魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE (apk)	2017-12-15 18:36:21	2017-12-15 18:39:29	188 秒	1.4-Maldun

魔盾分数
10.0 恶意的

文件详细信息

文件名

1.apk

文件大小

3262695 字节

文件类型

Java archive data (JAR)

CRC32

8AE85CAB

MD5

0503b2f6c1349f7e1cd7e8b6bf17ac46

SHA1

b200fd7f1c3f6b3c7b5183e8ba4f5f1b3c5593c9

SHA256

47ad63ccc161a07eb761fba5c4d140bf01473d2ff947c7542b7eaabf2e100576

SHA512

a73eb7de2eafbb4386f37bb67524e350ed3c8b6cc7166f91c812295909e2b64cdea20e3c8ff02aa17df3ea6e048fefc18b2caa65ee3da5ff32840ac98c0105d9

Ssdeep

98304:2paWdwJfWdW3P7Ouiyf0tSYIAo+EEcT0rV9ZAe/f3OG:kUOk3PCLyfESYIAo7T0een3OG

PEiD

None matched

Yara

无匹配

VirusTotal

VirusTotal链接
VirusTotal扫描时间: 2017-12-08 12:08:45
扫描结果: 40/63 (展开)

防病毒引擎	版本	结果
Ad-Aware	3.0.3.1010	Clean
AegisLab	4.2	SUSPICIOUS
AhnLab-V3	3.11.3.19447	Android-PUP/Airpush.2ac1
Alibaba	1.0	A.L.Rog.Xmedia
ALYac	1.1.1.2	Clean
Antiy-AVL	3.0.0.1	Trojan/Android.Plangton
Arcabit	1.0.0.827	Android.Adware.Wallap.A
Avast	17.8.3705.0	Clean
Avast-Mobile	171208-00	APK:RepMetagen [Trj]
AVG	17.8.3705.0	Clean
Avira	8.3.3.6	ANDROID/Plankton.J.Gen
AVware	1.5.0.42	Adware.AndroidOS.Plankton.h
Baidu	1.0.0.2	Android.Trojan.Plankton.k
BitDefender	7.2	Android.Adware.Wallap.A
Bkav	1.3.0.9410	Clean
CAT-QuickHeal	14.00	Android.Plangton.GEN10450
ClamAV	0.99.2.0	Andr.Trojan.Plangton-13
CMC	1.1.0.977	Clean
Comodo	28153	UnclassifiedMalware
Cyren	5.4.30.7	AndroidOS/Plankton.A.gen!Eldorado
DrWeb	7.0.28.2020	Adware.Airpush.3.origin
Emsisoft	4.0.2.899	Android.Adware.Wallap.A (B)
ESET-NOD32	16539	a variant of Android/Plankton.H
F-Prot	4.7.1.166	AndroidOS/Plankton.D
F-Secure	11.0.19100.45	Spyware:Android/Counterclank
Fortinet	5.4.247.0	Android/Apperhand.AA!tr
GData	A:25.15081B:25.11070	Android.Adware.Wallap.A
Ikarus	0.1.5.2	AdWare.AndroidOS.Plankton
Jiangmin	16.0.100	Trojan/AndroidOS.jpx
K7AntiVirus	10.34.25501	Clean
K7GW	10.34.25502	Trojan ( 0001140e1 )
Kaspersky	15.0.1.13	HEUR:Trojan.AndroidOS.Plangton.a
Kingsoft	2013.8.14.323	Android.MALWARE.Counterclank.a.(kcloud)
Malwarebytes	2.1.1.1115	Clean
MAX	2017.11.15.1	malware (ai score=100)
McAfee	6.0.6.653	Artemis!0503B2F6C134
McAfee-GW-Edition	v2015	Clean
Microsoft	1.1.14405.2	Trojan:AndroidOS/Plankton.gen!A
MicroWorld-eScan	14.0.297.0	Clean
NANO-Antivirus	1.0.100.20558	Trojan.Android.Airpush.djpqsd
nProtect	2017-12-08.02	Clean
Panda	4.6.4.2	Clean
Qihoo-360	1.0.0.1120	Trojan.Android.Gen
Rising	25.0.0.1	PUF.Plankton!1.9DAE (CLASSIC)
Sophos	4.98.0	Andr/NewyearL-D
SUPERAntiSpyware	5.6.0.1032	Clean
Symantec	1.5.0.0	Trojan.Gen.2
SymantecMobileInsight	1.0.0.35_220	AdLibrary:Airpush
Tencent	1.0.0.1	a.privacy.counterclank.f
TheHacker	6.8.0.5.2191	Clean
TotalDefense	37.1.62.1	Clean
TrendMicro	9.862.0.1074	Clean
TrendMicro-HouseCall	9.950.0.1006	Suspicious_GEN.F47V1030
Trustlook	2	Android.Malware.Counterclank
VBA32	3.12.26.4	Clean
VIPRE	63000	Clean
ViRobot	2014.3.20.0	Clean
Webroot	1.0.0.207	Clean
WhiteArmor	None	Malware.HighConfidence
Yandex	5.5.1.3	Clean
Zillya	2.0.0.3443	Clean
ZoneAlarm	1.0	HEUR:Trojan.AndroidOS.Plangton.a
Zoner	1.0	Clean

安卓apk文件

Package	com.wallpapers.belsuelove
Main Activity	com.wallpapers.belsuelove.NicechristmasActivity

Activities列表

Activity名称
com.wallpapers.belsuelove.NicechristmasActivity
com.airpush.android.PushAds
com.mobclix.android.sdk.MobclixBrowserActivity

Services列表

Service名称
com.airpush.android.PushService
com.apperhand.device.android.AndroidSDKProvider

Receivers列表

Receiver行为
android.intent.action.BOOT_COMPLETED

Permissions列表

特征低危险等级中危险等级高危险等级

应用程序请求高风险许可权限

发现隐藏加载

应用程序包含了其他APK文件

生成应用程序指纹

应用程序注册了运行中接收器

应用程序运行中使用了反射机制

魔盾wping.org 域名信誉系统

魔盾wping.org IP地址信誉系统

已被至少十个VirusTotal上的反病毒引擎检测为病毒

安卓动态分析

命令执行

查询账号

动态加载文件

SMS短消息

注册广播接收器

密钥

加密明文

Content Resolver Queries

Intents

反射调用

com.apperhand.common.dto.Build->getBrand
com.apperhand.common.dto.protocol.CommandsRequest->getAbTestId
com.apperhand.common.dto.ApplicationDetails->getSourceIp
com.apperhand.common.dto.DisplayMetrics->getHeightPixels
com.apperhand.common.dto.ApplicationDetails->getBuild
->values
com.apperhand.common.dto.ApplicationDetails->getProtocolVersion
com.apperhand.common.dto.Build->getManufacturer
com.apperhand.common.dto.DisplayMetrics->getXdpi
com.apperhand.common.dto.Build->getModel
com.apperhand.common.dto.ApplicationDetails->getDisplayMetrics
com.apperhand.common.dto.DisplayMetrics->getDensityDpi
com.apperhand.common.dto.DisplayMetrics->getDensity
com.apperhand.common.dto.protocol.CommandsRequest->getApplicationDetails
android.app.ActivityManager->getRunningAppProcesses
com.apperhand.common.dto.ApplicationDetails->getLocale
com.apperhand.common.dto.ApplicationDetails->getApplicationId
android.webkit.WebSettingsClassic->getUserAgentString
com.apperhand.common.dto.Build->getDevice
com.apperhand.common.dto.protocol.CommandsRequest->isNeedSpecificParameters
com.apperhand.common.dto.Build->getVersionSDKInt
com.apperhand.common.dto.protocol.CommandsRequest->getParameters
com.apperhand.common.dto.ApplicationDetails->getDeveloperId
com.apperhand.common.dto.Build->getOs
com.apperhand.common.dto.Build->getVersionRelease
com.apperhand.common.dto.DisplayMetrics->getWidthPixels
com.apperhand.common.dto.ApplicationDetails->getUserAgent
com.apperhand.common.dto.DisplayMetrics->getYdpi
com.apperhand.common.dto.protocol.CommandsRequest->getInitiationType
com.apperhand.common.dto.ApplicationDetails->getAbTestId
com.apperhand.common.dto.ApplicationDetails->getDeviceId
com.apperhand.common.dto.DisplayMetrics->getScaledDensity

指纹

Content Observers

Shared Preferences

Key	Value
UserAgent	Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
showToast	false
apikey	1308785723199877177
appId	65067
imei	4b4fbfb02e1bfb6c24ca3ee0f63ada54
connectionType	0
token	8caad4975895586f20c30c516232826b
request_timestamp	Fri Dec 15 18:37:29 GMT+08:00 2017
packageName	com.wallpapers.belsuelove
version	16
carrier	Cellcom
networkOperator	Cellcom
phoneModel	Nexus 5
manufacturer	unknown
longitude	0
latitude	0
sdkversion	4.02
android_id	8ccfdb5800435411
showDialog	false
showAd	false
testMode	false
doPush	true
doSearch	true
searchIconTestMode	false
icon	0
useragent	Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
deviceId	351451208401216
asp	NjUwNjczNTE0NTEyMDg0MDEyMTYwOGNhYWQ0OTc1ODk1NTg2ZjIwYzMwYzUxNjIzMjgyNmJGcmkgRGVjIDE1IDE4OjM3OjI5IEdNVCswODowMCAyMDE3Y29tLndhbGxwYXBlcnMuYmVsc3VlbG92ZTE2Q2VsbGNvbUNlbGxjb21OZXh1cyA1dW5rbm93bjAwTW96aWxsYS81LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuMS4yOyBlbi11czsgTmV4dXMgNSBCdWlsZC9NQVNURVIpIEFwcGxlV2ViS2l0LzUzNC4zMCAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIE1vYmlsZSBTYWZhcmkvNTM0LjMw
imeinumber	351451208401216
ShowDialog	false
ShowAd	true
ENC_DUMMY_ID	eRvpRjBk8zQF8WHZAIRbpPJiCEg=
startTime	1513334257222
offlineSessions	0
totalSessionTime	0
ConfigServer	http://data.axonix.com/post/config
320x50	{"enabled":true,"rm_require_user":true,"refresh":30,"autoplay_interval":120,"autoplay":false,"size":"320x50"}
VcServer	vc.mobclix.com
AnalyticsServer	http://data.axonix.com/post/sendData
AdServer	http://ads.axonix.com/
totalIdleTime	0
FeedbackServer	http://data.axonix.com/post/feedback
passiveSessionTimeout	120000
NEXT_RUN	1513334375695

Content Values

电话状态监听

文件访问

系统特性

安卓静态分析

运行截图

网络分析

访问主机纪录

IP地址
{'country_name': 'United States', 'ip': '54.88.187.30', 'inaddrarpa': '', 'hostname': 'data.mobclix.com', 'score': 8}
{'country_name': 'United States', 'ip': '54.85.183.42', 'inaddrarpa': '', 'hostname': 'data.mobclix.com', 'score': 5}
{'country_name': 'United States', 'ip': '217.65.36.152', 'inaddrarpa': '', 'hostname': 'www.apperhand.com', 'score': 8}
{'country_name': 'United States', 'ip': '192.40.114.214', 'inaddrarpa': '', 'hostname': 'api.airpush.com', 'score': 5}

域名解析

域名	IP地址
ads.axonix.com	52.203.69.154
api.airpush.com	192.40.114.214
www.apperhand.com	217.65.36.152
data.mobclix.com	54.88.187.30
ads.mobclix.com	54.210.144.1

HTTP请求

URL	HTTP数据
http://ads.mobclix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=0&ap=0&l=en_US&mcc=Cel&mnc=lcom	GET /?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=0&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 Host: ads.mobclix.com Connection: Keep-Alive
http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=3&ap=0&l=en_US&mcc=Cel&mnc=lcom	GET /?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=3&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 Host: ads.axonix.com Connection: Keep-Alive
http://data.mobclix.com/post/config?p=android&rt=mcnative&rtv=0&a=7f6d13d4-8172-4bda-b993-aff4109cea6f&m=3.1.3&v=1.0&d=351451208401216&dm=Nexus+5&dv=4.1.2&hwdm=hammerhead&g=null&it=0&mcc=Cel&mnc=lcom&new=true	GET /post/config?p=android&rt=mcnative&rtv=0&a=7f6d13d4-8172-4bda-b993-aff4109cea6f&m=3.1.3&v=1.0&d=351451208401216&dm=Nexus+5&dv=4.1.2&hwdm=hammerhead&g=null&it=0&mcc=Cel&mnc=lcom&new=true HTTP/1.1 Cookie: User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 Host: data.mobclix.com Connection: Keep-Alive
http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=1&ap=0&l=en_US&mcc=Cel&mnc=lcom	GET /?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=1&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 Host: ads.axonix.com Connection: Keep-Alive
http://api.airpush.com/v2/api.php	POST /v2/api.php HTTP/1.1 Content-Length: 645 Content-Type: application/x-www-form-urlencoded Host: api.airpush.com Connection: Keep-Alive Accept-Encoding: gzip
http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=2&ap=0&l=en_US&mcc=Cel&mnc=lcom	GET /?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=2&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 Host: ads.axonix.com Connection: Keep-Alive

动态HTTP/HTTPS请求

请求	应答
POST http://api.airpush.com/v2/api.php HTTP/1.1 apikey=1308785723199877177&appId=65067&imei=4b4fbfb02e1bfb6c24ca3ee0f63ada54&token=8caad4975895586f20c30c516232826b&request_timestamp=Fri+Dec+15+18%3A37%3A37+GMT%2B08%3A00+2017&packageName=com.wallpapers.belsuelove&version=16&carrier=Cellcom&networkOperator=Cellcom&phoneModel=Nexus+5&manufacturer=unknown&longitude=0&latitude=0&sdkversion=4.02&wifi=0&useragent=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&android_id=8ccfdb5800435411&longitude=0&latitude=0&model=user&action=setuserinfo&APIKEY=1308785723199877177&type=app	HTTP/1.1 200 OK
POST http://api.airpush.com/v2/api.php HTTP/1.1 apikey=1308785723199877177&appId=65067&imei=4b4fbfb02e1bfb6c24ca3ee0f63ada54&token=8caad4975895586f20c30c516232826b&request_timestamp=Fri+Dec+15+18%3A37%3A37+GMT%2B08%3A00+2017&packageName=com.wallpapers.belsuelove&version=16&carrier=Cellcom&networkOperator=Cellcom&phoneModel=Nexus+5&manufacturer=unknown&longitude=0&latitude=0&sdkversion=4.02&wifi=0&useragent=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&android_id=8ccfdb5800435411&longitude=0&latitude=0&model=user&action=setuserinfo&APIKEY=1308785723199877177&type=app	HTTP/1.1 200 OK
GET http://data.mobclix.com/post/config?p=android&rt=mcnative&rtv=0&a=7f6d13d4-8172-4bda-b993-aff4109cea6f&m=3.1.3&v=1.0&d=351451208401216&dm=Nexus+5&dv=4.1.2&hwdm=hammerhead&g=null&it=0&mcc=Cel&mnc=lcom&new=true HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 200 OK
GET http://data.mobclix.com/post/config?p=android&rt=mcnative&rtv=0&a=7f6d13d4-8172-4bda-b993-aff4109cea6f&m=3.1.3&v=1.0&d=351451208401216&dm=Nexus+5&dv=4.1.2&hwdm=hammerhead&g=null&it=0&mcc=Cel&mnc=lcom&new=true HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 200 OK
POST http://api.airpush.com/v2/api.php HTTP/1.1 apikey=1308785723199877177&appId=65067&imei=4b4fbfb02e1bfb6c24ca3ee0f63ada54&token=8caad4975895586f20c30c516232826b&request_timestamp=Fri+Dec+15+18%3A37%3A37+GMT%2B08%3A00+2017&packageName=com.wallpapers.belsuelove&version=16&carrier=Cellcom&networkOperator=Cellcom&phoneModel=Nexus+5&manufacturer=unknown&longitude=0&latitude=0&sdkversion=4.02&wifi=0&useragent=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&android_id=8ccfdb5800435411&longitude=0&latitude=0&model=user&action=setuserinfo&APIKEY=1308785723199877177&type=app	HTTP/1.1 200 OK
GET http://data.mobclix.com/post/config?p=android&rt=mcnative&rtv=0&a=7f6d13d4-8172-4bda-b993-aff4109cea6f&m=3.1.3&v=1.0&d=351451208401216&dm=Nexus+5&dv=4.1.2&hwdm=hammerhead&g=null&it=0&mcc=Cel&mnc=lcom&new=true HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 200 OK
GET http://ads.mobclix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=0&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.mobclix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=0&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.mobclix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=0&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=1&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=1&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=1&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=2&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=2&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=2&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=3&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=3&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable
GET http://ads.axonix.com/?p=android&i=7f6d13d4-8172-4bda-b993-aff4109cea6f&s=320x50&rt=mcnative&rtv=0&av=1.0&u=351451208401216&andid=8ccfdb5800435411&v=3.1.3&ct=null&dm=Nexus+5&hwdm=hammerhead&sv=4.1.2&ua=Mozilla%2F5.0+%28Linux%3B+U%3B+Android+4.1.2%3B+en-us%3B+Nexus+5+Build%2FMASTER%29+AppleWebKit%2F534.30+%28KHTML%2C+like+Gecko%29+Version%2F4.0+Mobile+Safari%2F534.30&o=3&ap=0&l=en_US&mcc=Cel&mnc=lcom HTTP/1.1 Cookie: null User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; Nexus 5 Build/MASTER) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30	HTTP/1.1 503 Service Unavailable

内存分析

无内存分析结果

android.security.STORAGE_CHANGED
android.intent.action.PACKAGE_ADDED
android.intent.action.PROXY_CHANGE
android.intent.action.SCREEN_OFF
android.intent.action.USER_PRESENT
android.intent.action.PACKAGE_REMOVED

getDeviceId
getNetworkOperator
getNetworkOperatorName
getSimOperatorName

/data/data/com.wallpapers.belsuelove/shared_prefs/dialogPref.xml
/data/data/com.wallpapers.belsuelove/shared_prefs/com.wallpapers.belsuelove.MCConfig.xml
/data/data/com.wallpapers.belsuelove/shared_prefs/com.apperhand.global.xml
/data/data/com.wallpapers.belsuelove/shared_prefs/airpushTimePref.xml
/proc/meminfo
/data/data/com.wallpapers.belsuelove/shared_prefs/com.apperhand.parameters.xml
/data/data/com.wallpapers.belsuelove/shared_prefs/dataPrefs.xml
/data/data/com.wallpapers.belsuelove/shared_prefs/toastPrefs.xml

dalvik.vm.heapsize
gsm.operator.alpha
persist.sys.timezone
gsm.sim.operator.alpha
dalvik.vm.heapgrowthlimit
debug.sqlite.syncmode
gsm.operator.numeric
viewancestor.profile_rendering
debug.sqlite.journalmode

10.0

恶意的