Trojan.Generic.15811394 (B) (Emsisoft), Trojan.Generic.15811394 (AdAware), Worm.Win32.AutoIt.FD, WormAutoItGen.YR (Lavasoft MAS)Behaviour: Trojan, Worm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 20938f7441a5a842593c1e7177378580
SHA1: cbb9d8e6bdd9844818699b0da9eaf334278bc6a7
SHA256: 41ac5996569efb820233cbe3cec77cc79a65a36d7fbd70bd37670636b39d6b72
SSDeep: 49152:esFlmAWAdQTfj6YaE7Eq0HdNhngC6zW0iHHi12sRe/OH3SueEV4lLm56:essAdQ7j6ayHXhnF6zW0qHiYge6SueOG
Size: 2690068 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Firseria
Created at: 2012-02-05 00:43:24
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:344
adb.exe:1876
adb.exe:1768
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\geno\adb.exe (1953 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\geno.jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (3601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (3313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (1345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\Superuser.apk (8161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\AdbWinApi.dll (1345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autC.tmp (4177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\root.sh (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autA.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut7.tmp (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\fastboot.exe (9553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut8.tmp (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\flash_image (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut9.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\mempodroid (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\AdbWinUsbApi.dll (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut6.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\7z.exe (5985 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\su (980 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\aut9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (0 bytes)
The process adb.exe:1768 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\adb.log (38 bytes)
Registry activity
The process %original file name%.exe:344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 4C 4A 44 ED CD 8D 16 E2 7F 6C 92 13 F3 F7 87"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process adb.exe:1876 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 A0 0F 34 73 FA BC 54 FC 52 66 C7 A0 3E 66 71"
The process adb.exe:1768 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A F6 B7 47 77 24 5C CA 77 66 10 98 6F E2 D2 73"
Dropped PE files
MD5 | File path |
---|---|
42badc1d2f03a8b1e4875740d3d49336 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\geno\7z.exe |
47a6ee3f186b2c2f5057028906bac0c6 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\geno\AdbWinApi.dll |
5f23f2f936bdfac90bb0a4970ad365cf | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\geno\AdbWinUsbApi.dll |
7824d01cb076ea32d77f1c36ce648137 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\geno\adb.exe |
2bd9418e8873037f3cf938094620053a | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\geno\fastboot.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:344
adb.exe:1876
adb.exe:1768 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\geno\adb.exe (1953 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\geno.jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (3601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (3313 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (1345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\Superuser.apk (8161 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\AdbWinApi.dll (1345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autC.tmp (4177 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\root.sh (563 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autA.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut7.tmp (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\autB.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\fastboot.exe (9553 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut8.tmp (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\flash_image (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut9.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\mempodroid (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\AdbWinUsbApi.dll (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut6.tmp (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\7z.exe (5985 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\geno\su (980 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\adb.log (38 bytes)
Static Analysis
VersionInfo
Company Name:
Product Name:
Product Version:
Legal Copyright: ?? Genokolar@gmail.com
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3.3.9.0
File Description: android????????
Comments: ???????
Language: English (United States)
Company Name: Product Name: Product Version: Legal Copyright: ?? Genokolar@gmail.comLegal Trademarks: Original Filename: Internal Name: File Version: 3.3.9.0File Description: android????????Comments: ???????Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 544627 | 544768 | 4.64992 | 724ec48c12da6bb4e41edee8787ecb92 |
.rdata | 548864 | 105224 | 105472 | 4.11783 | 8fad974e6f4502d88cb7fc04ef60f9cb |
.data | 655360 | 108504 | 26624 | 1.48647 | 9ae365febe633dd7b085f1477841566c |
.rsrc | 765952 | 183848 | 184320 | 3.60319 | 8d8edcbed3b15c62a04cecd91e9af26d |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 3
7163c5ac7c472e823d7ceabbdedbb069
57b3e633886760a80e96510e8979dbbd
0bc03a557b2836b1c2e4cf7f42d59b0b
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_344:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
s%j.Zf
s%j.Zf
8crtsu
8crtsu
:crts
:crts
crts
crts
?#%X.y
?#%X.y
GetProcessWindowStation
GetProcessWindowStation
operator
operator
This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.
This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.
uxtheme.dll
uxtheme.dll
kernel32.dll
kernel32.dll
operand of unlimited repeat could match the empty string
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
POSIX named classes are supported only within a class
erroffset passed as NULL
erroffset passed as NULL
POSIX collating elements are not supported
POSIX collating elements are not supported
this version of PCRE is not compiled with PCRE_UTF8 support
this version of PCRE is not compiled with PCRE_UTF8 support
PCRE does not support \L, \l, \N{name}, \U, or \u
PCRE does not support \L, \l, \N{name}, \U, or \u
support for \P, \p, and \X has not been compiled
support for \P, \p, and \X has not been compiled
this version of PCRE is not compiled with PCRE_UCP support
this version of PCRE is not compiled with PCRE_UCP support
ICMP.DLL
ICMP.DLL
advapi32.dll
advapi32.dll
RegDeleteKeyExW
RegDeleteKeyExW
Error text not found (please report)
Error text not found (please report)
WSOCK32.dll
WSOCK32.dll
VERSION.dll
VERSION.dll
WINMM.dll
WINMM.dll
COMCTL32.dll
COMCTL32.dll
MPR.dll
MPR.dll
InternetCrackUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpQueryInfoW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
FtpOpenFileW
FtpOpenFileW
FtpGetFileSize
FtpGetFileSize
InternetOpenUrlW
InternetOpenUrlW
WININET.dll
WININET.dll
PSAPI.DLL
PSAPI.DLL
USERENV.dll
USERENV.dll
GetProcessHeap
GetProcessHeap
CreatePipe
CreatePipe
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
OpenWindowStationW
OpenWindowStationW
SetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
CloseWindowStation
MapVirtualKeyW
MapVirtualKeyW
EnumChildWindows
EnumChildWindows
EnumWindows
EnumWindows
VkKeyScanW
VkKeyScanW
GetKeyState
GetKeyState
GetKeyboardState
GetKeyboardState
SetKeyboardState
SetKeyboardState
GetAsyncKeyState
GetAsyncKeyState
keybd_event
keybd_event
EnumThreadWindows
EnumThreadWindows
ExitWindowsEx
ExitWindowsEx
UnregisterHotKey
UnregisterHotKey
RegisterHotKey
RegisterHotKey
GetKeyboardLayoutNameW
GetKeyboardLayoutNameW
USER32.dll
USER32.dll
SetViewportOrgEx
SetViewportOrgEx
GDI32.dll
GDI32.dll
COMDLG32.dll
COMDLG32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHFileOperationW
SHFileOperationW
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
GetCPInfo
GetCPInfo
zcÃ
zcÃ
#.hH4h
#.hH4h
P-h%us
P-h%us
,jcp.le&O
,jcp.le&O
.ke&O
.ke&O
.ke5
.ke5
%d]WH
%d]WH
.le|T
.le|T
ic*.leg5sl
ic*.leg5sl
.kelq
.kelq
%c]3Z
%c]3Z
.kf3a
.kf3a
.kenb
.kenb
mscoree.dll
mscoree.dll
nKERNEL32.DLL
nKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
WUSER32.DLL
WUSER32.DLL
>>>AUTOIT NO CMDEXECUTE
>>>AUTOIT NO CMDEXECUTE
CMDLINERAW
CMDLINERAW
CMDLINE
CMDLINE
/AutoIt3ExecuteLine
/AutoIt3ExecuteLine
/AutoIt3ExecuteScript
/AutoIt3ExecuteScript
%s (%d) : ==> %s.:
%s (%d) : ==> %s.:
Line %d:
Line %d:
Line %d (File "%s"):
Line %d (File "%s"):
%s (%d) : ==> %s:
%s (%d) : ==> %s:
AutoIt script files (*.au3, *.a3x)
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
*.au3;*.a3x
All files (*.*)
All files (*.*)
#NoAutoIt3Execute
#NoAutoIt3Execute
APPSKEY
APPSKEY
04090000
04090000
%u.%u.%u.%u
%u.%u.%u.%u
0.0.0.0
0.0.0.0
Mddddd
Mddddd
"%s" (%d) : ==> %s:
"%s" (%d) : ==> %s:
UDPSTARTUP
UDPSTARTUP
UDPSHUTDOWN
UDPSHUTDOWN
UDPSEND
UDPSEND
UDPRECV
UDPRECV
UDPOPEN
UDPOPEN
UDPCLOSESOCKET
UDPCLOSESOCKET
UDPBIND
UDPBIND
TRAYGETMSG
TRAYGETMSG
TCPSTARTUP
TCPSTARTUP
TCPSHUTDOWN
TCPSHUTDOWN
TCPSEND
TCPSEND
TCPRECV
TCPRECV
TCPNAMETOIP
TCPNAMETOIP
TCPLISTEN
TCPLISTEN
TCPCONNECT
TCPCONNECT
TCPCLOSESOCKET
TCPCLOSESOCKET
TCPACCEPT
TCPACCEPT
SHELLEXECUTEWAIT
SHELLEXECUTEWAIT
SHELLEXECUTE
SHELLEXECUTE
REGENUMKEY
REGENUMKEY
MSGBOX
MSGBOX
ISKEYWORD
ISKEYWORD
HTTPSETUSERAGENT
HTTPSETUSERAGENT
HTTPSETPROXY
HTTPSETPROXY
HOTKEYSET
HOTKEYSET
GUIREGISTERMSG
GUIREGISTERMSG
GUIGETMSG
GUIGETMSG
GUICTRLSENDMSG
GUICTRLSENDMSG
GUICTRLRECVMSG
GUICTRLRECVMSG
FTPSETPROXY
FTPSETPROXY
\??\%s
\??\%s
GUI_RUNDEFMSG
GUI_RUNDEFMSG
SendKeyDelay
SendKeyDelay
SendKeyDownDelay
SendKeyDownDelay
TCPTimeout
TCPTimeout
AUTOITCALLVARIABLE%d
AUTOITCALLVARIABLE%d
255.255.255.255
255.255.255.255
Keyword
Keyword
AutoIt.Error
AutoIt.Error
Null Object assignment in FOR..IN loop
Null Object assignment in FOR..IN loop
Incorrect Object type in FOR..IN loop
Incorrect Object type in FOR..IN loop
HOTKEYPRESSED
HOTKEYPRESSED
AUTOITEXE
AUTOITEXE
WINDOWSDIR
WINDOWSDIR
3, 3, 9, 0
3, 3, 9, 0
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_USERS
HKEY_USERS
%d/d/d
%d/d/d
c:\%original file name%.exe
c:\%original file name%.exe
:C:\%original file name%.exe
:C:\%original file name%.exe
3.3.9.0
3.3.9.0
Genokolar@gmail.com
Genokolar@gmail.com
adb.exe_1768:
.text
.text
P`.data
P`.data
.rdata
.rdata
`@.bss
`@.bss
.idata
.idata
:.tWj
:.tWj
libgcj_s.dll
libgcj_s.dll
%s::%s():
%s::%s():
tcp:%d
tcp:%d
unable to parse '%s' as ,
unable to parse '%s' as ,
Invalid port numbers: Expected positive numbers, got '%s'
Invalid port numbers: Expected positive numbers, got '%s'
Emulator on port %d already registered.
Emulator on port %d already registered.
Connected to emulator on ports %d,%d
Connected to emulator on ports %d,%d
Could not connect to emulator on ports %d,%d
Could not connect to emulator on ports %d,%d
bad host name %s
bad host name %s
bad port number %s
bad port number %s
%s:%d
%s:%d
already connected to %s
already connected to %s
unable to connect to %s:%d
unable to connect to %s:%d
client: connected on remote on fd %d
client: connected on remote on fd %d
connected to %s
connected to %s
CreatePipe() failure, error %ld
CreatePipe() failure, error %ld
--- adb starting (pid %d) ---
--- adb starting (pid %d) ---
unknown local portname '%s'
unknown local portname '%s'
cannot bind '%s'
cannot bind '%s'
parse_banner: %s
parse_banner: %s
error: %s:
error: %s:
handle_packet() %c%c%c%c
handle_packet() %c%c%c%c
handle_packet: what is x?!
handle_packet: what is x?!
transport
transport
transport-usb
transport-usb
transport-local
transport-local
transport-any
transport-any
transport:
transport:
OKAYx%s
OKAYx%s
%s:5555
%s:5555
No such device %s
No such device %s
error: could not connect to TCP port %d
error: could not connect to TCP port %d
system/core/adb/transport.c
system/core/adb/transport.c
%s: run_transport_disconnects
%s: run_transport_disconnects
transport_write_action: on fd %d, error %d: %s
transport_write_action: on fd %d, error %d: %s
transport: %s unref (kicking and closing)
transport: %s unref (kicking and closing)
transport: %s removed
transport: %s removed
cannot write transport registration socket
cannot write transport registration socket
transport: %s unref (count=%d)
transport: %s unref (count=%d)
transport: %s registered
transport: %s registered
%s: %s: [%s] arg0=%s arg1=%s (len=%d)
%s: %s: [%s] arg0=%s arg1=%s (len=%d)
fd=%d
fd=%d
%s: write_packet (fd=%d) error ret=%d errno=%d: %s
%s: write_packet (fd=%d) error ret=%d errno=%d: %s
%s: read_packet (fd=%d), error ret=%d errno=%d: %s
%s: read_packet (fd=%d), error ret=%d errno=%d: %s
cannot open transport registration socketpair
cannot open transport registration socketpair
transport_socket_events(fd=%d, events=x,...)
transport_socket_events(fd=%d, events=x,...)
%s: failed to read packet from transport socket on fd %d
%s: failed to read packet from transport socket on fd %d
check_header(): %d > MAX_PAYLOAD
check_header(): %d > MAX_PAYLOAD
writex: fd=%d len=%d:
writex: fd=%d len=%d:
writex: fd=%d error %d: %s
writex: fd=%d error %d: %s
writex: fd=%d disconnected
writex: fd=%d disconnected
readx: fd=%d wanted=%d
readx: fd=%d wanted=%d
readx: fd=%d error %d: %s
readx: fd=%d error %d: %s
readx: fd=%d disconnected
readx: fd=%d disconnected
readx: fd=%d wanted=%d got=%d
readx: fd=%d wanted=%d got=%d
transport: %p init'ing for usb_handle %p (sn='%s')
transport: %p init'ing for usb_handle %p (sn='%s')
transport: %s init'ing for socket %d, on port %d
transport: %s init'ing for socket %d, on port %d
%s: starting transport input thread, reading from fd %d
%s: starting transport input thread, reading from fd %d
%s: failed to read apacket from transport on fd %d
%s: failed to read apacket from transport on fd %d
%s: transport SYNC offline
%s: transport SYNC offline
%s: transport SYNC online
%s: transport SYNC online
%s: transport ignoring SYNC %d != %d
%s: transport ignoring SYNC %d != %d
%s: transport got packet, sending to remote
%s: transport got packet, sending to remote
%s: transport ignoring packet while offline
%s: transport ignoring packet while offline
%s: transport input thread is exiting, fd %d
%s: transport input thread is exiting, fd %d
%s: starting transport output thread on fd %d, SYNC online (%d)
%s: starting transport output thread on fd %d, SYNC online (%d)
%s: failed to write SYNC packet
%s: failed to write SYNC packet
%s: data pump started
%s: data pump started
%s: received remote packet, sending to transport
%s: received remote packet, sending to transport
%s: failed to write apacket to transport
%s: failed to write apacket to transport
%s: remote read failed for transport
%s: remote read failed for transport
%s: SYNC offline for transport
%s: SYNC offline for transport
%s: failed to write SYNC apacket to transport
%s: failed to write SYNC apacket to transport
%s: transport output thread is exiting
%s: transport output thread is exiting
Transport is null
Transport is null
Transport is null
Transport is null
cannot enqueue packet on transport socket
cannot enqueue packet on transport socket
transport_read_action: on fd %d, error %d: %s
transport_read_action: on fd %d, error %d: %s
cannot read transport registration socket
cannot read transport registration socket
transport: %s removing and free'ing %d
transport: %s removing and free'ing %d
cannot open transport socketpair
cannot open transport socketpair
transport: %s (%d,%d) starting
transport: %s (%d,%d) starting
register_usb_transport
register_usb_transport
register_transport
register_transport
transport_write_action
transport_write_action
transport_unref_locked
transport_unref_locked
remove_transport
remove_transport
register_socket_transport
register_socket_transport
transport_registration_func
transport_registration_func
transport_read_action
transport_read_action
transport_socket_events
transport_socket_events
run_transport_disconnects
run_transport_disconnects
system/core/adb/transport_local.c
system/core/adb/transport_local.c
transport: local %s init
transport: local %s init
cannot create local socket %s thread
cannot create local socket %s thread
transport: server_socket_thread() starting
transport: server_socket_thread() starting
server: trying to get new connection from %d
server: trying to get new connection from %d
server: new connection on fd %d
server: new connection on fd %d
transport: client_socket_thread() starting
transport: client_socket_thread() starting
local transport for port %d already registered (%p)?
local transport for port %d already registered (%p)?
cannot register more emulators. Maximum is %d
cannot register more emulators. Maximum is %d
init_socket_transport
init_socket_transport
local_connect_arbitrary_ports
local_connect_arbitrary_ports
system/core/adb/transport_usb.c
system/core/adb/transport_usb.c
transport: usb
transport: usb
init_usb_transport
init_usb_transport
host-serial:%s:%s
host-serial:%s:%s
%s:%s
%s:%s
can't find '%s' to install
can't find '%s' to install
can't install '%s' because it's not a file
can't install '%s' because it's not a file
error: adb %s not implemented on Win32
error: adb %s not implemented on Win32
Android Debug Bridge version %d.%d.%d
Android Debug Bridge version %d.%d.%d
connect [:] - connect to a device via TCP/IP
connect [:] - connect to a device via TCP/IP
Port 5555 is used by default if no port number is specified.
Port 5555 is used by default if no port number is specified.
disconnect [[:]] - disconnect from a TCP/IP device.
disconnect [[:]] - disconnect from a TCP/IP device.
will disconnect from all connected TCP/IP devices.
will disconnect from all connected TCP/IP devices.
tcp:
tcp:
adb jdwp - list PIDs of processes hosting a JDWP transport
adb jdwp - list PIDs of processes hosting a JDWP transport
adb bugreport - return all information from the device
adb bugreport - return all information from the device
that should be included in a bug report.
that should be included in a bug report.
to "backup.ab" in the current directory.
to "backup.ab" in the current directory.
(-apk|-noapk enable/disable backup of the .apks themselves
(-apk|-noapk enable/disable backup of the .apks themselves
the -all or -shared flags are passed, then the package
the -all or -shared flags are passed, then the package
adb tcpip - restarts the adbd daemon listening on TCP on the specified port
adb tcpip - restarts the adbd daemon listening on TCP on the specified port
1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
read_and_dump(): pre adb_read(fd=%d)
read_and_dump(): pre adb_read(fd=%d)
read_and_dump(): post adb_read(fd=%d): len=%d
read_and_dump(): post adb_read(fd=%d): len=%d
%s\%s
%s\%s
copy_to_file(%d -> %d)
copy_to_file(%d -> %d)
copy_to_file() : error %d
copy_to_file() : error %d
error: %s
error: %s
stdin_read_thread(): pre unix_read(fdi=%d,...)
stdin_read_thread(): pre unix_read(fdi=%d,...)
stdin_read_thread(): post unix_read(fdi=%d,...)
stdin_read_thread(): post unix_read(fdi=%d,...)
%s\config\envsetup.make
%s\config\envsetup.make
ANDROID_ADB_SERVER_PORT
ANDROID_ADB_SERVER_PORT
adb: Env var ANDROID_ADB_SERVER_PORT must be a positive number. Got "%s"
adb: Env var ANDROID_ADB_SERVER_PORT must be a positive number. Got "%s"
adb: Couldn't get CWD: %s
adb: Couldn't get CWD: %s
adb: bad ANDROID_BUILD_TOP value "%s"
adb: bad ANDROID_BUILD_TOP value "%s"
adb: bad TOP value "%s"
adb: bad TOP value "%s"
%s\out\target\product\%s
%s\out\target\product\%s
adb: Couldn't find a product dir based on "-p %s"; "%s" doesn't exist
adb: Couldn't find a product dir based on "-p %s"; "%s" doesn't exist
adb: could not resolve "-p %s"
adb: could not resolve "-p %s"
host:%s
host:%s
Usage: adb connect [:]
Usage: adb connect [:]
host:connect:%s
host:connect:%s
Usage: adb disconnect [[:]]
Usage: adb disconnect [[:]]
host:disconnect:%s
host:disconnect:%s
shell:%s
shell:%s
interactive shell loop. buff=%s
interactive shell loop. buff=%s
about to read_and_dump(fd=%d)
about to read_and_dump(fd=%d)
interactive shell loop. return r=%d
interactive shell loop. return r=%d
tcpip
tcpip
bugreport
bugreport
failure: %s *
failure: %s *
host-serial:%s:forward:%s;%s
host-serial:%s:forward:%s;%s
host-usb:forward:%s;%s
host-usb:forward:%s;%s
host-local:forward:%s;%s
host-local:forward:%s;%s
host:forward:%s;%s
host:forward:%s;%s
%c[2J%c[2H
%c[2J%c[2H
State: %s
State: %s
shell:export ANDROID_LOG_TAGS="%s" ; exec logcat
shell:export ANDROID_LOG_TAGS="%s" ; exec logcat
adb: -f passed with no filename
adb: -f passed with no filename
adb: unable to open file %s
adb: unable to open file %s
backup. filename=%s buf=%s
backup. filename=%s buf=%s
/data/local/tmp/%s
/data/local/tmp/%s
/sdcard/tmp/%s
/sdcard/tmp/%s
If you truly wish to continue, execute 'adb shell pm uninstall -k %s'
If you truly wish to continue, execute 'adb shell pm uninstall -k %s'
protocol fault (status x x x x?!)
protocol fault (status x x x x?!)
_adb_connect: %s
_adb_connect: %s
host:transport:%s
host:transport:%s
Switch transport in progress
Switch transport in progress
Switch transport failed
Switch transport failed
Switch transport success
Switch transport success
_adb_connect: return fd %d
_adb_connect: return fd %d
adb_connect: service %s
adb_connect: service %s
* daemon not running. starting it now on port %d *
* daemon not running. starting it now on port %d *
adb_connect: return fd %d
adb_connect: return fd %d
adb_query: %s
adb_query: %s
switch_socket_transport
switch_socket_transport
SS(%d): created %p
SS(%d): created %p
entered. LS(%d) fd=%d
entered. LS(%d) fd=%d
LS(%d): closing peer. peer->id=%d peer->fd=%d
LS(%d): closing peer. peer->id=%d peer->fd=%d
LS(%d): destroying fde.fd=%d
LS(%d): destroying fde.fd=%d
LS(%d): discarding %d bytes
LS(%d): discarding %d bytes
LS(%d): closed
LS(%d): closed
LS(%d): closing
LS(%d): closing
LS(%d): put on socket_closing_list fd=%d
LS(%d): put on socket_closing_list fd=%d
Connect_to_remote call RS(%d) fd=%d
Connect_to_remote call RS(%d) fd=%d
LS(%d): connect('%s')
LS(%d): connect('%s')
LS(%d): created (fd=%d)
LS(%d): created (fd=%d)
FAILx
FAILx
SS(%d): closed
SS(%d): closed
SS(%d): ready
SS(%d): ready
SS(%d): enqueue %d
SS(%d): enqueue %d
SS(%d): overflow
SS(%d): overflow
SS(%d): bad size (%d)
SS(%d): bad size (%d)
SS(%d): len is %d
SS(%d): len is %d
SS(%d): waiting for %d more bytes
SS(%d): waiting for %d more bytes
SS(%d): '%s'
SS(%d): '%s'
SS(%d): handled host service '%s'
SS(%d): handled host service '%s'
SS(%d): okay transport
SS(%d): okay transport
LS(%d) bound to '%s'
LS(%d) bound to '%s'
SS(%d): couldn't create host service '%s'
SS(%d): couldn't create host service '%s'
SS(%d): okay
SS(%d): okay
RS(%d): created
RS(%d): created
remote_socket_disconnect RS(%d)
remote_socket_disconnect RS(%d)
entered remote_socket_close RS(%d) CLOSE fd=%d peer->fd=%d
entered remote_socket_close RS(%d) CLOSE fd=%d peer->fd=%d
RS(%d) peer->close()ing peer->id=%d peer->fd=%d
RS(%d) peer->close()ing peer->id=%d peer->fd=%d
RS(%d): closed
RS(%d): closed
entered remote_socket_ready RS(%d) OKAY fd=%d peer.fd=%d
entered remote_socket_ready RS(%d) OKAY fd=%d peer.fd=%d
entered remote_socket_enqueue RS(%d) WRITE fd=%d peer.fd=%d
entered remote_socket_enqueue RS(%d) WRITE fd=%d peer.fd=%d
LS(%d): bound to '%s' via %d
LS(%d): bound to '%s' via %d
LS(%d): event_func(fd=%d(==%d), ev=x)
LS(%d): event_func(fd=%d(==%d), ev=x)
closing after write because r=%d and errno is %d
closing after write because r=%d and errno is %d
LS(%d): post adb_read(fd=%d,...) r=%d (errno=%d) avail=%d
LS(%d): post adb_read(fd=%d,...) r=%d (errno=%d) avail=%d
LS(%d): fd=%d post avail loop. r=%d is_eof=%d forced_eof=%d
LS(%d): fd=%d post avail loop. r=%d is_eof=%d forced_eof=%d
LS(%d): fd=%d post peer->enqueue(). r=%d
LS(%d): fd=%d post peer->enqueue(). r=%d
closing because is_eof=%d r=%d s->fde.force_eof=%d
closing because is_eof=%d r=%d s->fde.force_eof=%d
LS(%d): FDE_ERROR (fd=%d)
LS(%d): FDE_ERROR (fd=%d)
LS(%d): enqueue %d
LS(%d): enqueue %d
LS(%d): not ready, errno=%d: %s
LS(%d): not ready, errno=%d: %s
service thread started, %d:%d
service thread started, %d:%d
wait_for_state %d
wait_for_state %d
cannot open '%s': %s
cannot open '%s': %s
error seeking in file '%s'
error seeking in file '%s'
could not allocate buffer for '%s'
could not allocate buffer for '%s'
error reading from file: '%s'
error reading from file: '%s'
file '%s' is not a valid zip file
file '%s' is not a valid zip file
AndroidManifest.xml
AndroidManifest.xml
file '%s' does not contain AndroidManifest.xml
file '%s' does not contain AndroidManifest.xml
cannot read '%s': %s
cannot read '%s': %s
failed to copy '%s' to '%s': %s
failed to copy '%s' to '%s': %s
%s%s/
%s%s/
skipping special file '%s'
skipping special file '%s'
cannot stat '%s': %s
cannot stat '%s': %s
%spush: %s -> %s
%spush: %s -> %s
%d file%s pushed. %d file%s skipped.
%d file%s pushed. %d file%s skipped.
syncing %s...
syncing %s...
%s/%s
%s/%s
x x x %s
x x x %s
cannot create '%s': %s
cannot create '%s': %s
cannot write '%s': %s
cannot write '%s': %s
remote object '%s' does not exist
remote object '%s' does not exist
pull: %s -> %s
pull: %s -> %s
%d file%s pulled. %d file%s skipped.
%d file%s pulled. %d file%s skipped.
remote object '%s' not a file or directory
remote object '%s' not a file or directory
system/core/adb/usb_windows.c
system/core/adb/usb_windows.c
adding a new device %s
adding a new device %s
register_new_device failed for %s
register_new_device failed for %s
usb_read %d
usb_read %d
usb_write got: %ld, expected: %d, errno: %d
usb_write got: %ld, expected: %d, errno: %d
usb_read failed: %d
usb_read failed: %d
usb_write %d
usb_write %d
usb_write got: %ld, expected: %d
usb_write got: %ld, expected: %d
usb_write failed: %d
usb_write failed: %d
adb_usb.ini
adb_usb.ini
.android
.android
%s\%s\%s
%s\%s\%s
Invalid content in %s. Quitting.
Invalid content in %s. Quitting.
adb_win32: waiting for %d events
adb_win32: waiting for %d events
handle count %d exceeds MAXIMUM_WAIT_OBJECTS.
handle count %d exceeds MAXIMUM_WAIT_OBJECTS.
Unable to allocate thread array for %d handles.
Unable to allocate thread array for %d handles.
Unable to create main event. Error: %d
Unable to create main event. Error: %d
Unable to create a waiting thread %d of %d. errno=%d
Unable to create a waiting thread %d of %d. errno=%d
adb_win32: got one (index %d)
adb_win32: got one (index %d)
adb_win32: signaling %s for %x
adb_win32: signaling %s for %x
_fh_from_int: invalid fd %d
_fh_from_int: invalid fd %d
event_looper_unhook: events %x not registered for fd %d
event_looper_unhook: events %x not registered for fd %d
adb_close: %s
adb_close: %s
fd out of range (%d)
fd out of range (%d)
event_looper_hook: invalid fd=%d
event_looper_hook: invalid fd=%d
event_looper_hook: call hook for %d (new=%x, old=%x)
event_looper_hook: call hook for %d (new=%x, old=%x)
event_looper_hook: ignoring events %x for %d wanted=%x)
event_looper_hook: ignoring events %x for %d wanted=%x)
fdevent_update: remove %x from %d
fdevent_update: remove %x from %d
fdevent_update: add %x to %d
fdevent_update: add %x to %d
bogus negative fd (%d)
bogus negative fd (%d)
bogus huuuuge fd (%d)
bogus huuuuge fd (%d)
could not expand fd_table to %d entries
could not expand fd_table to %d entries
bip_buffer_read: error %d->%d WaitForSingleObject returned %d, error %ld
bip_buffer_read: error %d->%d WaitForSingleObject returned %d, error %ld
assertion failed '%s' on %s:%ld
assertion failed '%s' on %s:%ld
bip_buffer_write: error %d->%d WaitForSingleObject returned %d, error %ld
bip_buffer_write: error %d->%d WaitForSingleObject returned %d, error %ld
_socket_set_errno: unhandled value %d
_socket_set_errno: unhandled value %d
_event_socket_start: no event for %s
_event_socket_start: no event for %s
_event_socket_start: hooking %s for %x (flags %ld)
_event_socket_start: hooking %s for %x (flags %ld)
_event_socket_start: WSAEventSelect() for %s failed, error %d
_event_socket_start: WSAEventSelect() for %s failed, error %d
load_file: could not read %ld bytes from '%s'
load_file: could not read %ld bytes from '%s'
_event_socketpair_start: hook %s for %x wanted=%x
_event_socketpair_start: hook %s for %x wanted=%x
_event_socket_check %s returns %d
_event_socket_check %s returns %d
adb_socketpair: not enough memory to allocate pipes
adb_socketpair: not enough memory to allocate pipes
%d(pair:%d)
%d(pair:%d)
adb_socketpair: returns (%d, %d)
adb_socketpair: returns (%d, %d)
adb_socket_accept: invalid fd %d
adb_socket_accept: invalid fd %d
adb_socket_accept: accept on fd %d return error %ld
adb_socket_accept: accept on fd %d return error %ld
%d(accept:%s)
%d(accept:%s)
adb_socket_accept on fd %d returns fd %d
adb_socket_accept on fd %d returns fd %d
%d(any-server:%s%d)
%d(any-server:%s%d)
socket_inaddr_server: port %d type %s => fd %d
socket_inaddr_server: port %d type %s => fd %d
%d(net-client:%s%d)
%d(net-client:%s%d)
socket_network_client: host '%s' port %d type %s => fd %d
socket_network_client: host '%s' port %d type %s => fd %d
%d(lo-server:%s%d)
%d(lo-server:%s%d)
socket_loopback_server: port %d type %s => fd %d
socket_loopback_server: port %d type %s => fd %d
socket_loopback_client: could not connect to %s:%d
socket_loopback_client: could not connect to %s:%d
%d(lo-client:%s%d)
%d(lo-client:%s%d)
socket_loopback_client: port %d type %s => fd %d
socket_loopback_client: port %d type %s => fd %d
adb_shutdown: %s
adb_shutdown: %s
adb_creat: could not open '%s':
adb_creat: could not open '%s':
%d(%s)
%d(%s)
adb_creat: '%s' => fd %d
adb_creat: '%s' => fd %d
adb_open: invalid options (0x%0x)
adb_open: invalid options (0x%0x)
adb_open: could not open '%s':
adb_open: could not open '%s':
adb_open: '%s' => fd %d
adb_open: '%s' => fd %d
adb_file_write: could not write %d bytes from %s
adb_file_write: could not write %d bytes from %s
adb_read: could not read %d bytes from %s
adb_read: could not read %d bytes from %s
entryCount=%d
entryCount=%d
1.2.5
1.2.5
zerr=%d Z_STREAM_END=%d total_out=%lu
zerr=%d Z_STREAM_END=%d total_out=%lu
Length is %d -- too small
Length is %d -- too small
Zip EOCD: expected >= %d bytes, found %d
Zip EOCD: expected >= %d bytes, found %d
EOCD(%d) comment(%d) exceeds len (%d)
EOCD(%d) comment(%d) exceeds len (%d)
Archive spanning not supported
Archive spanning not supported
inflate 1.2.5 Copyright 1995-2010 Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
CreatePipe
CreatePipe
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
SHELL32.DLL
WS2_32.DLL
WS2_32.DLL
AdbWinApi.dll
AdbWinApi.dll