VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:2%Antivirus software(1/39)found malware!
Behavior analysis report:         Habo file analysis
Time: 2014-11-06 16:59:00 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
ahnlab 9.9.9 9.9.9 2013-05-28 Found nothing 4
antivir 1.9.2.0 1.9.159.0 7.11.183.62 Found nothing 50
antiy 114701 AVL141003 2014-10-04 Found nothing 7
arcavir 1.0 2011 2014-05-30 Found nothing 12
asquared 9.0.0.4157 9.0.0.4157 2014-07-30 Found nothing 5
avast 141105-0 4.7.4 2014-11-05 Found nothing 45
avg 2109/7906 10.0.1405 2014-10-17 Found nothing 11
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 1
baidusd 1.0 1.0 2014-04-02 Found nothing 60
bitdefender 7.57568 7.90123 2014-11-05 Found nothing 13
clamav 19588 0.97.5 2014-11-05 Found nothing 16
comodo 15023 5.1 2014-10-03 Found nothing 3
ctch 4.6.5 5.3.14 2013-12-01 Found nothing 3
drweb 5.0.2.3300 5.0.1.1 2014-10-31 Found nothing 58
fortinet 23.123, 23.123 5.1.158 2014-11-06 Found nothing 3
fprot 4.6.2.117 6.5.1.5418 2014-11-05 Found nothing 11
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 48
gdata 24.3819 24.3819 2014-08-29 Found nothing 14
hauri 2.73 2.73 2014-06-13 Found nothing 1
ikarus 1.06.01 V1.32.31.0 2014-11-05 Found nothing 58
jiangmin 16.0.100 1.0.0.0 2014-07-28 Found nothing 14
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 56
kingsoft 2.1 2.1 2013-09-22 Found nothing 10
mcafee 7520 5400.1158 2014-08-04 Found nothing 40
nod32 0436 3.0.21 2014-09-18 a variant of Android/SystemMonitor.A application 12
panda 9.05.01 9.05.01 2014-06-15 Found nothing 4
pcc 11.258.05 9.500-1005 2014-11-05 Found nothing 7
qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
qqphone 1.0.0.0 1.0.0.0 2014-11-06 Found nothing 1
quickheal 14.00 14.00 2014-06-14 Found nothing 9
rising 25.17.00.04 25.17.00.04 2014-06-02 Found nothing 20
sophos 5.04 3.51.0 2014-08-05 Found nothing 41
sunbelt 3.9.2589.2 3.9.2589.2 2014-06-13 Found nothing 8
symantec 20141104.004 1.3.0.24 2014-11-04 Found nothing 2
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 16
thehacker 6.8.0.5 6.8.0.5 2014-06-12 Found nothing 11
tws 17.47.17308 1.0.2.2108 2014-06-16 Found nothing 14
vba 3.12.26.3 3.12.26.3 2014-11-05 Found nothing 19
virusbuster 15.0.959.0 5.5.2.13 2014-11-05 Found nothing 55
权限列表
许可名称 信息
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.FORCE_STOP_PACKAGES
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.INTERNET 连接网络(2G或3G)
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.SET_WALLPAPER_HINTS 设置壁纸提示
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.VIBRATE 允许设备震动
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.INSTALL_PACKAGES 安装应用
android.permission.GET_PACKAGE_SIZE 获取应用大小
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.CAMERA 访问照相机设备
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.READ_LOGS 读取系统日志
android.permission.PACKAGE_USAGE_STATS
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.EXPAND_STATUS_BAR 操控状态栏
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.CALL_PHONE 拨打电话
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.FLASHLIGHT 访问闪光灯
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
com.android.alarm.permission.SET_ALARM 设置闹铃提醒
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.SET_ACTIVITY_WATCHER 设置Activity观察器
android.permission.DELETE_PACKAGES 删除应用
android.permission.CHANGE_COMPONENT_ENABLED_STATE 变更组件状态
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
com.android.launcher.permission.CREATE_SHORTCUT
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
com.motorola.dlauncher.permission.READ_SETTINGS
com.motorola.dlauncher.permission.WRITE_SETTINGS
com.motorola.mmsp.motoswitch.permission.READ_SETTINGS
com.motorola.mmsp.motoswitch.permission.WRITE_SETTINGS
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.WRITE_SETTINGS
com.aspire.mm.permission.READ_SETTINGS
com.aspire.mm.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.WRITE_SETTINGS
com.sonyericsson.homescreen.permission.READ_SETTINGS
com.sonyericsson.homescreen.permission.WRITE_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
com.oppo.launcher.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.WRITE_SETTINGS
com.huawei.launcher2.permission.READ_SETTINGS
com.huawei.launcher2.permission.WRITE_SETTINGS
com.huawei.launcher3.permission.READ_SETTINGS
com.huawei.launcher3.permission.WRITE_SETTINGS
com.baiqi.weather.permission.READ_SETTINGS
com.baiqi.weather.permission.WRITE_SETTINGS
com.fede.launcher.permission.READ_SETTINGS
com.fede.launcher.permission.WRITE_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.READ_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.WRITE_SETTINGS
com.motorola.dock.DesktopDock.permission.READ_SETTINGS
com.motorola.dock.DesktopDock.permission.WRITE_SETTINGS
com.lge.launcher.permission.READ_SETTINGS
com.lge.launcher.permission.WRITE_SETTINGS
com.thunderst.launcher.permission.READ_SETTINGS
com.thunderst.launcher.permission.WRITE_SETTINGS
com.sec.android.app.twlauncher.permission.READ_SETTINGS
com.sec.android.app.twlauncher.permission.WRITE_SETTINGS
org.adwfreak.launcher.permission.READ_SETTINGS
org.adwfreak.launcher.permission.WRITE_SETTINGS
org.adw.launcher.permission.READ_SETTINGS
org.adw.launcher.permission.WRITE_SETTINGS
net.qihoo.launcher.permission.READ_SETTINGS
net.qihoo.launcher.permission.WRITE_SETTINGS
com.bbk.launcher2.permission.READ_SETTINGS
com.bbk.launcher2.permission.WRITE_SETTINGS
android.permission.BATTERY_STATS 电量统计
文件信息
VirSCANVirSCAN
安全评分 :85
基本信息
VirSCANVirSCAN
MD5:b39ba8d8eb1f58f1baee6473bf9202ae
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:com.dragon.android.pandaspace
最低运行环境:Android 2.2.x
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 286720
行为描述: 跨进程写入数据
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 81920
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 45056
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [Windows Internet Explorer,IEFrame]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 创建远程线程
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\%temp%\1415240608.935915.exe
行为描述: 设置启动项
详情信息: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\arpproducticon.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut1_edd4abb1c1b34a9d84ce33fbfb5d3639.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut2_e88611396ff84afcb2ee5c1594058e02.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut311_0951773981fa4ab2bc21b7dcec95892a.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut31_2f252077ba3f4362913955273a708467.exe
\device\harddiskvolume1\windows\system32\calc.exe
\device\harddiskvolume1\windows\system32\mynotepad.exe
\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述: 关闭系统文件保护
详情信息: N/A
行为描述: 插入APC(异步过程调用)
详情信息: C:\Program Files\Internet Explorer\iexplore.exe
C:\%temp%\1415240684.695371.exe
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 通过内存映射跨进程修改内存
详情信息: TargetProcess = [System Process]
TargetProcess = iexplore.exe
TargetProcess = AutoMonCtl.exe
行为描述: 按名称获取主机地址
详情信息: ilo.brenz.pl
supnewdmn.com
google.com
wpad
tvrstrynyvwstrtve.com
www.yixun.com
rtvwerjyuver.com
ant.trenz.pl
wqerveybrstyhcerveantbe.com
进程行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 286720
行为描述: 跨进程写入数据
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 81920
TargetProcess = iexplore.exe, WriteAddress = 0x00020000, Size = 563
TargetProcess = iexplore.exe, WriteAddress = 0x00030000, Size = 223
TargetProcess = iexplore.exe, WriteAddress = 0x00040000, Size = 165
TargetProcess = iexplore.exe, WriteAddress = 0x00050000, Size = 312
TargetProcess = iexplore.exe, WriteAddress = 0x00401a25, Size = 12
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
TargetProcess = iexplore.exe, WriteAddress = 0x20070000, Size = 45056
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [Windows Internet Explorer,IEFrame]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 创建远程线程
详情信息: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\%temp%\1415240608.935915.exe
行为描述: 设置启动项
详情信息: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\arpproducticon.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut1_edd4abb1c1b34a9d84ce33fbfb5d3639.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut2_e88611396ff84afcb2ee5c1594058e02.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut311_0951773981fa4ab2bc21b7dcec95892a.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut31_2f252077ba3f4362913955273a708467.exe
\device\harddiskvolume1\windows\system32\calc.exe
\device\harddiskvolume1\windows\system32\mynotepad.exe
\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述: 关闭系统文件保护
详情信息: N/A
行为描述: 插入APC(异步过程调用)
详情信息: C:\Program Files\Internet Explorer\iexplore.exe
C:\%temp%\1415240684.695371.exe
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
行为描述: 跨进程写代码段数据
详情信息: C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00401A25, EntryPoint = 0x00401A25
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 通过内存映射跨进程修改内存
详情信息: TargetProcess = [System Process]
TargetProcess = iexplore.exe
TargetProcess = AutoMonCtl.exe
行为描述: 按名称获取主机地址
详情信息: ilo.brenz.pl
supnewdmn.com
google.com
wpad
tvrstrynyvwstrtve.com
www.yixun.com
rtvwerjyuver.com
ant.trenz.pl
wqerveybrstyhcerveantbe.com
文件行为
VirSCANVirSCAN
行为描述: 修改原系统的EXE文件
详情信息: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe---> Offset = 241664
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe---> Offset = 286720
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe---> Offset = 286720
行为描述: 创建可执行文件
详情信息: C:\monitor\samplemgr.exe
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\CDTAQBbQ.exe
C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 设置启动项
详情信息: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
行为描述: 内存映射方式修改可执行文件
详情信息: \device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\arpproducticon.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut1_edd4abb1c1b34a9d84ce33fbfb5d3639.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut2_e88611396ff84afcb2ee5c1594058e02.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut311_0951773981fa4ab2bc21b7dcec95892a.exe
\device\harddiskvolume1\documents and settings\administrator\application data\microsoft\installer\{052cfb79-9d62-42e3-8a15-de66c2c97c3e}\newshortcut31_2f252077ba3f4362913955273a708467.exe
\device\harddiskvolume1\windows\system32\calc.exe
\device\harddiskvolume1\windows\system32\mynotepad.exe
\device\harddiskvolume1\documents and settings\administrator\application data\sogouexplorer\extension\com.sogou.snaptaker\0.4.2\npprintscreen.dll
行为描述: 在系统目录释放敏感文件
详情信息: C:\WINDOWS\RECYCLER\S-2-4-01-3687128513-1224684602-106773714-0145\XbVqwYGK.cpl
行为描述: 修改原系统的可执行文件
详情信息: C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll---> Offset = 557056
行为描述: 写权限映射文件
详情信息: {2872B863-CECA-E562-CC5C-4F1A2BD10E1C}
\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
\WINDOWS\system32\calc.exe
Local\UrlZonesSM_Administrator
\Documents and Settings\Administrator\Application Data\SogouExplorer\Bin\flash_wk.dll
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (00000B5C-0000-0000-0000-000000000000)
Local\SqmData_IESQM-2908_S-1-5-21-1482476501-1645522239-1417001333-500
ie_lcie_main_b5c
Isolation Process Registry (C302EA59-655B-11E4-B5D3-000C2938259F)
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Program Files\Internet Explorer\dmlconf.dat---> Offset = 0
C:\WINDOWS\Prefetch\CONIME.EXE-13EEEA1A.pf---> Offset = 0
C:\WINDOWS\autorun.inf---> Offset = 7613
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html---> Offset = 351118
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html---> Offset = 349111
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html---> Offset = 387945
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[1]---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html---> Offset = 349539
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[2]---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html---> Offset = 353494
网络行为
VirSCANVirSCAN
行为描述: 发送一个已连接的套接字数据
详情信息: SOCKET = 0x00000214, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x00000214, TotalSize = 40, Offset = 0, ReadSize = 40.
SOCKET = 0x000000d0, TotalSize = 6, Offset = 0, ReadSize = 6.
SOCKET = 0x000004e8, TotalSize = 20, Offset = 0, ReadSize = 20.
SOCKET = 0x000004e8, TotalSize = 40, Offset = 0, ReadSize = 40.
行为描述: 建立到一个指定的套接字连接
详情信息: 219.133.40.1:80
219.133.40.1:447
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://www.live.com/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
行为描述: 按名称获取主机地址
详情信息: ilo.brenz.pl
supnewdmn.com
google.com
wpad
tvrstrynyvwstrtve.com
www.yixun.com
rtvwerjyuver.com
ant.trenz.pl
wqerveybrstyhcerveantbe.com
注册表行为
VirSCANVirSCAN
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SAM\SAM\Domains\Account\Users\000001F4\F
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\SessionInformation\ProgramCount
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SQM\PIDs\PID_2908
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Recovery\Active\{C302EA5C-655B-11E4-B5D3-000C2938259F}
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 修改注册表_系统防火墙可信进程列表
详情信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
其他行为
VirSCANVirSCAN
行为描述: 创建驱动文件镜像
详情信息: C:\WINDOWS\system32\drivers\fastfat.sys
行为描述: 创建互斥体
详情信息: {2872C6F9-CECA-E562-CC5C-4F1A332D0E1C}
{2872C0E2-CECA-E562-CC5C-4F1A2BD10E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2BD10E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2BD50E1C}
{2872BAEB-CECA-E562-CC5C-4F1A2BD10E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2DE50E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E210E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E210E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E390E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E390E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E6D0E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E6D0E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2E790E1C}
{2872C6F9-CECA-E562-CC5C-4F1A2E790E1C}
{2872CC2C-CECA-E562-CC5C-4F1A2F190E1C}
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [QQ2013,TXGuiFoundation]
[Window,Class] = [OP_2269840561,CTXOPConntion_Class]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [Windows Internet Explorer,IEFrame]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Static,]
行为描述: 关闭系统文件保护
详情信息: N/A
行为描述: 获取系统权限
详情信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
SE_AUDIT_PRIVILEGE
SE_TAKE_OWNERSHIP_PRIVILEGE
SE_RESTORE_PRIVILEGE
SE_BACKUP_PRIVILEGE
SE_CHANGE_NOTIFY_PRIVILEGE
行为描述: 枚举窗口
详情信息: N/A
行为描述: 插入APC(异步过程调用)
详情信息: C:\Program Files\Internet Explorer\iexplore.exe
C:\%temp%\1415240684.695371.exe
行为描述: 内联HOOK
详情信息: C:\WINDOWS\system32\sfc_os.dll--->SfcGetNextProtectedFile Offset = 0x2eb2
C:\WINDOWS\system32\ntdll.dll--->ZwWriteVirtualMemory Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtResumeThread Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->sendto Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->recvfrom Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSASend Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSASendTo Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->WSARecvFrom Offset = 0x0
C:\WINDOWS\system32\WS2_32.dll--->closesocket Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->LdrLoadDll Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->NtQueryDirectoryFile Offset = 0x0
c:\windows\system32\WS2_32.dll--->sendto Offset = 0x0
c:\windows\system32\WS2_32.dll--->recvfrom Offset = 0x0
c:\windows\system32\WS2_32.dll--->WSASend Offset = 0x0
c:\windows\system32\WS2_32.dll--->WSASendTo Offset = 0x0
行为描述: 窗口信息
详情信息: Pid = 1460, Hwnd=0xc01de, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xc01d6, Text = 取消, ClassName = Button.
Pid = 1460, Hwnd=0xd01c8, Text = Frozen Throne was unable to find War3.exe. Please make sure your game is correctly installed, and that your Frozen Throne disc is, ClassName = Static.
Pid = 1460, Hwnd=0xe0166, Text = CD-ROM drive error., ClassName = #32770.
Pid = 1460, Hwnd=0xd0180, Text = Launching Warcraft III, ClassName = Warcraft III Root.
Pid = 1460, Hwnd=0xe01c8, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xd01d6, Text = 取消, ClassName = Button.
Pid = 1460, Hwnd=0xd01de, Text = Frozen Throne was unable to find War3.exe. Please make sure your game is correctly installed, and that your Frozen Throne disc is, ClassName = Static.
Pid = 1460, Hwnd=0xf0166, Text = CD-ROM drive error., ClassName = #32770.
Pid = 1460, Hwnd=0xe01de, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xe01d6, Text = 取消, ClassName = Button.
Pid = 1460, Hwnd=0xf01c8, Text = Frozen Throne was unable to find War3.exe. Please make sure your game is correctly installed, and that your Frozen Throne disc is, ClassName = Static.
Pid = 1460, Hwnd=0x100166, Text = CD-ROM drive error., ClassName = #32770.
Pid = 1460, Hwnd=0x1001c8, Text = 重试(&R), ClassName = Button.
Pid = 1460, Hwnd=0xf01d6, Text = 取消, ClassName = Button.
危险行为
VirSCANVirSCAN
行为描述: 执行系统命令
详情信息: chmod 777 /data/data/com.dragon.android.pandaspace/files/apps/tmp
chmod 777 /data/data/com.dragon.android.pandaspace/files/temp
动态列表行为
VirSCANVirSCAN
行为描述: 传递附加信息
详情信息: Ljava/lang/String;=android.intent.extra.shortcut.NAME | Ljava/lang/String;=91
Ljava/lang/String;=duplicate | Z=false
Ljava/lang/String;=android.intent.extra.shortcut.INTENT | Landroid/os/Parcelable;=Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] cmp=com.dragon.android.pandaspace/.main.MainActivity }
Ljava/lang/String;=android.intent.extra.shortcut.ICON_RESOURCE | Landroid/os/Parcelable;=com.dragon.android.pandaspace:drawable/icon
Ljava/lang/String;=isFromOutSideDesktop | Z=true
Ljava/lang/String;=android.intent.extra.shortcut.NAME | Ljava/lang/String;=
Ljava/lang/String;=android.intent.extra.shortcut.INTENT | Landroid/os/Parcelable;=Intent { act=com.dragon.android.pandaspace.gameserver.GameActivity dat=shortcut://gamecenter (has extras
Ljava/lang/String;=android.intent.extra.shortcut.ICON_RESOURCE | Landroid/os/Parcelable;=com.dragon.android.pandaspace:drawable/game_center_play
Ljava/lang/String;=act_id | Ljava/lang/String;=14
Ljava/lang/String;=isFromeOutside | Z=true
Ljava/lang/String;=method_version | Ljava/lang/String;=V1
Ljava/lang/String;=method | Ljava/lang/String;=pushservice_restart
Ljava/lang/String;=type | Ljava/lang/String;=service_restart
Ljava/lang/String;=type | Ljava/lang/String;=service_sing_restart
Ljava/lang/String;=restartflag | Z=false
Ljava/lang/String;=version | I=21
Ljava/lang/String;=priority | J=5910974510923834
Ljava/lang/String;=packagename | Ljava/lang/String;=com.dragon.android.pandaspace
Ljava/lang/String;=method_version | Ljava/lang/String;=V2
行为描述: 启动服务
详情信息: com.android.musicfx.Compatibility$Service
com.dragon.pandaspace.download.flow.DownloadTaskService
com.dianxinos.optimizer.engine.EngineIntentService
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DeskTopUFOService
com.baidu.android.moplus.MoPlusService
com.android.mms.transaction.SmsReceiverService
行为描述: 读取文件
详情信息: path:/dev/urandom length:17
path:/proc/825/cmdline length:105
path:/proc/837/cmdline length:105
path:/proc/868/cmdline length:105
path:/proc/877/cmdline length:105
path:/proc/901/cmdline length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/pst.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/com.dragon.android.pandaspace.push_sync.xml length:105
path:/proc/927/cmdline length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Config.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/SYSTEM_SETTING.xml length:105
path:/proc/meminfo length:105
path:/proc/951/cmdline length:105
path:/proc/972/cmdline length:105
path:/proc/1/cmdline length:105
path:/proc/2/cmdline length:105
path:/proc/3/cmdline length:105
path:/proc/4/cmdline length:105
path:/proc/5/cmdline length:105
path:/proc/6/cmdline length:105
path:/proc/7/cmdline length:105
path:/proc/8/cmdline length:105
path:/proc/9/cmdline length:105
path:/proc/10/cmdline length:105
path:/proc/11/cmdline length:105
path:/proc/12/cmdline length:105
path:/proc/13/cmdline length:105
path:/proc/14/cmdline length:105
path:/proc/24/cmdline length:105
path:/proc/25/cmdline length:105
path:/proc/26/cmdline length:105
path:/proc/27/cmdline length:105
path:/proc/28/cmdline length:105
path:/proc/29/cmdline length:105
path:/proc/30/cmdline length:105
path:/proc/32/cmdline length:105
path:/proc/33/cmdline length:105
path:/proc/34/cmdline length:105
path:/proc/35/cmdline length:105
path:/proc/36/cmdline length:105
path:/proc/37/cmdline length:105
path:/proc/38/cmdline length:105
path:/proc/39/cmdline length:105
path:/proc/40/cmdline length:105
path:/proc/41/cmdline length:105
path:/proc/42/cmdline length:105
path:/proc/45/cmdline length:105
path:/proc/46/cmdline length:105
path:/proc/148/cmdline length:105
path:/proc/252/cmdline length:105
path:/proc/297/cmdline length:105
path:/proc/340/cmdline length:105
path:/proc/353/cmdline length:105
path:/proc/374/cmdline length:105
path:/proc/385/cmdline length:105
path:/proc/425/cmdline length:105
path:/proc/454/cmdline length:105
path:/proc/484/cmdline length:105
path:/proc/519/cmdline length:105
path:/proc/554/cmdline length:105
path:/proc/572/cmdline length:105
path:/proc/589/cmdline length:105
path:/proc/637/cmdline length:105
path:/proc/649/cmdline length:105
path:/proc/691/cmdline length:105
path:/proc/801/cmdline length:105
path:/proc/825/cmdline length:105
path:/proc/837/cmdline length:105
path:/proc/877/cmdline length:105
path:/proc/927/cmdline length:105
path:/proc/951/cmdline length:105
path:/proc/972/cmdline length:105
path:/proc/974/cmdline length:105
path:/proc/976/cmdline length:105
path:/data/anr/traces.txt length:105
path:/proc/1038/cmdline length:105
path:/proc/1063/cmdline length:105
path:/proc/1065/cmdline length:105
path:/proc/1110/cmdline length:105
path:/proc/1136/cmdline length:105
path:/proc/1162/cmdline length:105
path:/proc/1260/cmdline length:105
path:/proc/1262/cmdline length:105
path:/proc/1038/cmdline length:105
path:/proc/1110/cmdline length:105
path:/proc/1136/cmdline length:105
path:/proc/1162/cmdline length:105
path:/proc/1272/cmdline length:105
path:/proc/1274/cmdline length:105
path:/data/anr/traces.txt length:105
path:/proc/1382/cmdline length:105
path:/proc/1384/cmdline length:105
行为描述: 缓冲区读取一行数据
详情信息: ## Vold 2.0 Generic fstab
## - San Mehat
##
#######################
## Regular device mount
##
## Format: dev_mount <label> <mount_point> <part> <sysfs_path1...>
## label - Label for the volume
## mount_point - Where the volume will be mounted
## part - Partition # (1
## <sysfs_path> - List of sysfs paths to source devices
######################
## Example of a standard sdcard mount for the emulator / Dream
# Mounts the first usable partition of the specified device
dev_mount sdcard /mnt/sdcard auto /devices/platform/goldfish_mmc.0 /devices/platform/msm_sdcc.2/mmc_host/mmc1
## Example of a dual card setup
# dev_mount left_sdcard /sdcard1 auto /devices/platform/goldfish_mmc.0 /devices/platform/msm_sdcc.2/mmc_host/mmc1
# dev_mount right_sdcard /sdcard2 auto /devices/platform/goldfish_mmc.1 /devices/platform/msm_sdcc.3/mmc_host/mmc1
## Example of specifying a specific partition for mounts
# dev_mount sdcard /sdcard 2 /devices/platform/goldfish_mmc.0 /devices/platform/msm_sdcc.2/mmc_host/mmc1
null
download/
baidu/SearchBox/downloads/
UCDownloads/
360Browser/download/
QQBrowser//
baidu/flyflow/downloads/
kbrowser/download/App/
MxBrowser/Downloads
4G-explorer/apks/
kbrowser_fast/download/App/
TTDownload/installapk
huohoubrowser/downloads/
apc/ApcBrowser/downloads/
cmsurfclient/downloads/
ydBrowser/download/
download/2345//
MemTotal: 841036 kB
行为描述: 对指定数据计算哈希
详情信息: com.baidu357242043237511d3894529ac5a14ec
357242043237511d3894529ac5a14ec740ce3ef-6850-449d-8b01-92afb26d1a44
http://bbx2.sj.91.com/softs.ashx?act=222&places=11&iv=8&adlt=1&mt=4&sv=3.9.8.6&osv=4.1.1&cpu=armeabi-v7a,armeabi&rslt=768*1184&imei=357242043237511&imsi=310260000000000&dm=Full+Android+on+Emulator&cuid=B743980F2DFAD177E5E83C05B464ECBC%7C115732340242753
http://bbx2.sj.91.com/softs.ashx?act=225&iv=7&pi=1&tagid=1&mt=4&sv=3.9.8.6&osv=4.1.1&cpu=armeabi-v7a,armeabi&rslt=768*1184&imei=357242043237511&imsi=310260000000000&dm=Full+Android+on+Emulator&cuid=B743980F2DFAD177E5E83C05B464ECBC%7C115732340242753
com.baidu.pushservice.singelinstancev1B743980F2DFAD177E5E83C05B464ECBC
行为描述: 数据泄露
详情信息: sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <long name="KEY_APPRUNTIME" value="13
sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <int name="KEY_LABEL_LAUNCHER_CODE" v
sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="KEY_LABEL_LAUNCHER" va
sink:File operation:write data:data:<?xml version='1.0' encoding='utf-8' standalone='yes' ?> <map> <boolean name="KEY_FIRST_ENTER_FOCUS"
行为描述: 获取用户ID
详情信息: 310260000000000
行为描述: 执行SQL查询
详情信息: DELETE FROM [report_info_table] WHERE (SELECT
select * from server_config_table where type=1
行为描述: 类加载
详情信息: path:/system/app/PicoTts.apk
path:/system/app/MusicFX.apk
path:/system/framework/am.jar
path:/data/app/com.dragon.android.pandaspace-1.apk
行为描述: 执行系统命令
详情信息: chmod 777 /data/data/com.dragon.android.pandaspace/files/apps/tmp
chmod 777 /data/data/com.dragon.android.pandaspace/files/temp
行为描述: 调用哈希算法
详情信息: MD5
行为描述: 写入文件
详情信息: path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.musicfx/shared_prefs/musicfx.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Config.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Config.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/SYSTEM_SETTING.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/SYSTEM_SETTING.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/utils.xml length:105
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
path:/data/data/com.android.launcher/shared_prefs/com.android.launcher2.prefs.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/91Analytics_Relay_Session.xml length:105
path:/data/data/com.android.launcher/shared_prefs/com.android.launcher2.prefs.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/com.dragon.android.pandaspace.push_sync.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/pst.xml length:105
path:/data/data/com.dragon.android.pandaspace/shared_prefs/pst.xml length:105
path:/dev/null length:105
path:/dev/null length:6
path:/data/data/com.android.gallery3d/shared_prefs/com.android.gallery3d_preferences.xml length:105
行为描述: 文件写入初始化
详情信息: Ljava/io/File;=/mnt/sdcard/baidu/.cuid | Z=false
行为描述: 设置组件属性
详情信息: Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusService} | I=1 | I=1
Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusReceiver} | I=1 | I=1
Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.defense.push.PushMsgReceiver} | I=1 | I=1
Landroid/content/ComponentName;=ComponentInfo{com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusExtReceiver} | I=1 | I=1
行为描述: 初始化Intent
详情信息: Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4158c538 | Ljava/lang/Class;=class com.dragon.pandaspace.download.flow.DownloadTaskService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4158c538 | Ljava/lang/Class;=class com.dianxinos.dxservice.core.DXCoreService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4158c538 | Ljava/lang/Class;=class com.dianxinos.optimizer.engine.EngineIntentService
Landroid/content/Context;=com.dragon.android.pandaspace.main.MainActivity@41648558 | Ljava/lang/Class;=class com.dragon.android.pandaspace.manage.speedup.memory.desktop.DeskTopUFOService
Ljava/lang/String;=download_service_start_success
Ljava/lang/String;=android.intent.action.MAIN
Ljava/lang/String;=com.android.launcher.action.INSTALL_SHORTCUT
Landroid/content/Context;=com.dragon.android.pandaspace.main.MainActivity@41648558 | Ljava/lang/Class;=class com.dragon.android.pandaspace.focus.FocusActivity
Ljava/lang/String;=android.appwidget.action.APPWIDGET_PASSIVE_UPDATE
Landroid/content/Context;=android.app.ReceiverRestrictedContext@41661638 | Ljava/lang/Class;=class com.dragon.android.pandaspace.main.MainActivity
Ljava/lang/String;=com.baidu.android.moplus.action.START
Landroid/content/Intent;=Intent { act=com.baidu.android.moplus.action.START flg=0x30 cmp=com.dragon.android.pandaspace/com.baidu.android.moplus.MoPlusReceiver (has extras
Ljava/lang/String;=com.baidu.moplus.action.start.SERVICEINFO
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4157de90 | Ljava/lang/Class;=class com.dragon.pandaspace.download.flow.DownloadTaskService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4157de90 | Ljava/lang/Class;=class com.dianxinos.dxservice.core.DXCoreService
Landroid/content/Context;=com.dragon.android.pandaspace.PandaSpace@4157de90 | Ljava/lang/Class;=class com.dianxinos.optimizer.engine.EngineIntentService
行为描述: 获取设备ID
详情信息: 357242043237511
行为描述: 定位移动终端
详情信息: null
Activities
VirSCANVirSCAN
活动名 类型
.main.MainActivity android.intent.action.MAIN
.main.MainActivity android.intent.action.VIEW
.main.MainActivity android.intent.category.LAUNCHER
.main.MainActivity android.intent.category.INFO
.main.MainActivity android.intent.category.APP_MARKET
.main.MainActivity android.intent.category.DEFAULT
.main.MainActivity android.intent.category.BROWSABLE
.jump.JumpActivity android.intent.action.VIEW
.jump.JumpActivity android.intent.category.DEFAULT
.jump.JumpActivity android.intent.category.BROWSABLE
.manage.SoftUpgradedActivity android.intent.action.VIEW
.more.CheckedListActivity android.intent.action.VIEW
.web.QingWebViewActivity com.dragon.android.pandaspace.web.QingWebViewActivity
.web.QingWebViewActivity android.intent.category.DEFAULT
.gameserver.GameActivity com.dragon.android.pandaspace.gameserver.GameActivity
.gameserver.GameActivity android.intent.category.DEFAULT
.personal.wallpaper.WallpaperActivity android.intent.action.VIEW
.personal.wallpaper.PictureShareActivity android.intent.action.SET_WALLPAPER
.personal.wallpaper.PictureShareActivity android.intent.category.DEFAULT
.personal.ring.RingActivity android.intent.action.VIEW
.activity.common.RingSettingActivity android.intent.action.RINGTONE_PICKER
.activity.common.RingSettingActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.DetailFactoryActivity android.intent.action.VIEW
com.dragon.android.pandaspace.detail.DetailFactoryActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.DetailFactoryActivity android.intent.category.BROWSABLE
com.dragon.android.pandaspace.detail.DetailFactoryFromNotyActivity android.intent.action.VIEW
com.dragon.android.pandaspace.detail.DetailFactoryFromNotyActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.DetailFactoryFromNotyActivity android.intent.category.BROWSABLE
.manage.download.DownloadActivity android.intent.action.VIEW
.more.SoftUpdateDialog android.intent.action.VIEW
.message.MessageListActivity android.intent.action.VIEW
.message.PdMessageDetailActivity android.intent.action.VIEW
com.dragon.android.pandaspace.cloudsync.contacts.SyncContactsMainActivity android.intent.action.VIEW
com.nd.commplatform.activity.SNSControlCenterActivity com.nd.commplatform.activity.SNSControlCenterActivity
com.tencent.tauth.AuthActivity android.intent.action.VIEW
com.tencent.tauth.AuthActivity android.intent.category.DEFAULT
com.tencent.tauth.AuthActivity android.intent.category.BROWSABLE
com.dragon.android.pandaspace.manage.speedup.boot.BootActivity android.intent.action.VIEW
com.dragon.android.pandaspace.activity.base.DummySkipActivity com.dragon.android.pandaspace.activity.base.DummySkipActivity
com.dragon.android.pandaspace.activity.base.DummySkipActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.democenter.DemoCenterActivity com.dragon.android.pandaspace.democenter.DemoCenterActivity
com.dragon.android.pandaspace.democenter.DemoCenterActivity android.intent.category.DEFAULT
com.chukong.cocosplay.GameActivity com.chukong.cocosplay.VIEW
com.chukong.cocosplay.GameActivity android.intent.category.DEFAULT
com.chukong.cocosplay.CocosProxyActivityGroup com.chukong.cocosplay.activitygroup.VIEW
com.chukong.cocosplay.CocosProxyActivityGroup android.intent.category.DEFAULT
com.dragon.android.pandaspace.gifts.GiftsCenterActivity com.dragon.android.pandaspace.gifts.GiftsCenterActivity
com.dragon.android.pandaspace.gifts.GiftsCenterActivity android.intent.category.DEFAULT
com.baidu.cloudsdk.social.share.handler.QQFriendShareReceiverActivity android.intent.action.VIEW
com.baidu.cloudsdk.social.share.handler.QQFriendShareReceiverActivity android.intent.category.DEFAULT
com.baidu.cloudsdk.social.share.handler.QQFriendShareReceiverActivity android.intent.category.BROWSABLE
com.dragon.android.pandaspace.democenter.DemoGamePlayActivity com.dragon.android.pandaspace.democenter.DemoGamePlayActivity
com.dragon.android.pandaspace.democenter.DemoGamePlayActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.video.VideoViewPlayingActivity android.intent.action.VIEW
com.dragon.android.pandaspace.detail.video.VideoViewPlayingActivity android.intent.category.DEFAULT
com.dragon.android.pandaspace.detail.video.VideoViewPlayingActivity android.intent.category.BROWSABLE
危险函数
VirSCANVirSCAN
函数名称 信息
ContentResolver;->query 读取联系人、短信等数据库
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
android/app/NotificationManager;->notify 信息通知栏
java/net/URL;->openConnection 连接URL
java/net/HttpURLConnection;->connect 连接URL
HttpClient;->execute 请求远程服务器
TelephonyManager;->getLine1Number 获取手机号
SmsManager;->sendTextMessage 发送普通短信
PackageManager;->installPackage 安装apk包
ActivityManager;->restartPackage 中断进程,可用于关闭杀软
DefaultHttpClient;->execute 发送HTTP请求
TelephonyManager;->getSimSerialNumber 获取SIM序列号
ContentResolver;->delete 删除短信、联系人
WifiManager;->setWifiEnabled 变更WIFI状态
ActivityManager;->killBackgroundProcesses 中断进程,可用于关闭杀软
java/net/URLConnection;->connect 连接URL
启动方式
VirSCANVirSCAN
名称 信息
com.dragon.android.pandaspace.manage.CleanBroadcastReceiver 应用卸载时启动服务
com.dragon.android.pandaspace.manage.CleanBroadcastReceiver 应用安装时启动服务
com.dragon.android.pandaspace.uninstallrecommend.RecommendBroadcastReceiver 应用卸载时启动服务
com.dragon.android.pandaspace.receiver.AppsUpdateAndLogAndMessageReceiver 开机启动服务
com.dragon.android.pandaspace.receiver.AppsUpdateAndLogAndMessageReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.receiver.AppsUpdateAndLogAndMessageReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.manage.speedup.memory.MemoryWidgetProvider 更新应用小部件时启动服务
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DesktopMemoryReceiver 开机启动服务
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DesktopMemoryReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DesktopMemoryReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.widget.desk.PandaspaceWidgetProvider 更新应用小部件时启动服务
com.dragon.pandaspace.download.mgr.NetWrokReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.receiver.RecentAppReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.autodownload.AutoDownloadReceiver 网络连接改变时启动服务
com.dragon.android.pandaspace.autodownload.AutoDownloadReceiver 屏幕解锁启动服务
com.dragon.android.pandaspace.receiver.CheckCopycatReceiver 应用安装时启动服务
com.dragon.android.pandaspace.receiver.CheckCopycatReceiver 应用卸载时启动服务
com.baidu.android.moplus.MoPlusReceiver 开机启动服务
com.baidu.android.moplus.MoPlusReceiver 网络连接改变时启动服务
com.baidu.android.moplus.MoPlusReceiver 应用卸载时启动服务
广告信息
VirSCANVirSCAN
名称 信息
com.baidu 百度
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.FORCE_STOP_PACKAGES
android.permission.WRITE_APN_SETTINGS 改写APN设置(如:cmwap)
android.permission.WRITE_EXTERNAL_STORAGE 写外部存储器(如:SD卡)
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.WRITE_SETTINGS 读写系统设置项
android.permission.INTERNET 连接网络(2G或3G)
android.permission.SET_WALLPAPER 设置桌面壁纸
android.permission.SET_WALLPAPER_HINTS 设置壁纸提示
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.VIBRATE 允许设备震动
android.permission.RESTART_PACKAGES 重启其他程序
android.permission.INSTALL_PACKAGES 安装应用
android.permission.GET_PACKAGE_SIZE 获取应用大小
android.permission.CHANGE_CONFIGURATION 修改当前设置(如:本地化)
android.permission.CAMERA 访问照相机设备
android.permission.WAKE_LOCK 手机屏幕关闭后后台进程仍运行
android.permission.RECEIVE_BOOT_COMPLETED 接收开机启动广播
android.permission.READ_LOGS 读取系统日志
android.permission.PACKAGE_USAGE_STATS
android.permission.CLEAR_APP_CACHE 清除应用缓存
android.permission.EXPAND_STATUS_BAR 操控状态栏
com.android.launcher.permission.READ_SETTINGS 读取快捷方式信息
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.MOUNT_UNMOUNT_FILESYSTEMS 挂载、反挂载外部文件系统
android.permission.CALL_PHONE 拨打电话
android.permission.READ_CONTACTS 读取联系人信息
android.permission.WRITE_CONTACTS 写入联系人信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.FLASHLIGHT 访问闪光灯
android.permission.ACCESS_COARSE_LOCATION 获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION 获取精确的位置(通过GPS)
android.permission.CHANGE_WIFI_STATE 改变WIFI连接状态
android.permission.CHANGE_NETWORK_STATE 变更网络状态
android.permission.MODIFY_AUDIO_SETTINGS 修改声音设置
com.android.alarm.permission.SET_ALARM 设置闹铃提醒
android.permission.RECORD_AUDIO 录音(使用AudioRecord)
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.DISABLE_KEYGUARD 禁用键盘锁
android.permission.SET_ACTIVITY_WATCHER 设置Activity观察器
android.permission.DELETE_PACKAGES 删除应用
android.permission.CHANGE_COMPONENT_ENABLED_STATE 变更组件状态
com.android.launcher.permission.INSTALL_SHORTCUT 创建快捷方式
com.android.launcher.permission.UNINSTALL_SHORTCUT 删除快捷方式
com.android.launcher.permission.CREATE_SHORTCUT
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher3.permission.READ_SETTINGS
com.android.launcher3.permission.WRITE_SETTINGS
com.motorola.dlauncher.permission.READ_SETTINGS
com.motorola.dlauncher.permission.WRITE_SETTINGS
com.motorola.mmsp.motoswitch.permission.READ_SETTINGS
com.motorola.mmsp.motoswitch.permission.WRITE_SETTINGS
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.WRITE_SETTINGS
com.aspire.mm.permission.READ_SETTINGS
com.aspire.mm.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.WRITE_SETTINGS
com.qihoo360.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.READ_SETTINGS
com.ty.launcher.permission.WRITE_SETTINGS
com.sonyericsson.homescreen.permission.READ_SETTINGS
com.sonyericsson.homescreen.permission.WRITE_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
com.oppo.launcher.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.READ_SETTINGS
com.mediatek.launcherplus.permission.WRITE_SETTINGS
com.huawei.launcher2.permission.READ_SETTINGS
com.huawei.launcher2.permission.WRITE_SETTINGS
com.huawei.launcher3.permission.READ_SETTINGS
com.huawei.launcher3.permission.WRITE_SETTINGS
com.baiqi.weather.permission.READ_SETTINGS
com.baiqi.weather.permission.WRITE_SETTINGS
com.fede.launcher.permission.READ_SETTINGS
com.fede.launcher.permission.WRITE_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.READ_SETTINGS
mobi.SyndicateApps.ICS.launcher.permission.WRITE_SETTINGS
com.motorola.dock.DesktopDock.permission.READ_SETTINGS
com.motorola.dock.DesktopDock.permission.WRITE_SETTINGS
com.lge.launcher.permission.READ_SETTINGS
com.lge.launcher.permission.WRITE_SETTINGS
com.thunderst.launcher.permission.READ_SETTINGS
com.thunderst.launcher.permission.WRITE_SETTINGS
com.sec.android.app.twlauncher.permission.READ_SETTINGS
com.sec.android.app.twlauncher.permission.WRITE_SETTINGS
org.adwfreak.launcher.permission.READ_SETTINGS
org.adwfreak.launcher.permission.WRITE_SETTINGS
org.adw.launcher.permission.READ_SETTINGS
org.adw.launcher.permission.WRITE_SETTINGS
net.qihoo.launcher.permission.READ_SETTINGS
net.qihoo.launcher.permission.WRITE_SETTINGS
com.bbk.launcher2.permission.READ_SETTINGS
com.bbk.launcher2.permission.WRITE_SETTINGS
android.permission.BATTERY_STATS 电量统计
服务列表
VirSCANVirSCAN
名称
com.dragon.android.pandaspace.receiver.UpdateAndMessageService
com.dragon.android.pandaspace.manage.speedup.memory.MemoryUpdateService
com.dragon.android.pandaspace.manage.speedup.memory.desktop.DeskTopUFOService
com.nd.commplatform.versionupdate.ND2VersionUpdateService
com.dragon.android.pandaspace.cloudsync.contacts.ContactsCloudService
com.dragon.pandaspace.download.flow.DownloadTaskService
com.nd.android.smartupdate.aidl.UpdateService
com.dragon.android.pandaspace.receiver.CheckCopycatService
com.baidu.android.moplus.MoPlusService
com.dragon.android.pandaspace.rootinstall.FastInstallService
com.baidu.location.f
com.chukong.cocosplay.host.CocosplayHostService
com.dragon.android.pandaspace.freewifi.FreeWifiService
com.baidu.nonflow.sdk.HeartBeatService
com.baidu.platformsdk.BDPlatformService
com.dragon.android.pandaspace.detail.video.VideoPlayingWifiService
文件列表
VirSCANVirSCAN
文件名 校验码
assets/sapi_theme/style.css 0x9f63a3e1
assets/wappass.baidu.com/passport/login.html 0xeb8c78d5
assets/config.json 0x60866190
assets/ctwifiapi.lic 0xd7d23d2f
assets/default_download_dir.txt 0x40e5489a
assets/error.html 0x15dea77c
assets/nd.jar 0x6884c281
assets/nd_panda_super_shell 0x2343bca2
assets/out_error.html 0xe6db0cef
assets/ye_app_trash.db 0x180ff616
assets/ye_largedirs.db 0xe95892d
assets/ye_license 0xf4a92aa6
res/anim/audio_playing.xml 0x1b106751
res/anim/bdsocialshare_sharedialog_in.xml 0x80ef1303
res/anim/bdsocialshare_sharedialog_out.xml 0x6b6085b2
res/anim/bdsocialshare_sharemenu_in.xml 0x2cc89955
res/anim/bdsocialshare_sharemenu_out.xml 0x836bcdbf
res/anim/cycle.xml 0xd8ebdf54
res/anim/dialog_enter_anim.xml 0x5faabe40
res/anim/dialog_exit_anim.xml 0xc4f61ded
res/anim/loading_ring.xml 0x6b8d887e
res/anim/memory_clearanim.xml 0x43905187
res/anim/more_top_up.xml 0xc04d6de0
res/anim/open_server.xml 0xd71fce43
res/anim/push_bottom_in.xml 0x677a8cae
res/anim/push_bottom_out.xml 0x8c2238c
res/anim/push_middle_stop.xml 0xeb090b17
res/anim/push_right_in.xml 0xbba5000c
res/anim/push_right_out.xml 0x8f4e71e2
res/anim/push_up_in.xml 0x846f114f
res/anim/push_up_out.xml 0x22e86aca
res/anim/result_down.xml 0xe77337ca
res/anim/result_up.xml 0xce0ec5c5
res/anim/scoregottenview_enter_anim.xml 0xea5602ba
res/anim/scoregottenview_exit_anim.xml 0x1d9940b
res/anim/star_down.xml 0x9d4962d9
res/anim/ufo_up.xml 0xfb685a46
res/anim/widget_clearanim.xml 0xf6e04c0
res/anim/widget_layoutanim.xml 0x72cd3ee3
res/anim/zoom_exit.xml 0x161c9d0
res/color/appreward_text_selector.xml 0xf1ad6eb
res/color/filter_reset_date_btn_color.xml 0xb3ec2beb
res/color/menu_font_selector.xml 0x5678a1c5
res/color/photo_btn_text_selector.xml 0x330e3ede
res/color/popupwin_selector.xml 0xcfd739fc
res/color/rand_text_selector.xml 0x7ea9aa5c
res/color/text_color_selector.xml 0xadbb2984
res/color/text_selector.xml 0x95784586
res/drawable/account_dialog_btn_selector.xml 0x1c22cdfa
res/drawable/account_exit_button.xml 0x2609146
res/drawable/account_pick_button.xml 0x253a5bfa
res/drawable/account_radio.xml 0x69177a14
res/drawable/account_take_button.xml 0xe5e69848
res/drawable/account_wheel_bg.xml 0x3ed0ea31
res/drawable/account_wheel_val.xml 0xccabd994
res/drawable/actionbar_holo_dark.xml 0xb6235aad
res/drawable/add_to_desk_selector.xml 0xf3cca523
res/drawable/app_share_selector.xml 0xc1f484
res/drawable/background_border.xml 0x6612697e
res/drawable/background_view_rounded_bottom.xml 0x21fce7b6
res/drawable/background_view_rounded_container.xml 0xfd047149
res/drawable/background_view_rounded_middle.xml 0xc219d54d
res/drawable/background_view_rounded_single.xml 0xfca23c2d
res/drawable/background_view_rounded_top.xml 0xd85ed652
res/drawable/bdp_account_icon_fold_selector.xml 0x7c8749e5
res/drawable/bdp_account_icon_qq_selector.xml 0xf39b25ce
res/drawable/bdp_account_icon_renren_selector.xml 0xed4dd7b
res/drawable/bdp_account_icon_sina_selector.xml 0xd275d2e5
res/drawable/bdp_account_icon_txweibo_selector.xml 0x2f3a2a50
res/drawable/bdp_account_icon_unfold_selector.xml 0xb046cb98
res/drawable/bdp_account_logo_baidu_selector.xml 0x4d09332d
res/drawable/bdp_account_logo_by_selector.xml 0x91a83cb3
res/drawable/bdp_amazing_loading_progress.xml 0x34c66d80
res/drawable/bdp_anim_loading_coffee.xml 0x7e16d3bd
res/drawable/bdp_bg_gray_round.xml 0x6dd66264
res/drawable/bdp_bg_titlebar_btn_selector.xml 0x54539d14
res/drawable/bdp_bg_white_round.xml 0x9b915a74
res/drawable/bdp_btn_gray_selector.xml 0x17ddd424
res/drawable/bdp_btn_green_selector.xml 0xbd9194ea
res/drawable/bdp_btn_yellow_selector.xml 0xf6781434
res/drawable/bdp_icon_back_selector.xml 0x97f08514
res/drawable/bdp_icon_del_selector.xml 0xc8ed365b
res/drawable/bdp_icon_text_clear_selector.xml 0x767f20b8
res/drawable/bdp_input_bg_selector.xml 0x9f66354b
res/drawable/bdp_pager_sliding_background_tab.xml 0x492fc428
res/drawable/bdp_paycenter_amount_no_selected_bg.xml 0xb98dbbb3
res/drawable/bdp_paycenter_amount_no_selected_bg_disable.xml 0x572c473f
res/drawable/bdp_paycenter_amount_no_selected_bg_selector.xml 0xae402cf2
res/drawable/bdp_paycenter_amount_selected_bg.xml 0xb52fdc7
res/drawable/bdp_paycenter_btn_card_big_selector.xml 0x77d9393c
res/drawable/bdp_paycenter_btn_card_click_selector.xml 0xe9f7d2a5
res/drawable/bdp_paycenter_btn_pay_cancel_selector.xml 0x2697d4e6
res/drawable/bdp_paycenter_btn_pay_selector.xml 0xe9f7d2a5
res/drawable/bdp_paycenter_checkbox_91bean_selector.xml 0x62e38b34
res/drawable/bdp_paycenter_dialog_dot_bg.xml 0xe4e33d0b
res/drawable/bdp_paycenter_frame_bg.xml 0x4bc8426b
res/drawable/bdp_paycenter_result_tips_bg.xml 0xcd8b20d
res/drawable/bdp_titlebar_icon_help_selector.xml 0xe1673fbf
res/drawable/bdp_titlebar_icon_menu_selector.xml 0x926a7634
res/drawable/bdp_web_menu_bbs_backward_selector.xml 0x3c2a9284
res/drawable/bdp_web_menu_bbs_cancel_selector.xml 0xe08b9d1a
res/drawable/bdp_web_menu_bbs_forward_selector.xml 0x1dc465af
res/drawable/bdp_web_menu_bbs_reload_selector.xml 0x82b88467
res/drawable/bdp_web_progressbar.xml 0x8bb8e3f8
res/drawable/bdsocialshare_sharedialog_button.xml 0x65324d83
res/drawable/bdsocialshare_sharedialog_button_black.xml 0x938b1d3e
res/drawable/bdsocialshare_sharedialog_button_black_click.xml 0x17910423
res/drawable/bdsocialshare_sharedialog_button_click.xml 0x2d584dd7
res/drawable/bdsocialshare_sharedialog_counter_bg.xml 0xadc4a38b
res/drawable/bdsocialshare_sharedialog_counter_bg_black.xml 0x29a42ac
res/drawable/bdsocialshare_sharedialog_location_click.xml 0x2a55e053
res/drawable/bdsocialshare_sharedialog_locationpreview_bg.xml 0xa863950c
res/drawable/bdsocialshare_sharedialog_locationpreview_bg_black.xml 0x26212432
res/drawable/bdsocialshare_sharemenu_cancel_click.xml 0x1b1c8ff5
res/drawable/bdsocialshare_sharemenu_cancel_click_black.xml 0x8803f08f
res/drawable/bdsocialshare_sharemenu_cancelbutton.xml 0x80e78d16
res/drawable/bdsocialshare_sharemenu_cancelbutton_black.xml 0x29436ee4
res/drawable/bdsocialshare_sharemenu_item_click.xml 0x27a6fb85
res/drawable/bdsocialshare_sharemenu_item_click_black.xml 0xa037b0c8
res/drawable/bg_memorybutton_selector.xml 0x77a1fde1
res/drawable/bg_startbutton_selector.xml 0x9697a199
res/drawable/btn_checkagain_selector.xml 0xd6e5e663
res/drawable/btn_detail_close.xml 0x72438753
res/drawable/btn_detail_sidebar_item_selector.xml 0xd6090bf8
res/drawable/btn_detail_snapshot.xml 0xe06feaff
res/drawable/btn_green_selector.xml 0x5c2e62dd
res/drawable/btn_guide_start_selector.xml 0x13662a6f
res/drawable/btn_medaldetail_selector.xml 0xfb5559c5
res/drawable/btn_photos_sync_selector.xml 0x5e92f748
res/drawable/btn_start_sync_selector.xml 0x4d7c347e
res/drawable/check_guide_selector.xml 0xb95d85a4
res/drawable/chevron.xml 0xf18228bb
res/drawable/cmplex_search_select.xml 0xb1c0c94e
res/drawable/comment_submit_selecor_button.xml 0x872efb74
res/drawable/comment_write_selector_button.xml 0xa7444d46
res/drawable/common_arrow_14dp.xml 0x318e2f52
res/drawable/common_btn.xml 0x66031ad2
res/drawable/common_btn_green.xml 0x5408b0f0
res/drawable/common_btn_pressed.xml 0x55846ab6
res/drawable/common_btn_selector.xml 0x9af01493
res/drawable/common_btn_selector_green.xml 0xd346c190
res/drawable/common_img_bg.xml 0x8589553b
res/drawable/contacts_toggle.xml 0x4d2a98f
res/drawable/current_hot_selector.xml 0xa34213b2
res/drawable/delete_record_normal.9.png 0x6d551aa7
res/drawable/delete_record_press.9.png 0x20c75c96
res/drawable/delete_record_selector.xml 0xd2f05063
res/drawable/desktop_dialog_btn_pressed.xml 0x7afb6dc3
res/drawable/desktop_panel_shape.xml 0x640bb44c
res/drawable/desktop_panel_toggle.xml 0xb95a3c32
res/drawable/detail_authen_btselector.xml 0xa6bef07b
res/drawable/dialog_divider_horizontal.png 0x81ad1842
res/drawable/divideline.png 0x110e9ce4
res/drawable/download_progress_bar_layer.xml 0x6fff3368
res/drawable/dropdown_item_background_selector.xml 0xf75b3b92
res/drawable/dropdown_video_item_backguound_select.xml 0x3ff1917f
res/drawable/dustclear_activity_background.xml 0xd8a14c1b
res/drawable/file_move_progressbar.xml 0x51450965
res/drawable/filebrowser_cancel_button.xml 0x9d1716d2
res/drawable/filebrowser_confirm_button.xml 0xeed41255
res/drawable/filter_signal_btn_selector.xml 0x66f85ab1
res/drawable/gallery_addwallpaper_normal.png 0xad3fa978
res/drawable/gallery_addwallpaper_pressed.png 0x7e10a6f
res/drawable/gallery_addwallpaper_selector.xml 0xe383e7fd
res/drawable/gallery_image_normal.9.png 0xa543f1c7
res/drawable/gallery_image_pressed.9.png 0x6cc018d8
res/drawable/gallery_image_selector.xml 0xb22ea5a4
res/drawable/gift_tabview_selector.xml 0x2b2ace57
res/drawable/gifts_tab_normal_selector.xml 0x844073dd
res/drawable/gifts_tab_press_selector.xml 0x23224de2
res/drawable/hot_search_selector.xml 0x1ed318db
res/drawable/ic_help_selector.xml 0x2537d7a9
res/drawable/icon_big.png 0xe0edb2c2
res/drawable/icon_default2.png 0xa725d833
res/drawable/icon_default_save.png 0x6a89fd35
res/drawable/icon_default_save1.9.png 0x93d884a7
res/drawable/icon_default_save_mode.png 0x46b5cfbb
res/drawable/icon_notify.png 0x22fd989f
res/drawable/icon_star_selected.png 0x72b4a445
res/drawable/icon_star_unselected.png 0xcd9c2ae1
res/drawable/indexview_textview_backnor.png 0x59649496
res/drawable/indexview_textview_backsel.png 0x3978b01
res/drawable/installed.png 0xd19c9487
res/drawable/list_item_background.xml 0x81ffd5ba
res/drawable/list_item_background_normal_bottom.png 0x9106711a
res/drawable/list_item_background_normal_top.png 0x6bcd61fe
res/drawable/list_item_background_selector.xml 0x2d7f1381
res/drawable/list_recommend_item_background_selector.xml 0xc5750fd3
res/drawable/loading_page_bg.9.png 0x319340fe
res/drawable/local_photo_diver_line.xml 0x2f246c74
res/drawable/logo.png 0x324fc938
res/drawable/membership_laohuji_selector.xml 0xd6c29e4e
res/drawable/membership_today_task_selector.xml 0x9fd4a898
res/drawable/nd_incentive_tab_bg.xml 0x47296c3f
res/drawable/optons_bg.9.png 0x9a95018b
res/drawable/overall_rank_selector.xml 0x30b70ed
res/drawable/overefresh_arrow_down.png 0xa8a48122
res/drawable/pause_btn_style.xml 0xad58e65
res/drawable/photo_bakup_btn.xml 0x35a6975c
res/drawable/photo_delete_btn_selector.xml 0x175fa77b
res/drawable/photo_process_btn_selector.xml 0xf709df76
res/drawable/photo_selector.xml 0x19c0fd39
res/drawable/photo_sync_button_selector.xml 0x8d7d4ec6
res/drawable/photo_sync_passord_input_bg.9.png 0x94332e00
res/drawable/photo_sync_process_bar.xml 0x7ac54669
res/drawable/photo_sync_process_bar2.xml 0x268cc1f5
res/drawable/photo_sync_process_bar3.xml 0x2396880
res/drawable/pic_share_normal.png 0xebe22329
res/drawable/pic_share_pressed.png 0x601bd511
res/drawable/pic_share_selector.xml 0x470dc618
res/drawable/play_btn_style.xml 0xb8497ca4
res/drawable/power_brief_bg.9.png 0x93c0909f
res/drawable/progressbar.xml 0x14171b9d
res/drawable/ratebar_choose.png 0x8d7fd8b2
res/drawable/ratebar_unchoose.png 0x65e54366
res/drawable/ratingbar_selector.xml 0x94c60350
res/drawable/ratingbar_selector_small.xml 0x4613c519
res/drawable/register_btn_selector.xml 0xb8523a4d
res/drawable/ring_loading_round.png 0x3d4a9a65
res/drawable/ring_play_btn.png 0x5d3df242
res/drawable/ring_stop_btn.png 0x9d9b2d4f
res/drawable/search_input_back.9.png 0x834e0878
res/drawable/search_match_list_bg.9.png 0x7de4b482
res/drawable/search_selector.xml 0x6bfa5ffe
res/drawable/search_update.xml 0xad0d0aa6
res/drawable/share_other_type.png 0xd605052b
res/drawable/share_sina_type.png 0xddff4acf
res/drawable/sns_btn_bg_selector.xml 0x23fb0466
res/drawable/sns_list_item_bg_selector.xml 0x784a8179
res/drawable/soft_download_all.png 0x9bf8403a
res/drawable/soft_favor_unchecked_selector.xml 0xe9337480
res/drawable/soft_share_selector.xml 0x34195123
res/drawable/soft_uninstall_comment_button.xml 0x2be321de
res/drawable/soft_update_all.png 0x9076b463
res/drawable/start_tip.xml 0x3e7a0658
res/drawable/stop_download.png 0x40627ae8
res/drawable/storage_bg.xml 0x2093129c
res/drawable/sysfabrication_tip.png 0xeb7d2248
res/drawable/theme_default.9.png