Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 12114: dyl#<IMSI>,<IMEI>,6000157-1-1-qudao001-0
- 12114516412: systemcGx1dG8yNTAwMjY2OTkxODc3NDM=
- 106575206321505460: dyl#<IMSI>,<IMEI>,6000157-1-1-qudao001-0
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.151.origin
- Android.Spy.205.origin
- Android.Triada.38.origin
- Android.Xiny.36.origin
- Android.Triada.170.origin
Отправляет данные получаемых СМС-сообщений на удалённый хост.
Сетевая активность:
Подключается к:
- huangda####.com
- s####.####.com:8888
- newbyv####.com
- j####.####.COM
- 1####.####.34:19000
- apm-col####.####.com
- p####.####.com
- s####.####.cn
- d####.####.com
- newbyv####.com:10001
- v####.####.com
- k####.####.com:10081
- g####.####.pw
- 2y####.####.com
- i####.####.cn
- k####.####.com
- 1####.####.56
- m####.####.com
- p####.####.cc
- a####.####.com
- g####.####.pw:6601
Запросы HTTP GET:
- newbyv####.com/Application/Uploads/Global/58febcefe9f7b.zip
- d####.####.com/dnfile/KitPackage-zy20170511.jar
- 2y####.####.com/R4562458532240021
- 2y####.####.com/J5033776Y8373453
- v####.####.com/fileupload/de2445341a0b2504.jar
- p####.####.com/cityjson?ie=####
- 2y####.####.com/N9687742244553469
- s####.####.com:8888/v1/sdk/init?net_name=####&imei=####&package_name=###...
- s####.####.cn/sp/spInit.e?type=####
- huangda####.com/resource!resource?resTypes=####&appid=####&channel=####&...
- m####.####.com/get.php?apiKey=####&imsi=####
- huangda####.com/active!activeLog.action?provider=####&clickId=####&manu=...
- huangda####.com/apk!requestApkLog.action?provider=####&reqType=####&resu...
- 2y####.####.com/N6555212374124793
- 2y####.####.com/R6214789642340040
Запросы HTTP POST:
- newbyv####.com:10001/api/v1/phones
- d####.####.com/mmsdk/mmsdk?func=####&appkey=####&channel=####&code=####
- apm-col####.####.com/cpi/crash
- i####.####.cn/iplookup/iplookup.php?format=####
- j####.####.COM/fsds988d1e7f2c2c/interface.php
- huangda####.com/resource!plugUpdate
- 1####.####.34:19000/v2/chis
- 1####.####.56/gamesit/puinit/data
- p####.####.cc/index.php/API
- a####.####.com/app_logs
- v####.####.com/api/payment/mobileInit.html
- g####.####.pw/thirdtmain.aspx
- s####.####.cn/sp/targetInit.e?pid=####&appid=####&qcid=####
- s####.####.cn/zpayinit?type=####
- p####.####.cc/cat.php/Cat/SCR?ver=####&tp=####
- 1####.####.56/gamesit/jysdk/inix
- g####.####.pw:6601/kitmain.aspx
- huangda####.com/shop/shop_upload_log
- v####.####.com/api/payment/updateInit
- k####.####.com/OsService/OsStrategy
- 1####.####.56/gamesit/jysdk/initsdk?os_info=####&os_model=####&net_info=...
- k####.####.com:10081/OsService/OsStrategy
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/files/prog_om3/r2
- <Package Folder>/files/prog_om3/r3
- <Package Folder>/files/prog_om3/r1
- <Package Folder>/files/prog_om3/r6
- <Package Folder>/files/prog_om3/r4
- <Package Folder>/files/prog_om3/r5
- <Package Folder>/files/prog16_b2/r3
- <Package Folder>/files/prog16_b2/r2
- <Package Folder>/files/prog16_b2/r1
- <Package Folder>/app_rtmp/daprc.so
- <Package Folder>/files/prog_js/su2
- <Package Folder>/shared_prefs/rtparam2.xml
- <Package Folder>/files/prog16_b2/r5
- <Package Folder>/files/prog16_b2/r4
- <Package Folder>/files/prog_js/js.zip
- <Package Folder>/files/bxcs.png
- <Package Folder>/databases/mp.db-journal
- <Package Folder>/files/prog_om8/r3
- <Package Folder>/files/prog_om5/onem.zip
- <Package Folder>/files/prog15/r0
- <Package Folder>/files/fakedbg.so687_540825
- <Package Folder>/shared_prefs/tpservices.xml
- <Package Folder>/shared_prefs/wyzf_configweishiwangluo.xml.bak
- <Package Folder>/files/prog_om3/onem.zip
- <Package Folder>/files/prog_om4/xx.sh
- <Package Folder>/app_rtmp/secrt1.so
- <Package Folder>/shared_prefs/getFlag.xml
- <Package Folder>/shared_prefs/config.xml.bak
- <Package Folder>/files/prog_om3/r8
- <Package Folder>/shared_prefs/dispatch_log.xml
- <Package Folder>/shared_prefs/lxdMoblieAgent_sys_config.xml.bak
- <Package Folder>/app_rtmp/fakedbg.so
- <Package Folder>/files/prog_om6/r8
- <Package Folder>/files/prog_om6/r5
- <Package Folder>/files/prog_om6/r4
- <Package Folder>/files/prog_om6/r6
- <Package Folder>/databases/smspayweishiwangluo.db-journal
- <Package Folder>/files/actlxd0
- <Package Folder>/databases/ua.db
- <Package Folder>/files/prog_js/xx.sh
- <Package Folder>/shared_prefs/lxdMoblieAgent_state_<Package>.xml
- <Package Folder>/files/sec-zy.so689_188057
- <Package Folder>/files/prog16_a/r0
- <Package Folder>/files/prog_om4/busybox
- <Package Folder>/app_rtmp/in-libvangd.so
- <Package Folder>/files/.sys.attr
- <Package Folder>/files/prog_om4/r8
- <Package Folder>/databases/cc.db
- <Package Folder>/files/prog_om8/xx.sh
- <Package Folder>/shared_prefs/zpay_info.xml.bak
- <Package Folder>/files/prog_om2/r8
- <Package Folder>/app_pt_odex2/rt.so718_561682
- <Package Folder>/files/in-fun1.so
- <Package Folder>/files/prog_om2/r1
- <Package Folder>/files/prog_om1/xx.sh
- <Package Folder>/files/prog_om2/r2
- <Package Folder>/files/prog_om2/r5
- <Package Folder>/files/prog_om2/r4
- <Package Folder>/files/prog_om2/r6
- <Package Folder>/files/e/plus.jar
- <Package Folder>/files/prog16_b1/r4
- <Package Folder>/files/prog16_b1/r5
- <Package Folder>/files/prog16_b1/r2
- <Package Folder>/files/prog16_b1/r3
- <Package Folder>/files/prog16_b1/r1
- <Package Folder>/files/prog16_b0/r1
- <Package Folder>/files/prog16_b0/r3
- <Package Folder>/files/exid.dat
- <Package Folder>/files/prog16_b0/r5
- <Package Folder>/files/prog16_b0/r4
- <Package Folder>/shared_prefs/lxdMoblieAgent_upload_<Package>.xml
- <Package Folder>/databases/zpay_db-journal
- <Package Folder>/files/in-injectso.so
- <Package Folder>/files/prog_om2/xx.sh
- <Package Folder>/files/.umeng/exchangeIdentity.json
- <Package Folder>/app_rtmp/in-injectso.so
- <Package Folder>/files/in-fun2.so717_925703
- <Package Folder>/shared_prefs/config.xml
- <Package Folder>/files/secrt1.so703_392518
- <Package Folder>/files/dump
- <Package Folder>/files/prog_om6/busybox
- <Package Folder>/files/prog_om5/xx.sh
- <Package Folder>/shared_prefs/lastwk78.xml
- <Package Folder>/files/view.so704_984391
- <Package Folder>/files/prog_om5/r4
- <Package Folder>/files/prog_om5/r5
- <Package Folder>/files/prog_om5/r6
- <Package Folder>/files/in-libvangd.so
- <Package Folder>/files/prog_om5/r2
- <Package Folder>/files/prog_om5/r3
- <Package Folder>/files/.Ag/Agcr
- <Package Folder>/files/rtlast3.sys
- <Package Folder>/files/prog16_a/a.zip
- <Package Folder>/files/prog_om5/r8
- <Package Folder>/files/prog_om2/r3
- <Package Folder>/files/prog16_b1/b.zip
- <Package Folder>/files/prog16_a/killall
- <Package Folder>/app_rtmp/xcjp
- <Package Folder>/files/xcjp.jar
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/mySdk.jar
- <Package Folder>/files/prog_om8/onem.zip
- <Package Folder>/app_Wyzf_plg/wyzf_plg_5.0.7.jar
- <Package Folder>/files/.fksobinnskpa/.kpa2
- <Package Folder>/shared_prefs/lxdMoblieAgent_config_<Package>.xml
- <Package Folder>/app_devid/uuid3
- <Package Folder>/files/prog_om1/onem.zip
- <Package Folder>/files/prog_om5/r1
- <Package Folder>/files/prog_om8/r6
- <Package Folder>/files/prog_om8/r5
- <Package Folder>/files/prog_om8/r4
- <Package Folder>/app_rtmp/in-fun2.so
- <Package Folder>/files/prog_om8/r2
- <Package Folder>/files/prog_om8/r1
- <Package Folder>/files/prog4/r0
- <Package Folder>/files/sss.pdb
- <Package Folder>/files/prog16_a/r1
- <Package Folder>/files/.imprint
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/app_hand/lastacc
- <Package Folder>/databases/smspayweishiwangluo.db
- <Package Folder>/files/prog8/r0
- <Package Folder>/files/prog16_b2/b.zip
- <Package Folder>/files/prog16_b3/r1
- <Package Folder>/files/prog16_b3/r2
- <Package Folder>/files/prog16_b3/r3
- <Package Folder>/files/prog16_b3/r4
- <Package Folder>/files/prog16_b3/r5
- <Package Folder>/files/prog_om4/r2
- <Package Folder>/files/xcjp
- <Package Folder>/files/prog_om4/r3
- <Package Folder>/app_rtmp/view.so
- <Package Folder>/files/prog_om4/r1
- <Package Folder>/files/prog_om4/r6
- <Package Folder>/files/prog_om4/r5
- <Package Folder>/files/prog_om4/r4
- <Package Folder>/files/noend.ini
- <Package Folder>/databases/download.db-journal
- <Package Folder>/files/com.dyl.pay.ui.apk
- <Package Folder>/files/prog16_b0/r2
- <Package Folder>/files/prog16_b3/b.zip
- <Package Folder>/files/prog_om6/onem.zip
- <Package Folder>/files/prog_om8/r8
- <Package Folder>/files/prog_om5/busybox
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/zzconfig.xml
- <Package Folder>/files/prog_om1/r1
- <Package Folder>/files/prog_om1/r2
- <Package Folder>/files/prog_om1/r3
- <Package Folder>/files/prog_om1/r4
- <Package Folder>/files/prog_om1/r5
- <Package Folder>/files/prog_om1/r6
- <Package Folder>/files/prog_om1/r8
- <Package Folder>/app_temp/id
- <Package Folder>/app_rtmp/data.rs
- <Package Folder>/files/evnlxd1
- <Package Folder>/files/prog16_b0/b.zip
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/files/syslxd2
- <Package Folder>/shared_prefs/lxdMoblieAgent_sys_config.xml
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/shared_prefs/pretw.xml
- <Package Folder>/databases/mp.db
- <Package Folder>/shared_prefs/lxdMoblieAgent_upload_<Package>.xml.bak
- <Package Folder>/app_rtmp/rt.so
- <Package Folder>/shared_prefs/sp_name_configweishiwangluo.xml
- <Package Folder>/app_rtmp/in-fun1.so
- <Package Folder>/files/prog11/r0
- <Package Folder>/shared_prefs/fuckxjpalkq.xml
- <Package Folder>/files/Agcr.tmp
- <Package Folder>/files/prog_om2/onem.zip
- <Package Folder>/shared_prefs/device_id.xml.xml
- <Package Folder>/cache/.r.sh
- <Package Folder>/files/.sys.irf
- <Package Folder>/files/daprc.so688_911376
- <Package Folder>/files/.fksobinnskpa/.kpa1
- <Package Folder>/shared_prefs/twc.xml
- <Package Folder>/files/prog10/r0
- <Package Folder>/files/prog6/r0
- <Package Folder>/files/prog_om2/busybox
- <Package Folder>/shared_prefs/TestinAgent.xml
- <Package Folder>/files/prog_om6/r1
- <Package Folder>/app_rtmp/sec-zy.so
- <Package Folder>/files/prog_om3/busybox
- <Package Folder>/shared_prefs/lxdMoblieAgent_event_<Package>.xml
- <Package Folder>/shared_prefs/xapcinfo.xml
- <Package Folder>/files/prog_om8/busybox
- <Package Folder>/files/prog_om6/r3
- <Package Folder>/app_po/p7.apk
- <Package Folder>/files/prog_om6/r2
- <Package Folder>/shared_prefs/zpay_info.xml
- <Package Folder>/shared_prefs/wyzf_configweishiwangluo.xml
- <Package Folder>/files/.sys.us
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/cache/data.rs717_877484
- <Package Folder>/files/prog_om3/xx.sh
- <Package Folder>/files/prog_om6/xx.sh
- <Package Folder>/files/prog2/r0
- <Package Folder>/files/prog_js/busybox
- <Package Folder>/shared_prefs/twc.xml.bak
- <Package Folder>/files/prog_om4/onem.zip
- <Package Folder>/files/prog_om1/busybox
- <Package Folder>/shared_prefs/cpMsg.xml
- <Package Folder>/databases/zpay_db
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/files/prog_om5/busybox
- rm <Package Folder>/files/prog_js/js.zip
- rm <Package Folder>/files/prog_om2/busybox
- chmod 755 <Package Folder>/files/prog16_b2/r3
- chmod 777 /data/data/####/files/.Ag/Agcr
- chmod 755 <Package Folder>/files/prog_om2/busybox
- rm <Package Folder>/files/prog16_b1/r1
- rm <Package Folder>/files/prog16_b1/r2
- rm <Package Folder>/files/prog16_b1/r3
- rm <Package Folder>/files/prog16_b1/r4
- rm <Package Folder>/files/prog16_b0/r2
- rm <Package Folder>/files/prog16_b0/r1
- ls -l <Package Folder>/files/prog16_b0/r1
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- rm <Package Folder>/files/prog_om3/busybox
- chmod 755 <Package Folder>/files/prog_om6/r6
- chmod 755 <Package Folder>/files/prog_om8/busybox
- rm <Package Folder>/files/prog_om4/r6
- chmod 755 <Package Folder>/files/prog_om1/r1
- rm <Package Folder>/files/prog_js
- rm <Package Folder>/files/prog_om8/xx.sh
- rm <Package Folder>/files/prog_om8/onem.zip
- ls -l <Package Folder>/files/prog8/.zmp
- rm <Package Folder>/files/prog_om2/onem.zip
- rm <Package Folder>/files/prog_om2/r8
- rm <Package Folder>/files/prog_om3/r8
- rm <Package Folder>/files/prog_js/xx.sh
- rm <Package Folder>/files/prog_om3/r4
- rm <Package Folder>/files/prog16_a/killall
- rm <Package Folder>/files/prog_om2/r1
- rm <Package Folder>/files/prog_om3/r1
- rm <Package Folder>/files/prog_om2/r5
- rm <Package Folder>/files/prog_om2/r4
- chmod 755 <Package Folder>/files/prog15/.zmp
- rm <Package Folder>/files/prog16_b3/r3
- rm <Package Folder>/files/prog_om4/onem.zip
- rm <Package Folder>/files/prog16_b3/b.zip
- rm <Package Folder>/files/prog_om5/r6
- rm <Package Folder>/files/prog16_b3/r1
- chmod 755 <Package Folder>/files/prog16_b3/r4
- rm <Package Folder>/files/prog16_b2/r3
- rm <Package Folder>/files/prog16_b2/r2
- chmod 755 <Package Folder>/files/prog_js/su2
- rm <Package Folder>/files/prog16_b3/r4
- chmod 755 <Package Folder>/files/prog2/.zmp
- rm <Package Folder>/files/prog_om6/r8
- chmod 755 <Package Folder>/files/prog8/.zmp
- rm <Package Folder>/files/prog16_b2/r5
- rm <Package Folder>/files/prog_om6/r5
- rm <Package Folder>/files/prog16_b3/r5
- rm <Package Folder>/files/prog_om6/r3
- rm <Package Folder>/files/prog_om6/r2
- rm <Package Folder>/files/prog_om6/r1
- rm <Package Folder>/files/prog_om5/r3
- /data/data/####/files/prog_om1/r1 –auto
- chmod 755 <Package Folder>/files/prog_om6/busybox
- /data/data/####/files/prog_om4/r4 PFMMehxvMFk2VSFN8Aw8XGXh91UNiESr/iPn2mHZOg== 3u5ydeZkuIN7B1MIi0sjkwufUjbm /system/bin/sh
- ls -l <Package Folder>/files/prog2/.zmp
- chmod 755 <Package Folder>/files/prog_om8/r8
- ls -l <Package Folder>/files/prog4/.zmp
- rm <Package Folder>/files/prog_om5/xx.sh
- cufsmgr eb47495f7bb
- rm <Package Folder>/files/prog16_b0/r5
- rm <Package Folder>/files/prog_om1/busybox
- rm <Package Folder>/files/prog_om2/xx.sh
- rm <Package Folder>/files/prog16_b0/b.zip
- rm <Package Folder>/files/prog16_b0/r3
- ls -l <Package Folder>/files/prog_js/su2
- chmod 777 <Package Folder>/files/.Ag
- /data/data/####/files/prog_js/su2 al1s7jBFNtn9faBmC0Jb9A9Ns1GZSg== /system/bin/sh /data/data/####/files/prog_js/xx.sh
- sh <Package Folder>/files/prog_om8/r8
- getprop ro.serialno
- rm <Package Folder>/files/prog16_b3/r2
- chmod 755 <Package Folder>/files/prog4/.zmp
- chmod 755 <Package Folder>/files/.sys.attr
- rm <Package Folder>/files/prog16_b3
- rm <Package Folder>/files/prog16_b2
- rm <Package Folder>/files/prog16_b1
- rm <Package Folder>/files/prog16_b0
- chmod 755 <Package Folder>/files/prog_om5/r5
- chmod 777 <Package Folder>/files/.Ag/Agcr
- rm <Package Folder>/files/prog_om6/onem.zip
- /data/data/####/files/prog_om2/r2
- cat /sys/block/mmcblk0/device/cid
- chmod 755 <Package Folder>/cache/.r.sh
- conbb od2gf04pd9
- sh <Package Folder>/files/prog_om5/r5 /system/bin/sh
- rm <Package Folder>/files/prog_om5/onem.zip
- rm <Package Folder>/files/prog_om6/r6
- rm <Package Folder>/files/prog16_b1/r5
- /data/data/####/files/prog_om3/r3
- rm <Package Folder>/files/prog_om3/xx.sh
- rm <Package Folder>/files/prog_om6/r4
- /data/data/####/files/prog_om5/r5 /system/bin/sh
- /data/data/####/files/prog_om8/r8
- ls -l <Package Folder>/files/prog10/.zmp
- ls -l <Package Folder>/files/prog16_a/r1
- chmod 755 <Package Folder>/files/prog_om4/r4
- chmod 755 <Package Folder>/files/prog_om3/busybox
- chmod 755 <Package Folder>/files/prog16_b1/r2
- rm <Package Folder>/files/prog_om8/r1
- chmod 755 <Package Folder>/files/prog_om3/xx.sh
- chmod 755 <Package Folder>/files/prog_om2/xx.sh
- rm <Package Folder>/files/prog_om2/r3
- /data/data/####/files/prog_js/su2 HygZRm2IHTKWpp7Hll/sS0uY66xdcw== /system/bin/sh /data/data/####/files/prog_js/xx.sh
- chmod 755 <Package Folder>/files/prog11/.zmp
- rm <Package Folder>/files/prog_om3/onem.zip
- rm <Package Folder>/files/prog4/.zmp
- rm <Package Folder>/files/prog16_b2/r1
- getprop ro.product.cpu.abi
- rm <Package Folder>/files/prog_om5/r4
- rm <Package Folder>/files/prog_om5/r5
- rm <Package Folder>/files/prog_om5/r2
- rm <Package Folder>/files/prog16_b2/r4
- rm <Package Folder>/files/prog_om2/r2
- rm <Package Folder>/files/prog_om5/r1
- chmod 755 <Package Folder>/files/prog6/.zmp
- rm <Package Folder>/files/prog_om4/xx.sh
- rm <Package Folder>/files/prog_om5/r8
- rm <Package Folder>/files/prog_om8
- chmod 755 <Package Folder>/files/prog_om4/xx.sh
- rm <Package Folder>/files/prog_om5/busybox
- ls -l <Package Folder>/files/prog15/.zmp
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- rm <Package Folder>/files/prog_om8/busybox
- rm <Package Folder>/files/prog_om6/xx.sh
- chmod 755 <Package Folder>/files/prog_om8/xx.sh
- rm <Package Folder>/files/prog_om1/r2
- rm <Package Folder>/files/prog_om1/r3
- rm <Package Folder>/files/prog_om1/r1
- rm <Package Folder>/files/prog_om1/r6
- rm <Package Folder>/files/prog_om1/r4
- rm <Package Folder>/files/prog_om1/r5
- rm <Package Folder>/files/prog_om1/r8
- rm <Package Folder>/files/prog_om1/onem.zip
- chmod 755 <Package Folder>/files/.sys.us
- rm <Package Folder>/files/prog_om3
- chmod 755 <Package Folder>/files/prog_om6/xx.sh
- chmod 755 <Package Folder>/files/prog10/.zmp
- chmod 755 <Package Folder>/files/prog16_a/r1
- rm <Package Folder>/files/prog16_b1/b.zip
- rm <Package Folder>/files/prog16_b0/r4
- sh <Package Folder>/files/prog_om6/r6 /system/bin/sh
- ls -l /system/bin/su
- chmod 755 <Package Folder>/files/prog16_b0/r1
- /system/bin/.nbwayxwzt
- chmod 755 <Package Folder>/files/prog_om5/xx.sh
- /data/data/####/files/prog_om6/r6 /system/bin/sh
- getprop
- ls -l <Package Folder>/files/prog6/.zmp
- rm <Package Folder>/cache/.r.sh
- rm <Package Folder>/files/prog_om5
- rm <Package Folder>/files/prog_om4
- chmod 755 <Package Folder>/files/prog_js/xx.sh
- rm <Package Folder>/files/prog_om1
- chmod 755 <Package Folder>/files/prog_om1/busybox
- getprop ro.yunos.build.version
- rm <Package Folder>/files/prog_om2
- chmod 755 <Package Folder>/files/prog_om3/r3
- rm <Package Folder>/files/prog_js/su2
- chmod 755 <Package Folder>/files/prog_om1/xx.sh
- chmod 755 <Package Folder>/files/prog_om2/r2
- chmod 755 <Package Folder>/files/prog_om4/busybox
- rm <Package Folder>/files/prog_om6
- ls -l <Package Folder>/files/prog16_b2/r3
- rm <Package Folder>/files/prog_om8/r3
- rm <Package Folder>/files/prog_om8/r2
- rm <Package Folder>/files/prog_om8/r5
- rm <Package Folder>/files/prog_om8/r4
- /data/data/####/files/prog_js/su2 f0h5zguZ9aJXbCZExMaN2kDhh6V0Uw== /system/bin/sh /data/data/####/files/prog_js/xx.sh
- rm <Package Folder>/files/prog_om8/r6
- ls -l <Package Folder>/files/prog16_b3/r4
- sh <Package Folder>/files/prog_om3/r3
- rm <Package Folder>/files/prog_om2/r6
- sh <Package Folder>/files/prog_js/su2 f0h5zguZ9aJXbCZExMaN2kDhh6V0Uw== /system/bin/sh <Package Folder>/files/prog_js/xx.sh
- cat /proc/version
- ls -l <Package Folder>/files/prog16_b1/r2
- rm <Package Folder>/files/prog_om4/r8
- rm <Package Folder>/files/prog16_b2/b.zip
- rm <Package Folder>/files/prog_om4/r5
- rm <Package Folder>/files/prog_om4/r4
- chmod 777 /data/data/####/files/.Ag
- rm <Package Folder>/files/prog_om4/r1
- rm <Package Folder>/files/prog_om3/r6
- rm <Package Folder>/files/prog_om4/r3
- rm <Package Folder>/files/prog_om4/r2
- chmod 755 <Package Folder>/files/prog_js/busybox
- rm <Package Folder>/files/prog16_a
- sh <Package Folder>/files/prog_js/su2 HygZRm2IHTKWpp7Hll/sS0uY66xdcw== /system/bin/sh <Package Folder>/files/prog_js/xx.sh
- cufsdosck ac554db364f
- sh <Package Folder>/files/prog_om2/r2
- rm <Package Folder>/files/prog_om3/r2
- cat /sys/class/net/wlan0/address
- rm <Package Folder>/files/prog_om6/busybox
- rm <Package Folder>/files/prog_om3/r3
- rm <Package Folder>/files/prog_js/busybox
- rm <Package Folder>/files/prog16_a/r1
- rm <Package Folder>/files/prog16_a/r0
- rm <Package Folder>/files/prog_om1/xx.sh
- rm <Package Folder>/files/prog_om4/busybox
- sh <Package Folder>/files/prog_js/su2 al1s7jBFNtn9faBmC0Jb9A9Ns1GZSg== /system/bin/sh <Package Folder>/files/prog_js/xx.sh
- rm <Package Folder>/files/prog16_a/a.zip
- sh
- rm <Package Folder>/files/prog_om3/r5
- rm <Package Folder>/files/prog_om8/r8
- getprop ro.board.platform
- <dexopt>
- ls -l <Package Folder>/files/prog11/.zmp
Может автоматически отправлять СМС-сообщения.
