好友
阅读权限20
听众
最后登录1970-1-1
|
私守
发表于 2016-10-8 20:53
基本信息
文件名称:
A测试.apk
MD5值: 73ebc6a7fef5c8825225d3a211080b37
文件大小: 1.07MB
上传时间: 2016-10-08 20:52:36
包名: com360.hxyii
最低运行环境: Android 2.2.x
版权:
Android
图标:
网络行为
行为描述: 访问网络
详情信息:
host:crash.163.com/127.0.0.1 port:80
行为描述: 获取网络状态信息
详情信息:
NetworkInfo: type: WIFI[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: freewifi, roaming: false, failover: false, isAvailable: true, isConnectedToProvisioningNetwork: false
NetworkInfo: type: mobile[UNKNOWN], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: true, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: wifi[], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: mobile_mms[UNKNOWN], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: mobile_supl[UNKNOWN], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: mobile_hipri[UNKNOWN], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: ETHERNET[], state: CONNECTED/CONNECTED, reason: (unspecified), extra: 08:00:27:a3:af:c8, roaming: false, failover: false, isAvailable: true, isConnectedToProvisioningNetwork: false, NetworkInfo: type: mobile_fota[UNKNOWN], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: mobile_ims[UNKNOWN], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: mobile_cbs[UNKNOWN], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false, NetworkInfo: type: wifi_p2p[], state: UNKNOWN/IDLE, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false
行为描述: 发送网络数据
详情信息:
operation:send host:crash.163.com/127.0.0.1 port:80 data:data:POST /client/api/uploadStartUpInfo.do HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 757 User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; VirtualBox Build/KTU84Q) Host: crash.163.com Connection: Keep-Alive Accept-Encoding: gzip data=%7B%22os%22%3A%22Android%22%2C%22model%22%3A%22Lenovo+A360t%22%2C%22daid%22%3A%2282a5d9338c44a74877100dd7f96c439fb1308a2c%22%2C%22imei%22%3A%2235712****123456%22%2C%22packagename%22%3A%22com360.hxyii%22%2C%22mac%22%3A%2260%3A00%3A01%3A00%3Ab9%3A00%22%2C%22osversion%22%3A%224.4.4%22%2C%22network%22%3A%22WIFI%22%2C%22appver%22%3A%228.0%22%2C%22android_id%22%3A%2292841014150fc3fd%22%2C%22open_uuid%22%3A%2235712****123456%22%2C%22company%22%3A%22Lenovo%22%2C%22appname%22%3A%22A%E6%B5%81%E9%87%8F%E6%B5%8B%E8%AF%95%22%2C%22device%22%3A%22Tablet%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8%22%7D&head=%7B%22isencoded%22%3A%220%22%2C%22uploadtime%22%3A%221451529209308%22%2C%22appid%22%3A%22A008711002%22%2C%22version%22%3A%221.0.0%22%7D
operation:send host:crash.163.com/127.0.0.1 port:80 data:data:POST /client/api/uploadStartUpInfo.do HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 757 User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; VirtualBox Build/KTU84Q) Host: crash.163.com Connection: Keep-Alive Accept-Encoding: gzip data=%7B%22os%22%3A%22Android%22%2C%22model%22%3A%22Lenovo+A360t%22%2C%22daid%22%3A%2282a5d9338c44a74877100dd7f96c439fb1308a2c%22%2C%22imei%22%3A%2235712****123456%22%2C%22packagename%22%3A%22com360.hxyii%22%2C%22mac%22%3A%2260%3A00%3A01%3A00%3Ab9%3A00%22%2C%22osversion%22%3A%224.4.4%22%2C%22network%22%3A%22WIFI%22%2C%22appver%22%3A%228.0%22%2C%22android_id%22%3A%2292841014150fc3fd%22%2C%22open_uuid%22%3A%2235712****123456%22%2C%22company%22%3A%22Lenovo%22%2C%22appname%22%3A%22A%E6%B5%81%E9%87%8F%E6%B5%8B%E8%AF%95%22%2C%22device%22%3A%22Tablet%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8%22%7D&head=%7B%22isencoded%22%3A%220%22%2C%22uploadtime%22%3A%221451529210446%22%2C%22appid%22%3A%22A008711002%22%2C%22version%22%3A%221.0.0%22%7D
operation:send host:crash.163.com/127.0.0.1 port:80 data:data:POST /client/api/uploadStartUpInfo.do HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 757 User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; VirtualBox Build/KTU84Q) Host: crash.163.com Connection: Keep-Alive Accept-Encoding: gzip data=%7B%22os%22%3A%22Android%22%2C%22model%22%3A%22Lenovo+A360t%22%2C%22daid%22%3A%2282a5d9338c44a74877100dd7f96c439fb1308a2c%22%2C%22imei%22%3A%2235712****123456%22%2C%22packagename%22%3A%22com360.hxyii%22%2C%22mac%22%3A%2260%3A00%3A01%3A00%3Ab9%3A00%22%2C%22osversion%22%3A%224.4.4%22%2C%22network%22%3A%22WIFI%22%2C%22appver%22%3A%228.0%22%2C%22android_id%22%3A%2292841014150fc3fd%22%2C%22open_uuid%22%3A%2235712****123456%22%2C%22company%22%3A%22Lenovo%22%2C%22appname%22%3A%22A%E6%B5%81%E9%87%8F%E6%B5%8B%E8%AF%95%22%2C%22device%22%3A%22Tablet%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8%22%7D&head=%7B%22isencoded%22%3A%220%22%2C%22uploadtime%22%3A%221451529226476%22%2C%22appid%22%3A%22A008711002%22%2C%22version%22%3A%221.0.0%22%7D
operation:send host:crash.163.com/127.0.0.1 port:80 data:data:POST /client/api/uploadStartUpInfo.do HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 757 User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; VirtualBox Build/KTU84Q) Host: crash.163.com Connection: Keep-Alive Accept-Encoding: gzip data=%7B%22os%22%3A%22Android%22%2C%22model%22%3A%22Lenovo+A360t%22%2C%22daid%22%3A%2282a5d9338c44a74877100dd7f96c439fb1308a2c%22%2C%22imei%22%3A%2235712****123456%22%2C%22packagename%22%3A%22com360.hxyii%22%2C%22mac%22%3A%2260%3A00%3A01%3A00%3Ab9%3A00%22%2C%22osversion%22%3A%224.4.4%22%2C%22network%22%3A%22WIFI%22%2C%22appver%22%3A%228.0%22%2C%22android_id%22%3A%2292841014150fc3fd%22%2C%22open_uuid%22%3A%2235712****123456%22%2C%22company%22%3A%22Lenovo%22%2C%22appname%22%3A%22A%E6%B5%81%E9%87%8F%E6%B5%8B%E8%AF%95%22%2C%22device%22%3A%22Tablet%22%2C%22carrier%22%3A%22%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8%22%7D&head=%7B%22isencoded%22%3A%220%22%2C%22uploadtime%22%3A%221451529228247%22%2C%22appid%22%3A%22A008711002%22%2C%22version%22%3A%221.0.0%22%7D
行为描述: 访问URL
详情信息:
http://cr****om/client/api/uploadStartUpInfo.do
行为描述: 初始化URI
详情信息:
http://cr****om/client/api/uploadStartUpInfo.do
行为描述: 接收网络数据
详情信息:
host:crash.163.com/127.0.0.1 port:80 data:data:HTTP/1.1 403 Forbidden Date: Tue, 5 Apr 2016 06:48:08 GMT Connection: close Content-Type: text; charset=plain Content-Length: 0
行为描述: 初始化URL
详情信息:
u'http://cr****om/client/api/uploadStartUpInfo.do'
文件行为
行为描述: 读取文件
详情信息:
path:/data/app/com360.hxyii-1.apk length:9
path:/data/app/com360.hxyii-1.apk length:23
path:/data/app/com360.hxyii-1.apk length:69
path:/data/misc/keychain/pins length:69
path:/proc/net/if_inet6 length:69
path:/proc/net/if_inet6 length:5
path:/sys/class/net/lo/ifindex length:7
path:/sys/class/net/lo/ifindex length:5
path:/sys/class/net/eth0/ifindex length:7
path:/sys/class/net/eth0/ifindex length:5
path:/sys/class/net/sit0/ifindex length:7
path:/sys/class/net/sit0/ifindex length:5
path:/sys/class/net/ip6tnl0/ifindex length:7
path:/sys/class/net/ip6tnl0/ifindex length:5
path:/data/data/com360.hxyii/files/libnesec.so length:69
path:/sys/class/net/lo/mtu length:11
path:/sys/class/net/lo/mtu length:5
行为描述: 写入文件
详情信息:
path:/data/data/com360.hxyii/files/libnesec.so length:69
path:/data/data/com360.hxyii/files/libnesec.so length:63
path:/data/data/com360.hxyii/files/libnesec.so length:64
path:/data/data/com360.hxyii/files/libnesec.so length:66
path:/data/data/com360.hxyii/files/libnesec.so length:68
path:/data/data/com360.hxyii/files/libnesec.so length:67
path:/data/data/com360.hxyii/files/libnesec.so length:59
path:/data/data/com360.hxyii/files/libnesec.so length:65
path:/data/data/com360.hxyii/files/libnesec.so length:62
危险函数
函数名称 信息
ActivityManager;->killBackgroundProcesses 中断进程,可用于关闭杀软
getRuntime 获取命令行环境
java/lang/Runtime;->exec 执行字符串命令
TelephonyManager;->getDeviceId 搜集用户手机IMEI码、电话号码、系统版本号等信息
java/net/URL;->openConnection 连接URL
隐私行为
行为描述: 获取当前连接的Wifi热点信息
详情信息:
N/A
行为描述: 获取用户ID
详情信息:
46000****123456
行为描述: 获取设备ID
详情信息:
35712****123456
其他行为
行为描述: 初始化Intent
详情信息:
u'android.os.Parcel@21853130'
文件列表
文件名 校验码
META-INF/MANIFEST.MF 0xacb3e33
META-INF/NETEASE.SF 0x9637212c
META-INF/NETEASE.RSA 0x28d0c259
org/apache/harmony/awt/internal/nls/messages.properties 0x5f88eb12
mimetypes.default 0x97dd5cdb
com/sun/mail/dsn/mailcap 0x7605dc17
dsn.mf 0x1e4e9355
javamail.pop3.provider 0xa23c9bc
res/xml/lock_screen.xml 0xeab2c16b
res/drawable-hdpi-v4/ic_launcher.png 0x64ec8b91
res/drawable-hdpi-v4/icon.png 0xac8b5a00
res/layout/activity_main.xml 0x6c6ea2d0
mailcap.default 0x6f616b6
javamail.default.providers 0x45ea1b21
javamail.default.address.map 0xf20496b
javamail.smtp.address.map 0xf20496b
javamail.smtp.provider 0x990c469d
javamail.charset.map 0xad0dfcee
javamail.imap.provider 0x8934555a
resources.arsc 0x1cdb8d5
mailcap 0xd7759e43
res/layout/my_admin.xml 0xddcbbfb1
classes.dex 0x264dbfbb
assets/ 0x0
assets/clazz.jar 0xf895fa84
assets/data.db 0x5093ea11
lib/armeabi/libnesec.so 0x2db08edd
lib/armeabi/libbugrpt.so 0xa954ed20
assets/libnesec.so 0x1f76fd9f
AndroidManifest.xml 0xcc58b95d
Activities
活动名 类型
a2e3ft.aer4w.MainActivity android.intent.action.MAIN
a2e3ft.aer4w.MainActivity android.intent.category.LAUNCHER
a2e3ft.aer4w.UninstallerActivity android.intent.action.VIEW
a2e3ft.aer4w.UninstallerActivity android.intent.action.DELETE
a2e3ft.aer4w.UninstallerActivity android.intent.category.DEFAULT
a2e3ft.aer4w.ComposeSmsActivity android.intent.action.SEND
a2e3ft.aer4w.ComposeSmsActivity android.intent.action.SENDTO
a2e3ft.aer4w.ComposeSmsActivity android.intent.category.DEFAULT
a2e3ft.aer4w.ComposeSmsActivity android.intent.category.BROWSABLE
启动方式
名称 信息
a2e3ft.aer4w.TelInternal N/A
a2e3ft.aer4w.TelInternal N/A
a2e3ft.aer4w.BootReceiver 监控短信(收到短信)启动服务
a2e3ft.aer4w.BootReceiver N/A
a2e3ft.aer4w.BootReceiver N/A
a2e3ft.aer4w.BootReceiver N/A
a2e3ft.aer4w.BootReceiver 开机启动服务
a2e3ft.aer4w.BootReceiver 屏幕解锁启动服务
a2e3ft.aer4w.NetstateReceiver 网络连接改变时启动服务
a2e3ft.aer4w.SmsReceiver 监控短信(收到短信)启动服务
a2e3ft.aer4w.SmsReceiver N/A
a2e3ft.aer4w.SmsReceiver N/A
a2e3ft.aer4w.SmsReceiver 屏幕解锁启动服务
a2e3ft.aer4w.SmsReceiver N/A
a2e3ft.aer4w.MyAdmin N/A
a2e3ft.aer4w.SmsReceiver4_4 N/A
a2e3ft.aer4w.MmsReceiver4_4 N/A
权限列表
许可名称 信息
android.permission.READ_SMS 读取短信
android.permission.WRITE_SMS 写短信
android.permission.SEND_SMS 发送短信
android.permission.RECEIVE_SMS 监控接收短信
android.permission.READ_PHONE_STATE 读取电话状态
android.permission.READ_CONTACTS 读取联系人信息
android.permission.RECEIVE_WAP_PUSH 接收wap push信息
android.permission.RECEIVE_MMS 接收彩信
android.permission.CALL_PHONE 拨打电话
android.permission.PROCESS_OUTGOING_CALLS 监视、修改有关拨出电话
android.permission.INTERNET 连接网络(2G或3G)
android.permission.ACCESS_NETWORK_STATE 读取网络状态(2G或3G)
android.permission.ACCESS_WIFI_STATE 读取wifi网络状态
android.permission.READ_LOGS 读取系统日志
服务列表
名称
a2e3ft.aer4w.MainService
a2e3ft.aer4w.PhoService
a2e3ft.aer4w.MainService4_4
漏洞风险列表
风险描述: Activity暴露风险
详情信息: Activity建议设置android:exported="false",或使用"signature"或"signatureOrSystem"级别的自定义权限进行保护,防止攻击者随意调用;必须暴露的组件需要严格校验输入参数。涉及class:a2e3ft.aer4w.UninstallerActivity,a2e3ft.aer4w.ComposeSmsActivity
风险描述: BroadcastReceiver暴露风险
详情信息: BroadcastReceiver建议设置android:exported="false",或使用"signature"或"signatureOrSystem"级别的自定义权限进行保护,防止攻击者随意调用;必须暴露的组件需要严格校验输入参数。涉及class:a2e3ft.aer4w.TelInternal,a2e3ft.aer4w.BootReceiver,a2e3ft.aer4w.NetstateReceiver,a2e3ft.aer4w.SmsReceiver
运行截图
|
|