VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
File Name :斗地主.apk (File not down)
File Size :3892564 byte
File Type :Zip archive data
MD5:bed39b1322111842e6b10485702189ea
SHA1:1d44c3cc3f71a517ce611741fbeeea70f1fb778d
SHA256:0c83d87fec6f1a55875c57f3259a5da0eda0d78d17cbffc554722b2300cd11f6
SSDEEP:98304:CEw82RYhuFz5B1CGPdlXutwFOXoFox7EAnydOwigsh:q8f6BUGjewFO42x7EiydOwigs
  • 扫描结果
  • 权限
  • 文件行为分析
  • Scanner results
    Scanner results:3%Scanner(s) (1/32)found malware!
    Behavior analysis report:         Habo file analysis
    Time: 2017-07-29 11:18:38 (CST)
    VirSCANVirSCAN
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    antiy AVL SDK 2.0 1970-01-01 Found nothing 5
    asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 1
    avast 170303-1 4.7.4 2017-03-03 Found nothing 60
    avg 2109/14245 10.0.1405 2017-07-27 Found nothing 60
    baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 3
    baidusd 1.0 1.0 2017-03-22 Found nothing 2
    bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
    clamav 23605 0.97.5 2017-07-29 Found nothing 60
    drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
    fortinet 50.497, 50.449, 50.473 5.4.247 2017-07-28 Found nothing 60
    fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
    fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
    gdata 25.13595 25.13595 2017-07-28 Found nothing 13
    ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
    jiangmin 16.0.100 1.0.0.0 2017-07-25 Found nothing 2
    kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
    kingsoft 2.1 2.1 2017-07-28 Found nothing 4
    mcafee 8261 5400.1158 2016-08-18 Found nothing 60
    nod32 1777 3.0.21 2015-06-12 Found nothing 60
    panda 9.05.01 9.05.01 2017-07-28 Found nothing 4
    pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
    qh360 1.0.1 1.0.1 1.0.1 Found nothing 4
    qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
    quickheal 14.00 14.00 2017-07-28 Android.Kuguo.I (AdWare) 3
    rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 6
    sophos 5.32 3.65.2 2016-10-10 Found nothing 60
    symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
    tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
    thehacker 6.8.0.5 6.8.0.5 2017-07-27 Found nothing 3
    tws 17.47.17308 1.0.2.2108 2017-07-28 Found nothing 16
    vba 3.12.29.5 beta 3.12.29.5 beta 2017-07-25 Found nothing 60
    virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60
    Heuristic/Suspicious Exact
    NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
  • 权限列表
    许可名称信息
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
  • 文件信息
    安全评分 :
    基本信息
    MD5:bed39b1322111842e6b10485702189ea
    包名:tom.tafasdfasfffdfffheji
    最低运行环境:Android 2.1.x
    版权:gz
    关键行为
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x73dbe4ae, EDX = 0x000000b4
    EAX = 0x73dbe4fa, EDX = 0x000000b4
    EAX = 0x812fb143, EDX = 0x000000b4
    EAX = 0x812fb18f, EDX = 0x000000b4
    EAX = 0x8ba54eb5, EDX = 0x000000b4
    EAX = 0x8ba54f01, EDX = 0x000000b4
    EAX = 0x8ba54f4d, EDX = 0x000000b4
    EAX = 0x8ba54f99, EDX = 0x000000b4
    EAX = 0xa0bbb98c, EDX = 0x000000b4
    EAX = 0xa0bbb9d8, EDX = 0x000000b4
    行为描述:获取TickCount值
    详情信息:TickCount = 277968, SleepMilliseconds = 60000.
    TickCount = 278000, SleepMilliseconds = 60000.
    TickCount = 278031, SleepMilliseconds = 60000.
    TickCount = 278046, SleepMilliseconds = 60000.
    TickCount = 278062, SleepMilliseconds = 60000.
    TickCount = 278093, SleepMilliseconds = 60000.
    TickCount = 278125, SleepMilliseconds = 60000.
    TickCount = 278203, SleepMilliseconds = 60000.
    TickCount = 278343, SleepMilliseconds = 60000.
    TickCount = 278500, SleepMilliseconds = 60000.
    TickCount = 278671, SleepMilliseconds = 60000.
    TickCount = 278703, SleepMilliseconds = 60000.
    TickCount = 278812, SleepMilliseconds = 60000.
    TickCount = 278828, SleepMilliseconds = 60000.
    TickCount = 278843, SleepMilliseconds = 60000.
    进程行为
    行为描述:创建本地线程
    详情信息:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2664, StartAddress = 792A741C, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2668, StartAddress = 791F59C0, Parameter = 001B01D0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2748, StartAddress = 77DC845A, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2752, StartAddress = 4AEA7456, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2756, StartAddress = 791F59C0, Parameter = 001D7568
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2760, StartAddress = 77E56C7D, Parameter = 001E7FF0
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2764, StartAddress = 769AE43B, Parameter = 001C8118
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2792, StartAddress = 6359727B, Parameter = 0028AA70
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2796, StartAddress = 6359727B, Parameter = 054BD9F8
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2800, StartAddress = 7C947EBB, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2804, StartAddress = 7C930230, Parameter = 00000000
    TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 3252, StartAddress = 792F7F68, Parameter = 00000000
    文件行为
    行为描述:创建文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\_system.ini
    C:\Documents and Settings\Administrator\Local Settings\Temp\st_bulletin_board_template1
    C:\Documents and Settings\Administrator\Local Settings\Temp\skyav.png
    C:\Documents and Settings\Administrator\Local Settings\Temp\st_html_bulletin1
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ok[1].jpg
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730\index.dat
    行为描述:覆盖已有文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    行为描述:查找文件
    详情信息:FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
    FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
    FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
    FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
    FileName = C:\Documents and Settings
    FileName = C:\Documents and Settings\Administrator
    FileName = C:\Documents and Settings\Administrator\Local Settings
    FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.INI
    FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
    FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
    FileName = C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
    FileName = C:\DOCUME~1
    FileName = C:\Documents and Settings\ADMINI~1
    行为描述:删除文件
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ok[1].jpg
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\index.dat
    行为描述:设置特殊文件夹属性
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Administrator\Local Settings\History
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
    C:\Documents and Settings\Administrator\Cookies
    C:\Documents and Settings\Administrator\IETldCache
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730
    行为描述:修改文件内容
    详情信息:C:\Documents and Settings\Administrator\Local Settings\Temp\_system.ini ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\st_bulletin_board_template1 ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\skyav.png ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\Temp\st_html_bulletin1 ---> Offset = 0
    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012017072920170730\index.dat ---> Offset = 0
    网络行为
    行为描述:连接指定站点
    详情信息:InternetConnectA: ServerName = sk****me, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    InternetConnectA: ServerName = sb****me, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    InternetConnectA: ServerName = ww****et, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    InternetConnectA: ServerName = 52****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
    行为描述:打开HTTP连接
    详情信息:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
    行为描述:建立到一个指定的套接字连接
    详情信息:IP: **.250.65.**:80, SOCKET = 0x00000310
    URL: sk****me, IP: **.133.40.**:80, SOCKET = 0x000005a4
    URL: sb****me, IP: **.133.40.**:80, SOCKET = 0x000005ac
    URL: ww****et, IP: **.133.40.**:80, SOCKET = 0x000005ac
    URL: 52****om, IP: **.133.40.**:80, SOCKET = 0x000005a8
    URL: sk****me, IP: **.133.40.**:80, SOCKET = 0x000005ac
    URL: 52****om, IP: **.133.40.**:80, SOCKET = 0x000005ac
    行为描述:读取网络文件
    详情信息:hFile = 0x00cc000c, BytesToRead =8192, BytesRead = 8192.
    行为描述:发送HTTP包
    详情信息:GET /m/text.html HTTP/1.1 Host: **.250.65.** Connection: Keep-Alive
    GET /resources/img/ok.jpg HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: sk****me Connection: Keep-Alive
    GET /images/ok.jpg HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****et Connection: Keep-Alive
    行为描述:打开HTTP请求
    详情信息:HttpOpenRequestA: sk****me:80/resources/img/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
    HttpOpenRequestA: sb****me:80/resources/img/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
    HttpOpenRequestA: ww****et:80/images/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
    HttpOpenRequestA: 52****om:80/images/ok.jpg, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
    行为描述:按名称获取主机地址
    详情信息:GetAddrInfoW: sk****me
    GetAddrInfoW: sb****me
    GetAddrInfoW: ww****et
    GetAddrInfoW: 52****om
    注册表行为
    行为描述:修改注册表
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CachePath
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CachePrefix
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CacheLimit
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CacheOptions
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017072920170730\CacheRepair
    行为描述:删除注册表键
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091220160913\
    行为描述:删除注册表键值
    详情信息:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
    \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
    其他行为
    行为描述:检测自身是否被调试
    详情信息:IsDebuggerPresent
    行为描述:创建互斥体
    详情信息:CTF.LBES.MutexDefaultS-*
    CTF.Compart.MutexDefaultS-*
    CTF.Asm.MutexDefaultS-*
    CTF.Layouts.MutexDefaultS-*
    CTF.TMD.MutexDefaultS-*
    CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
    RasPbFile
    Local\ZonesCounterMutex
    Local\ZoneAttributeCacheCounterMutex
    Local\ZonesCacheCounterMutex
    Local\ZonesLockedCacheCounterMutex
    Local\!PrivacIE!SharedMemory!Mutex
    Local\c:!documents and settings!administrator!ietldcache!
    MSCTF.Shared.MUTEX.IOH
    MSIMGSIZECacheMutex
    行为描述:创建事件对象
    详情信息:EventName = Global\CPFATE_2628_v4.0.30319
    EventName = DINPUTWINMM
    EventName = Global\userenv: User Profile setup event
    EventName = MSCTF.SendReceiveConection.Event.IEK.IC
    EventName = MSCTF.SendReceive.Event.IEK.IC
    行为描述:打开互斥体
    详情信息:ShimCacheMutex
    RasPbFile
    Local\WininetStartupMutex
    Local\_!MSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
    Local\c:!documents and settings!administrator!cookies!
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!
    Local\WininetConnectionMutex
    Local\WininetProxyRegistryMutex
    Local\!IETld!Mutex
    Local\c:!documents and settings!administrator!ietldcache!
    CtfmonInstMutexDefaultS-*
    _!SHMSFTHISTORY!_
    Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012017072920170730!
    行为描述:查找指定窗口
    详情信息:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
    NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
    NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
    NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
    行为描述:窗口信息
    详情信息:Pid = 2628, Hwnd=0x1034e, Text = Help, ClassName = WindowsForms10.BUTTON.app.0.2bf8098_r19_ad1.
    Pid = 2628, Hwnd=0x1034c, Text = 魔王在线发布工具, ClassName = WindowsForms10.Window.8.app.0.2bf8098_r19_ad1.
    行为描述:获取TickCount值
    详情信息:TickCount = 277968, SleepMilliseconds = 60000.
    TickCount = 278000, SleepMilliseconds = 60000.
    TickCount = 278031, SleepMilliseconds = 60000.
    TickCount = 278046, SleepMilliseconds = 60000.
    TickCount = 278062, SleepMilliseconds = 60000.
    TickCount = 278093, SleepMilliseconds = 60000.
    TickCount = 278125, SleepMilliseconds = 60000.
    TickCount = 278203, SleepMilliseconds = 60000.
    TickCount = 278343, SleepMilliseconds = 60000.
    TickCount = 278500, SleepMilliseconds = 60000.
    TickCount = 278671, SleepMilliseconds = 60000.
    TickCount = 278703, SleepMilliseconds = 60000.
    TickCount = 278812, SleepMilliseconds = 60000.
    TickCount = 278828, SleepMilliseconds = 60000.
    TickCount = 278843, SleepMilliseconds = 60000.
    行为描述:调整进程token权限
    详情信息:SE_LOAD_DRIVER_PRIVILEGE
    行为描述:打开事件
    详情信息:Global\CLR_PerfMon_StartEnumEvent
    \KernelObjects\LowMemoryCondition
    HookSwitchHookEnabledEvent
    Global\SvcctrlStartEvent_A3752DX
    \SECURITY\LSA_AUTHENTICATION_INITIALIZED
    MSFT.VSA.COM.DISABLE.2628
    MSFT.VSA.IEC.STATUS.6c736db0
    _fCanRegisterWithShellService
    CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
    CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
    MSCTF.SendReceive.Event.IOH.IC
    MSCTF.SendReceiveConection.Event.IOH.IC
    \INSTALLATION_SECURITY_HOLD
    行为描述:调用Sleep函数
    详情信息:[1]: MilliSeconds = 60000.
    [2]: MilliSeconds = 0.
    [3]: MilliSeconds = 250.
    [4]: MilliSeconds = 60000.
    [5]: MilliSeconds = -1.
    [6]: MilliSeconds = 20.
    行为描述:隐藏指定窗口
    详情信息:[Window,Class] = [,Shell Embedding]
    [Window,Class] = [,Internet Explorer_Server]
    行为描述:获取光标位置
    详情信息:CursorPos = (80,18468), SleepMilliseconds = 60000.
    CursorPos = (6373,26501), SleepMilliseconds = 60000.
    行为描述:直接获取CPU时钟
    详情信息:EAX = 0x73dbe4ae, EDX = 0x000000b4
    EAX = 0x73dbe4fa, EDX = 0x000000b4
    EAX = 0x812fb143, EDX = 0x000000b4
    EAX = 0x812fb18f, EDX = 0x000000b4
    EAX = 0x8ba54eb5, EDX = 0x000000b4
    EAX = 0x8ba54f01, EDX = 0x000000b4
    EAX = 0x8ba54f4d, EDX = 0x000000b4
    EAX = 0x8ba54f99, EDX = 0x000000b4
    EAX = 0xa0bbb98c, EDX = 0x000000b4
    EAX = 0xa0bbb9d8, EDX = 0x000000b4
    Activities
    活动名类型
    com.itxinke.doudizhu.MainActivityandroid.intent.action.MAIN
    com.itxinke.doudizhu.MainActivityandroid.intent.category.LAUNCHER
    危险函数
    函数名称信息
    HttpClient;->execute请求远程服务器
    TelephonyManager;->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
    ActivityManager;->restartPackage中断进程,可用于关闭杀软
    java/net/URL;->openConnection连接URL
    android/app/NotificationManager;->notify信息通知栏
    getRuntime获取命令行环境
    java/lang/Runtime;->exec执行字符串命令
    java/net/HttpURLConnection;->connect连接URL
    启动方式
    名称信息
    tom.tafasdfasfffdfffheji.iyxj.arrgd应用安装时启动服务
    tom.tafasdfasfffdfffheji.iyxj.arrgd网络连接改变时启动服务
    tom.tafasdfasfffdfffheji.iyxj.arrgd屏幕解锁启动服务
    tom.tafasdfasfffdfffheji.blfzz.tnbvq应用安装时启动服务
    tom.tafasdfasfffdfffheji.blfzz.tnbvq网络连接改变时启动服务
    tom.tafasdfasfffdfffheji.blfzz.tnbvq屏幕解锁启动服务
    权限列表
    许可名称信息
    android.permission.WAKE_LOCK手机屏幕关闭后后台进程仍运行
    android.permission.INTERNET连接网络(2G或3G)
    android.permission.READ_PHONE_STATE读取电话状态
    android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
    android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
    android.permission.ACCESS_WIFI_STATE读取wifi网络状态
    android.permission.SYSTEM_ALERT_WINDOW显示系统窗口
    android.permission.GET_TASKS获取有关当前或最近运行的任务信息
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS挂载、反挂载外部文件系统
    android.permission.KILL_BACKGROUND_PROCESSES关闭后台进程
    服务列表
    名称
    tom.tafasdfasfffdfffheji.iyxj.oryt
    tom.tafasdfasfffdfffheji.iyxj.bwrci
    tom.tafasdfasfffdfffheji.iyxj.elo
    tom.tafasdfasfffdfffheji.iyxj.fsh
    tom.tafasdfasfffdfffheji.iyxj.fmri
    tom.tafasdfasfffdfffheji.iyxj.tacu
    tom.tafasdfasfffdfffheji.blfzz.qhbaf
    tom.tafasdfasfffdfffheji.blfzz.jwzjc
    文件列表
    文件名 校验码
    META-INF/MANIFEST.MF 0x5679a97a
    META-INF/BBB.SF 0xec925cba
    META-INF/BBB.RSA 0x4d300bd4
    assets/audio/back.mp3 0xf6cc350d
    assets/audio/fapai.ogg 0x6ee0f85c
    assets/audio/female_bomb.ogg 0x7ccb4754
    assets/audio/female_call0.ogg 0xc24a7091
    assets/audio/female_call1.ogg 0xf06b0432
    assets/audio/female_call2.ogg 0x2c82c77a
    assets/audio/female_call3.ogg 0x82ac959
    assets/audio/female_list.ogg 0xf9e28b90
    assets/audio/female_pass.ogg 0xbe34630c
    assets/audio/female_rocket.ogg 0xb491f401
    assets/audio/lose.ogg 0x7617a3a3
    assets/audio/man_bomb.ogg 0x1c88e3c0
    assets/audio/man_call0.ogg 0x624b985c
    assets/audio/man_call1.ogg 0x19355bf7
    assets/audio/man_call2.ogg 0x95f2b7ef
    assets/audio/man_call3.ogg 0x83902a37
    assets/audio/man_list.ogg 0x488bab4f
    assets/audio/man_pass.ogg 0xd7fe1a61
    assets/audio/man_rocket.ogg 0xca213890
    assets/audio/win.ogg 0x799eabbb
    assets/font/font.ttf 0x2a0bab79
    assets/gfx/back.png 0xa3c7408e
    assets/gfx/backbig.png 0xc287dfaa
    assets/gfx/backmiddle.png 0xaa69691e
    assets/gfx/bg0.jpg 0xaa253052
    assets/gfx/bg1.jpg 0x3f7e429e
    assets/gfx/bg2.jpg 0xadd9dd60
    assets/gfx/bg3.jpg 0xddfec9c4
    assets/gfx/boss.png 0xa34f75ac
    assets/gfx/button0.png 0x58e9e6cb
    assets/gfx/button1.png 0xe8a36719
    assets/gfx/button2.png 0x8950ba7c
    assets/gfx/button3.png 0x1d220efd
    assets/gfx/button4.png 0x6c281a0d
    assets/gfx/button5.png 0xd66018c6
    assets/gfx/button6.png 0x4a99a5bf
    assets/gfx/difen.png 0x6e54e36f
    assets/gfx/effectoff.png 0x33999961
    assets/gfx/effecton.png 0x498f2b19
    assets/gfx/gameover.png 0x7d6bf109
    assets/gfx/musicoff.png 0x5a0aa19f
    assets/gfx/musicon.png 0x15bf9698
    assets/gfx/num.png 0x7aac1951
    assets/gfx/player0.png 0xe25fb971
    assets/gfx/player1.png 0x3569a6d4
    assets/gfx/player2.png 0x83d28e84
    assets/gfx/playerlevel.png 0x8b070f09
    assets/gfx/poke0.png 0xb1f79a5d
    assets/gfx/poke1.png 0xa5b280a4
    assets/gfx/poke10.png 0xda283ee8
    assets/gfx/poke11.png 0xa6403e4f
    assets/gfx/poke12.png 0xe2c0237e
    assets/gfx/poke13.png 0xe414815e
    assets/gfx/poke14.png 0xfb17d03c
    assets/gfx/poke15.png 0xd2e46026
    assets/gfx/poke16.png 0x24a2429e
    assets/gfx/poke17.png 0x5ec0be11
    assets/gfx/poke18.png 0x94611528
    assets/gfx/poke19.png 0x5756fa37
    assets/gfx/poke2.png 0x26938819
    assets/gfx/poke20.png 0x2b10ad85
    assets/gfx/poke21.png 0xb6b6c543
    assets/gfx/poke22.png 0x4449f249
    assets/gfx/poke23.png 0xeb7d29fa
    assets/gfx/poke24.png 0x30597aa2
    assets/gfx/poke25.png 0xe3574ded
    assets/gfx/poke26.png 0x632b12c0
    assets/gfx/poke27.png 0xb2c1d309
    assets/gfx/poke28.png 0x23efebf4
    assets/gfx/poke29.png 0x975279ce
    assets/gfx/poke3.png 0xb968aade
    assets/gfx/poke30.png 0x415f9ed1
    assets/gfx/poke31.png 0x2f4d9abc
    assets/gfx/poke32.png 0xa46c83fb
    assets/gfx/poke33.png 0x29497dba
    assets/gfx/poke34.png 0xb74e4c0c
    assets/gfx/poke35.png 0xff428c8a
    assets/gfx/poke36.png 0x8cca9d0e
    assets/gfx/poke37.png 0xf6505a31
    assets/gfx/poke38.png 0x96ccde63
    assets/gfx/poke39.png 0x606def84
    assets/gfx/poke4.png 0x526ba4b7
    assets/gfx/poke40.png 0xf3c3c2ba
    assets/gfx/poke41.png 0xc63368ba
    assets/gfx/poke42.png 0x3afcd1fa
    assets/gfx/poke43.png 0x3f16580
    assets/gfx/poke44.png 0x4ced60f7
    assets/gfx/poke45.png 0xe54655a8
    assets/gfx/poke46.png 0x5daeb4bd
    assets/gfx/poke47.png 0x2f137204
    assets/gfx/poke48.png 0x88306cc5
    assets/gfx/poke49.png 0xde568fa0
    assets/gfx/poke5.png 0x4733b14e
    assets/gfx/poke50.png 0x751de30e
    assets/gfx/poke51.png 0x677ea166
    assets/gfx/poke52.png 0xb53fe039
    assets/gfx/poke53.png 0xfb431580
    assets/gfx/poke6.png 0x404d43b9
    assets/gfx/poke7.png 0x117065be
    assets/gfx/poke8.png 0xc7c583a
    assets/gfx/poke9.png 0x5f2dc24f
    assets/gfx/pokeback.png 0xaa69691e
    assets/gfx/reset.png 0xa3126ef4
    assets/gyil 0xb89e85f7
    assets/ief 0xbb68bbf0
    assets/java_test.zip 0xf60f1bb7
    lib/armeabi/libxmp.so 0x9e3c8f1
    res/drawable-hdpi/icon.png 0xa94381fe
    res/drawable-ldpi/icon.png 0xa94381fe
    res/drawable-mdpi/icon.png 0xa94381fe
    res/drawable-mdpi/loading.png 0x827b6420
    res/drawable-mdpi/mainbg.jpg 0xce09163a
    res/drawable-mdpi/more.png 0xcc53c310
    res/drawable-mdpi/more_down.png 0x1760fcb1
    res/drawable-mdpi/morebutton.xml 0x4c8580c2
    res/drawable-mdpi/musicon_down.png 0x8293282b
    res/drawable-mdpi/setbutton.xml 0x58f8949f
    res/drawable-mdpi/start.png 0x4fbc7670
    res/drawable-mdpi/start_down.png 0xaec135ba
    res/drawable-mdpi/startbutton.xml 0xf84a36f4
    res/drawable-mdpi/theme.png 0x545e04de
    res/drawable-mdpi/theme_down.png 0xf9040aea
    res/drawable-nodpi/base_button.xml 0xb27999e9
    res/drawable-nodpi/button_bg.png 0x1c20da42
    res/drawable-nodpi/button_color.xml 0x24082139
    res/drawable-nodpi/button_color2.xml 0xc845a7d1
    res/drawable-nodpi/buttoncrush.png 0xc9da5a60
    res/drawable-nodpi/exit_bg.xml 0xc8fc1d8f
    res/drawable-nodpi/fivestar.png 0x66e02db7
    res/drawable-nodpi/fruitbreak.png 0xc8cdf6e9
    res/drawable-nodpi/fruitcrush.png 0xa8f786af
    res/drawable-nodpi/fruitmania.png 0x7de82437
    res/drawable-nodpi/fruitmania2.png 0x7b5aaa5a
    res/drawable-nodpi/item_bg.png 0xd94bcb99
    res/drawable-nodpi/jewelmatch2.png 0x33112302
    res/drawable-nodpi/jewelmatch3.png 0x1679eb2c
    res/drawable-nodpi/jewelquest2.png 0xc5d43862
    res/drawable-nodpi/jewelquest3.png 0x40431d09
    res/drawable-nodpi/jewelquest4.png 0xf8e77e72
    res/drawable-nodpi/jewelquest5.png 0x8619275
    res/drawable-nodpi/jewelsquest.png 0xbffd0fd8
    res/drawable-nodpi/traffic.png 0x63d1b5c3
    res/layout/game.xml 0x36da38d7
    res/layout/main.xml 0x189f1022
    res/layout-nodpi/exit_dialog.xml 0x418a798a
    res/layout-nodpi/list_item.xml 0x2343fec7
    AndroidManifest.xml 0x541097aa
    classes.dex 0x324d9e6e
    resources.arsc 0xe0c70a6d
    运行截图
    VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号