分析类型 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|
文件 (apk) | 2020-08-10 23:21:21 | 2020-08-10 23:26:48 | 327 秒 |
2020-08-10 23:22:40,953 [root] INFO: Starting analyzer from: /data/local/tmp/nwuowwg 2020-08-10 23:22:40,959 [root] INFO: Storing results at: /data/local/tmp/jvkgjwrjpn 2020-08-10 23:22:40,962 [root] INFO: Target is: /data/local/tmp/_______v2.1_2.1.apk 2020-08-10 23:22:40,965 [root] INFO: No analysis package specified, trying to detect it automagically 2020-08-10 23:22:40,969 [root] INFO: Automatically selected analysis package "apk" 2020-08-10 23:22:42,152 [root] INFO: Started auxiliary module FileCollector 2020-08-10 23:22:42,167 [root] INFO: Started auxiliary module Screenshots 2020-08-10 23:22:42,184 [root] INFO: Started auxiliary module TouchSimulator 2020-08-10 23:22:42,312 [root] INFO: installing sample on emulator: pm install /data/local/tmp/_______v2.1_2.1.apk 2020-08-10 23:22:44,973 [root] INFO: 2020-08-10 23:22:44,980 [root] INFO: finished 2020-08-10 23:22:44,983 [root] INFO: executing sample on emulator:adb shell am start -n com.tencent.android.qqdownloader/com.androlua.Welcome 2020-08-10 23:26:45,699 [root] INFO: Analysis timeout hit, terminating analysis 2020-08-10 23:26:45,805 [root] INFO: Analysis completed
图标 | 应用程序包(Package) | 主活动(Main Activity) |
---|---|---|
com.tencent.android.qqdownloader |
com.androlua.Welcome |
文件名 | 凉城之夜世界版v2.1_2.1.apk |
---|---|
文件大小 | 18918938 字节 |
文件类型 | Zip archive data, at least v1.0 to extract |
MD5 | 8d6e2d1996df1283cf9adc77521cb459 |
SHA1 | 5a876f5ebf24902265f7fc6bcf511854a242b1ef |
SHA256 | 987c56eb11ded98ebb0143b5af7e68af70e0d3b14fe5ab652d2a992a76ec9efb |
SHA512 | 5bd198fc4f319c0e77c9fdf4d6a85419c3510ab379f483506a7d1133c0e6ce6696a4151b3da1697ab583cf16da78ef32f509f52a3b700b55202d721d2314427c |
CRC32 | A6403AF6 |
Ssdeep | 393216:qYhy0GuSRIQ+Pd2aYdJTJBRsBqTnJq4/gwu+WsC60g+UNRYd/6+3v1jxV:LGZCQ+121dJT7RsBLPZ+Wsz0bUNRs6+9 |
Yara | 无规则匹配 |
样本下载 |
res/xml/andlua_filepaths.xml |
md5:
855441a9a11fdee14d0a19dd30c73409 type: Android binary XML name: res/xml/andlua_filepaths.xml size: 548 |
|||||
res/xml-v22/accessibility_service_config.xml |
md5:
1f6942c264c5f56fdc9653dd28451356 type: Android binary XML name: res/xml-v22/accessibility_service_config.xml size: 728 |
|||||
res/xml/accessibility_service_config.xml |
md5:
67e46d999a98838d81e2c57e6e21431f type: Android binary XML name: res/xml/accessibility_service_config.xml size: 676 |
|||||
AndroidManifest.xml |
md5:
b9987a694765f4b3a114f3603a284585 type: Android binary XML name: AndroidManifest.xml size: 19584 |
lib/armeabi-v7a/libluajava.so |
md5:
8bc78bc367d7c314de06137972b51782 type: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV) name: lib/armeabi-v7a/libluajava.so size: 248960 |
|||||
lib/armeabi-v7a/libmime.so |
md5:
8413441763f5516a56350d60e968a985 type: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV) name: lib/armeabi-v7a/libmime.so size: 9768 |
|||||
lib/armeabi-v7a/libsocket.so |
md5:
22cdb5d4359902eaebadcc542af66c15 type: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV) name: lib/armeabi-v7a/libsocket.so size: 43384 |
|||||
assets/SuCai/3.mp4 |
md5:
f99f8146a0b4282124eed37620e30193 type: ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV) name: assets/SuCai/3.mp4 size: 397712 |
|||||
assets/assert/15.png |
md5:
7ffaab8bef32da42bfb8ccb32158c38e type: ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV) name: assets/assert/15.png size: 397712 |
android.permission.INTERNET | Allows an application to create network sockets. | |||||
android.permission.READ_PHONE_STATE | Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on. | |||||
android.permission.WRITE_EXTERNAL_STORAGE | Allows an application to write to the SD card. | |||||
android.permission.READ_PHONE_STATE | Allows the application to access the phone features of the device. An application with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and so on. | |||||
android.permission.WRITE_SMS | Allows application to write to SMS messages stored on your phone or SIM card. Malicious applications may delete your messages. | |||||
android.permission.CHANGE_WIFI_STATE | Allows an application to connect to and disconnect from Wi-Fi access points and to make changes to configured Wi-Fi networks. | |||||
android.permission.BATTERY_STATS | Allows the modification of collected battery statistics. Not for use by normal applications. | |||||
android.permission.CLEAR_APP_CACHE | Allows an application to free phone storage by deleting files in application cache directory. Access is usually very restricted to system process. | |||||
android.permission.SYSTEM_ALERT_WINDOW | Allows an application to show system-alert windows. Malicious applications can take over the entire screen of the phone. | |||||
android.permission.INTERNET | Allows an application to create network sockets. | |||||
android.permission.WRITE_EXTERNAL_STORAGE | Allows an application to write to the SD card. |
无主机纪录.
无域名信息.
Package | com.tencent.android.qqdownloader |
---|---|
Main Activity | com.androlua.Welcome |
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 10623618503190643167 (0x936eacbe07f201df)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android/emailAddress=android@android.com
Validity
Not Before: Feb 29 01:33:46 2008 GMT
Not After : Jul 17 01:33:46 2035 GMT
Subject: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android/emailAddress=android@android.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d6:93:19:04:de:c6:0b:24:b1:ed:c7:62:e0:d9:
d8:25:3e:3e:cd:6c:eb:1d:e2:ff:06:8c:a8:e8:bc:
a8:cd:6b:d3:78:6e:a7:0a:a7:6c:e6:0e:bb:0f:99:
35:59:ff:d9:3e:77:a9:43:e7:e8:3d:4b:64:b8:e4:
fe:a2:d3:e6:56:f1:e2:67:a8:1b:bf:b2:30:b5:78:
c2:04:43:be:4c:72:18:b8:46:f5:21:15:86:f0:38:
a1:4e:89:c2:be:38:7f:8e:be:cf:8f:ca:c3:da:1e:
e3:30:c9:ea:93:d0:a7:c3:dc:4a:f3:50:22:0d:50:
08:07:32:e0:80:97:17:ee:6a:05:33:59:e6:a6:94:
ec:2c:b3:f2:84:a0:a4:66:c8:7a:94:d8:3b:31:09:
3a:67:37:2e:2f:64:12:c0:6e:6d:42:f1:58:18:df:
fe:03:81:cc:0c:d4:44:da:6c:dd:c3:b8:24:58:19:
48:01:b3:25:64:13:4f:bf:de:98:c9:28:77:48:db:
f5:67:6a:54:0d:81:54:c8:bb:ca:07:b9:e2:47:55:
33:11:c4:6b:9a:f7:6f:de:ec:cc:8e:69:e7:c8:a2:
d0:8e:78:26:20:94:3f:99:72:7d:3c:04:fe:72:99:
1d:99:df:9b:ae:38:a0:b2:17:7f:a3:1d:5b:6a:fe:
e9:1f
Exponent: 3 (0x3)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:59:00:56:3D:27:2C:46:AE:11:86:05:A4:74:19:AC:09:CA:8C:11
X509v3 Authority Key Identifier:
keyid:48:59:00:56:3D:27:2C:46:AE:11:86:05:A4:74:19:AC:09:CA:8C:11
DirName:/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com
serial:93:6E:AC:BE:07:F2:01:DF
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
7a:af:96:8c:eb:50:c4:41:05:51:18:d0:da:ab:af:01:5b:8a:
76:5a:27:a7:15:a2:c2:b4:4f:22:14:15:ff:da:ce:03:09:5a:
bf:a4:2d:f7:07:08:72:6c:20:69:e5:c3:6e:dd:ae:04:00:be:
29:45:2c:08:4b:c2:7e:b6:a1:7e:ac:9d:be:18:2c:20:4e:b1:
53:11:f4:55:d8:24:b6:56:db:e4:dc:22:40:91:2d:75:86:fe:
88:95:1d:01:a8:fe:b5:ae:5a:42:60:53:5d:f8:34:31:05:24:
22:46:8c:36:e2:2c:2a:5e:f9:94:d6:1d:d7:30:6a:e4:c9:f6:
95:1b:a3:c1:2f:1d:19:14:dd:c6:1f:1a:62:da:2d:f8:27:f6:
03:fe:a5:60:3b:2c:54:0d:bd:7c:01:9c:36:ba:b2:9a:42:71:
c1:17:df:52:3c:db:c5:f3:81:7a:49:e0:ef:a6:0c:bd:7f:74:
17:7e:7a:4f:19:3d:43:f4:22:07:72:66:6e:4c:4d:83:e1:bd:
5a:86:08:7c:f3:4f:2d:ec:21:e2:45:ca:6c:2b:b0:16:e6:83:
63:80:50:d2:c4:30:ee:a7:c2:6a:1c:49:d3:76:0a:58:ab:7f:
1a:82:cc:93:8b:48:31:38:43:24:bd:04:01:fa:12:16:3a:50:
57:0e:68:4d
resources.arsc |
md5
72db283888a9ab1de58e4924d19e4be1 type data name resources.arsc size 3148 |
assets/mma/xinmu.lua |
md5
e182f9a67dcb2a11e05927112984c902 type ASCII text, with very long lines, with no line terminators name assets/mma/xinmu.lua size 37148 |
assets/res/b.png |
md5
f7065e64f1a009318ee4cfdc749656bd type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced name assets/res/b.png size 249 |
lua/mime.lua |
md5
127a09a8b8fbba331bd4ccc214369ca8 type ASCII text, with very long lines, with no line terminators name lua/mime.lua size 1160 |
lua/ltn12.lua |
md5
b30458116185e95f638a2aa41342113a type ASCII text, with very long lines, with no line terminators name lua/ltn12.lua size 2736 |
res/xml/andlua_filepaths.xml |
md5
855441a9a11fdee14d0a19dd30c73409 type Android binary XML name res/xml/andlua_filepaths.xml size 548 |
assets/icon.png |
md5
ea8b360903a53014f31100526238ca87 type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x640, frames 3 name assets/icon.png size 34699 |
assets/layout.lua |
md5
ded6fb02cdf8d9c7fe63b0765944757a type ASCII text, with very long lines, with no line terminators name assets/layout.lua size 2964 |
META-INF/MANIFEST.MF |
md5
d29bce01ab9077882eee0974865f8395 type ASCII text, with CRLF line terminators name META-INF/MANIFEST.MF size 3848 |
assets/init.lua |
md5
41c46d5712389acc568494bf14d92ca6 type data name assets/init.lua size 753 |
assets/assert/rx3.png |
md5
d8957ae17dd3125da5eff5c8286802e3 type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1080, frames 3 name assets/assert/rx3.png size 152693 |
assets/assert/rx2.png |
md5
4d47dd4f91323211a73dfbe93139d0f3 type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=3, datetime=2020:03:17 24:29:59, orientation=upper-left], baseline, precision 8, 1080x1997, frames 3 name assets/assert/rx2.png size 871489 |
assets/main.lua |
md5
0e16c3f38fdc13e9fc342a84bd2aebe0 type data name assets/main.lua size 5867 |
assets/assert/14.png |
md5
081caa59c9a022ffc27a1d95e1444c34 type PNG image data, 1062 x 1087, 8-bit/color RGBA, non-interlaced name assets/assert/14.png size 717519 |
res/xml-v22/accessibility_service_config.xml |
md5
1f6942c264c5f56fdc9653dd28451356 type Android binary XML name res/xml-v22/accessibility_service_config.xml size 728 |
assets/assert/12.png |
md5
417d8d8a8a34934ac5a2213c9ed0942e type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1440x2560, frames 3 name assets/assert/12.png size 1171225 |
res/xml/accessibility_service_config.xml |
md5
67e46d999a98838d81e2c57e6e21431f type Android binary XML name res/xml/accessibility_service_config.xml size 676 |
assets/assert/1.png |
md5
b7881f4d3d7fcb293885606eb18a0844 type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1288x910, frames 3 name assets/assert/1.png size 309372 |
lua/socket.lua |
md5
e7408963ffe920a30e419028e899655e type ASCII text, with very long lines, with no line terminators name lua/socket.lua size 1924 |
assets/assert/5.png |
md5
7122ffbd27d589085552655275afe30a type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 707x1000, frames 3 name assets/assert/5.png size 30713 |
assets/res/a.png |
md5
76a2e7b31105d9cdadb3ba3b65717eb7 type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced name assets/res/a.png size 522 |
lib/armeabi-v7a/libluajava.so |
md5
8bc78bc367d7c314de06137972b51782 type ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV) name lib/armeabi-v7a/libluajava.so size 248960 |
res/drawable/icon.png |
md5
ea8b360903a53014f31100526238ca87 type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x640, frames 3 name res/drawable/icon.png size 34699 |
assets/assert/xue.png |
md5
ac1a776c1f553f5a22654fb1a2a493ef type PNG image data, 300 x 300, 8-bit colormap, non-interlaced name assets/assert/xue.png size 81401 |
assets/assert/rx1.png |
md5
f10e2083136dede497e93f91d80d8938 type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced name assets/assert/rx1.png size 745 |
assets/mma/XMemory.lua |
md5
dfbd9eadec18e139bcd44352539048bc type ASCII text, with very long lines, with no line terminators name assets/mma/XMemory.lua size 583024 |
lua/import.lua |
md5
f8dededf0860b99e689a154da91bf0e1 type ASCII text, with very long lines, with no line terminators name lua/import.lua size 6336 |
AndroidManifest.xml |
md5
b9987a694765f4b3a114f3603a284585 type Android binary XML name AndroidManifest.xml size 19584 |
assets/SuCai/1.mp4 |
md5
31ce0361eca1df8d2d11f58e8cb1d0fc type ISO Media, MP4 Base Media v1 [IS0 14496-12:2003] name assets/SuCai/1.mp4 size 6762443 |
assets/res/msed.png |
md5
fcf9b8affad8f0a9804f6c5ca94e68cf type PNG image data, 1080 x 2340, 8-bit/color RGB, non-interlaced name assets/res/msed.png size 1986898 |
assets/mma/abc.lua |
md5
20412cacc26eca65d97c6299a79b9f48 type ASCII text, with very long lines, with no line terminators name assets/mma/abc.lua size 2060 |
assets/SuCai/2.mp4 |
md5
cfa9e9ef9df564bef1c02363586253be type ISO Media, MP4 Base Media v1 [IS0 14496-12:2003] name assets/SuCai/2.mp4 size 3535371 |
lua/loadlayout.lua |
md5
34e94fc8b2e560c28b500a958c9e2ada type ASCII text, with very long lines, with no line terminators name lua/loadlayout.lua size 11676 |
META-INF/CERT.RSA |
md5
efb8146101cc904d355be119fb48df02 type data name META-INF/CERT.RSA size 1714 |
lib/armeabi-v7a/libmime.so |
md5
8413441763f5516a56350d60e968a985 type ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV) name lib/armeabi-v7a/libmime.so size 9768 |
assets/mma/tta.lua |
md5
f1b40a7a93047dab08479c1f183227ba type ASCII text, with very long lines, with no line terminators name assets/mma/tta.lua size 2268 |
lib/armeabi-v7a/libsocket.so |
md5
22cdb5d4359902eaebadcc542af66c15 type ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV) name lib/armeabi-v7a/libsocket.so size 43384 |
assets/SuCai/3.mp4 |
md5
f99f8146a0b4282124eed37620e30193 type ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV) name assets/SuCai/3.mp4 size 397712 |
assets/min.lua |
md5
3288f11a681022fbfa98202346192592 type data name assets/min.lua size 12691 |
assets/assert/13.png |
md5
b71010b0b7388cc44a0596df3d72c689 type RIFF (little-endian) data, Web/P image, VP8 encoding, 1215x1932, Scaling: [none]x[none], YUV color, decoders should clamp name assets/assert/13.png size 86810 |
assets/assert/11.png |
md5
870f3fb001c7a974c11f5e768cde2e08 type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1920, frames 3 name assets/assert/11.png size 441601 |
lua/socket/headers.lua |
md5
99be841bb80789779de03c425a46b02d type ASCII text, with very long lines, with no line terminators name lua/socket/headers.lua size 3524 |
lua/AndLua.lua |
md5
9bec148c0f88792a6bd5f7c37d0c6482 type ASCII text, with very long lines, with no line terminators name lua/AndLua.lua size 9548 |
lua/loadbitmap.lua |
md5
171092dd13095fc94a62d34b4b124ab9 type ASCII text, with very long lines, with no line terminators name lua/loadbitmap.lua size 536 |
assets/lc666.lua |
md5
d71f50149b283f770583b313d8379b5f type data name assets/lc666.lua size 41409 |
classes.dex |
md5
136cb898634ca1024d50029bd3e98831 type Dalvik dex file version 035 name classes.dex size 2740988 |
lua/loadmenu.lua |
md5
641e4ef02f4db9182c5a653a90f7188a type ASCII text, with very long lines, with no line terminators name lua/loadmenu.lua size 968 |
assets/assert/rx4.png |
md5
f9341fd705c8ee1dffb5d92fa8ecb5ca type PNG image data, 96 x 96, 8-bit gray+alpha, non-interlaced name assets/assert/rx4.png size 1410 |
assets/assert/b.png |
md5
5e11c926562319bb6711c131236d21e3 type PNG image data, 125 x 125, 8-bit/color RGBA, non-interlaced name assets/assert/b.png size 3346 |
assets/AndLua.lua |
md5
d12dc65877ca8aefe62c6d9b6e86bacb type data name assets/AndLua.lua size 15776 |
META-INF/CERT.SF |
md5
c877697da4fb26a184c33adc4e79f32a type ASCII text, with CRLF line terminators name META-INF/CERT.SF size 3891 |
lua/http.lua |
md5
59b49914b6fbff3c6d84ba28ba9efeec type ASCII text, with very long lines, with no line terminators name lua/http.lua size 7476 |
assets/assert/15.png |
md5
7ffaab8bef32da42bfb8ccb32158c38e type ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV) name assets/assert/15.png size 397712 |
lua/socket/url.lua |
md5
76a7b797b0b973c2df6fffe5bb98e15e type ASCII text, with very long lines, with no line terminators name lua/socket/url.lua size 2912 |
assets/assert/10.png |
md5
58221c1f28c9d5dfb928babf51164c7a type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, height=0, orientation=[*0*], datetime=2018:11:04 10:31:59, width=0], baseline, precision 8, 1440x2560, frames 3 name assets/assert/10.png size 648857 |
键 | 值 |
无主机纪录.
无域名信息.
无TCP连接.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
10.0.2.15 | 55736 | 10.0.2.3 | 53 |
10.0.2.15 | 39650 | 185.255.55.20 | 123 |
未发现HTTP请求.
无ICMP流量.
无IRC请求.
请求 | 应答 |
---|