf---> Offset = 7613
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 351118
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 349111
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 387945
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[1]---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 349539
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[2]---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 353494
网络行为
VirSCANVirSCAN
行为描述: 发送一个已连接的套接字数据
详情信息: SOCKET = 0x00000214, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x00000214, TotalSize = 40, Offset = 0, ReadSize = 40.
SOCKET = 0x000000d0, TotalSize = 6, Offset = 0, ReadSize = 6.
SOCKET = 0x000004e8, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x000004e8, TotalSize = 40, Offset = 0, ReadSize = 40.
行为描述: 建立到一个指定的套接字连接
详情信息: 219.133.40.1:80
219.133.40.1:447
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://www.live.com/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 按名称获取主机地址
详情信息: ilo.brenz.pl
supnewdmn.com
google.com
wpad
tvrstrynyvwstrtve.com
www.yixun.com
rtvwerjyuver.com
ant.trenz.pl
wqerveybrstyhcerveantbe.com
注册表行为
VirSCANVirSCAN
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SAM\SAM\Domains\Account\Users\000001F4\F
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\SessionInformation\ProgramCount
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SQM\PIDs\PID_2908
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Recovery\Active\{C302EA5C-655B-11E4-B5D3-000C2938259F}
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
其他行为
VirSCANVirSCAN
行为描述: 创建驱动文件镜像
详情信息: C:\WINDOWS\system32\drivers\fastfat.sys
行为描述: 创建互斥体
详情信息: {2872C6F9-CECA-E562-CC5C-4F1A332D0E1C}
{2872C0E2-CECA-E562-CC5C-4F1A2BD10E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2BD10E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2BD50E1C}
{2872BAEB-CECA-E562-CC5C-4F1A2BD10E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2DE50E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E210E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E210E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E390E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E390E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E6D0E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E6D0E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E790E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E790E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2F190E1C}
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [Windows Internet Explorer,IEFrame]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Static,]
行为描述: 关闭系统文件保护
详情信息: N/A
行为描述: 获取系统权限
详情信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
SE_AUDIT_PRIVILEGE
SE_TAKE_OWNERSHIP_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_CHANGE_NOTIFY_PRIVILEGE
行为描述: 枚举窗口
详情信息: N/A
行为描述: 插入APC(异步过程调用)
详情信息: C:\Program Files\Internet Explorer\iexplore.exe
C:\%temp%\1415240684.695371.exe
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\sfc_os.dll--->SfcGetNextProtectedFile Offset = 0x2eb2
C:\WINDOWS\system32\ntdll.dll--->ZwWriteVirtualMemory Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtResumeThread Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->sendto Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->recvfrom Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSASend Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSASendTo Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSARecvFrom Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->closesocket Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->LdrLoadDll Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtQueryDirectoryFile Offset = 0x0
c:\windows\system32\WS2_32.dll--->sendto Offset = 0x0
c:\windows\system32\WS2_32.dll--->recvfrom Offset = 0x0
c:\windows\system32\WS2_32.dll--->WSASend Offset = 0x0
c:\windows\system32\WS2_32.dll--->WSASendTo Offset = 0x0
行为描述: 窗口信息
详情信息: Pid = 1460, Hwnd=0xc01de, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xc01d6, Text = 取消, ClassName = Button.
Pid = 1460, Hwnd=0xd01c8, Text = Frozen Throne was unable to find War3.exe. Please make sure your game is correctly installed, and that your Frozen Throne disc is, ClassName = Static.
Pid = 1460, Hwnd=0xe0166, Text = CD-ROM drive error., ClassName = #32770.
Pid = 1460, Hwnd=0xd0180, Text = Launching Warcraft III, ClassName = Warcraft III Root.
Pid = 1460, Hwnd=0xe01c8, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xd01d6, Text = 取消, ClassName = Button.
Pid = 1460, Hwnd=0xd01de, Text = Frozen Throne was unable to find War3.exe. Please make sure your game is correctly installed, and that your Frozen Throne disc is, ClassName = Static.
Pid = 1460, Hwnd=0xf0166, Text = CD-ROM drive error., ClassName = #32770.
Pid = 1460, Hwnd=0xe01de, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xe01d6, Text = 取消, ClassName = Button.
Pid = 1460, Hwnd=0xf01c8, Text = Frozen Throne was unable to find War3.exe. Please make sure your game is correctly installed, and that your Frozen Throne disc is, ClassName = Static.
Pid = 1460, Hwnd=0x100166, Text = CD-ROM drive error., ClassName = #32770.
Pid = 1460, Hwnd=0x1001c8, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xf01d6, Text = 取消, ClassName = Button.
危险行为
VirSCANVirSCAN
行为描述: 执行系统命令
详情信息: chmod 777 /data/data/com.dragon.android.pandaspace/files/apps/tmp
chmod 777 /data/data/com.dragon.android.pandaspace/files/temp
动态列表行为
VirSCANVirSCAN
行为描述: 传递附加信息
详情信息: Ljava/lang/String;=android.intent.extra.shortcut.NAME | Ljava/lang/String;=91
Ljava/lang/String;=duplicate | Z=false
Ljava/lang/String;=android.intent.extra.shortcut.INTENT | Landroid/os/Parcelable;=Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] cmp=com.dragon.android.pandaspace/.main.MainActivity }
Ljava/lang/String;=android.intent.extra.shortcut.ICON_RESOURCE | Landroid/os/Parcelable;=com.dragon.android.pandaspace:drawable/icon
Ljava/lang/String;=isFromOutSideDesktop | Z=true
Ljava/lang/String;=android.intent.extra.shortcut.NAME | Ljava/lang/String;=
Ljava/lang/String;=android.intent.extra.shortcut.INTENT | Landroid/os/Parcelable;=Intent { act=com.dragon.android.pandaspace.gameserver.GameActivity dat=shortcut://gamecenter (has extras
Ljava/lang/String;=android.intent.extra.shortcut.ICON_RESOURCE | Landroid/os/Parcelable;=com.dragon.android.pandaspace:drawable/game_center_play
Ljava/lang/String;=act_id | Ljava/lang/String;=14
Ljava/lang/String;=isFromeOutside | Z=true
Ljava/lang/String;=method_version | Ljava/lang/String;=V1
Ljava/lang/String;=method | Ljava/lang/String;=pushservice_restart
Ljava/lang/String;=type | Ljava/lang/String;=service_restart
Ljava/lang/String;=type | Ljava/lang/String;=service_sing_restart
Ljava/lang/String;=restartflag | Z=false
Ljava/lang/String;=version | I=21
Ljava/lang/String;=priority | J=5910974510923834
Ljava/lang/String;=packagename | Ljava/lang/String;=com.dragon.android.pandaspace
Ljava/lang/String;=method_version | Ljava/lang/String;=V2
行为描述: 启动服务
详情信息: com.android.musicfx.Compatibility$Service
com.dragon.pandaspace.download.flow.DownloadTaskService
com.dianxinos.optimizer.engine.EngineIntentService
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DeskTopUFOService
com.baidu.android.moplus.MoPlusService
com.android.mms.transaction.SmsReceiverService
行为描述: 读取文件
详情信息: path:/dev/urandom length:17
path:/proc/825/cmdline length:105
path:/proc/837/cmdline length:105
path:/proc/868/cmdline length:105
path:/proc/877/cmdline length:105
path:/proc/901/cmdline length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/pst.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/com.dragon.android.pandaspace.push_sync.xml length:105
path:/proc/927/cmdline length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Config.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/SYSTEM_SETTING.xml length:105
path:/proc/meminfo length:105
path:/proc/951/cmdline length:105
path:/proc/972/cmdline length:105
path:/proc/1/cmdline length:105
path:/proc/2/cmdline length:105
path:/proc/3/cmdline length:105
path:/proc/4/cmdline length:105
path:/proc/5/cmdline length:105
path:/proc/6/cmdline length:105
path:/proc/7/cmdline length:105
path:/proc/8/cmdline length:105
path:/proc/9/cmdline length:105
path:/proc/10/cmdline length:105
path:/proc/11/cmdline length:105
path:/proc/12/cmdline length:105
path:/proc/13/cmdline length:105
path:/proc/14/cmdline length:105
path:/proc/24/cmdline length:105
path:/proc/25/cmdline length:105
path:/proc/26/cmdline length:105
path:/proc/27/cmdline length:105
path:/proc/28/cmdline length:105
path:/proc/29/cmdline length:105
path:/proc/30/cmdline length:105
path:/proc/32/cmdline length:105
path:/proc/33/cmdline length:105
path:/proc/34/cmdline length:105
path:/proc/35/cmdline length:105
path:/proc/36/cmdline length:105
path:/proc/37/cmdline length:105
path:/proc/38/cmdline length:105
path:/proc/39/cmdline length:105
path:/proc/40/cmdline length:105
path:/proc/41/cmdline length:105
path:/proc/42/cmdline length:105
path:/proc/45/cmdline length:105
path:/proc/46/cmdline length:105
path:/proc/148/cmdline length:105
path:/proc/252/cmdline length:105
path:/proc/297/cmdline length:105
path:/proc/340/cmdline length:105
path:/proc/353/cmdline length:105
path:/proc/374/cmdline length:105
path:/proc/385/cmdline length:105
path:/proc/425/cmdline length:105
path:/proc/454/cmdline length:105
path:/proc/484/cmdline length:105
path:/proc/519/cmdline length:105
path:/proc/554/cmdline length:105
path:/proc/572/cmdline length:105
path:/proc/589/cmdline length:105
path:/proc/637/cmdline length:105
path:/proc/649/cmdline length:105
path:/proc/691/cmdline length:105
path:/proc/801/cmdline length:105
path:/proc/825/cmdline length:105
path:/proc/837/cmdline length:105
path:/proc/877/cmdline length:105
path:/proc/927/cmdline length:105
path:/proc/951/cmdline length:105
path:/proc/972/cmdline length:105
path:/proc/974/cmdline length:105
path:/proc/976/cmdline length:105
path:/data/anr/traces.txt length:105
path:/proc/1038/cmdline length:105
path:/proc/1063/cmdline length:105
path:/proc/1065/cmdline length:105
path:/proc/1110/cmdline length:105
path:/proc/1136/cmdline length:105
path:/proc/1162/cmdline length:105
path:/proc/1260/cmdline length:105
path:/proc/1262/cmdline length:105
path:/proc/1038/cmdline length:105
path:/proc/1110/cmdline length:105
path:/proc/1136/cmdline length:105
path:/proc/1162/cmdline length:105
path:/proc/1272/cmdline length:105
path:/proc/1274/cmdline length:105
path:/data/anr/traces.txt length:105
path:/proc/1382/cmdline length:105
path:/proc/1384/cmdline length:105
行为描述: 缓冲区读取一行数据
详情信息: ## Vold 2.0 Generic fstab
## - San Mehat
##
#######################
## Regular device mount
##
## Format: dev_mount <label> <mount_point> <part> <sysfs_path1...>
## label - Label for the volume
## mount_point - Where the volume will be mounted
## part - Partition # (1
## <sysfs_path> - List of sysfs paths to source devices
######################
## Example of a standard sdcard mount for the emulator / Dream
# Mounts the first usable partition of the specified device
dev_mount sdcard /mnt/sdcard auto /devices/platform/goldfish_mmc.0 /devices/platform/msm_sdcc.2/mmc_host/mmc1
## Example of a dual card setup
# dev_mount left_sdcard /sdcard1 auto /devices/platform/goldfish_mmc.0 /devices/platform/msm_sdcc.2/mmc_host/mmc1
# dev_mount right_sdcard /sdcard2 auto /devices/platform/goldfish_mmc.1 /devices/platform/msm_sdcc.3/mmc_host/mmc1
## Example of specifying a specific partition for mounts
# dev_mount sdcard /sdcard 2 /devices/platform/goldfish_mmc.0 /devices/platform/msm_sdcc.2/mmc_host/mmc1
null
download/
baidu/SearchBox/downloads/
UCDownloads/
360Browser/download/
QQBrowser//
baidu/flyflow/downloads/
kbrowser/download/App/
MxBrowser/Downloads
4G-explorer/apks/
kbrowser_fast/download/App/
TTDownload/installapk
huohoubrowser/downloads/
apc/ApcBrowser/downloads/
cmsurfclient/downloads/
ydBrowser/download/
download/2345//
MemTotal: 841036 kB
行为描述: 对指定数据计算哈希
详情信息: com.baidu357242043237511d3894529ac5a14ec
357242043237511d3894529ac5a14ec740ce3ef-6850-449d-8b01-92afb26d1a44
http://bbx2.sj.91.com/softs.ashx?act=222&places=11&iv=8&adlt=1&mt=4&sv=3.9.8.6&osv=4.1.1&cpu=armeabi-v7a,armeabi&rslt=768*1184&imei=357242043237511&imsi=310260000000000&dm=Full+Android+on+Emulator&cuid=B743980F2DFAD177E5E83C05B464ECBC%7C115732340242753
http://bbx2.sj.91.com/softs.ashx?act=225&iv=7&pi=1&tagid=1&mt=4&sv=3.9.8.6&osv=4.1.1&cpu=armeabi-v7a,armeabi&rslt=768*1184&imei=357242043237511&imsi=310260000000000&dm=Full+Android+on+Emulator&cuid=B743980F2DFAD177E5E83C05B464ECBC%7C115732340242753
com.baidu.pushservice.singelinstancev1B743980F2DFAD177E5E83C05B464ECBC
行为描述: 数据泄露
详情信息: sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="KEY_APPRUNTIME" value="13
sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <int name="KEY_LABEL_LAUNCHER_CODE" v
sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="KEY_LABEL_LAUNCHER" va
sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="KEY_FIRST_ENTER_FOCUS"
行为描述: 获取用户ID
详情信息: 310260000000000
行为描述: 执行SQL查询
详情信息: DELETE FROM [report_info_table] WHERE (SELECT
select * from server_config_table where type=1
行为描述: 类加载
详情信息: path:/system/app/PicoTts.apk
path:/system/app/MusicFX.apk
path:/system/framework/am.jar
path:/data/app/com.dragon.android.pandaspace-1.apk
行为描述: 执行系统命令
详情信息: chmod 777 /data/data/com.dragon.android.pandaspace/files/apps/tmp
chmod 777 /data/data/com.dragon.android.pandaspace/files/temp
行为描述: 调用哈希算法
详情信息: MD5
行为描述: 写入文件
详情信息: path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Config.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Config.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/SYSTEM_SETTING.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/SYSTEM_SETTING.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/utils.xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.launcher/shared_prefs/com.android.launcher2.prefs.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Relay_Session.xml length:105
path:/data/data/com.android.launcher/shared_prefs/com.android.launcher2.prefs.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/com.dragon.android.pandaspace.push_sync.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/pst.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/pst.xml length:105
path:/dev/null length:105
path:/dev/null length:6
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
行为描述: 文件写入初始化
详情信息: Ljava/io/File;=/mnt/sdcard/baidu/.cuid | Z=false
行为描述: 设置组件属性
详情信息: Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusService} | I=1 | I=1
Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusReceiver} | I=1 | I=1
Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.defense.push.PushMsgReceiver} | I=1 | I=1
Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusExtReceiver} | I=1 | I=1
行为描述: 初始化Intent
详情信息: Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4158c538 | Ljava/lang/Class;=class com.dragon.pandaspace.download.flow.DownloadTaskService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4158c538 | Ljava/lang/Class;=class com.dianxinos.dxservice.core.DXCoreService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4158c538 | Ljava/lang/Class;=class com.dianxinos.optimizer.engine.EngineIntentService
Landroid/content/Context;=com.dragon.android.pandaspace.main.MainActivity@41648558 | Ljava/lang/Class;=class com.dragon.android.pandaspace.manage.speedup.memory.desktop.DeskTopUFOService
Ljava/lang/String;=download_service_start_success
Ljava/lang/String;=android.intent.action.MAIN
Ljava/lang/String;=com.android.launcher.action.INSTALL_SHORTCUT
Landroid/content/Context;=com.dragon.android.pandaspace.main.MainActivity@41648558 | Ljava/lang/Class;=class com.dragon.android.pandaspace.focus.FocusActivity
Ljava/lang/String;=android.appwidget.action.APPWIDGET_PASSIVE_UPDATE
Landroid/content/Context;=android.app.ReceiverRestrictedContext@41661638 | Ljava/lang/Class;=class com.dragon.android.pandaspace.main.MainActivity
Ljava/lang/String;=com.baidu.android.moplus.action.START
Landroid/content/Intent;=Intent { act=com.baidu.android.moplus.action.START flg=0x30 cmp=com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusReceiver (has extras
Ljava/lang/String;=com.baidu.moplus.action.start.SERVICEINFO
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4157de90 | Ljava/lang/Class;=class com.dragon.pandaspace.download.flow.DownloadTaskService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4157de90 | Ljava/lang/Class;=class com.dianxinos.dxservice.core.DXCoreService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4157de90 | Ljava/lang/Class;=class com.dianxinos.optimizer.engine.EngineIntentService
行为描述: 获取设备ID
详情信息: 357242043237511
行为描述: 定位移动终端
详情信息: null
Activities
VirSCANVirSCAN
活动名 类型
.main.MainActivity android.intent.action.MAIN
.main.MainActivity android.intent.action.VIEW
.main.MainActivity android.intent.category.LAUNCHER
.main.MainActivity android.intent.category.INFO
.main.MainActivity android.intent.category.APP_MARKET
.main.MainActivity android.intent.category.DEFAULT
.main.MainActivity android.intent.category.BROWSABLE
.jump.JumpActivity android.intent.action.VIEW
.jump.JumpActivity android.intent.category.DEFAULT
.jump.JumpActivity android.intent.category.BROWSABLE
.manage.SoftUpgradedActivity android.intent.action.VIEW
.more.CheckedListActivity android.intent.action.VIEW
.web.QingWebViewActivity com.dragon.android.pandaspace.web.QingWebViewActivity
.web.QingWebViewActivity android.intent.category.DEFAULT
.gameserver.GameActivity com.dragon.android.pandaspace.gameserver.GameActivity
.gameserver.GameActivity android.intent.category.DEFAULT
.personal.wallpaper.WallpaperActivity android.intent.action.VIEW
.personal.wallpaper.PictureShareActivity android.intent.action.SET_WALLPAPER
.personal.wallpaper.PictureShareActivity android.intent.category.DEFAULT
.personal.ring.RingActivity android.intent.action.VIEW
.activity.common.RingSettingActivity android.intent.action.RINGTONE_PICKER
.activity.common.RingSettingActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.DetailFactoryActivity android.intent.action.VIEW
com.dragon.android.pandaspace.detail.DetailFactoryActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.DetailFactoryActivity android.intent.category.BROWSABLE
com.dragon.android.pandaspace.detail.DetailFactoryFromNotyActivity android.intent.action.VIEW
com.dragon.android.pandaspace.detail.DetailFactoryFromNotyActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.DetailFactoryFromNotyActivity android.intent.category.BROWSABLE
.manage.download.DownloadActivity android.intent.action.VIEW
.more.SoftUpdateDialog android.intent.action.VIEW
.message.MessageListActivity android.intent.action.VIEW
.message.PdMessageDetailActivity android.intent.action.VIEW
com.dragon.android.pandaspace.cloudsync.contacts.SyncContactsMainActivity android.intent.action.VIEW
com.nd.commplatform.activity.SNSControlCenterActivity com.nd.commplatform.activity.SNSControlCenterActivity
com.tencent.tauth.AuthActivity android.intent.action.VIEW
com.tencent.tauth.AuthActivity android.intent.category.DEFAULT
com.tencent.tauth.AuthActivity android.intent.category.BROWSABLE
com.dragon.android.pandaspace.manage.speedup.boot.BootActivity android.intent.action.VIEW
com.dragon.android.pandaspace.activity.base.DummySkipActivity com.dragon.android.pandaspace.activity.base.DummySkipActivity
com.dragon.android.pandaspace.activity.base.DummySkipActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.democenter.DemoCenterActivity com.dragon.android.pandaspace.democenter.DemoCenterActivity
com.dragon.android.pandaspace.democenter.DemoCenterActivity android.intent.category.DEFAULT
com.chukong.cocosplay.GameActivity com.chukong.cocosplay.VIEW
com.chukong.cocosplay.GameActivity android.intent.category.DEFAULT
com.chukong.cocosplay.CocosProxyActivityGroup com.chukong.cocosplay.activitygroup.VIEW
com.chukong.cocosplay.CocosProxyActivityGroup android.intent.category.DEFAULT
com.dragon.android.pandaspace.gifts.GiftsCenterActivity com.dragon.android.pandaspace.gifts.GiftsCenterActivity
com.dragon.android.pandaspace.gifts.GiftsCenterActivity android.intent.category.DEFAULT
com.baidu.cloudsdk.social.share.handler.QQFriendShareReceiverActivity android.intent.action.VIEW
com.baidu.cloudsdk.social.share.handler.QQFriendShareReceiverActivity android.intent.category.DEFAULT
com.baidu.cloudsdk.social.share.handler.QQFriendShareReceiverActivity android.intent.category.BROWSABLE
com.dragon.android.pandaspace.democenter.DemoGamePlayActivity com.dragon.android.pandaspace.democenter.DemoGamePlayActivity
com.dragon.android.pandaspace.democenter.DemoGamePlayActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.video.VideoViewPlayingActivity android.intent.action.VIEW
com.dragon.android.pandaspace.detail.video.VideoViewPlayingActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.video.VideoViewPlayingActivity android.intent.category.BROWSABLE
危险函数
VirSCANVirSCAN
函数名称 信息
ContentResolver;->query 读取联系人、短信等数据库
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
android/app/NotificationManager;->notify 信息通知栏
java/net/URL;->openConnection 连接URL
java/net/HttpURLConnection;->connect 连接URL
HttpClient;->execute 请求远程服务器
TelephonyManager;->getLine1Number 获取手机号
SmsManager;->sendTextMessage 发送普通短信
PackageManager;->installPackage 安装apk包
ActivityManager;->restartPackage 中断进程,可用于关闭杀软
DefaultHttpClient;->execute 发送HTTP请求
TelephonyManager;->getSimSerialNumber 获取SIM序列号
ContentResolver;->delete 删除短信、联系人
WifiManager;->setWifiEnabled 变更WIFI状态
ActivityManager;->killBackgroundProcesses 中断进程,可用于关闭杀软
java/net/URLConnection;->connect 连接URL
启动方式
VirSCANVirSCAN
名称 信息
com.dragon.android.pandaspace.manage.CleanBroadcastReceiver 应用卸载时启动服务
com.dragon.android.pandaspace.manage.CleanBroadcastReceiver 应用安装时启动服务
com.dragon.android.pandaspace.uninstallrecommend.RecommendBroadcastReceiver 应用卸载时启动服务
com.dragon.android.pandaspace.receiver.AppsUpdateAndLogAndMessageReceiver 开机启动服务
com.dragon.android.pandaspace.receiver.AppsUpdateAndLogAndMessageReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.receiver.AppsUpdateAndLogAndMessageReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.manage.speedup.memory.MemoryWidgetProvider 更新应用小部件时启动服务
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DesktopMemoryReceiver 开机启动服务
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DesktopMemoryReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DesktopMemoryReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.widget.desk.PandaspaceWidgetProvider 更新应用小部件时启动服务
com.dragon.pandaspace.download.mgr.NetWrokReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.receiver.RecentAppReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.autodownload.AutoDownloadReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.autodownload.AutoDownloadReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.receiver.CheckCopycatReceiver 应用安装时启动服务
com.dragon.android.pandaspace.receiver.CheckCopycatReceiver 应用卸载时启动服务
com.baidu.android.moplus.MoPlusReceiver 开机启动服务
com.baidu.android.moplus.MoPlusReceiver 网络连接改变时启动服务
com.baidu.android.moplus.MoPlusReceiver 应用卸载时启动服务
广告信息
VirSCANVirSCAN
名称 信息
com.baidu 百度
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.FORCE_STOP_PACKAGES
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.INTERNET 连接网络(2G或3G)
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.SET_WALLPAPER_HINTS 设置壁纸提示
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.VIBRATE 允许设备震动
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.INSTALL_PACKAGES 安装应用
android.permission.GET_PACKAGE_SIZE 获取应用大小
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.CAMERA 访问照相机设备
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.READ_LOGS 读取系统日志
android.permission.PACKAGE_USAGE_STATS
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.EXPAND_STATUS_BAR 操控状态栏
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.CALL_PHONE 拨打电话
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.FLASHLIGHT 访问闪光灯
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
com.android.alarm.permission.SET_ALARM 设置闹铃提醒
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.SET_ACTIVITY_WATCHER 设置Activity观察器
android.permission.DELETE_PACKAGES 删除应用
android.permission.CHANGE_COMPONENT_ENABLED_STATE 变更组件状态
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
com.android.launcher.permission.CREATE_SHORTCUT
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
com.motorola.dlauncher.permission.READ_SETTINGS
com.motorola.dlauncher.permission.WRITE_SETTINGS
com.motorola.mmsp.motoswitch.permission.READ_SETTINGS
com.motorola.mmsp.motoswitch.permission.WRITE_SETTINGS
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.WRITE_SETTINGS
com.aspire.mm.permission.READ_SETTINGS
com.aspire.mm.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.WRITE_SETTINGS
com.sonyericsson.homescreen.permission.READ_SETTINGS
com.sonyericsson.homescreen.permission.WRITE_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
com.oppo.launcher.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.WRITE_SETTINGS
com.huawei.launcher2.permission.READ_SETTINGS
com.huawei.launcher2.permission.WRITE_SETTINGS
com.huawei.launcher3.permission.READ_SETTINGS
com.huawei.launcher3.permission.WRITE_SETTINGS
com.baiqi.weather.permission.READ_SETTINGS
com.baiqi.weather.permission.WRITE_SETTINGS
com.fede.launcher.permission.READ_SETTINGS
com.fede.launcher.permission.WRITE_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.READ_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.WRITE_SETTINGS
com.motorola.dock.DesktopDock.permission.READ_SETTINGS
com.motorola.dock.DesktopDock.permission.WRITE_SETTINGS
com.lge.launcher.permission.READ_SETTINGS
com.lge.launcher.permission.WRITE_SETTINGS
com.thunderst.launcher.permission.READ_SETTINGS
com.thunderst.launcher.permission.WRITE_SETTINGS
com.sec.android.app.twlauncher.permission.READ_SETTINGS
com.sec.android.app.twlauncher.permission.WRITE_SETTINGS
org.adwfreak.launcher.permission.READ_SETTINGS
org.adwfreak.launcher.permission.WRITE_SETTINGS
org.adw.launcher.permission.READ_SETTINGS
org.adw.launcher.permission.WRITE_SETTINGS
net.qihoo.launcher.permission.READ_SETTINGS
net.qihoo.launcher.permission.WRITE_SETTINGS
com.bbk.launcher2.permission.READ_SETTINGS
com.bbk.launcher2.permission.WRITE_SETTINGS
android.permission.BATTERY_STATS 电量统计
服务列表
VirSCANVirSCAN
名称
com.dragon.android.pandaspace.receiver.UpdateAndMessageService
com.dragon.android.pandaspace.manage.speedup.memory.MemoryUpdateService
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DeskTopUFOService
com.nd.commplatform.versionupdate.ND2VersionUpdateService
com.dragon.android.pandaspace.cloudsync.contacts.ContactsCloudService
com.dragon.pandaspace.download.flow.DownloadTaskService
com.nd.android.smartupdate.aidl.UpdateService
com.dragon.android.pandaspace.receiver.CheckCopycatService
com.baidu.android.moplus.MoPlusService
com.dragon.android.pandaspace.rootinstall.FastInstallService
com.baidu.location.f
com.chukong.cocosplay.host.CocosplayHostService
com.dragon.android.pandaspace.freewifi.FreeWifiService
com.baidu.nonflow.sdk.HeartBeatService
com.baidu.platformsdk.BDPlatformService
com.dragon.android.pandaspace.detail.video.VideoPlayingWifiService
文件列表
VirSCANVirSCAN
文件名 校验码
assets/sapi_theme/style.css 0x9f63a3e1
assets/wappass.baidu.com/passport/login.html 0xeb8c78d5
assets/config.json 0x60866190
assets/ctwifiapi.lic 0xd7d23d2f
assets/default_download_dir.txt 0x40e5489a
assets/error.html 0x15dea77c
assets/nd.jar 0x6884c281
assets/nd_panda_super_shell 0x2343bca2
assets/out_error.html 0xe6db0cef
assets/ye_app_trash.db 0x180ff616
assets/ye_largedirs.db 0xe95892d
assets/ye_license 0xf4a92aa6
res/anim/audio_playing.xml 0x1b106751
res/anim/bdsocialshare_sharedialog_in.xml 0x80ef1303
res/anim/bdsocialshare_sharedialog_out.xml 0x6b6085b2
res/anim/bdsocialshare_sharemenu_in.xml 0x2cc89955
res/anim/bdsocialshare_sharemenu_out.xml 0x836bcdbf
res/anim/cycle.xml 0xd8ebdf54
res/anim/dialog_enter_anim.xml 0x5faabe40
res/anim/dialog_exit_anim.xml 0xc4f61ded
res/anim/loading_ring.xml 0x6b8d887e
res/anim/memory_clearanim.xml 0x43905187
res/anim/more_top_up.xml 0xc04d6de0
res/anim/open_server.xml 0xd71fce43
res/anim/push_bottom_in.xml 0x677a8cae
res/anim/push_bottom_out.xml 0x8c2238c
res/anim/push_middle_stop.xml 0xeb090b17
res/anim/push_right_in.xml 0xbba5000c
res/anim/push_right_out.xml 0x8f4e71e2
res/anim/push_up_in.xml 0x846f114f
res/anim/push_up_out.xml 0x22e86aca
res/anim/result_down.xml 0xe77337ca
res/anim/result_up.xml 0xce0ec5c5
res/anim/scoregottenview_enter_anim.xml 0xea5602ba
res/anim/scoregottenview_exit_anim.xml 0x1d9940b
res/anim/star_down.xml 0x9d4962d9
res/anim/ufo_up.xml 0xfb685a46
res/anim/widget_clearanim.xml 0xf6e04c0
res/anim/widget_layoutanim.xml 0x72cd3ee3
res/anim/zoom_exit.xml 0x161c9d0
res/color/appreward_text_selector.xml 0xf1ad6eb
res/color/filter_reset_date_btn_color.xml 0xb3ec2beb
res/color/menu_font_selector.xml 0x5678a1c5
res/color/photo_btn_text_selector.xml 0x330e3ede
res/color/popupwin_selector.xml 0xcfd739fc
res/color/rand_text_selector.xml 0x7ea9aa5c
res/color/text_color_selector.xml 0xadbb2984
res/color/text_selector.xml 0x95784586
res/drawable/account_dialog_btn_selector.xml 0x1c22cdfa
res/drawable/account_exit_button.xml 0x2609146
res/drawable/account_pick_button.xml 0x253a5bfa
res/drawable/account_radio.xml 0x69177a14
res/drawable/account_take_button.xml 0xe5e69848
res/drawable/account_wheel_bg.xml 0x3ed0ea31
res/drawable/account_wheel_val.xml 0xccabd994
res/drawable/actionbar_holo_dark.xml 0xb6235aad
res/drawable/add_to_desk_selector.xml 0xf3cca523
res/drawable/app_share_selector.xml 0xc1f484
res/drawable/background_border.xml 0x6612697e
res/drawable/background_view_rounded_bottom.xml 0x21fce7b6
res/drawable/background_view_rounded_container.xml 0xfd047149
res/drawable/background_view_rounded_middle.xml 0xc219d54d
res/drawable/background_view_rounded_single.xml 0xfca23c2d
res/drawable/background_view_rounded_top.xml 0xd85ed652
res/drawable/bdp_account_icon_fold_selector.xml 0x7c8749e5
res/drawable/bdp_account_icon_qq_selector.xml 0xf39b25ce
res/drawable/bdp_account_icon_renren_selector.xml 0xed4dd7b
res/drawable/bdp_account_icon_sina_selector.xml 0xd275d2e5
res/drawable/bdp_account_icon_txweibo_selector.xml 0x2f3a2a50
res/drawable/bdp_account_icon_unfold_selector.xml 0xb046cb98
res/drawable/bdp_account_logo_baidu_selector.xml 0x4d09332d
res/drawable/bdp_account_logo_by_selector.xml 0x91a83cb3
res/drawable/bdp_amazing_loading_progress.xml 0x34c66d80
res/drawable/bdp_anim_loading_coffee.xml 0x7e16d3bd
res/drawable/bdp_bg_gray_round.xml 0x6dd66264
res/drawable/bdp_bg_titlebar_btn_selector.xml 0x54539d14
res/drawable/bdp_bg_white_round.xml 0x9b915a74
res/drawable/bdp_btn_gray_selector.xml 0x17ddd424
res/drawable/bdp_btn_green_selector.xml 0xbd9194ea
res/drawable/bdp_btn_yellow_selector.xml 0xf6781434
res/drawable/bdp_icon_back_selector.xml 0x97f08514
res/drawable/bdp_icon_del_selector.xml 0xc8ed365b
res/drawable/bdp_icon_text_clear_selector.xml 0x767f20b8
res/drawable/bdp_input_bg_selector.xml 0x9f66354b
res/drawable/bdp_pager_sliding_background_tab.xml 0x492fc428
res/drawable/bdp_paycenter_amount_no_selected_bg.xml 0xb98dbbb3
res/drawable/bdp_paycenter_amount_no_selected_bg_disable.xml 0x572c473f
res/drawable/bdp_paycenter_amount_no_selected_bg_selector.xml 0xae402cf2
res/drawable/bdp_paycenter_amount_selected_bg.xml 0xb52fdc7
res/drawable/bdp_paycenter_btn_card_big_selector.xml 0x77d9393c
res/drawable/bdp_paycenter_btn_card_click_selector.xml 0xe9f7d2a5
res/drawable/bdp_paycenter_btn_pay_cancel_selector.xml 0x2697d4e6
res/drawable/bdp_paycenter_btn_pay_selector.xml 0xe9f7d2a5
res/drawable/bdp_paycenter_checkbox_91bean_selector.xml 0x62e38b34
res/drawable/bdp_paycenter_dialog_dot_bg.xml 0xe4e33d0b
res/drawable/bdp_paycenter_frame_bg.xml 0x4bc8426b
res/drawable/bdp_paycenter_result_tips_bg.xml 0xcd8b20d
res/drawable/bdp_titlebar_icon_help_selector.xml 0xe1673fbf
res/drawable/bdp_titlebar_icon_menu_selector.xml 0x926a7634
res/drawable/bdp_web_menu_bbs_backward_selector.xml 0x3c2a9284
res/drawable/bdp_web_menu_bbs_cancel_selector.xml 0xe08b9d1a
res/drawable/bdp_web_menu_bbs_forward_selector.xml 0x1dc465af
res/drawable/bdp_web_menu_bbs_reload_selector.xml 0x82b88467
res/drawable/bdp_web_progressbar.xml 0x8bb8e3f8
res/drawable/bdsocialshare_sharedialog_button.xml 0x65324d83
res/drawable/bdsocialshare_sharedialog_button_black.xml 0x938b1d3e
res/drawable/bdsocialshare_sharedialog_button_black_click.xml 0x17910423
res/drawable/bdsocialshare_sharedialog_button_click.xml 0x2d584dd7
res/drawable/bdsocialshare_sharedialog_counter_bg.xml 0xadc4a38b
res/drawable/bdsocialshare_sharedialog_counter_bg_black.xml 0x29a42ac
res/drawable/bdsocialshare_sharedialog_location_click.xml 0x2a55e053
res/drawable/bdsocialshare_sharedialog_locationpreview_bg.xml 0xa863950c
res/drawable/bdsocialshare_sharedialog_locationpreview_bg_black.xml 0x26212432
res/drawable/bdsocialshare_sharemenu_cancel_click.xml 0x1b1c8ff5
res/drawable/bdsocialshare_sharemenu_cancel_click_black.xml 0x8803f08f
res/drawable/bdsocialshare_sharemenu_cancelbutton.xml 0x80e78d16
res/drawable/bdsocialshare_sharemenu_cancelbutton_black.xml 0x29436ee4
res/drawable/bdsocialshare_sharemenu_item_click.xml 0x27a6fb85
res/drawable/bdsocialshare_sharemenu_item_click_black.xml 0xa037b0c8
res/drawable/bg_memorybutton_selector.xml 0x77a1fde1
res/drawable/bg_startbutton_selector.xml 0x9697a199
res/drawable/btn_checkagain_selector.xml 0xd6e5e663
res/drawable/btn_detail_close.xml 0x72438753
res/drawable/btn_detail_sidebar_item_selector.xml 0xd6090bf8
res/drawable/btn_detail_snapshot.xml 0xe06feaff
res/drawable/btn_green_selector.xml 0x5c2e62dd
res/drawable/btn_guide_start_selector.xml 0x13662a6f
res/drawable/btn_medaldetail_selector.xml 0xfb5559c5
res/drawable/btn_photos_sync_selector.xml 0x5e92f748
res/drawable/btn_start_sync_selector.xml 0x4d7c347e
res/drawable/check_guide_selector.xml 0xb95d85a4
res/drawable/chevron.xml 0xf18228bb
res/drawable/cmplex_search_select.xml 0xb1c0c94e
res/drawable/comment_submit_selecor_button.xml 0x872efb74
res/drawable/comment_write_selector_button.xml 0xa7444d46
res/drawable/common_arrow_14dp.xml 0x318e2f52
res/drawable/common_btn.xml 0x66031ad2
res/drawable/common_btn_green.xml 0x5408b0f0
res/drawable/common_btn_pressed.xml 0x55846ab6
res/drawable/common_btn_selector.xml 0x9af01493
res/drawable/common_btn_selector_green.xml 0xd346c190
res/drawable/common_img_bg.xml 0x8589553b
res/drawable/contacts_toggle.xml 0x4d2a98f
res/drawable/current_hot_selector.xml 0xa34213b2
res/drawable/delete_record_normal.9.png 0x6d551aa7
res/drawable/delete_record_press.9.png 0x20c75c96
res/drawable/delete_record_selector.xml 0xd2f05063
res/drawable/desktop_dialog_btn_pressed.xml 0x7afb6dc3
res/drawable/desktop_panel_shape.xml 0x640bb44c
res/drawable/desktop_panel_toggle.xml 0xb95a3c32
res/drawable/detail_authen_btselector.xml 0xa6bef07b
res/drawable/dialog_divider_horizontal.png 0x81ad1842
res/drawable/divideline.png 0x110e9ce4
res/drawable/download_progress_bar_layer.xml 0x6fff3368
res/drawable/dropdown_item_background_selector.xml 0xf75b3b92
res/drawable/dropdown_video_item_backguound_select.xml 0x3ff1917f
res/drawable/dustclear_activity_background.xml 0xd8a14c1b
res/drawable/file_move_progressbar.xml 0x51450965
res/drawable/filebrowser_cancel_button.xml 0x9d1716d2
res/drawable/filebrowser_confirm_button.xml 0xeed41255
res/drawable/filter_signal_btn_selector.xml 0x66f85ab1
res/drawable/gallery_addwallpaper_normal.png 0xad3fa978
res/drawable/gallery_addwallpaper_pressed.png 0x7e10a6f
res/drawable/gallery_addwallpaper_selector.xml 0xe383e7fd
res/drawable/gallery_image_normal.9.png 0xa543f1c7
res/drawable/gallery_image_pressed.9.png 0x6cc018d8
res/drawable/gallery_image_selector.xml 0xb22ea5a4
res/drawable/gift_tabview_selector.xml 0x2b2ace57
res/drawable/gifts_tab_normal_selector.xml 0x844073dd
res/drawable/gifts_tab_press_selector.xml 0x23224de2
res/drawable/hot_search_selector.xml 0x1ed318db
res/drawable/ic_help_selector.xml 0x2537d7a9
res/drawable/icon_big.png 0xe0edb2c2
res/drawable/icon_default2.png 0xa725d833
res/drawable/icon_default_save.png 0x6a89fd35
res/drawable/icon_default_save1.9.png 0x93d884a7
res/drawable/icon_default_save_mode.png 0x46b5cfbb
res/drawable/icon_notify.png 0x22fd989f
res/drawable/icon_star_selected.png 0x72b4a445
res/drawable/icon_star_unselected.png 0xcd9c2ae1
res/drawable/indexview_textview_backnor.png 0x59649496
res/drawable/indexview_textview_backsel.png 0x3978b01
res/drawable/installed.png 0xd19c9487
res/drawable/list_item_background.xml 0x81ffd5ba
res/drawable/list_item_background_normal_bottom.png 0x9106711a
res/drawable/list_item_background_normal_top.png 0x6bcd61fe
res/drawable/list_item_background_selector.xml 0x2d7f1381
res/drawable/list_recommend_item_background_selector.xml 0xc5750fd3
res/drawable/loading_page_bg.9.png 0x319340fe
res/drawable/local_photo_diver_line.xml 0x2f246c74
res/drawable/logo.png 0x324fc938
res/drawable/membership_laohuji_selector.xml 0xd6c29e4e
res/drawable/membership_today_task_selector.xml 0x9fd4a898
res/drawable/nd_incentive_tab_bg.xml 0x47296c3f
res/drawable/optons_bg.9.png 0x9a95018b
res/drawable/overall_rank_selector.xml 0x30b70ed
res/drawable/overefresh_arrow_down.png 0xa8a48122
res/drawable/pause_btn_style.xml 0xad58e65
res/drawable/photo_bakup_btn.xml 0x35a6975c
res/drawable/photo_delete_btn_selector.xml 0x175fa77b
res/drawable/photo_process_btn_selector.xml 0xf709df76
res/drawable/photo_selector.xml 0x19c0fd39
res/drawable/photo_sync_button_selector.xml 0x8d7d4ec6
res/drawable/photo_sync_passord_input_bg.9.png 0x94332e00
res/drawable/photo_sync_process_bar.xml 0x7ac54669
res/drawable/photo_sync_process_bar2.xml 0x268cc1f5
res/drawable/photo_sync_process_bar3.xml 0x2396880
res/drawable/pic_share_normal.png 0xebe22329
res/drawable/pic_share_pressed.png 0x601bd511
res/drawable/pic_share_selector.xml 0x470dc618
res/drawable/play_btn_style.xml 0xb8497ca4
res/drawable/power_brief_bg.9.png 0x93c0909f
res/drawable/progressbar.xml 0x14171b9d
res/drawable/ratebar_choose.png 0x8d7fd8b2
res/drawable/ratebar_unchoose.png 0x65e54366
res/drawable/ratingbar_selector.xml 0x94c60350
res/drawable/ratingbar_selector_small.xml 0x4613c519
res/drawable/register_btn_selector.xml 0xb8523a4d
res/drawable/ring_loading_round.png 0x3d4a9a65
res/drawable/ring_play_btn.png 0x5d3df242
res/drawable/ring_stop_btn.png 0x9d9b2d4f
res/drawable/search_input_back.9.png 0x834e0878
res/drawable/search_match_list_bg.9.png 0x7de4b482
res/drawable/search_selector.xml 0x6bfa5ffe
res/drawable/search_update.xml 0xad0d0aa6
res/drawable/share_other_type.png 0xd605052b
res/drawable/share_sina_type.png 0xddff4acf
res/drawable/sns_btn_bg_selector.xml 0x23fb0466
res/drawable/sns_list_item_bg_selector.xml 0x784a8179
res/drawable/soft_download_all.png 0x9bf8403a
res/drawable/soft_favor_unchecked_selector.xml 0xe9337480
res/drawable/soft_share_selector.xml 0x34195123
res/drawable/soft_uninstall_comment_button.xml 0x2be321de
res/drawable/soft_update_all.png 0x9076b463
res/drawable/start_tip.xml 0x3e7a0658
res/drawable/stop_download.png 0x40627ae8
res/drawable/storage_bg.xml 0x2093129c
res/drawable/sysfabrication_tip.png 0xeb7d2248
res/drawable/theme_default.9.png 0x5e1a1416
res/drawable/theme_ranking_bt.png 0xedd3a019
res/drawable/theme_ranking_no1.png 0x5194fd68
res/drawable/theme_shop_v2_ranking_grid_item_line.9.png 0x95e107f
res/drawable/theme_shop_v2_ranking_no1_star1.png 0xc10e511b
res/drawable/theme_shop_v2_theme_detail_next_btn.xml 0x47ecdd52
res/drawable/theme_shop_v2_theme_detail_next_btn_1.png 0x79a76ad1
res/drawable/theme_shop_v2_theme_detail_next_btn_2.png 0xac3db66d
res/drawable/theme_shop_v2_theme_detail_next_btn_disable.png 0xb4d1b9fe
res/drawable/theme_shop_v2_theme_detail_pre_btn.xml 0xc01791a4
res/drawable/theme_shop_v2_theme_detail_pre_btn_1.png 0x8f8a1465
res/drawable/theme_shop_v2_theme_detail_pre_btn_2.png 0x90350e73
res/drawable/theme_shop_v2_theme_detail_pre_btn_disable.png 0xf9dd7d1e
res/drawable/titleindex_back.9.png 0x5f80e36b
res/drawable/titleindex_back_selector.xml 0x6a103129
res/drawable/topbar_backgroup_image.png 0x5e1a65c3
res/drawable/two_code_selector.xml 0x8adb8528
res/drawable/ufo_close.xml 0xb6c92843
res/drawable/ufo_fire.xml 0x25aa1170
res/drawable/ufo_open.xml 0x6eec868d
res/drawable/ufo_shake.xml 0xf9e5d886
res/drawable/upbtpress_selector.xml 0x4b0b6683
res/drawable/update_item_bg.xml 0x76ccf22b
res/drawable/video_back_select.xml 0x7fe8e10c
res/drawable/video_seek_img.xml 0x26c3afd5
res/drawable/video_thumb_img.xml 0x4cb97991
res/drawable/vip91_default_icon.xml 0xbf147904
res/drawable/voice_selector.xml 0x96f1d98f
res/drawable/wallpaper_default.9.png 0xd736ac0e
res/drawable/widget_backgroud.png 0x52378c9c
res/drawable/widget_bg_content_search.xml 0xe3ad3ba5
res/drawable/widget_bg_ic_search.xml 0x3a14ef8b
res/drawable/widget_button_bg.png 0x14c6a049
res/drawable/widget_clear.png 0x9de16f20
res/drawable/widget_state_green.png 0xd4a3e680
res/drawable/widget_state_red.png 0x6abf24ac
res/layout/about_update_tip.xml 0x83caefb7
res/layout/about_viewer.xml 0xe22a8165
res/layout/account_activity.xml 0xbd80324d
res/layout/account_dialog.xml 0xe1f1316
res/layout/account_dialog_avatar.xml 0x4e965440
res/layout/account_dialog_birthday.xml 0xb477bead
res/layout/account_dialog_name.xml 0x474ec543
res/layout/account_dialog_sex.xml 0x62349166
res/layout/activity_checkedlist.xml 0xdc3053f
res/layout/activity_item.xml 0x51aad75f
res/layout/activity_layout.