VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

File Name :11.apk (File not down)
File Size :1712813 byte
File Type : Zip archive data
MD5:0f778e4a1fd7121cc6f66374f337fbdf
SHA1:e4c69871f33ad77216c09de38b16e3cb100a1f93
SHA256:b5b509459f1296ddcd50821b2c65feb7cbddef69ce64270ae6ec70b7c7d13e59
SSDEEP:49152:PCgVU3RU9UjKACCRnCZIj6bzwHVcOAhG6uqITs5E:PCgVUKCPnn2PwHVclIoq
Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2015-10-10 17:21:49 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 3.0 1970-01-01 Found nothing 5
asquared 9.0.0.4324 9.0.0.4324 2014-07-03 Found nothing 1
avast 150725-1 4.7.4 2015-07-25 Found nothing 0
avg 2109/8133 10.0.1405 2014-11-26 Found nothing 0
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 7
baidusd 1.0 1.0 2014-04-02 Found nothing 1
bitdefender 7.58469 7.90123 2014-12-25 Found nothing 0
clamav 19861 0.97.5 2014-12-31 Found nothing 0
drweb 5.0.2.3300 5.0.1.1 2014-12-31 Found nothing 0
fortinet 23.345, 23.345 5.1.158 2014-12-08 Found nothing 0
fprot 4.6.2.117 6.5.1.5418 2014-12-31 Found nothing 0
fsecure 2014-04-02-01 9.13 2014-04-02 Found nothing 0
gdata 25.3799 25.3799 2015-10-09 Found nothing 9
ikarus 1.06.01 V1.32.31.0 2014-12-08 Found nothing 0
jiangmin 16.0.100 1.0.0.0 2015-07-25 Found nothing 41
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 0
kingsoft 2.1 2.1 2013-09-22 Found nothing 12
mcafee 7638 5400.1158 2014-11-30 Found nothing 0
nod32 0920 3.0.21 2014-12-23 Found nothing 0
panda 9.05.01 9.05.01 2015-07-26 Found nothing 4
pcc 11.380.07 9.500-1005 2014-12-31 Found nothing 0
qh360 1.0.1 1.0.1 1.0.1 Found nothing 2
qqphone 1.0.0.0 1.0.0.0 2014-12-09 Found nothing 0
quickheal 14.00 14.00 2015-07-25 Found nothing 3
rising 25.76.04.01 25.76.04.01 2015-07-24 Found nothing 1
sophos 5.08 3.55.0 2014-12-01 Found nothing 0
symantec 20141230.001 1.3.0.24 2014-12-30 Found nothing 0
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 4
thehacker 6.8.0.5 6.8.0.5 2015-07-23 Found nothing 1
tws 17.47.17308 1.0.2.2108 2014-12-08 Found nothing 12
vba 3.12.26.3 3.12.26.3 2014-12-31 Found nothing 0
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 0
权限列表
许可名称 信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.INTERNET 连接网络(2G或3G)
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SEND_SMS 发送短信
文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:0f778e4a1fd7121cc6f66374f337fbdf
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:Android 4.0.3, 4.0.4
版权:Android
关键行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (000004FC-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_4fc
Isolation Process Registry (BC624BE3-4B12-11E5-91BE-000000000000)
Isolation Signal Registry (BC624BE3-4B12-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!1276
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<1276>
AtlDebugAllocator_FileMappingNameStatic3_4fc
DfRoot0003D4D27
DfRoot0003D5D40
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.EMF..KHAHH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101020151011
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
进程行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (000004FC-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_4fc
Isolation Process Registry (BC624BE3-4B12-11E5-91BE-000000000000)
Isolation Signal Registry (BC624BE3-4B12-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!1276
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<1276>
AtlDebugAllocator_FileMappingNameStatic3_4fc
DfRoot0003D4D27
DfRoot0003D5D40
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.EMF..KHAHH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101020151011
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
文件行为
VirSCANVirSCAN
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Internet Explorer Immutable Application State (000004FC-0000-0000-0000-000000000000)
CiceroSharedMemDefaultS-*
ie_lcie_LogonMedium
ie_lcie_main_4fc
Isolation Process Registry (BC624BE3-4B12-11E5-91BE-000000000000)
Isolation Signal Registry (BC624BE3-4B12-11E5-91BE-000000000000, 0)
Local\IEFrame!GetAsyncKeyStateSharedMem!1276
Local\UrlZonesSM_Administrator
ie_lcie_ConnHashTable<1276>
AtlDebugAllocator_FileMappingNameStatic3_4fc
DfRoot0003D4D27
DfRoot0003D5D40
Local\Feed Eventing Shared Memory S-*
MSCTF.MarshalInterface.FileMap.EMF..KHAHH
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101020151011
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015101020151011\index.dat---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]---> Offset = 0
行为描述: 查找文件
详情信息: FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Program Files\Common Files\Adobe\Acrobat
FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1444416682.463647.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1444416682.467149.exe_7zdump\newtab.html
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://110.110.110.110:80/wpad.dat hInternet = 0x000004a4
InternetOpenUrlA: http://110.110.110.110:80/wpad.dat hInternet = 0x0000066c
行为描述: 下载文件
详情信息: URLDownloadToFileW: http://www.live.com/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
URLDownloadToFileW: https://go.microsoft.com/fwlink/?LinkId=141260 ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno4.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno4.tmp
行为描述: 读取网络文件
详情信息: hFile = 0x000004a4, BytesToRead =4010, BytesRead = 4010.
hFile = 0x0000066c, BytesToRead =4010, BytesRead = 4010.
行为描述: 按名称获取主机地址
详情信息: computer
wpad
www.yixun.com
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{BC624BE6-4B12-11E5-91BE-000000000000}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101020151011\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101020151011\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101020151011\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101020151011\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015101020151011\CacheRepair
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082520150826
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!BrowserEmulation!SharedMemory!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
ConnHashTable<1276>_HashTable_Mutex
oleacc-msaa-loaded
Local\ZonesCounterMutex
Local\RSS Eventing Connection Database Mutex 000004fc
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
危险行为
VirSCANVirSCAN
行为描述: 执行系统命令
详情信息: [u'getprop ro.product.cpu.abi']
[u'getprop ro.product.cpu.abi']
行为描述: 发送短信
详情信息: number:18209206347 data:message:有人正在使用红包软件
动态列表行为
VirSCANVirSCAN
行为描述: 传递附加信息
详情信息: android.app.extra.DEVICE_ADMIN:ComponentInfo{com.koukou.aiyuqing/com.koukou.aiyuqing.MyAdmin}
android.app.extra.ADD_EXPLANATION:------ 请激活设备管理器,作者 QQ2395414390------
行为描述: Toast->makeText弹出提示
详情信息: text:QQ2395414390 duration:0
text:我是寇寇 duration:0
行为描述: 读取文件
详情信息: path:unknown length:17
path:/data/data/com.koukou.aiyuqing/local/nagain.jar length:9
path:/data/data/com.koukou.aiyuqing/local/nagain.jar length:23
path:/data/data/com.koukou.aiyuqing/local/nagain.jar length:69
行为描述: 加载链接库文件
详情信息: /data/data/com.koukou.aiyuqing/lib/libddog.so
/data/data/com.koukou.aiyuqing/lib/libfdog.so
行为描述: 内存加载dex
详情信息: /data/data/com.koukou.aiyuqing/local/nagain.dex
/data/data/com.koukou.aiyuqing/.cache/encode.dex
行为描述: 内存加载jar
详情信息: /data/data/com.koukou.aiyuqing/local/nagain.jar
行为描述: 类加载
详情信息: path:/data/data/com.koukou.aiyuqing/local/nagain.jar
行为描述: 添加悬浮窗口
详情信息: [u'android.widget.TextView@41533190', u'WM.LayoutParams{(600,-600)(200x200) ty=2010 fl=#28 fmt=1}', u'android.view.CompatibilityInfoHolder@414afa68']
行为描述: 执行系统命令
详情信息: [u'getprop ro.product.cpu.abi']
[u'getprop ro.product.cpu.abi']
行为描述: 缓冲区读取一行数据
详情信息: armeabi-v7a
armeabi-v7a
行为描述: 发送短信
详情信息: number:18209206347 data:message:有人正在使用红包软件
行为描述: 写入文件
详情信息: path:/data/data/com.koukou.aiyuqing/.cache/nagain.secr length:65
path:/data/data/com.koukou.aiyuqing/.cache/datarc length:69
path:/data/data/com.koukou.aiyuqing/.cache/datarc length:69
path:/data/data/com.koukou.aiyuqing/.cache/datarc length:69
path:/data/data/com.koukou.aiyuqing/.cache/datarc length:69
path:/data/data/com.koukou.aiyuqing/.cache/datarc length:69
path:/data/data/com.koukou.aiyuqing/.cache/datarc length:69
path:/data/data/com.koukou.aiyuqing/.cache/datarc length:69
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:65
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:69
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:63
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:69
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:66
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:66
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:68
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:64
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:64
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:63
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:69
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:66
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:65
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:66
path:/data/data/com.koukou.aiyuqing/.cache/encode.dex length:67
path:/data/data/com.koukou.aiyuqing/local/nagain.jar length:69
行为描述: 调用Intent的setAction
详情信息: [u'android.app.action.ADD_DEVICE_ADMIN']
行为描述: 重置密码
详情信息: [u'0224', u'0']
行为描述: 添加View
详情信息: [u'android.widget.TextView@41533190', u'WM.LayoutParams{(600,-600)(200x200) ty=2010 fl=#28 fmt=1}', u'android.view.CompatibilityInfoHolder@414afa68']
[u'com.android.internal.policy.impl.PhoneWindow$DecorView@415276e8', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#5810100 pfl=0x8 wanim=0x103028f}', u'android.view.CompatibilityInfoHolder@414afa68']
[u'android.widget.LinearLayout@41541aa8', u'WM.LayoutParams{(0,128)(wrapxwrap) gr=#51 ty=2005 fl=#98 fmt=-3 wanim=0x1030004}']
[u'android.widget.LinearLayout@41510da0', u'WM.LayoutParams{(0,128)(wrapxwrap) gr=#51 ty=2005 fl=#98 fmt=-3 wanim=0x1030004}']
行为描述: 激活Activity
详情信息: {"ACTION":"android.app.action.ADD_DEVICE_ADMIN","FLAG":0,"EXTRAS":{"android.app.extra.DEVICE_ADMIN":"ComponentInfo{com.koukou.aiyuqing\/com.koukou.aiyuqing.MyAdmin}","android.app.extra.ADD_EXPLANATION":"------ 请激活设备管理器,作者 QQ2395414390------"}}
行为描述: 发出状态栏通知
详情信息: [u'1', u'Notification(pri=0 contentView=com.koukou.aiyuqing/0x1090071 vibrate=null sound=null defaults=0x0 flags=0x0 kind=[null])']
[u'1', u'Notification(pri=0 contentView=com.koukou.aiyuqing/0x1090071 vibrate=null sound=null defaults=0x0 flags=0x0 kind=[null])']
行为描述: 初始化Intent
详情信息: []
[u'android.os.Parcel@414ad240']
[u'android.os.Parcel@414ad240']
Activities
VirSCANVirSCAN
活动名 类型
.MainActivity android.intent.action.MAIN
.MainActivity android.intent.category.LAUNCHER
危险函数
VirSCANVirSCAN
函数名称 信息
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
权限列表
VirSCANVirSCAN
许可名称 信息
android.permission.SYSTEM_ALERT_WINDOW 显示系统窗口
android.permission.INTERNET 连接网络(2G或3G)
android.permission.BROADCAST_STICKY 发送持久广播
android.permission.GET_TASKS 获取有关当前或最近运行的任务信息
android.permission.SEND_SMS 发送短信
文件列表
VirSCANVirSCAN
文件名 校验码
res/drawable-hdpi/ic_launcher.png 0x310a535d
res/drawable-mdpi/ic_launcher.png 0x310a535d
res/drawable-xhdpi/ic_launcher.png 0x310a535d
res/drawable-xxhdpi/ic_launcher.png 0x310a535d
res/drawable/image_1.png 0x90a1d802
res/drawable/image_2.png 0x3ab32568
res/drawable/image_3.png 0xd9b3816
res/layout/activity_main.xml 0xdb96d885
res/menu/main.xml 0x713f5216
res/xml/my_admin.xml 0x980762b3
resources.arsc 0xfb16c187
classes.dex 0xb2ce5d1
AndroidManifest.xml 0x2fda5703
assets/encode.dex 0x16aa9727
assets/nagain.jar 0x576a85f9
assets/nagain.secr 0x6d9e050e
assets/datarc 0x7564fd77
lib/armeabi/libddog.so 0x5292f4cb
lib/armeabi/libddog-x86.so 0x1744de8f
lib/armeabi/libfdog.so 0x61f23f90
lib/armeabi/libfdog-x86.so 0xfa5d57ac
META-INF/MANIFEST.MF 0xef1dd0
META-INF/CERT.SF 0x809b79c0
META-INF/CERT.RSA 0x86f07126
运行截图
VirSCANVirSCAN
VirSCAN