静态分析-亲朋打僵尸 1.0版本 _南明离火移动安全分析平台

温馨提示：本平台仅供研究软件风险、安全评估，禁止用于非法用途。由于展示的数据过于全面，请耐心等待加载完成。如有疑问或建议，可加入我们的微信群讨论

APP评分

文件信息

文件名称 qpdjs_itmop.com.apk
文件大小 14.7MB
MD5 027c73d6bc1ac0a24f96eaed77a689a4
SHA1 86b1cd30dd260f5acd0f179b6b6f404d374bcfa9
SHA256 705d99025bf3a2b5b0d36ef09d1c3a6946d747adc4e3200967af5a229d1ec63a

应用信息

应用名称亲朋打僵尸
包名 com.moon.zombie
主活动 com.moon.zombie.Launcher
目标SDK 9 最小SDK 9
版本号 1.0 子版本号 1
加固信息未加壳

组件导出信息

查看

扫描选项

重新扫描管理规则开始动态分析

反编译代码

Manifest文件查看

APK文件下载

Java源代码查看 -- 下载

证书信息

二进制文件已签名
v1 签名: True
v2 签名: False
v3 签名: False
v4 签名: False
主题: ST=guangdong, L=shenzhen, O=vkings, OU=vkings, CN=lizs
签名算法: rsassa_pkcs1v15
有效期自: 2016-08-11 13:38:56+00:00
有效期至: 2116-07-18 13:38:56+00:00
发行人: ST=guangdong, L=shenzhen, O=vkings, OU=vkings, CN=lizs
序列号: 0x7b87c210
哈希算法: sha256
证书MD5: c1b5cb01128ad251ea2ccf7d8544d160
证书SHA1: 27ac44ec2e0a0be8c5bf01fc78b9406c6c3bc566
证书SHA256: b97bfac73be769a102c208c5b8df8838144b9fe42ee34e9f3ed9d25fd75784c6
证书SHA512: 14112de30d50e181ff532cf3ce8a0160bada1e22377d1ac16cadb8d5729ffa253fdf704b40f7216830c81574e5743f6741e930a2bc57020c8ffcc1263d848e70
找到 1 个唯一证书

应用程序权限

权限名称	安全等级	权限内容	权限描述	关联代码
android.permission.INTERNET	危险	完全互联网访问	允许应用程序创建网络套接字。	显示文件 com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/i.java com/alipay/android/phone/mrpc/core/x.java com/ccit/mmwlan/a/d.java com/ccit/mmwlan/phone/c.java com/chinaMobile/MobileAgent.java com/ipaynow/plugin/utils/b.java com/switfpass/pay/thread/NetHelper.java com/unionpay/mobile/android/net/a.java com/unionpay/mobile/android/net/c.java com/xqt/now/paysdk/XqtPay.java org/cocos2dx/lib/Cocos2dxHttpURLConnection.java
android.permission.READ_PHONE_STATE	危险	读取手机状态和标识	允许应用程序访问设备的手机功能。有此权限的应用程序可确定此手机的号码和序列号，是否正在通话，以及对方的号码等。	显示文件 com/ccit/mmwlan/MMClientSDK_ForPad.java com/ccit/mmwlan/b/a.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/chinaMobile/g.java com/qpgame/gameframe/Device.java com/ta/utdid2/android/utils/PhoneInfoUtils.java com/unionpay/mobile/android/nocard/utils/UPPayEngine.java com/xqt/now/paysdk/PublicClass.java mm/purchasesdk/l/d.java mm/purchasesdk/l/g.java
android.permission.SEND_SMS	危险	发送短信	允许应用程序发送短信。恶意应用程序可能会不经您的确认就发送信息，给您带来费用。	显示文件 com/ccit/mmwlan/MMClientSDK_ForIdentity.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/qpgame/gameframe/GameFrame.java
android.permission.WRITE_EXTERNAL_STORAGE	危险	读取/修改/删除外部存储内容	允许应用程序写入外部存储。	显示文件 com/alipay/android/MobileSecurePayHelper.java com/alipay/android/NetworkManager.java com/chinaMobile/MobileAgent.java com/ipaynow/plugin/utils/a.java com/moon/gameshell/XMLHandler.java com/qpgame/gameframe/HeadPortraitSelector.java com/ta/utdid2/core/persistent/TransactionXMLFile.java com/unionpay/UPPayAssistEx.java com/unionpay/mobile/android/utils/h.java com/unionpay/mobile/android/utils/m.java
android.permission.ACCESS_WIFI_STATE	普通	查看Wi-Fi状态	允许应用程序查看有关Wi-Fi状态的信息。	显示文件 com/ccit/mmwlan/MMClientSDK_ForPad.java com/ccit/mmwlan/b/a.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/chinaMobile/g.java com/qpgame/gameframe/Device.java com/qpgame/gameframe/WifiReceiver.java com/ta/utdid2/android/utils/NetworkUtils.java com/unionpay/mobile/android/utils/c.java mm/purchasesdk/l/d.java
android.permission.CHANGE_WIFI_STATE	危险	改变Wi-Fi状态	允许应用程序改变Wi-Fi状态。
android.permission.BATTERY_STATS	普通	修改电池统计	允许对手机电池统计信息进行修改
android.permission.MOUNT_UNMOUNT_FILESYSTEMS	危险	装载和卸载文件系统	允许应用程序装载和卸载可移动存储器的文件系统。
android.permission.ACCESS_NETWORK_STATE	普通	获取网络状态	允许应用程序查看所有网络的状态。	显示文件 com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/x.java com/ccit/mmwlan/MMClientSDK_ForPad.java com/ccit/mmwlan/b/a.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/chinaMobile/MobileAgent.java com/chinaMobile/g.java com/chinaMobile/n.java com/moon/gameshell/Update.java com/moon/pay/WeiXinPay.java com/qpgame/gameframe/Device.java com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/Network.java com/switfpass/pay/MainApplication.java com/switfpass/pay/thread/NetHelper.java com/ta/utdid2/android/utils/NetworkUtils.java com/ta/utdid2/android/utils/PhoneInfoUtils.java com/unionpay/mobile/android/nocard/utils/UPPayEngine.java com/xqt/now/paysdk/PublicClass.java mm/purchasesdk/l/d.java mm/purchasesdk/l/g.java
com.android.launcher.permission.INSTALL_SHORTCUT	签名	创建快捷方式	这个权限是允许应用程序创建桌面快捷方式。
com.android.launcher.permission.READ_SETTINGS	危险	读取桌面快捷方式	这种权限的作用是允许应用读取桌面快捷方式的设置。
android.permission.MANAGE_DOCUMENTS	签名	允许管理文档访问，通常在选择器中	允许应用程序管理对文档的访问，通常作为文档选取器的一部分。
android.permission.VIBRATE	普通	控制振动器	允许应用程序控制振动器，用于消息通知振动功能。	显示文件 com/switfpass/pay/activity/PaySDKCaptureActivity.java org/cocos2dx/lib/Cocos2dxHelper.java
android.webkit.permission.PLUGIN	未知	未知权限	来自 android 引用的未知权限。
android.permission.CHANGE_NETWORK_STATE	危险	改变网络连通性	允许应用程序改变网络连通性。
cn.swiftpass.wxpay.permission.MMOAUTH_CALLBACK	未知	未知权限	来自 android 引用的未知权限。
cn.swiftpass.wxpay.permission.MM_MESSAGE	未知	未知权限	来自 android 引用的未知权限。
android.permission.ACCESS_COARSE_LOCATION	危险	获取粗略位置	通过WiFi或移动基站的方式获取用户错略的经纬度信息，定位精度大概误差在30~1500米。恶意程序可以用它来确定您的大概位置。
android.permission.CAMERA	危险	拍照和录制视频	允许应用程序拍摄照片和视频，且允许应用程序收集相机在任何时候拍到的图像。	显示文件 com/switfpass/pay/activity/zxing/camera/CameraManager.java
android.permission.FLASHLIGHT	普通	控制闪光灯	允许应用程序控制闪光灯。
xvtian.gai.receiver	未知	未知权限	来自 android 引用的未知权限。
android.permission.SYSTEM_ALERT_WINDOW	危险	弹窗	允许应用程序弹窗。恶意程序可以接管手机的整个屏幕。	显示文件 com/chinaMobile/MobileAgent.java com/chinaMobile/g.java com/chinaMobile/q.java com/switfpass/pay/activity/zxing/camera/b.java com/unionpay/mobile/android/widgets/m.java mm/purchasesdk/l/d.java mm/purchasesdk/ui/j.java mm/purchasesdk/ui/y.java org/cocos2dx/lib/Cocos2dxAccelerometer.java org/cocos2dx/lib/Cocos2dxHelper.java
android.permission.SYSTEM_OVERLAY_WINDOW	未知	未知权限	来自 android 引用的未知权限。

证书分析

高危

1

警告

0

信息

1

标题	严重程度	描述信息
已签名应用	信息	应用程序已使用代码签名证书进行签名
应用程序存在Janus漏洞	高危	应用程序使用了v1签名方案进行签名，如果只使用v1签名方案，那么它就容易受到安卓5.0-8.0上的Janus漏洞的攻击。在安卓5.0-7.0上运行的使用了v1签名方案的应用程序，以及同时使用了v2/v3签名方案的应用程序也同样存在漏洞。

MANIFEST分析

高危

0

警告

2

信息

0

屏蔽

0

序号	问题	严重程度	描述信息	操作
1	应用程序可以安装在有漏洞的已更新 Android 版本上 Android 2.3-2.3.2, [minSdk=9]	警告	该应用程序可以安装在具有多个未修复漏洞的旧版本 Android 上。这些设备不会从 Google 接收合理的安全更新。支持 Android 版本 => 10、API 29 以接收合理的安全更新。	对应用 com.moon.zombie 禁止使用 vulnerable_os_version 规则
2	应用程序数据存在被泄露的风险未设置[android:allowBackup]标志	警告	这个标志 [android:allowBackup]应该设置为false。默认情况下它被设置为true，允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。	对应用 com.moon.zombie 禁止使用 allowbackup_not_set 规则

可浏览的ACTIVITIES

ACTIVITY	INTENT

网络安全配置

序号	范围	严重级别	描述

API调用分析

API功能	源码文件
组件-> 启动 Activity	显示文件 com/UCMobile/PayPlugin/PayInterface.java com/alipay/android/MobileSecurePayHelper.java com/alipay/android/MobileSecurePayer.java com/alipay/android/app/IRemoteServiceCallback.java com/ipaynow/plugin/api/a.java com/ipaynow/plugin/inner_plugin/wechat_plugin/activity/WeChatNotifyActivity.java com/ipaynow/plugin/inner_plugin/wechat_plugin/activity/a.java com/moon/pay/WeiXinPay.java com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/HeadPortraitSelector.java com/switfpass/pay/activity/C.java com/switfpass/pay/activity/C0033p.java com/switfpass/pay/activity/G.java com/switfpass/pay/activity/PayPlugin.java com/switfpass/pay/activity/PayResultActivity.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/QQWapPayWebView.java com/switfpass/pay/activity/QrcodeActivity.java com/switfpass/pay/activity/R.java com/switfpass/pay/utils/C0049k.java com/switfpass/pay/utils/C0051m.java com/switfpass/pay/utils/C0054p.java com/switfpass/pay/utils/C0057s.java com/switfpass/pay/utils/D.java com/switfpass/pay/utils/DialogInfoSdk.java com/switfpass/pay/utils/DialogInterface$OnClickListenerC0039a.java com/switfpass/pay/utils/O.java com/switfpass/pay/utils/R.java com/switfpass/pay/utils/T.java com/unionpay/UPPayAssistEx.java com/unionpay/mobile/android/nocard/utils/d.java com/unionpay/mobile/android/nocard/views/l.java org/cocos2dx/lib/Cocos2dxHelper.java
一般功能-> 文件操作	显示文件 com/alipay/android/BaseHelper.java com/alipay/android/MobileSecurePayHelper.java com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/b.java com/alipay/android/phone/mrpc/core/h.java com/alipay/android/phone/mrpc/core/i.java com/alipay/android/phone/mrpc/core/x.java com/alipay/android/phone/mrpc/core/y.java com/alipay/tscenter/biz/rpc/vkeydfp/request/AppListCmdRequest.java com/alipay/tscenter/biz/rpc/vkeydfp/request/DeviceDataReportRequest.java com/alipay/tscenter/biz/rpc/vkeydfp/result/AppListCmdResult.java com/alipay/tscenter/biz/rpc/vkeydfp/result/AppListResult.java com/alipay/tscenter/biz/rpc/vkeydfp/result/BaseResult.java com/alipay/tscenter/biz/rpc/vkeydfp/result/DeviceDataReportResult.java com/ccit/mmwlan/MMClientSDK_ForPad.java com/ccit/mmwlan/a/d.java com/ccit/mmwlan/a/e.java com/ccit/mmwlan/a/f.java com/ccit/mmwlan/a/g.java com/ccit/mmwlan/a/h.java com/ccit/mmwlan/b/b.java com/ccit/mmwlan/phone/c.java com/ccit/mmwlan/phone/d.java com/chinaMobile/MobileAgent.java com/chinaMobile/d.java com/chinaMobile/f.java com/chinaMobile/g.java com/chinaMobile/h.java com/chinaMobile/k.java com/ipaynow/plugin/b/a/a.java com/ipaynow/plugin/b/b/a/a.java com/ipaynow/plugin/c/a/a.java com/ipaynow/plugin/utils/MerchantTools.java com/ipaynow/plugin/utils/PluginTools.java com/ipaynow/plugin/utils/a.java com/ipaynow/plugin/utils/b.java com/moon/gamecommon/GameCommon.java com/moon/gameshell/Update.java com/moon/gameshell/XMLHandler.java com/qpgame/gameframe/GameConfig.java com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/HeadPortraitSelector.java com/qpgame/gameframe/ImageHelper.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/zxing/camera/CameraManager.java com/switfpass/pay/bean/MchBean.java com/switfpass/pay/bean/OrderBena.java com/switfpass/pay/bean/RequestMsg.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Util.java com/switfpass/pay/utils/XmlUtils.java com/ta/utdid2/android/utils/Base64.java com/ta/utdid2/android/utils/SystemUtils.java com/ta/utdid2/core/persistent/FastXmlSerializer.java com/ta/utdid2/core/persistent/PersistentConfiguration.java com/ta/utdid2/core/persistent/TransactionXMLFile.java com/ta/utdid2/core/persistent/XmlUtils.java com/ta/utdid2/device/UTUtdid.java com/unionpay/UPPayAssistEx.java com/unionpay/mobile/android/net/a.java com/unionpay/mobile/android/net/c.java com/unionpay/mobile/android/nocard/utils/UPPayEngine.java com/unionpay/mobile/android/nocard/utils/a.java com/unionpay/mobile/android/nocard/views/l.java com/unionpay/mobile/android/pboctransaction/sdapdu/a.java com/unionpay/mobile/android/pboctransaction/sdapdu/b.java com/unionpay/mobile/android/pboctransaction/simapdu/b.java com/unionpay/mobile/android/resource/c.java com/unionpay/mobile/android/utils/PreferenceUtils.java com/unionpay/mobile/android/utils/a.java com/unionpay/mobile/android/utils/c.java com/unionpay/mobile/android/utils/h.java com/unionpay/mobile/android/utils/m.java com/xqt/now/paysdk/XqtPay.java mm/purchasesdk/a/b.java mm/purchasesdk/a/c.java mm/purchasesdk/a/d.java mm/purchasesdk/b/c.java mm/purchasesdk/b/d.java mm/purchasesdk/d/a.java mm/purchasesdk/e/a.java mm/purchasesdk/fingerprint/a.java mm/purchasesdk/fingerprint/c.java mm/purchasesdk/g/d.java mm/purchasesdk/g/e.java mm/purchasesdk/h/a.java mm/purchasesdk/h/b.java mm/purchasesdk/h/c.java mm/purchasesdk/h/d.java mm/purchasesdk/h/g.java mm/purchasesdk/h/h.java mm/purchasesdk/k/b.java mm/purchasesdk/k/c.java mm/purchasesdk/l/a.java mm/purchasesdk/l/e.java mm/purchasesdk/l/f.java mm/purchasesdk/l/g.java mm/purchasesdk/ui/aa.java mm/purchasesdk/ui/ac.java org/cocos2dx/lib/Cocos2dxDownloader.java org/cocos2dx/lib/Cocos2dxHelper.java org/cocos2dx/lib/Cocos2dxHttpURLConnection.java org/cocos2dx/lib/Cocos2dxMusic.java org/cocos2dx/lib/Cocos2dxVideoView.java org/cocos2dx/lib/FileTaskHandler.java org/cocos2dx/lib/GameControllerUtils.java
一般功能-> 获取系统服务(getSystemService)	显示文件 com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/x.java com/ccit/mmwlan/MMClientSDK_ForPad.java com/ccit/mmwlan/b/a.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/chinaMobile/MobileAgent.java com/chinaMobile/g.java com/chinaMobile/n.java com/chinaMobile/q.java com/moon/gameshell/Update.java com/moon/pay/WeiXinPay.java com/qpgame/gameframe/Device.java com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/Network.java com/qpgame/gameframe/SoftKeyboardUtil.java com/qpgame/gameframe/WifiReceiver.java com/switfpass/pay/MainApplication.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/zxing/camera/b.java com/switfpass/pay/thread/NetHelper.java com/ta/utdid2/android/utils/NetworkUtils.java com/ta/utdid2/android/utils/PhoneInfoUtils.java com/unionpay/mobile/android/nocard/utils/UPPayEngine.java com/unionpay/mobile/android/nocard/views/am.java com/unionpay/mobile/android/nocard/views/ax.java com/unionpay/mobile/android/nocard/views/b.java com/unionpay/mobile/android/nocard/views/bh.java com/unionpay/mobile/android/pro/views/h.java com/unionpay/mobile/android/upviews/a.java com/unionpay/mobile/android/utils/c.java com/unionpay/mobile/android/widgets/UPWidget.java com/xqt/now/paysdk/PublicClass.java mm/purchasesdk/c/a.java mm/purchasesdk/l/d.java mm/purchasesdk/l/g.java mm/purchasesdk/ui/y.java org/cocos2dx/lib/Cocos2dxAccelerometer.java org/cocos2dx/lib/Cocos2dxEditBoxHelper.java org/cocos2dx/lib/Cocos2dxGLSurfaceView.java org/cocos2dx/lib/Cocos2dxHelper.java org/cocos2dx/lib/Cocos2dxMusic.java org/cocos2dx/lib/Cocos2dxTextInputWrapper.java
设备指纹-> 查看本机IMSI	显示文件 com/ccit/mmwlan/b/a.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/chinaMobile/g.java com/qpgame/gameframe/Device.java com/ta/utdid2/android/utils/PhoneInfoUtils.java com/unionpay/mobile/android/nocard/utils/UPPayEngine.java com/xqt/now/paysdk/PublicClass.java mm/purchasesdk/l/d.java
一般功能-> 传感器相关操作	mm/purchasesdk/ui/y.java org/cocos2dx/lib/Cocos2dxAccelerometer.java
网络通信-> WebView JavaScript接口	显示文件 com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/WebPageLoader.java com/switfpass/pay/activity/QQWapPayWebView.java com/unionpay/mobile/android/upviews/d.java mm/purchasesdk/ui/ac.java org/cocos2dx/lib/Cocos2dxWebView.java
网络通信-> WebView GET请求	com/unionpay/mobile/android/upviews/d.java
网络通信-> WebView 相关	显示文件 com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/WebPageLoader.java com/switfpass/pay/activity/QQWapPayWebView.java com/unionpay/mobile/android/upviews/d.java mm/purchasesdk/ui/ac.java mm/purchasesdk/ui/ae.java org/cocos2dx/lib/Cocos2dxWebView.java
一般功能-> IPC通信	显示文件 cn/gov/pbc/tsm/client/mobile/android/bank/service/a.java com/UCMobile/PayPlugin/PayInterface.java com/UCMobile/PayPlugin/PayPluginService.java com/UCMobile/PayPlugin/PayResultReceiver.java com/alipay/android/MobileSecurePayHelper.java com/alipay/android/MobileSecurePayer.java com/alipay/android/app/IAlixPay.java com/alipay/android/app/IRemoteServiceCallback.java com/ccit/mmwlan/b/a.java com/enhance/gameservice/IGameTuningService.java com/ipaynow/plugin/api/a.java com/ipaynow/plugin/inner_plugin/wechat_plugin/activity/WeChatNotifyActivity.java com/ipaynow/plugin/inner_plugin/wechat_plugin/activity/a.java com/moon/gamecommon/GameCommon.java com/moon/pay/PayManagement.java com/moon/pay/UnionPay.java com/moon/pay/WeiXinPay.java com/moon/zombie/Launcher.java com/qpgame/gameframe/BatteryReceiver.java com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/HeadPortraitSelector.java com/qpgame/gameframe/InterceptSmsReciever.java com/qpgame/gameframe/WifiReceiver.java com/switfpass/pay/activity/E.java com/switfpass/pay/activity/G.java com/switfpass/pay/activity/PayPlugin.java com/switfpass/pay/activity/PayResultActivity.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/QQWapPayWebView.java com/switfpass/pay/activity/QrcodeActivity.java com/switfpass/pay/activity/zxing/camera/c.java com/switfpass/pay/activity/zxing/decoding/Intents.java com/switfpass/pay/activity/zxing/decoding/PayCaptureActivityHandler.java com/switfpass/pay/utils/DialogHelper.java com/switfpass/pay/utils/DialogInfoSdk.java com/unionpay/UPPayAssistEx.java com/unionpay/client3/tsm/ITsmConnection.java com/unionpay/client3/tsm/ITsmConnectionCallback.java com/unionpay/mobile/android/nocard/utils/a.java com/unionpay/mobile/android/nocard/utils/d.java com/unionpay/mobile/android/nocard/views/l.java com/unionpay/mobile/android/pboctransaction/icfcc/a.java com/unionpay/mobile/android/pboctransaction/icfcc/b.java com/unionpay/mobile/android/pboctransaction/remoteapdu/a.java com/unionpay/mobile/android/pboctransaction/remoteapdu/b.java com/unionpay/mobile/android/pboctransaction/samsung/a.java com/unionpay/mobile/android/pboctransaction/samsung/b.java com/unionpay/mobile/android/plugin/BaseActivity.java com/unionpay/mobile/tsm/connect/IInitCallback.java com/unionpay/mobile/tsm/connect/IRemoteApdu.java com/xqt/now/paysdk/XqtPay.java org/cocos2dx/lib/Cocos2dxActivity.java org/cocos2dx/lib/Cocos2dxHelper.java org/cocos2dx/lib/Cocos2dxVideoView.java
网络通信-> HTTP建立连接	显示文件 com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/h.java com/alipay/android/phone/mrpc/core/i.java com/alipay/android/phone/mrpc/core/j.java com/alipay/android/phone/mrpc/core/k.java com/alipay/android/phone/mrpc/core/x.java com/ccit/mmwlan/a/d.java com/ccit/mmwlan/a/e.java com/ccit/mmwlan/phone/c.java com/chinaMobile/MobileAgent.java com/ipaynow/plugin/utils/b.java com/switfpass/pay/thread/NetHelper.java com/unionpay/mobile/android/net/a.java com/unionpay/mobile/android/net/c.java mm/purchasesdk/l/g.java org/cocos2dx/lib/Cocos2dxHttpURLConnection.java
一般功能-> 加载so文件	显示文件 com/UCMobile/PayPlugin/PluginIcon.java com/UCMobile/PayPlugin/PluginSurfaceView.java com/ccit/mmwlan/ClientSDK.java com/ipaynow/plugin/c/a/a.java com/moon/gameshell/Update.java com/qpgame/gameframe/GameFrame.java mm/purchasesdk/fingerprint/IdentifyApp.java org/cocos2dx/lib/Cocos2dxActivity.java
网络通信-> HTTP请求、连接和会话	显示文件 com/alipay/android/phone/mrpc/core/i.java com/switfpass/pay/utils/Util.java com/unionpay/mobile/android/net/c.java mm/purchasesdk/g/e.java mm/purchasesdk/l/g.java
网络通信-> HTTPS建立连接	com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/i.java org/cocos2dx/lib/Cocos2dxHttpURLConnection.java
加密解密-> Base64 加密	com/alipay/android/phone/mrpc/core/i.java
网络通信-> SSL证书处理	显示文件 com/alipay/android/phone/mrpc/core/i.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Util.java com/switfpass/pay/utils/Y.java mm/purchasesdk/l/g.java
组件-> 发送广播	显示文件 com/UCMobile/PayPlugin/PayInterface.java com/UCMobile/PayPlugin/PayResultReceiver.java com/moon/gamecommon/GameCommon.java com/qpgame/gameframe/GameFrame.java com/unionpay/mobile/android/nocard/utils/d.java org/cocos2dx/lib/Cocos2dxVideoView.java
调用java反射机制	显示文件 com/alipay/a/a/g.java com/alipay/android/phone/mrpc/core/af.java com/alipay/android/phone/mrpc/core/ag.java com/alipay/android/phone/mrpc/core/d.java com/alipay/android/phone/mrpc/core/q.java com/ccit/mmwlan/b/c.java com/ipaynow/plugin/utils/PreSignMessageUtil.java com/moon/gameshell/MResource.java com/switfpass/pay/activity/zxing/camera/c.java com/switfpass/pay/utils/DialogHelper.java com/unionpay/mobile/android/pro/pboc/engine/b.java com/unionpay/mobile/android/pro/views/a.java com/unionpay/mobile/android/utils/c.java com/unionpay/mobile/android/widgets/t.java mm/purchasesdk/fingerprint/c.java mm/purchasesdk/l/b.java mm/purchasesdk/l/c.java mm/purchasesdk/l/e.java org/cocos2dx/lib/Cocos2dxHelper.java org/cocos2dx/lib/Cocos2dxReflectionHelper.java org/cocos2dx/lib/Cocos2dxWebView.java org/keplerproject/luajava/LuaInvocationHandler.java org/keplerproject/luajava/LuaJavaAPI.java org/keplerproject/luajava/LuaObject.java
命令执行-> getRuntime.exec()	com/alipay/android/BaseHelper.java com/unionpay/mobile/android/utils/c.java
一般功能-> 获取WiFi相关信息	显示文件 com/ccit/mmwlan/MMClientSDK_ForPad.java com/ccit/mmwlan/b/a.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/chinaMobile/g.java com/qpgame/gameframe/Device.java com/qpgame/gameframe/WifiReceiver.java com/ta/utdid2/android/utils/NetworkUtils.java com/unionpay/mobile/android/utils/c.java mm/purchasesdk/l/d.java
一般功能-> 查看\修改Android系统属性	com/unionpay/mobile/android/utils/c.java mm/purchasesdk/fingerprint/c.java mm/purchasesdk/l/c.java
隐私数据-> 获取已安装的应用程序	显示文件 com/alipay/android/MobileSecurePayHelper.java com/qpgame/gameframe/GameFrame.java com/switfpass/pay/utils/PayDialogInfo.java mm/purchasesdk/l/a.java
加密解密-> Crypto加解密组件	显示文件 com/alipay/android/Rsa.java com/chinaMobile/d.java com/switfpass/pay/utils/Rsa.java com/ta/utdid2/android/utils/AESUtils.java com/ta/utdid2/device/UTUtdid.java mm/purchasesdk/fingerprint/a.java
进程操作-> 杀死进程	com/chinaMobile/b.java org/cocos2dx/lib/Cocos2dxHelper.java
隐私数据-> 发送SMS短信息	com/ccit/mmwlan/MMClientSDK_ForIdentity.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/qpgame/gameframe/GameFrame.java
一般功能-> 设置手机铃声，媒体音量	com/qpgame/gameframe/GameFrame.java
一般功能-> 获取活动网路信息	显示文件 com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/x.java com/chinaMobile/MobileAgent.java com/chinaMobile/g.java com/chinaMobile/n.java com/moon/gameshell/Update.java com/moon/pay/WeiXinPay.java com/qpgame/gameframe/Network.java com/switfpass/pay/MainApplication.java com/ta/utdid2/android/utils/NetworkUtils.java com/unionpay/mobile/android/nocard/utils/UPPayEngine.java com/xqt/now/paysdk/PublicClass.java mm/purchasesdk/l/d.java mm/purchasesdk/l/g.java
组件-> 启动 Service	显示文件 com/alipay/android/MobileSecurePayer.java com/unionpay/mobile/android/pboctransaction/icfcc/a.java com/unionpay/mobile/android/pboctransaction/remoteapdu/a.java com/unionpay/mobile/android/pboctransaction/samsung/a.java org/cocos2dx/lib/Cocos2dxHelper.java
网络通信-> DefaultHttpClient Connection	显示文件 com/alipay/android/phone/mrpc/core/k.java com/ccit/mmwlan/a/e.java com/chinaMobile/MobileAgent.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Util.java com/unionpay/mobile/android/net/c.java mm/purchasesdk/l/g.java
网络通信-> TCP套接字	显示文件 com/alipay/android/phone/mrpc/core/h.java com/alipay/android/phone/mrpc/core/x.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Y.java com/unionpay/mobile/android/net/a.java mm/purchasesdk/l/d.java
加密解密-> 信息摘要算法	显示文件 com/chinaMobile/g.java com/ipaynow/plugin/b/a/a.java com/moon/pay/WeiXinPay.java com/switfpass/pay/utils/MD5.java com/switfpass/pay/utils/Rsa.java com/switfpass/pay/utils/Util.java mm/purchasesdk/l/d.java
设备指纹-> 查看本机SIM卡序列号	com/qpgame/gameframe/Device.java mm/purchasesdk/l/g.java
设备指纹-> getSimOperator	mm/purchasesdk/l/g.java
进程操作-> 获取进程pid	org/cocos2dx/lib/Cocos2dxHelper.java
一般功能-> 获取网络接口信息	mm/purchasesdk/l/d.java
设备指纹-> 查看本机号码	com/qpgame/gameframe/Device.java
隐私数据-> 拍照摄像	com/switfpass/pay/activity/zxing/camera/CameraManager.java
一般功能-> 查询数据库(短信、联系人、通话记录、浏览器历史等)	com/moon/gamecommon/GameCommon.java
隐私数据-> 读取短信	com/qpgame/gameframe/InterceptSmsReciever.java

源代码分析

高危

4

警告

8

信息

2

安全

2

屏蔽

0

序号	问题	等级	参考标准	文件位置	操作
1	文件可能包含硬编码的敏感信息，如用户名、密码、密钥等	警告	CWE: CWE-312: 明文存储敏感信息 OWASP Top 10: M9: Reverse Engineering OWASP MASVS: MSTG-STORAGE-14	显示文件 com/alipay/android/AlixDefine.java com/chinaMobile/MobileAgent.java com/moon/pay/IAPPay.java com/switfpass/pay/bean/RequestMsg.java com/switfpass/pay/utils/Constants.java com/ta/utdid2/device/DeviceInfo.java com/ta/utdid2/device/UTUtdid.java mm/purchasesdk/PurchaseCode.java	Suppress the rule android_hardcoded in com.moon.zombie Suppress the rule android_hardcoded in com.moon.zombie only from these files
2	应用程序记录日志信息,不得记录敏感信息	信息	CWE: CWE-532: 通过日志文件的信息暴露 OWASP MASVS: MSTG-STORAGE-3	显示文件 com/alipay/android/phone/mrpc/core/i.java com/ccit/mmwlan/MMClientSDK_ForIdentity.java com/ccit/mmwlan/MMClientSDK_ForLogin.java com/ccit/mmwlan/MMClientSDK_ForPad.java com/ccit/mmwlan/a/d.java com/ccit/mmwlan/a/e.java com/ccit/mmwlan/a/g.java com/ccit/mmwlan/a/h.java com/ccit/mmwlan/b/a.java com/ccit/mmwlan/b/b.java com/ccit/mmwlan/b/c.java com/ccit/mmwlan/phone/MMClientSDK_ForPhone.java com/chinaMobile/MobileAgent.java com/chinaMobile/b.java com/chinaMobile/g.java com/chinaMobile/k.java com/chinaMobile/l.java com/ipaynow/plugin/b/b/a.java com/ipaynow/plugin/b/b/b.java com/ipaynow/plugin/utils/b.java com/ipaynow/plugin/utils/c.java com/moon/gameshell/Update.java com/moon/gameshell/XMLHandler.java com/moon/pay/AlixPay.java com/moon/pay/IAPListener.java com/moon/pay/PayManagement.java com/moon/pay/WeiXinPay.java com/qpgame/gameframe/GameFrame.java com/qpgame/gameframe/InterceptSmsReciever.java com/qpgame/gameframe/SoftKeyboardUtil.java com/qpgame/gameframe/WebPageLoader.java com/switfpass/pay/activity/AsyncTaskC0022e.java com/switfpass/pay/activity/C0033p.java com/switfpass/pay/activity/PayPlugin.java com/switfpass/pay/activity/PayResultActivity.java com/switfpass/pay/activity/PaySDKCaptureActivity.java com/switfpass/pay/activity/Result.java com/switfpass/pay/activity/View$OnClickListenerC0020c.java com/switfpass/pay/activity/zxing/camera/CameraManager.java com/switfpass/pay/activity/zxing/camera/a.java com/switfpass/pay/activity/zxing/camera/b.java com/switfpass/pay/activity/zxing/camera/c.java com/switfpass/pay/activity/zxing/camera/d.java com/switfpass/pay/activity/zxing/decoding/PayCaptureActivityHandler.java com/switfpass/pay/activity/zxing/decoding/b.java com/switfpass/pay/service/GetAccessTokenResult.java com/switfpass/pay/service/GetPrepayIdResult.java com/switfpass/pay/service/b.java com/switfpass/pay/service/c.java com/switfpass/pay/service/d.java com/switfpass/pay/service/e.java com/switfpass/pay/service/f.java com/switfpass/pay/service/g.java com/switfpass/pay/service/h.java com/switfpass/pay/service/i.java com/switfpass/pay/service/j.java com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/HandlerC0048j.java com/switfpass/pay/utils/L.java com/switfpass/pay/utils/PayDialogInfo.java com/switfpass/pay/utils/Rsa.java com/switfpass/pay/utils/Util.java com/ta/utdid2/android/utils/SystemUtils.java com/unionpay/mobile/android/pboctransaction/sdapdu/a.java com/unionpay/mobile/android/pboctransaction/simapdu/b.java com/unionpay/mobile/android/upviews/d.java com/unionpay/mobile/android/utils/h.java com/unionpay/mobile/android/widgets/z.java com/xqt/now/paysdk/XqtPay.java mm/purchasesdk/PurchaseCode.java mm/purchasesdk/a/c.java mm/purchasesdk/f/a.java mm/purchasesdk/h/h.java mm/purchasesdk/l/b.java mm/purchasesdk/l/d.java mm/purchasesdk/l/e.java org/cocos2dx/lib/Cocos2dxActivity.java org/cocos2dx/lib/Cocos2dxBitmap.java org/cocos2dx/lib/Cocos2dxEditBoxHelper.java org/cocos2dx/lib/Cocos2dxGLSurfaceView.java org/cocos2dx/lib/Cocos2dxHelper.java org/cocos2dx/lib/Cocos2dxHttpURLConnection.java org/cocos2dx/lib/Cocos2dxLocalStorage.java org/cocos2dx/lib/Cocos2dxMusic.java org/cocos2dx/lib/Cocos2dxReflectionHelper.java org/cocos2dx/lib/Cocos2dxSound.java org/cocos2dx/lib/Cocos2dxVideoView.java org/cocos2dx/lib/Cocos2dxWebView.java org/cocos2dx/lib/DataTaskHandler.java org/cocos2dx/lib/FileTaskHandler.java org/keplerproject/luajava/LuaObject.java	Suppress the rule android_logging in com.moon.zombie Suppress the rule android_logging in com.moon.zombie only from these files
3	应用程序使用不安全的随机数生成器	警告	CWE: CWE-330: 使用不充分的随机数 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-6	显示文件 com/chinaMobile/MobileAgent.java com/moon/pay/AlixPay.java com/switfpass/pay/activity/PayPlugin.java com/switfpass/pay/utils/Util.java com/ta/utdid2/android/utils/PhoneInfoUtils.java com/ta/utdid2/device/UTUtdid.java com/ta/utdid2/device/UTUtdidHelper.java mm/purchasesdk/ui/d.java	Suppress the rule android_insecure_random in com.moon.zombie Suppress the rule android_insecure_random in com.moon.zombie only from these files
4	应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库	警告	CWE: CWE-89: SQL命令中使用的特殊元素转义处理不恰当（'SQL 注入'） OWASP Top 10: M7: Client Code Quality	mm/purchasesdk/g/a.java mm/purchasesdk/g/b.java org/cocos2dx/lib/Cocos2dxLocalStorage.java	Suppress the rule android_sql_raw_query in com.moon.zombie Suppress the rule android_sql_raw_query in com.moon.zombie only from these files
5	SSL的不安全实现。信任所有证书或接受自签名证书是一个关键的安全漏洞。此应用程序易受MITM攻击	高危	CWE: CWE-295: 证书验证不恰当 OWASP Top 10: M3: Insecure Communication OWASP MASVS: MSTG-NETWORK-3	com/alipay/android/NetworkManager.java com/alipay/android/phone/mrpc/core/i.java com/switfpass/pay/thread/NetHelper.java	Suppress the rule android_insecure_ssl in com.moon.zombie Suppress the rule android_insecure_ssl in com.moon.zombie only from these files
6	SHA-1是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	显示文件 com/alipay/android/Rsa.java com/switfpass/pay/utils/Rsa.java com/switfpass/pay/utils/Util.java com/ta/utdid2/android/utils/AESUtils.java	Suppress the rule android_sha1 in com.moon.zombie Suppress the rule android_sha1 in com.moon.zombie only from these files
7	应用程序可以读取/写入外部存储器，任何应用程序都可以读取写入外部存储器的数据	警告	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	显示文件 com/qpgame/gameframe/Device.java com/qpgame/gameframe/HeadPortraitSelector.java com/switfpass/pay/utils/Util.java com/ta/utdid2/android/utils/SystemUtils.java com/ta/utdid2/core/persistent/PersistentConfiguration.java com/unionpay/mobile/android/nocard/views/l.java com/unionpay/mobile/android/utils/h.java com/unionpay/mobile/android/utils/m.java mm/purchasesdk/l/e.java mm/purchasesdk/l/f.java org/cocos2dx/lib/Cocos2dxHelper.java	Suppress the rule android_read_write_external in com.moon.zombie Suppress the rule android_read_write_external in com.moon.zombie only from these files
8	此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击	安全	OWASP MASVS: MSTG-NETWORK-4	显示文件 com/switfpass/pay/thread/NetHelper.java com/switfpass/pay/utils/Util.java com/unionpay/mobile/android/net/b.java org/cocos2dx/lib/Cocos2dxHttpURLConnection.java	Suppress the rule android_ssl_pinning in com.moon.zombie Suppress the rule android_ssl_pinning in com.moon.zombie only from these files
9	应用程序可以写入应用程序目录。敏感信息应加密	信息	CWE: CWE-276: 默认权限不正确 OWASP MASVS: MSTG-STORAGE-14	com/ta/utdid2/core/persistent/TransactionXMLFile.java	Suppress the rule android_write_app_dir in com.moon.zombie Suppress the rule android_write_app_dir in com.moon.zombie only from these files
10	该文件是World Readable。任何应用程序都可以读取文件	高危	CWE: CWE-276: 默认权限不正确 OWASP Top 10: M2: Insecure Data Storage OWASP MASVS: MSTG-STORAGE-2	com/ta/utdid2/core/persistent/TransactionXMLFile.java com/unionpay/UPPayAssistEx.java	Suppress the rule android_world_readable in com.moon.zombie Suppress the rule android_world_readable in com.moon.zombie only from these files
11	MD5是已知存在哈希冲突的弱哈希	警告	CWE: CWE-327: 使用已被攻破或存在风险的密码学算法 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-4	显示文件 com/chinaMobile/g.java com/ipaynow/plugin/b/a/a.java com/moon/pay/WeiXinPay.java com/switfpass/pay/utils/MD5.java com/switfpass/pay/utils/Rsa.java mm/purchasesdk/l/d.java	Suppress the rule android_md5 in com.moon.zombie Suppress the rule android_md5 in com.moon.zombie only from these files
12	不安全的Web视图实现。可能存在WebView任意代码执行漏洞	警告	CWE: CWE-749: 暴露危险方法或函数 OWASP Top 10: M1: Improper Platform Usage OWASP MASVS: MSTG-PLATFORM-7	com/qpgame/gameframe/WebPageLoader.java com/switfpass/pay/activity/QQWapPayWebView.java	Suppress the rule android_webview in com.moon.zombie Suppress the rule android_webview in com.moon.zombie only from these files
13	IP地址泄露	警告	CWE: CWE-200: 信息泄露 OWASP MASVS: MSTG-CODE-2	显示文件 com/alipay/android/phone/mrpc/core/x.java com/chinaMobile/MobileAgent.java com/switfpass/pay/activity/PayPlugin.java mm/purchasesdk/l/g.java	Suppress the rule android_ip_disclosure in com.moon.zombie Suppress the rule android_ip_disclosure in com.moon.zombie only from these files
14	应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。	高危	CWE: CWE-649: 依赖于混淆或加密安全相关输入而不进行完整性检查 OWASP Top 10: M5: Insufficient Cryptography OWASP MASVS: MSTG-CRYPTO-3	com/chinaMobile/d.java com/ta/utdid2/android/utils/AESUtils.java	Suppress the rule cbc_padding_oracle in com.moon.zombie Suppress the rule cbc_padding_oracle in com.moon.zombie only from these files
15	不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击	高危	CWE: CWE-295: 证书验证不恰当 OWASP Top 10: M3: Insecure Communication OWASP MASVS: MSTG-NETWORK-3	com/switfpass/pay/activity/G.java	Suppress the rule android_webview_ignore_ssl in com.moon.zombie Suppress the rule android_webview_ignore_ssl in com.moon.zombie only from these files
16	此应用程序可能具有Root检测功能	安全	OWASP MASVS: MSTG-RESILIENCE-1	com/unionpay/mobile/android/nocard/utils/UPPayEngine.java	Suppress the rule android_detect_root in com.moon.zombie Suppress the rule android_detect_root in com.moon.zombie only from these files

动态库分析

序号	动态库	NX(堆栈禁止执行)	STACK CANARY(栈保护)	RELRO	RPATH（指定SO搜索路径）	RUNPATH（指定SO搜索路径）	FORTIFY(常用函数加强检查)	SYMBOLS STRIPPED(裁剪符号表)
1	armeabi/libcasdkjni.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	No RELRO high 此共享对象未启用 RELRO。整个 GOT（.got 和 .got.plt）都是可写的。如果没有此编译器标志，全局变量上的缓冲区溢出可能会覆盖 GOT 条目。使用选项 -z,relro,-z,now 启用完整 RELRO，仅使用 -z,relro 启用部分 RELRO。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	False warning 二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数（如 strcpy，gets 等）的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用	False warning 符号可用
2	armeabi/libidentifyapp.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	No RELRO high 此共享对象未启用 RELRO。整个 GOT（.got 和 .got.plt）都是可写的。如果没有此编译器标志，全局变量上的缓冲区溢出可能会覆盖 GOT 条目。使用选项 -z,relro,-z,now 启用完整 RELRO，仅使用 -z,relro 启用部分 RELRO。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	False warning 二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数（如 strcpy，gets 等）的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用	False warning 符号可用
3	armeabi/libplugin_phone.so	True info 二进制文件设置了 NX 位。这标志着内存页面不可执行，使得攻击者注入的 shellcode 不可执行。	True info 这个二进制文件在栈上添加了一个栈哨兵值，以便它会被溢出返回地址的栈缓冲区覆盖。这样可以通过在函数返回之前验证栈哨兵的完整性来检测溢出	Full RELRO info 此共享对象已完全启用 RELRO。 RELRO 确保 GOT 不会在易受攻击的 ELF 二进制文件中被覆盖。在完整 RELRO 中，整个 GOT（.got 和 .got.plt 两者）被标记为只读。	None info 二进制文件没有设置运行时搜索路径或RPATH	None info 二进制文件没有设置 RUNPATH	False warning 二进制文件没有任何加固函数。加固函数提供了针对 glibc 的常见不安全函数（如 strcpy，gets 等）的缓冲区溢出检查。使用编译选项 -D_FORTIFY_SOURCE=2 来加固函数。这个检查对于 Dart/Flutter 库不适用	False warning 符号可用

文件分析

序号	问题	文件

VIRUSTOTAL扫描

检出率： 8 / 64 完整报告

反病毒引擎	检出结果
Avira	PUA/ANDR.SMSReg.FGEY.Gen
ESET-NOD32	a variant of Android/SMSreg.CU potentially unsafe
F-Secure	PotentialRisk.PUA/ANDR.SMSReg.FGEY.Gen
Fortinet	Riskware/SmsReg!Android
Google	Detected
Ikarus	AdWare.AndroidOS.SMSreg
NANO-Antivirus	Trojan.Android.Wiyun.dhxusv
Sophos	Android Riskware SmsReg (PUA)

滥用权限

恶意软件常用权限 6/30

android.permission.READ_PHONE_STATE
android.permission.SEND_SMS
android.permission.VIBRATE
android.permission.ACCESS_COARSE_LOCATION
android.permission.CAMERA
android.permission.SYSTEM_ALERT_WINDOW

其它常用权限 9/46

android.permission.INTERNET
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.BATTERY_STATS
android.permission.ACCESS_NETWORK_STATE
com.android.launcher.permission.INSTALL_SHORTCUT
android.permission.CHANGE_NETWORK_STATE
android.permission.FLASHLIGHT

恶意软件常用权限 是被已知恶意软件广泛滥用的权限。
其它常用权限 是已知恶意软件经常滥用的权限。

IP地图

域名检测

域名	状态	中国境内	位置信息
api.ipaynow.cn	安全	是	IP地址: 103.244.232.20 国家: China 地区: Beijing 城市: Beijing 查看: 高德地图
zhifu.dev.swiftpass.cn	安全	否	没有可用的地理位置信息。
pay.swiftpass.cn	安全	是	IP地址: 111.230.118.187 国家: China 地区: Beijing 城市: Beijing 查看: 高德地图
posp.ipaynow.cn	安全	是	IP地址: 211.154.166.174 国家: China 地区: Beijing 城市: Beijing 查看: 高德地图
gw.tenpay.com	安全	否	没有可用的地理位置信息。
example.com	安全	否	IP地址: 93.184.216.34 国家: United States of America 地区: Virginia 城市: Ashburn 查看: Google 地图
huangjun.dev.swiftpass.cn	安全	否	没有可用的地理位置信息。
ospd.mmarket.com	安全	是	IP地址: 120.197.235.71 国家: China 地区: Guangdong 城市: Guangzhou 查看: 高德地图
paya.swiftpass.cn	安全	是	IP地址: 193.112.234.72 国家: China 地区: Beijing 城市: Beijing 查看: 高德地图
www.zhifuka.net	安全	否	没有可用的地理位置信息。
da.mmarket.com	安全	是	IP地址: 120.232.188.83 国家: China 地区: Guangdong 城市: Guangzhou 查看: 高德地图

手机号码

手机号	源码文件
13900000000	com/ccit/mmwlan/MMClientSDK_ForIdentity.java
15060355040	com/unionpay/UPPayAssistEx.java
13900000000 15060355040	自研引擎分析结果

网址

网址信息	源码文件
https://msp.alipay.com/x.htm	com/alipay/android/Constant.java
https://mobilegw.alipay.com/mgw.htm	com/alipay/mobilesecuritysdk/face/a.java
http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:feedback	com/chinaMobile/k.java
http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:getappparameter&appkey= 10.0.0.172 http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:postactlog http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posterrlog http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlog http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:postsyslog	com/chinaMobile/MobileAgent.java
https://pay.swiftpass.cn/ http://huangjun.dev.swiftpass.cn/	com/switfpass/pay/MainApplication.java
http://huangjun.dev.swiftpass.cn/pay/gateway	com/switfpass/pay/activity/AsyncTaskC0022e.java
https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s http://zhifu.dev.swiftpass.cn/spay/notify	com/switfpass/pay/activity/PayPlugin.java
https://gw.tenpay.com/gateway/normalorderquery.xml?	com/switfpass/pay/utils/Constants.java
http://211.154.151.196:8081/tenpay/payment/notifyCallBackUrl	com/switfpass/pay/utils/Util.java
http://www.zhifuka.net/gateway/mbphonepay/mbphonepay.asp? http://www.zhifuka.net/gateway/mbphonepay/mbphonepay.asp?customerid= https://paya.swiftpass.cn/pay/gateway	com/xqt/now/paysdk/XqtPay.java
http://ospd.mmarket.com:80/taac http://ospd.mmarket.com:80/trust http://ospd.mmarket.com:80/trusted3	mm/purchasesdk/l/d.java
192.168.11.5 10.0.0.172	mm/purchasesdk/l/g.java
https://msp.alipay.com/x.htm https://mobilegw.alipay.com/mgw.htm http://ospd.mmarket.com:80/taac http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:postactlog http://ospd.mmarket.com:80/trusted3 http://m.alipay.com/?action=h5quit https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s https://gw.tenpay.com/gateway/normalorderquery.xml? http://huangjun.dev.swiftpass.cn/pay/gateway http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:getappparameter&appkey= https://pay.swiftpass.cn/ https://mclient.alipay.com/home/exterfaceAssign.htm? https://wappaygw.alipay.com/home/exterfaceAssign.htm? 192.168.11.5 http://www.zhifuka.net/gateway/mbphonepay/mbphonepay.asp?customerid= http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posteventlog http://example.com/ http://211.154.151.196:8081/tenpay/payment/notifyCallBackUrl https://paya.swiftpass.cn/pay/gateway 10.0.0.172 127.0.0.255 https://mclient.alipay.com/sdkErrorlog.do http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:postsyslog http://zhifu.dev.swiftpass.cn/spay/notify http://mcgw.alipay.com/gateway.do http://www.zhifuka.net/gateway/mbphonepay/mbphonepay.asp? http://ospd.mmarket.com:80/trust http://huangjun.dev.swiftpass.cn/ http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:posterrlog http://da.mmarket.com/mmsdk/mmsdk?func=mmsdk:feedback	自研引擎分析结果
http://api.ipaynow.cn/ http://posp.ipaynow.cn:10900/	lib/armeabi/libplugin_phone.so

FIREBASE实例

邮箱

EMAIL	源码文件
wftid@swiftpass.cn	com/switfpass/pay/utils/Constants.java
wftid@swiftpass.cn	自研引擎分析结果

追踪器

名称	类别	网址

密钥凭证

已显示 30 个secrets

1、 "no_token_id" : "订单号为空或位数不对，请检查输入的订单号！"
2、 54aa526e7a37d8ba2311a1d3d2ab79b3fbeaf3ebb9e7da9e7cdd9be1ae5a53595f47
3、 8cc1d6ed5e1b2cc00489215aec3fc2eac008e767b0215981cb5e
4、 11300f060355040813085368616e67686169311130
5、 15060355040a130e4368696e6120556e696f6e50617931173015060355040b130e4
6、 3634385a3078310b300906035504061302383631
7、 0a54b19a13b6712dc04d1b49215423d8
8、 9d101c97133837e13dde2d32a5054abb
9、 b1ff56cef0e21c87260c63ce3ca868bf5974c14
10、 92a864886f70d010101050003818d0030818902818100c42e6236d5054ffccaa
11、 64c2f89fdffa16729c9779f99562bc189d2ce4722ba0faedb11aa22d0d9db228fda
12、 0dc1c1c001c4d6c48241ce1ac41fd5a0
13、 efedc24fecde188aaa9161
14、 XwYp8WL8bm6S4wu6yEYmLGy4RRRdJDIhxCBdk3CiNZTwGoj1bScVZEeVp9vBiiIsgwDtqZHP8QLoFM6o6MRYjW8QqyrZBI654mqoUk5SOLDyzordzOU5QhYguEJh54q3K1KqMEXpdEQJJjs1Urqjm2s4jgPfCZ4hMuIjAMRrEQluA7FeoqWMJOwghcLcPVleQ8PLzAcaKidybmwhvNAxIyKRpbZlcDjNCcUvsJYvyzEA9VUIaHkIAJ62lpA3EE3H
15、 f6e5061793111300f06035504031308556e696f6e50617930819f300d060
16、 08eb9b5c67474d027fa03ce35109b11604083ab6bb4df2c46240f879f
17、 134e3265829ff82daf16e7b740a600b5
18、 f6e50617931173015060355040b130e4368696e6120556e696
19、 d9255940da7b6cd07483f4b4243fd1825b2705
20、 3015060355040a130e4368696e6120556e696
21、 861693111300f060355040713085368616e67686169311730
22、 0f060355040713085368616e676861693117
23、 1001a3e74c601e3beb1b7ae4f9ab2872a0aaf1dbc2cba89c7528cd
24、 891b9b2a1d867f95eefd537a56d4d805
25、 e94ddc285669ec06b8a405dd4341eac4ea7030203010001300d06092a864886f70d010105050003818
26、 hjwg16Y0G83C18H9wpMLWi25KDSLyNLA2I509GQ5wydMj2qRYVHjf9fV7Xl9cfcFstlYsOtRAxdUcMOa0nkO1qhsbeEqirQRJmnW0Yub6Yar1FzfWJTlHutV43HJmd8E
27、 d6fc3a4a06adbde89223b
28、 b1fdf62b0f540fca5458b063af9354925a6c3505a18ff164b6b195f6e517eaee1fb783
29、 6e696f6e5061793111300f06035504031308556e696f6e5061
30、 23456789abcdef12123456786789abcd

字符串列表

建议导出为TXT，方便查看。

活动列表

已显示 7 个activities

1、 com.moon.zombie.Launcher
2、 com.unionpay.uppay.PayActivity
3、 com.alipay.sdk.app.H5PayActivity
4、 com.alipay.sdk.auth.AuthActivity
5、 com.ipaynow.plugin.activity.PayMethodActivity
6、 com.ipaynow.plugin.inner_plugin.wechat_plugin.activity.WeChatNotifyActivity
7、 com.switfpass.pay.activity.QQWapPayWebView

服务列表

广播接收者列表

内容提供者列表

第三方SDK

SDK名称	开发者	描述信息
支付宝 SDK	Alipay	支付宝开放平台基于支付宝海量用户，将强大的支付、营销、数据能力，通过接口等形式开放给第三方合作伙伴，帮助第三方合作伙伴创建更具竞争力的应用。

文件列表

AndroidManifest.xml
assets/asset/code/GF/AccountManager.luac
assets/asset/code/GF/ArenaManager.luac
assets/asset/code/GF/BaseLayer.luac
assets/asset/code/GF/CocostudioHelper.luac
assets/asset/code/GF/Config.luac
assets/asset/code/GF/Config_P.luac
assets/asset/code/GF/DataControl.luac
assets/asset/code/GF/DeviceHelper.luac
assets/asset/code/GF/Environment.luac
assets/asset/code/GF/ErrorCode.luac
assets/asset/code/GF/GameCenter.luac
assets/asset/code/GF/GameFrame.luac
assets/asset/code/GF/GameFrameTips.luac
assets/asset/code/GF/HeadHelper.luac
assets/asset/code/GF/HttpBindHelper.luac
assets/asset/code/GF/HttpClient.luac
assets/asset/code/GF/KeyboardEventDispatcher.luac
assets/asset/code/GF/LayoutHelper.luac
assets/asset/code/GF/LuaNotificationCenter.luac
assets/asset/code/GF/LuckyWebPageUtil.luac
assets/asset/code/GF/MailManager.luac
assets/asset/code/GF/MessageHandler.luac
assets/asset/code/GF/MessageTags.luac
assets/asset/code/GF/NativeCallLua.luac
assets/asset/code/GF/NickNameManager.luac
assets/asset/code/GF/Notifications.luac
assets/asset/code/GF/PaymentManager.luac
assets/asset/code/GF/PropsManager.luac
assets/asset/code/GF/Queue.luac
assets/asset/code/GF/SceneManager.luac
assets/asset/code/GF/Session.luac
assets/asset/code/GF/SoundHelper.luac
assets/asset/code/GF/TaskManager.luac
assets/asset/code/GF/UserManager.luac
assets/asset/code/GF/Utility.luac
assets/asset/code/GF/WelfareManager.luac
assets/asset/code/GF/json.luac
assets/asset/code/GF/luaoc.luac
assets/asset/code/app/common/AnimationMgr.luac
assets/asset/code/app/common/AudioMgr.luac
assets/asset/code/app/common/GameTipLayer.luac
assets/asset/code/app/common/LoadingTipLy.luac
assets/asset/code/app/common/LoginErrorTipLy.luac
assets/asset/code/app/common/PayBackTipLy.luac
assets/asset/code/app/common/RoomUnlockTipLy.luac
assets/asset/code/app/common/SendingMsgLayer.luac
assets/asset/code/app/config/audio_cfg_mgr.luac
assets/asset/code/app/config/dna_cfg_mgr.luac
assets/asset/code/app/config/enemy_cfg_mgr.luac
assets/asset/code/app/config/genius_cfg_mgr.luac
assets/asset/code/app/config/goods_cfg_mgr.luac
assets/asset/code/app/config/hero_cfg_mgr.luac
assets/asset/code/app/config/skill_cfg_mgr.luac
assets/asset/code/app/config/wave_cfg_mgr.luac
assets/asset/code/app/modules/Bullet.luac
assets/asset/code/app/modules/Enemy.luac
assets/asset/code/app/modules/Hero.luac
assets/asset/code/app/modules/csv.luac
assets/asset/code/app/pay/QZOperator.luac
assets/asset/code/app/playerdata/PlayerData.luac
assets/asset/code/app/playerdata/csvData.luac
assets/asset/code/app/playerdata/globalData.luac
assets/asset/code/app/playerdata/tempData.luac
assets/asset/code/app/utils/utils.luac
assets/asset/code/app/views/BattleScene.luac
assets/asset/code/app/views/BgStoryLayer.luac
assets/asset/code/app/views/GameLayer.luac
assets/asset/code/app/views/GameScene.luac
assets/asset/code/app/views/HallLayer.luac
assets/asset/code/app/views/LoadingScene.luac
assets/asset/code/app/views/LoginLayer.luac
assets/asset/code/app/views/MoneyRain.luac
assets/asset/code/control.luac
assets/asset/code/protocol/GameMessageTags.luac
assets/asset/code/protocol/MessageTags.luac
assets/asset/res/BgStoryLy.csb
assets/asset/res/Default/ImageFile.png
assets/asset/res/Default/Sprite.png
assets/asset/res/GameHelpLy.csb
assets/asset/res/GameLayer.csb
assets/asset/res/GameScene.csb
assets/asset/res/LoadingLayer.csb
assets/asset/res/LoadingScene.csb
assets/asset/res/NodeHero.csb
assets/asset/res/NodeLuckyRoll.csb
assets/asset/res/NodeMine.csb
assets/asset/res/NodeSelectLevel.csb
assets/asset/res/action/ailika1.atlas
assets/asset/res/action/ailika1.json
assets/asset/res/action/ailika1.png
assets/asset/res/action/baopokuangren1.atlas
assets/asset/res/action/baopokuangren1.json
assets/asset/res/action/baopokuangren1.png
assets/asset/res/action/hualaodashu1.atlas
assets/asset/res/action/hualaodashu1.json
assets/asset/res/action/hualaodashu1.png
assets/asset/res/action/lveduozhe1.atlas
assets/asset/res/action/lveduozhe1.json
assets/asset/res/action/lveduozhe1.png
assets/asset/res/action/ui_zhuanfan1.atlas
assets/asset/res/action/ui_zhuanfan1.json
assets/asset/res/action/ui_zhuanfan1.png
assets/asset/res/action/weikeduo1.atlas
assets/asset/res/action/weikeduo1.json
assets/asset/res/action/weikeduo1.png
assets/asset/res/action/zombie1.atlas
assets/asset/res/action/zombie1.json
assets/asset/res/action/zombie1.png
assets/asset/res/action/zombie10_cemian1.atlas
assets/asset/res/action/zombie10_cemian1.json
assets/asset/res/action/zombie10_cemian1.png
assets/asset/res/action/zombie10_zhengmian1.atlas
assets/asset/res/action/zombie10_zhengmian1.json
assets/asset/res/action/zombie10_zhengmian1.png
assets/asset/res/action/zombie11_cemian1.atlas
assets/asset/res/action/zombie11_cemian1.json
assets/asset/res/action/zombie11_cemian1.png
assets/asset/res/action/zombie11_zhengmian1.atlas
assets/asset/res/action/zombie11_zhengmian1.json
assets/asset/res/action/zombie11_zhengmian1.png
assets/asset/res/action/zombie12_cemian1.atlas
assets/asset/res/action/zombie12_cemian1.json
assets/asset/res/action/zombie12_cemian1.png
assets/asset/res/action/zombie12_zhengmian1.atlas
assets/asset/res/action/zombie12_zhengmian1.json
assets/asset/res/action/zombie12_zhengmian1.png
assets/asset/res/action/zombie13_cemian1.atlas
assets/asset/res/action/zombie13_cemian1.json
assets/asset/res/action/zombie13_cemian1.png
assets/asset/res/action/zombie13_zhengmian1.atlas
assets/asset/res/action/zombie13_zhengmian1.json
assets/asset/res/action/zombie13_zhengmian1.png
assets/asset/res/action/zombie1cemian1.atlas
assets/asset/res/action/zombie1cemian1.json
assets/asset/res/action/zombie1cemian1.png
assets/asset/res/action/zombie2.atlas
assets/asset/res/action/zombie2.json
assets/asset/res/action/zombie2.png
assets/asset/res/action/zombie2cemian1.atlas
assets/asset/res/action/zombie2cemian1.json
assets/asset/res/action/zombie2cemian1.png
assets/asset/res/action/zombie3.atlas
assets/asset/res/action/zombie3.json
assets/asset/res/action/zombie3.png
assets/asset/res/action/zombie3cemian1.atlas
assets/asset/res/action/zombie3cemian1.json
assets/asset/res/action/zombie3cemian1.png
assets/asset/res/action/zombie4_cemian1.atlas
assets/asset/res/action/zombie4_cemian1.json
assets/asset/res/action/zombie4_cemian1.png
assets/asset/res/action/zombie4_zhengmian1.atlas
assets/asset/res/action/zombie4_zhengmian1.json
assets/asset/res/action/zombie4_zhengmian1.png
assets/asset/res/action/zombie5_cemian1.atlas
assets/asset/res/action/zombie5_cemian1.json
assets/asset/res/action/zombie5_cemian1.png
assets/asset/res/action/zombie5_zhengmian1.atlas
assets/asset/res/action/zombie5_zhengmian1.json
assets/asset/res/action/zombie5_zhengmian1.png
assets/asset/res/action/zombie6_cemian1.atlas
assets/asset/res/action/zombie6_cemian1.json
assets/asset/res/action/zombie6_cemian1.png
assets/asset/res/action/zombie6_zhengmian1.atlas
assets/asset/res/action/zombie6_zhengmian1.json
assets/asset/res/action/zombie6_zhengmian1.png
assets/asset/res/action/zombie7_cemian1.atlas
assets/asset/res/action/zombie7_cemian1.json
assets/asset/res/action/zombie7_cemian1.png
assets/asset/res/action/zombie7_zhengmian1.atlas
assets/asset/res/action/zombie7_zhengmian1.json
assets/asset/res/action/zombie7_zhengmian1.png
assets/asset/res/action/zombie8_cemian1.atlas
assets/asset/res/action/zombie8_cemian1.json
assets/asset/res/action/zombie8_cemian1.png
assets/asset/res/action/zombie8_zhengmian1.atlas
assets/asset/res/action/zombie8_zhengmian1.json
assets/asset/res/action/zombie8_zhengmian1.png
assets/asset/res/action/zombie9_cemian1.atlas
assets/asset/res/action/zombie9_cemian1.json
assets/asset/res/action/zombie9_cemian1.png
assets/asset/res/action/zombie9_zhengmian1.atlas
assets/asset/res/action/zombie9_zhengmian1.json
assets/asset/res/action/zombie9_zhengmian1.png
assets/asset/res/configuration/audio.csv
assets/asset/res/configuration/item.csv
assets/asset/res/configuration/lab.csv
assets/asset/res/configuration/level.csv
assets/asset/res/configuration/mine.csv
assets/asset/res/configuration/recharge.csv
assets/asset/res/configuration/role.csv
assets/asset/res/configuration/skill.csv
assets/asset/res/configuration/talent.csv
assets/asset/res/configuration/zombie.csv
assets/asset/res/effect/ef_arms_1_1_jiqiang.csb
assets/asset/res/effect/ef_arms_1_2_jiqiang.csb
assets/asset/res/effect/ef_arms_1_3_jiqiang.csb
assets/asset/res/effect/ef_arms_1_jiqiang.plist
assets/asset/res/effect/ef_arms_1_jiqiang.png
assets/asset/res/effect/ef_arms_2_1_jvjiqiang.csb
assets/asset/res/effect/ef_arms_2_2_jvjiqiang.csb
assets/asset/res/effect/ef_arms_2_3_jvjiqiang.csb
assets/asset/res/effect/ef_arms_2_jvjiqiang.plist
assets/asset/res/effect/ef_arms_2_jvjiqiang.png
assets/asset/res/effect/ef_arms_3_1_shoulei.csb
assets/asset/res/effect/ef_arms_3_2_zhadan.csb
assets/asset/res/effect/ef_arms_3_zhadan.plist
assets/asset/res/effect/ef_arms_3_zhadan.png
assets/asset/res/effect/ef_arms_4_1_gongjian.csb
assets/asset/res/effect/ef_arms_4_2_gongjian.csb
assets/asset/res/effect/ef_arms_4_gongjian.plist
assets/asset/res/effect/ef_arms_4_gongjian.png
assets/asset/res/effect/ef_arms_5_1_feibiao.csb
assets/asset/res/effect/ef_arms_5_2_feibiao.csb
assets/asset/res/effect/ef_arms_5_feibiao.plist
assets/asset/res/effect/ef_arms_5_feibiao.png
assets/asset/res/effect/ef_boss_guanghuan.plist
assets/asset/res/effect/ef_boss_guanghuan.png
assets/asset/res/effect/ef_boss_jiaodiguang.csb
assets/asset/res/effect/ef_jinbi.csb
assets/asset/res/effect/ef_protect.csb
assets/asset/res/effect/ef_protect.plist
assets/asset/res/effect/ef_protect.png
assets/asset/res/effect/ef_role_level.csb
assets/asset/res/effect/ef_role_level.plist
assets/asset/res/effect/ef_role_level.png
assets/asset/res/effect/ef_role_skill.csb
assets/asset/res/effect/ef_role_skill.plist
assets/asset/res/effect/ef_role_skill.png
assets/asset/res/effect/ef_skill1.csb
assets/asset/res/effect/ef_skill2.csb
assets/asset/res/effect/ef_skill2.plist
assets/asset/res/effect/ef_skill2.png
assets/asset/res/effect/ef_skill3.csb
assets/asset/res/effect/ef_skill4.csb
assets/asset/res/effect/ef_skill5.csb
assets/asset/res/effect/ef_skill5.plist
assets/asset/res/effect/ef_skill5.png
assets/asset/res/effect/ef_still1.plist
assets/asset/res/effect/ef_still1.png
assets/asset/res/effect/ef_still2_1boli.plist
assets/asset/res/effect/ef_still2_1boli.png
assets/asset/res/effect/ef_still3.plist
assets/asset/res/effect/ef_still3.png
assets/asset/res/effect/ef_still4.plist
assets/asset/res/effect/ef_still4.png
assets/asset/res/effect/ef_still4_1baoza.plist
assets/asset/res/effect/ef_still4_1baoza.png
assets/asset/res/effect/ef_talent_1.csb
assets/asset/res/effect/ef_talent_1.plist
assets/asset/res/effect/ef_talent_1.png
assets/asset/res/effect/ef_talent_10.csb
assets/asset/res/effect/ef_talent_10.plist
assets/asset/res/effect/ef_talent_10.png
assets/asset/res/effect/ef_talent_4.csb
assets/asset/res/effect/ef_talent_4.plist
assets/asset/res/effect/ef_talent_4.png
assets/asset/res/effect/ef_talent_5.csb
assets/asset/res/effect/ef_talent_5.plist
assets/asset/res/effect/ef_talent_5.png
assets/asset/res/effect/ef_talent_7.csb
assets/asset/res/effect/ef_talent_7.plist
assets/asset/res/effect/ef_talent_7.png
assets/asset/res/effect/ef_talent_9.csb
assets/asset/res/effect/ef_talent_9.plist
assets/asset/res/effect/ef_talent_9.png
assets/asset/res/effect/ef_victory.csb
assets/asset/res/effect/ef_victory.plist
assets/asset/res/effect/ef_victory.png
assets/asset/res/effect/ef_yezi_000.png
assets/asset/res/effect/ef_zhuanpan.plist
assets/asset/res/effect/ef_zhuanpan.png
assets/asset/res/effect/ef_zhuanpan_01.csb
assets/asset/res/effect/ef_zhuanpan_02.csb
assets/asset/res/effect/ef_zhuanpan_03.csb
assets/asset/res/effect/ef_zombie_1.csb
assets/asset/res/effect/ef_zombie_1.plist
assets/asset/res/effect/ef_zombie_2.csb
assets/asset/res/effect/ef_zombie_2.plist
assets/asset/res/effect/ef_zombie_2.png
assets/asset/res/effect/ef_zombie_3.csb
assets/asset/res/effect/ef_zombie_3.plist
assets/asset/res/effect/ef_zombie_3.png
assets/asset/res/effect/ef_zombie_4.csb
assets/asset/res/effect/ef_zombie_4.plist
assets/asset/res/effect/ef_zombie_4.png
assets/asset/res/effect/ef_zombie_4_1.plist
assets/asset/res/effect/ef_zombie_5.csb
assets/asset/res/effect/ef_zombie_5.plist
assets/asset/res/effect/ef_zombie_5.png
assets/asset/res/effect/fire02_2.png
assets/asset/res/effect/jinbi.png
assets/asset/res/effect/jinbi03.plist
assets/asset/res/effect/jinbi04.plist
assets/asset/res/protocol/GameMessage.json
assets/asset/res/protocol/GameMessageTags.xml
assets/asset/res/protocol/Message.json
assets/asset/res/protocol/MessageTags.xml
assets/asset/res/sound/arms1.ogg
assets/asset/res/sound/arms2.ogg
assets/asset/res/sound/arms3.ogg
assets/asset/res/sound/arms4.ogg
assets/asset/res/sound/arms5.ogg
assets/asset/res/sound/bgm.ogg
assets/asset/res/sound/buy.ogg
assets/asset/res/sound/chongsheng.ogg
assets/asset/res/sound/click.ogg
assets/asset/res/sound/coin.ogg
assets/asset/res/sound/daota.ogg
assets/asset/res/sound/dead1.ogg
assets/asset/res/sound/dead2.ogg
assets/asset/res/sound/dead3.ogg
assets/asset/res/sound/defeat.ogg
assets/asset/res/sound/feibiao_sj.ogg
assets/asset/res/sound/invalid.ogg
assets/asset/res/sound/jingbi.ogg
assets/asset/res/sound/jiuyuan.ogg
assets/asset/res/sound/level.ogg
assets/asset/res/sound/prompt.ogg
assets/asset/res/sound/skill1.ogg
assets/asset/res/sound/skill2.ogg
assets/asset/res/sound/skill3.ogg
assets/asset/res/sound/skill4.ogg
assets/asset/res/sound/skill5.ogg
assets/asset/res/sound/suiping.ogg
assets/asset/res/sound/victory.ogg
assets/asset/res/sound/warn.ogg
assets/asset/res/sound/zhuanfanle.ogg
assets/asset/res/ui/baise.png
assets/asset/res/ui/chongzhi/chongzhi.png
assets/asset/res/ui/chongzhi/dikuan.png
assets/asset/res/ui/chongzhi/goumai.png
assets/asset/res/ui/chongzhi/jinbi1.png
assets/asset/res/ui/chongzhi/jinbi2.png
assets/asset/res/ui/chongzhi/jinbi3.png
assets/asset/res/ui/chongzhi/jinbi4.png
assets/asset/res/ui/chongzhi/jinbi5.png
assets/asset/res/ui/chongzhi/zesong.png
assets/asset/res/ui/goods/cangku.png
assets/asset/res/ui/goods/cangku1.png
assets/asset/res/ui/goods/cangku2.png
assets/asset/res/ui/goods/cangku3.png
assets/asset/res/ui/goods/cangku4.png
assets/asset/res/ui/goods/cangku5.png
assets/asset/res/ui/goods/cangku6.png
assets/asset/res/ui/goods/dikuan.png
assets/asset/res/ui/goods/goumai.png
assets/asset/res/ui/goods/shiyong.png
assets/asset/res/ui/hall/anniu1.png
assets/asset/res/ui/hall/anniu2.png
assets/asset/res/ui/hall/bangzhu.png
assets/asset/res/ui/hall/chuangguanmoshi.png
assets/asset/res/ui/hall/denglukuang.png
assets/asset/res/ui/hall/fanhui.png
assets/asset/res/ui/hall/jiazaibeijin.png
assets/asset/res/ui/hall/jindutiao.png
assets/asset/res/ui/hall/jindutiao1.png
assets/asset/res/ui/hall/kuaisuzhucejiemian.png
assets/asset/res/ui/hall/mingzi.png
assets/asset/res/ui/hall/sanjiao.png
assets/asset/res/ui/hall/tongyong.png
assets/asset/res/ui/hall/tubiao.png
assets/asset/res/ui/hall/wujingmoshi.png
assets/asset/res/ui/hall/wujingmoshixuanguan.png
assets/asset/res/ui/hall/xg_logo.png
assets/asset/res/ui/hall/xuanguananniu.png
assets/asset/res/ui/hall/xuanguanbeijin.png
assets/asset/res/ui/hall/yonghutouxiang.png
assets/asset/res/ui/hall/yuandian.png
assets/asset/res/ui/hall/zhuan.png
assets/asset/res/ui/hall/zhuanzhuandingtiao.png
assets/asset/res/ui/heise.png
assets/asset/res/ui/hero/01.png
assets/asset/res/ui/hero/ailika.png
assets/asset/res/ui/hero/ailika1.png
assets/asset/res/ui/hero/baopokuangren.png
assets/asset/res/ui/hero/baopokuangren1.png
assets/asset/res/ui/hero/guanbi.png
assets/asset/res/ui/hero/hualaodashu.png
assets/asset/res/ui/hero/hualaodashu1.png
assets/asset/res/ui/hero/jianyingchongchong.png
assets/asset/res/ui/hero/kongtouhongzha.png
assets/asset/res/ui/hero/lock.png
assets/asset/res/ui/hero/lveduozhe.png
assets/asset/res/ui/hero/lveduozhe1.png
assets/asset/res/ui/hero/moritusha.png
assets/asset/res/ui/hero/quan.png
assets/asset/res/ui/hero/shenji.png
assets/asset/res/ui/hero/siwangshexian.png
assets/asset/res/ui/hero/tianbengdibao.png
assets/asset/res/ui/hero/victor.png
assets/asset/res/ui/hero/victor1.png
assets/asset/res/ui/hero/xuanzhong.png
assets/asset/res/ui/hero/yinxiongmianban.png
assets/asset/res/ui/hero/zidong.png
assets/asset/res/ui/home/blue.png
assets/asset/res/ui/home/boss.png
assets/asset/res/ui/home/buffbaoji.png
assets/asset/res/ui/home/buffbaoshang.png
assets/asset/res/ui/home/buffgongji.png
assets/asset/res/ui/home/cangku.png
assets/asset/res/ui/home/changjing1.png
assets/asset/res/ui/home/changjing2.png
assets/asset/res/ui/home/chongzhi.png
assets/asset/res/ui/home/daboss.png
assets/asset/res/ui/home/dadada.png
assets/asset/res/ui/home/diban.png
assets/asset/res/ui/home/diyuchenggong.png
assets/asset/res/ui/home/diyushibai.png
assets/asset/res/ui/home/ef_arms_1_1_jiqiang.png
assets/asset/res/ui/home/ef_arms_1_3_jiqiang.png
assets/asset/res/ui/home/ef_arms_2_1_jvjiqiang.png
assets/asset/res/ui/home/ef_arms_2_3_jvjiqiang.png
assets/asset/res/ui/home/ef_arms_3_1_shoulei.png
assets/asset/res/ui/home/ef_arms_4_1_gongjian.png
assets/asset/res/ui/home/ef_arms_5_1_feibiao.png
assets/asset/res/ui/home/ef_deng_01.png
assets/asset/res/ui/home/ef_deng_02.png
assets/asset/res/ui/home/fanhui.png
assets/asset/res/ui/home/finger.png
assets/asset/res/ui/home/gantanhao.png
assets/asset/res/ui/home/guanbi.png
assets/asset/res/ui/home/guide.png
assets/asset/res/ui/home/heimu.png
assets/asset/res/ui/home/hero1.png
assets/asset/res/ui/home/hero2.png
assets/asset/res/ui/home/hero3.png
assets/asset/res/ui/home/hero4.png
assets/asset/res/ui/home/hero5.png
assets/asset/res/ui/home/jia.png
assets/asset/res/ui/home/jian.png
assets/asset/res/ui/home/jiaodiCD.png
assets/asset/res/ui/home/jinbi.png
assets/asset/res/ui/home/jinbidi.png
assets/asset/res/ui/home/jineng1.png
assets/asset/res/ui/home/jineng2.png
assets/asset/res/ui/home/mei.png
assets/asset/res/ui/home/meijundi.png
assets/asset/res/ui/home/meiping.png
assets/asset/res/ui/home/mubei1.png
assets/asset/res/ui/home/mubei2.png
assets/asset/res/ui/home/no.png
assets/asset/res/ui/home/red.png
assets/asset/res/ui/home/redpoint.png
assets/asset/res/ui/home/shang.png
assets/asset/res/ui/home/shenying.png
assets/asset/res/ui/home/shezhi.png
assets/asset/res/ui/home/shezhidi.png
assets/asset/res/ui/home/shiyan.png
assets/asset/res/ui/home/shuoming.png
assets/asset/res/ui/home/suoding.png
assets/asset/res/ui/home/suoding3.png
assets/asset/res/ui/home/suodingguai.png
assets/asset/res/ui/home/tianfu.png
assets/asset/res/ui/home/touming.png
assets/asset/res/ui/home/warning.png
assets/asset/res/ui/home/xia.png
assets/asset/res/ui/home/xiaoboss.png
assets/asset/res/ui/home/xuanguanm.png
assets/asset/res/ui/home/xuetiao.png
assets/asset/res/ui/home/xuetiao1.png
assets/asset/res/ui/home/yinxiong.png
assets/asset/res/ui/home/yinyue.png
assets/asset/res/ui/home/zhalan1.png
assets/asset/res/ui/home/zhalan2.png
assets/asset/res/ui/home/zhalan3.png
assets/asset/res/ui/lab/dikuan.png
assets/asset/res/ui/lab/jineng1.png
assets/asset/res/ui/lab/jineng2.png
assets/asset/res/ui/lab/jineng3.png
assets/asset/res/ui/lab/jineng4.png
assets/asset/res/ui/lab/jineng5.png
assets/asset/res/ui/lab/jineng6.png
assets/asset/res/ui/lab/jineng7.png
assets/asset/res/ui/lab/jineng8.png
assets/asset/res/ui/lab/shenji.png
assets/asset/res/ui/lab/shiyanshi.png
assets/asset/res/ui/loading/jingdutiao1.png
assets/asset/res/ui/loading/jingdutiao2.png
assets/asset/res/ui/loading/loadingBg.png
assets/asset/res/ui/pay/weixin.png
assets/asset/res/ui/pay/zhifubao.png
assets/asset/res/ui/pay/zhifucao.png
assets/asset/res/ui/recharge/chongzhi.png
assets/asset/res/ui/recharge/dikuan.png
assets/asset/res/ui/recharge/gantanhao1.png
assets/asset/res/ui/recharge/goumai.png
assets/asset/res/ui/recharge/jinbi1.png
assets/asset/res/ui/recharge/jinbi2.png
assets/asset/res/ui/recharge/jinbi3.png
assets/asset/res/ui/recharge/jinbi4.png
assets/asset/res/ui/recharge/jinbi5.png
assets/asset/res/ui/recharge/zesong.png
assets/src/app/MyApp.luac
assets/src/app/views/MainScene.luac
assets/src/cocos/3d/3dConstants.luac
assets/src/cocos/cocos2d/Cocos2d.luac
assets/src/cocos/cocos2d/Cocos2dConstants.luac
assets/src/cocos/cocos2d/DeprecatedCocos2dClass.luac
assets/src/cocos/cocos2d/DeprecatedCocos2dEnum.luac
assets/src/cocos/cocos2d/DeprecatedCocos2dFunc.luac
assets/src/cocos/cocos2d/DeprecatedOpenglEnum.luac
assets/src/cocos/cocos2d/DrawPrimitives.luac
assets/src/cocos/cocos2d/Opengl.luac
assets/src/cocos/cocos2d/OpenglConstants.luac
assets/src/cocos/cocos2d/bitExtend.luac
assets/src/cocos/cocos2d/deprecated.luac
assets/src/cocos/cocos2d/functions.luac
assets/src/cocos/cocos2d/json.luac
assets/src/cocos/cocos2d/luaj.luac
assets/src/cocos/cocos2d/luaoc.luac
assets/src/cocos/cocosbuilder/CCBReaderLoad.luac
assets/src/cocos/cocosbuilder/DeprecatedCocosBuilderClass.luac
assets/src/cocos/cocosdenshion/AudioEngine.luac
assets/src/cocos/cocosdenshion/DeprecatedCocosDenshionClass.luac
assets/src/cocos/cocosdenshion/DeprecatedCocosDenshionFunc.luac
assets/src/cocos/cocostudio/CocoStudio.luac
assets/src/cocos/cocostudio/DeprecatedCocoStudioClass.luac
assets/src/cocos/cocostudio/DeprecatedCocoStudioFunc.luac
assets/src/cocos/cocostudio/StudioConstants.luac
assets/src/cocos/controller/ControllerConstants.luac
assets/src/cocos/extension/DeprecatedExtensionClass.luac
assets/src/cocos/extension/DeprecatedExtensionEnum.luac
assets/src/cocos/extension/DeprecatedExtensionFunc.luac
assets/src/cocos/extension/ExtensionConstants.luac
assets/src/cocos/framework/audio.luac
assets/src/cocos/framework/components/event.luac
assets/src/cocos/framework/device.luac
assets/src/cocos/framework/display.luac
assets/src/cocos/framework/extends/LayerEx.luac
assets/src/cocos/framework/extends/MenuEx.luac
assets/src/cocos/framework/extends/NodeEx.luac
assets/src/cocos/framework/extends/SpriteEx.luac
assets/src/cocos/framework/extends/UICheckBox.luac
assets/src/cocos/framework/extends/UIEditBox.luac
assets/src/cocos/framework/extends/UIListView.luac
assets/src/cocos/framework/extends/UIPageView.luac
assets/src/cocos/framework/extends/UIScrollView.luac
assets/src/cocos/framework/extends/UISlider.luac
assets/src/cocos/framework/extends/UITextField.luac
assets/src/cocos/framework/extends/UIWidget.luac
assets/src/cocos/framework/init.luac
assets/src/cocos/framework/package_support.luac
assets/src/cocos/framework/transition.luac
assets/src/cocos/init.luac
assets/src/cocos/network/DeprecatedNetworkClass.luac
assets/src/cocos/network/DeprecatedNetworkEnum.luac
assets/src/cocos/network/DeprecatedNetworkFunc.luac
assets/src/cocos/network/NetworkConstants.luac
assets/src/cocos/physics3d/physics3d-constants.luac
assets/src/cocos/spine/SpineConstants.luac
assets/src/cocos/ui/DeprecatedUIEnum.luac
assets/src/cocos/ui/DeprecatedUIFunc.luac
assets/src/cocos/ui/GuiConstants.luac
assets/src/cocos/ui/experimentalUIConstants.luac
assets/src/config.luac
assets/src/main.luac
assets/src/packages/mvc/AppBase.luac
assets/src/packages/mvc/ViewBase.luac
assets/src/packages/mvc/init.luac
assets/updateRes/ResUpdatingLayer.csb
assets/updateRes/font/HARLOWSI.TTF
assets/updateRes/font/fangzheng.ttf
assets/updateRes/updateEtc/05.png
assets/updateRes/updateEtc/bgimg/jingdutiao1.png
assets/updateRes/updateEtc/bgimg/jingdutiao2.png
assets/updateRes/updateEtc/bgimg/loadingBg.png
assets/updateRes/updateEtc/mudiban.png
res/anim/loading_rotate.xml
res/drawable-hdpi-v4/icon.png
res/drawable-ldpi-v4/icon.png
res/drawable-mdpi-v4/icon.png
res/drawable-xhdpi-v4/icon.png
res/drawable-xxhdpi-v4/icon.png
res/drawable/icon.png
res/drawable/info.png
res/drawable/infoicon.png
res/drawable/line.png
res/drawable/line3.png
res/drawable/title_bg.png
res/drawable/title_logo.png
res/layout/announcementlayout.xml
res/layout/load.xml
resources.arsc
classes.dex
assets/mmiap/image/vertical/bg.png
assets/mmiap/image/vertical/button1_Confirm.9.png
assets/mmiap/image/vertical/button1_Confirm_Press.9.png
assets/mmiap/image/vertical/button_back.png
assets/mmiap/image/vertical/button_back_Press.png
assets/mmiap/image/vertical/button_finishbilling.png
assets/mmiap/image/vertical/button_finishbilling_press.png
assets/mmiap/image/vertical/editbg.9.png
assets/mmiap/image/vertical/editbg_a.9.png
assets/mmiap/image/vertical/editbg_b.9.png
assets/mmiap/image/vertical/get_verificationcode.9.png
assets/mmiap/image/vertical/get_verificationcode_press.9.png
assets/mmiap/image/vertical/get_verificationcode_press.png
assets/mmiap/image/vertical/icon_chifubao.png
assets/mmiap/image/vertical/icon_false.png
assets/mmiap/image/vertical/icon_info.png
assets/mmiap/image/vertical/icon_success.png
assets/mmiap/image/vertical/infobg.9.png
assets/mmiap/image/vertical/infoline.png
assets/mmiap/image/vertical/keyboard_bg.png
assets/mmiap/image/vertical/keyboard_button.png
assets/mmiap/image/vertical/keyboard_button_delete.png
assets/mmiap/image/vertical/keyboard_button_delete_press.png
assets/mmiap/image/vertical/keyboard_button_hide.png
assets/mmiap/image/vertical/keyboard_button_hide_press.png
assets/mmiap/image/vertical/keyboard_button_press.png
assets/mmiap/image/vertical/line.png
assets/mmiap/image/vertical/loading.png
assets/mmiap/image/vertical/logo1.png
assets/mmiap/image/vertical/logo2.png
assets/mmiap/image/vertical/logo3.png
assets/mmiap/image/vertical/splash_h.jpg
assets/mmiap/image/vertical/splash_v.jpg
assets/mmiap/image/vertical/title1_bg.png
assets/mmiap/image/vertical/title2_bg.png
assets/mmiap/image/vertical/title2_bg_shadow.png
assets/mmiap/image/vertical/top_button_back.png
assets/mmiap/image/vertical/top_button_back_press.png
assets/mmiap/image/vertical/yanzhengma_bg.png
CopyrightDeclaration.xml
mmiap.xml
VERSION
ic_launcher-web.png
assets/tips_bg.9.png
lib/armeabi/libcasdkjni.so
lib/armeabi/libentryexstd.so
lib/armeabi/libgame.so
lib/armeabi/libidentifyapp.so
lib/armeabi/libplugin_phone.so
META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA

污点分析

当apk较大时，代码量会很大，造成数据流图（ICFG）呈现爆炸式增长，所以该功能比较耗时，请先喝杯咖啡，耐心等待……

规则名称	描述信息	操作
病毒分析	使用安卓恶意软件常用的API进行污点分析	开始分析
漏洞挖掘	漏洞挖掘场景下的污点分析	开始分析
隐私合规	隐私合规场景下的污点分析：组件内污点传播、组件间污点传播、组件与库函数之间的污点传播	开始分析
密码分析	分析加密算法是否使用常量密钥、静态初始化的向量（IV）、加密模式是否使用ECB等	开始分析
Callback	因为Android中系统级的Callback并不会出现显式地进行回调方法的调用，所以如果需要分析Callback方法需要在声明文件中将其声明，这里提供一份AndroidCallbacks.txt文件，里面是一些常见的原生回调接口或类，如果有特殊接口需求，可以联系管理员	开始分析