Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Tool.SilentInstaller.3.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) p2.q####.com:80
- TCP(HTTP/1.1) pro####.sj.360.cn:80
- TCP(HTTP/1.1) up####.api.sj.####.cn:80
- TCP(HTTP/1.1) 1####.188.2.235:80
- TCP(HTTP/1.1) st####.360.cn.####.com:80
- TCP(HTTP/1.1) ope####.mob####.360.cn:80
- TCP(HTTP/1.1) www.go####.com:80
- TCP(HTTP/1.1) m####.me####.com:80
- TCP(HTTP/1.1) acti####.t####.cn:80
- TCP(HTTP/1.1) sh####.360t####.com:80
- TCP(HTTP/1.1) api.ku####.360.cn:80
- TCP(HTTP/1.1) p15.q####.com.####.com:80
- TCP(HTTP/1.1) p6.q####.com:80
- TCP(HTTP/1.1) p3.q####.com:80
- TCP(HTTP/1.1) p5.q####.com:80
- TCP(HTTP/1.1) s.3####.cn:80
- TCP(HTTP/1.1) trac####.v.tf.####.cn:80
- TCP(HTTP/1.1) m.sh####.360t####.com:80
- TCP(HTTP/1.1) p0.q####.com:80
- TCP(HTTP/1.1) i####.z####.mob####.####.com:80
- TCP(HTTP/1.1) p16.q####.com.####.com:80
- TCP(HTTP/1.1) p19.q####.com.####.com:80
- TCP(HTTP/1.1) 1####.188.2.236:80
- TCP(HTTP/1.1) p7.q####.com:80
- TCP(HTTP/1.1) p9.q####.com:80
- TCP(HTTP/1.1) p18.q####.com.####.com:80
- TCP(HTTP/1.1) yun.t####.cn:80
- TCP(HTTP/1.1) s####.s.360.cn:80
- TCP(HTTP/1.1) p1.q####.com:80
- TCP(HTTP/1.1) 1####.199.124.155:80
- TCP(HTTP/1.1) 1####.199.124.154:80
- TCP(HTTP/1.1) recom####.api.sj.####.cn:80
- TCP(HTTP/1.1) m.i####.com:80
- TCP(HTTP/1.1) 1####.188.66.33:80
- TCP(HTTP/1.1) p8.q####.com:80
- TCP(HTTP/1.1) sdk.l####.360.cn:80
- TCP(HTTP/1.1) md.ope####.360.cn:80
- TCP(HTTP/1.1) p.s.3####.cn:80
- TCP(HTTP/1.1) res.qhs####.com:80
- TCP(HTTP/1.1) www.go####.nl:80
- TCP(HTTP/1.1) e.tf.3####.cn:80
- TCP(HTTP/1.1) p17.q####.com.####.com:80
- TCP(HTTP/1.1) p4.q####.com:80
- TCP(HTTP/1.1) g.sdk.l####.####.cn:80
- TCP(HTTP/1.1) a####.p.360.cn:80
- TCP(HTTP/1.1) s####.me####.com:80
- TCP(HTTP/???) s.3####.cn:80
- TCP(TLS/1.0) t####.me####.com:443
- TCP(TLS/1.0) sh####.me####.com:443
- TCP(TLS/1.0) en####.t####.cn:443
- TCP(TLS/1.0) s####.tf.360.cn:443
- TCP(TLS/1.0) sdkc####.e.360.cn:443
- TCP(TLS/1.0) api####.me####.com:443
- TCP 2####.181.132.91:80
- TCP 2####.181.132.90:80
Запросы DNS:
- a####.p.360.cn
- acti####.t####.cn
- api####.me####.com
- api.ku####.360.cn
- e.tf.3####.cn
- en####.t####.cn
- g.sdk.l####.####.cn
- i####.z####.mob####.####.cn
- m####.me####.com
- m.i####.com
- m.sh####.360t####.com
- md.ope####.360.cn
- ope####.mob####.360.cn
- p.s.3####.cn
- p0.q####.com
- p1.q####.com
- p15.q####.com
- p16.q####.com
- p17.q####.com
- p18.q####.com
- p19.q####.com
- p2.q####.com
- p3.q####.com
- p4.q####.com
- p5.q####.com
- p6.q####.com
- p7.q####.com
- p8.q####.com
- p9.q####.com
- pro####.sj.360.cn
- recom####.api.sj.####.cn
- res.qhs####.com
- s####.me####.com
- s####.s.360.cn
- s####.tf.360.cn
- s.3####.cn
- sdk.l####.360.cn
- sdkc####.e.360.cn
- sh####.360t####.com
- sh####.me####.com
- st####.360.cn
- t####.me####.com
- tr.p.3####.cn
- trac####.v.tf.####.cn
- up####.api.sj.####.cn
- www.go####.com
- www.go####.nl
- yun.t####.cn
Запросы HTTP GET:
- acti####.t####.cn/mainMeet/index?id=####&slotId=####&login=####&appKey=#...
- api.ku####.360.cn/intf.php?method=####&devtype=####&m1=####&m2=####&_t=#...
- api.ku####.360.cn/intf.php?method=####&model=####&sdkversioncode=####&sd...
- g.sdk.l####.####.cn/sdkv2/local?u=####&uid2=####&sign=####&version=####&...
- m####.me####.com/rtb?type=####&d=####&b=####&p=####&l=####&s=####&m=####...
- md.ope####.360.cn/baohe/list?version=####&toid=####&pst=####&os=####&vc=...
- pro####.sj.360.cn/profile/setting/getsetting?os=####&vc=####&v=####&os_v...
- recom####.api.sj.####.cn/Iservice/AppDetail?s_stream_app=####&market_id=...
- recom####.api.sj.####.cn/Iservice/FailOver?os=####&vc=####&v=####&os_ver...
- recom####.api.sj.####.cn/Iservice/GetIndexHeader?iszip=####&logo_type=##...
- recom####.api.sj.####.cn/app/getNewTags?lid=####&prepage=####&curpage=##...
- recom####.api.sj.####.cn/app/rank?from=####&type=####&prepage=####&curpa...
- recom####.api.sj.####.cn/channel/getPlugInfoByPnames?&pnames=####&plugve...
- recom####.api.sj.####.cn/home/index?from=####&ch=####&prepage=####&curpa...
- recom####.api.sj.####.cn/html/data/save_uninstall.json
- recom####.api.sj.####.cn/iservice/pluginStatus?os=####&vc=####&v=####&os...
- s####.me####.com/s?type=####&r=####&tid=####&finfo=####&enup=####&mvid=#...
- sdk.l####.360.cn/sdkv2/city?u=####&uid2=####&sign=####&version=####&news...
- sdk.l####.360.cn/sdkv2/place?u=####&uid2=####&sign=####&version=####&mar...
- sdk.l####.360.cn/sdkv2/tabs?u=####&uid2=####&sign=####&version=####&news...
- st####.360.cn.####.com/wsm/attach/get?pjt=####&key=####&raw_file_name=##...
- trac####.v.tf.####.cn/s?type=####&r=####&tid=####&finfo=####&enup=####&m...
- www.go####.com/
- www.go####.nl/?gfe_rd=####&ei=####
Запросы HTTP POST:
- recom####.api.sj.####.cn/CloudControl/Tui?last_tui_pname=####&last_tui_p...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/Plugin/####/Signature_0.key
- <Package Folder>/Plugin/####/base-1.apk
- <Package Folder>/Plugin/####/base-1.dex
- <Package Folder>/SaveMyselfPlugin/####/plugin.apk.temp
- <Package Folder>/app_MsPlugins/com.qihoo360.mobilesafe.news.apk
- <Package Folder>/app_MsPlugins/com.qihoo360.mobilesafe.recommend.apk
- <Package Folder>/app_Plugins/com.qihoo.gameunion.s.apk
- <Package Folder>/app_plugins_v3/plugin.tmp
- <Package Folder>/cache/####/428484309F011FAC87D737209BDF94E1.apk.temp
- <Package Folder>/cache/####/428484309F011FAC87D737209BDF94E1.apk.temp!
- <Package Folder>/cache/####/com.qihoo.gameunion.s40607_plugin_s....temp!
- <Package Folder>/cache/####/com.qihoo.gameunion.s40607_plugin_s...k.temp
- <Package Folder>/cache/####/com.qihoo360.mobilesafe.authguider1....temp!
- <Package Folder>/cache/####/com.qihoo360.mobilesafe.authguider1...ic.apk
- <Package Folder>/cache/####/com.qihoo360.mobilesafe.news129_plu....temp!
- <Package Folder>/cache/####/com.qihoo360.mobilesafe.news129_plu...k.temp
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/so_gifimageappstore_2.apk.temp
- <Package Folder>/cache/####/so_gifimageappstore_2.apk.temp!
- <Package Folder>/cache/####/so_imagepipelineappstore_2.apk.temp
- <Package Folder>/cache/####/so_imagepipelineappstore_2.apk.temp!
- <Package Folder>/databases/_ire-journal
- <Package Folder>/databases/account.db
- <Package Folder>/databases/account.db-journal
- <Package Folder>/databases/download5.db-journal
- <Package Folder>/databases/filelist.db-journal
- <Package Folder>/databases/ignoreupdate_appinfo.db
- <Package Folder>/databases/ignoreupdate_appinfo.db-journal
- <Package Folder>/databases/new_downloads.db
- <Package Folder>/databases/new_downloads.db-journal
- <Package Folder>/databases/update_history.db
- <Package Folder>/databases/update_history.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/downloadStat.json
- <Package Folder>/file_prefs/####/freezer
- <Package Folder>/file_prefs/####/key_local_status
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/0119f8d51ef6bad2d09321ba6dc6696c921
- <Package Folder>/files/####/013c31b8cbe5cf245e9e30d1206fc281891
- <Package Folder>/files/####/0157c40207a4087105891be94dd78b27541
- <Package Folder>/files/####/QHA_JSON_PERSISTER_3416a75f4cea9109...f2aefc
- <Package Folder>/files/####/Y29tLnFpaG9vLmFwcHN0b3Jl
- <Package Folder>/files/####/Y29tLnFpaG9vLmFwcHN0b3Jl (deleted)
- <Package Folder>/files/####/Y29tLnFpaG9vLmFwcHN0b3Jl.tick.lock
- <Package Folder>/files/####/clean_floatwin_doing_bg.png
- <Package Folder>/files/####/clean_floatwin_icon_doing.png
- <Package Folder>/files/####/config
- <Package Folder>/files/####/config.properties
- <Package Folder>/files/####/default_tip.gif
- <Package Folder>/files/####/default_transfer.png
- <Package Folder>/files/####/finalcore.jar
- <Package Folder>/files/####/finalcore.jar.tmp
- <Package Folder>/files/####/floatwin_calculate_normal.png
- <Package Folder>/files/####/floatwin_cb_normal.png
- <Package Folder>/files/####/floatwin_cb_selected.png
- <Package Folder>/files/####/floatwin_clock_normal.png
- <Package Folder>/files/####/floatwin_detail_icon.png
- <Package Folder>/files/####/floatwin_flashlight_normal.png
- <Package Folder>/files/####/floatwin_flashlight_pressed.png
- <Package Folder>/files/####/floatwin_mobile_data_normal.png
- <Package Folder>/files/####/floatwin_mobile_data_pressed.png
- <Package Folder>/files/####/floatwin_seekbar.png
- <Package Folder>/files/####/floatwin_top_bg.png
- <Package Folder>/files/####/floatwin_wifi_normal.png
- <Package Folder>/files/####/floatwin_wifi_pressed.png
- <Package Folder>/files/####/pic_1.png
- <Package Folder>/files/####/pic_2.png
- <Package Folder>/files/####/pic_3.png
- <Package Folder>/files/####/pic_4.png
- <Package Folder>/files/####/pic_5.png
- <Package Folder>/files/####/pic_6.png
- <Package Folder>/files/####/pic_7.png
- <Package Folder>/files/####/pic_8.png
- <Package Folder>/files/####/pic_9.png
- <Package Folder>/files/####/pull_tip_83423_1.gif
- <Package Folder>/files/gifimageappstore_2.so
- <Package Folder>/files/imagepipelineappstore_2.so
- <Package Folder>/files/p-n-news.jar
- <Package Folder>/files/p-n-recommend.jar
- <Package Folder>/files/personal_center_setting_new
- <Package Folder>/files/plugin_v3.lock
- <Package Folder>/files/tools_cache_new
- <Package Folder>/files/uninstallRetainJson
- <Package Folder>/files<Package Folder>/####/428484309F011FAC87D...E1.zip
- <Package Folder>/localApkInfo.json
- <Package Folder>/shared_prefs/AppStoreNotificationSharedPref.xml
- <Package Folder>/shared_prefs/BaoHe_only_pref.xml
- <Package Folder>/shared_prefs/BaoHe_only_pref.xml.bak
- <Package Folder>/shared_prefs/CookiePrefsFile.xml
- <Package Folder>/shared_prefs/Daemon_Only_Pref.xml
- <Package Folder>/shared_prefs/Daemon_Only_Pref.xml.bak
- <Package Folder>/shared_prefs/MATSharedPreferences.xml
- <Package Folder>/shared_prefs/MATSharedPreferences.xml.bak
- <Package Folder>/shared_prefs/MINI360EMS.xml
- <Package Folder>/shared_prefs/MINI360EMS.xml.bak
- <Package Folder>/shared_prefs/MINI360EMS.xml.bak (deleted)
- <Package Folder>/shared_prefs/PermissionMap.xml
- <Package Folder>/shared_prefs/PermissionMap.xml.bak
- <Package Folder>/shared_prefs/QH_DeviceSDK.xml
- <Package Folder>/shared_prefs/QH_SDK_M2.xml
- <Package Folder>/shared_prefs/QH_SDK_UserData.xml
- <Package Folder>/shared_prefs/QH_SDK_UserData3416a75f4cea910950...fc.xml
- <Package Folder>/shared_prefs/QH_SDK_UserData3416a75f4cea910950...ml.bak
- <Package Folder>/shared_prefs/QH_SDK_sessionID.xml
- <Package Folder>/shared_prefs/QH_SDK_sessionID.xml.bak
- <Package Folder>/shared_prefs/RECOMMEND_PULL_SP_FILE.xml
- <Package Folder>/shared_prefs/RECOMMEND_PULL_SP_FILE.xml.bak
- <Package Folder>/shared_prefs/antihijack_config.xml
- <Package Folder>/shared_prefs/antihijack_config.xml.bak
- <Package Folder>/shared_prefs/app_start_time.xml
- <Package Folder>/shared_prefs/app_usage_history_for_notification.xml
- <Package Folder>/shared_prefs/battery.xml
- <Package Folder>/shared_prefs/charge_screen_config.xml
- <Package Folder>/shared_prefs/clear_shortcut.xml
- <Package Folder>/shared_prefs/connect_config.xml
- <Package Folder>/shared_prefs/connect_config.xml.bak
- <Package Folder>/shared_prefs/crash.xml
- <Package Folder>/shared_prefs/crash.xml.bak
- <Package Folder>/shared_prefs/event_config.xml
- <Package Folder>/shared_prefs/face_detect_local_pref.xml
- <Package Folder>/shared_prefs/festival.xml
- <Package Folder>/shared_prefs/float_win_config.xml
- <Package Folder>/shared_prefs/game_redirect.xml
- <Package Folder>/shared_prefs/keep_alive_config.xml
- <Package Folder>/shared_prefs/keep_alive_manager_config.xml
- <Package Folder>/shared_prefs/keep_alive_manager_config.xml.bak
- <Package Folder>/shared_prefs/launch_foreground_mgr.xml
- <Package Folder>/shared_prefs/msplugin_zhushou.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/mysoft_drag_config.xml
- <Package Folder>/shared_prefs/mysoft_smart_sort_config.xml
- <Package Folder>/shared_prefs/new_one_line_stat.xml
- <Package Folder>/shared_prefs/news_local_config.xml
- <Package Folder>/shared_prefs/news_sdk_location.xml
- <Package Folder>/shared_prefs/news_sdk_status.xml
- <Package Folder>/shared_prefs/newssdk_policy_pref_1.2.4.xml
- <Package Folder>/shared_prefs/newssdk_policy_status.xml
- <Package Folder>/shared_prefs/plugins.xml
- <Package Folder>/shared_prefs/profile_torch_platform.xml
- <Package Folder>/shared_prefs/save_myself_config.xml
- <Package Folder>/shared_prefs/share_data.xml
- <Package Folder>/shared_prefs/share_data.xml.bak
- <Package Folder>/shared_prefs/share_data_<Package>;critical.xml
- <Package Folder>/shared_prefs/share_data_<Package>;critical.xml.bak
- <Package Folder>/shared_prefs/share_data_<Package>;download.xml
- <Package Folder>/shared_prefs/share_data_<Package>;download.xml.bak
- <Package Folder>/shared_prefs/share_data_com.qihoo.daemon.xml
- <Package Folder>/shared_prefs/torch_sdk_config.xml
- <SD-Card>/360/####/.nomedia
- <SD-Card>/360/####/3416a75f4cea9109507cacd8e2f2aefc
- <SD-Card>/360/####/7cc19918258bec42b56f4ed772a436d9.0.tmp
- <SD-Card>/360/####/Hn0
- <SD-Card>/360/####/Hn0 (deleted)
- <SD-Card>/360/####/azP
- <SD-Card>/360/####/azP (deleted)
- <SD-Card>/360/####/cbB
- <SD-Card>/360/####/cbB (deleted)
- <SD-Card>/360/####/ff5605154c9f7f7982b2fa6066403420.0.tmp
- <SD-Card>/360/####/journal.tmp
- <SD-Card>/360/.deviceId
- <SD-Card>/360Log/downloadLog_delegate
- <SD-Card>/360Log/downloadLog_main
- <SD-Card>/360Log/downloadLog_p2p
- <SD-Card>/360Log/downloadLog_statMan
- <SD-Card>/Android/####/-1598440752523256070
- <SD-Card>/Android/####/-228332497-1978201969
- <SD-Card>/Android/####/-924715107-1035766619
- <SD-Card>/Android/####/-gVNJpde9ZtBt9HaEi-4NmGaSkg.780693498.tmp
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/.sfp
- <SD-Card>/Android/####/.testf
- <SD-Card>/Android/####/06-CETU9PydkPpqaO-1sX3vhj7Y.-1228286449.tmp
- <SD-Card>/Android/####/2-hrWPjYu7RnrXsadeFLyC6YYqU.1065423424.tmp
- <SD-Card>/Android/####/2eCv46RzGHHRoNYDyC6o1JaRAdc.1383084128.tmp
- <SD-Card>/Android/####/3bUFwIMW3fY9KieqdWxDFmSHeBM.962897283.tmp
- <SD-Card>/Android/####/3wqfM8Fx6h8oE_QGmdv0eyD-K58.1439327126.tmp
- <SD-Card>/Android/####/462263673-157591563
- <SD-Card>/Android/####/62SgYzkARgucc4nu_5F86BvsVnY.-1747927762.tmp
- <SD-Card>/Android/####/69iWoZRI8jfq0DxjWo_BLpbylVk.1903399532.tmp
- <SD-Card>/Android/####/7aqtwfbNKMXl3r-q9icX2tK41ro.-2051292202.tmp
- <SD-Card>/Android/####/84F0oLFgXovfKZGLtz27TMNj6rA.1803731127.tmp
- <SD-Card>/Android/####/9Le-_CGStkOe4ekWp24cL4WWj4E.-677134789.tmp
- <SD-Card>/Android/####/AhvfjjjJ4PbXWgdxurbtKeRFE6k.-1927702053.tmp
- <SD-Card>/Android/####/C20D6qjIRLR_9nfzpk7qS7ljoCk.915046033.tmp
- <SD-Card>/Android/####/GtNVNjpPX0_oSf-uL2kuHWnPnTQ.1032888470.tmp
- <SD-Card>/Android/####/HPvqQbBhiLhGfGIdO-3Tp3V6AbM.-1917341484.tmp
- <SD-Card>/Android/####/HXPyieGZIEiWu314up4yMhZcQg4.1815806195.tmp
- <SD-Card>/Android/####/IFrVUoeCnIcnvfMefAb9nC0952o.592977461.tmp
- <SD-Card>/Android/####/ImrfcMqvjhSOzB8Q7cyfe5Ub_rU.-721485629.tmp
- <SD-Card>/Android/####/IrlP-7_UDZqwmP_LscnQrrFuucA.-897062792.tmp
- <SD-Card>/Android/####/KoqR_VrkWqCFMD5Rw7CeBuEvl-Y.-1370399498.tmp
- <SD-Card>/Android/####/LkCwWZHbGVdMGTS4oP9SQWQB8yY.1964424468.tmp
- <SD-Card>/Android/####/MI4s2iR0arXNLmMQUAGqCp-7Dd8.-1974402123.tmp
- <SD-Card>/Android/####/MNeFlBMGUdJMpQO9Sqz8dDnX0Ps.1069951067.tmp
- <SD-Card>/Android/####/NHpux-0FsMUSvL8W6LUHJwfiRoI.575275248.tmp
- <SD-Card>/Android/####/Ns5KcnuTuX9oH1qMooVctYZL9AI.2103550693.tmp
- <SD-Card>/Android/####/QmqX_Jv4A04HuMm2h2EdDAw8UUM.-630259466.tmp
- <SD-Card>/Android/####/Qz4OIwPxZUwZp6J1Lj5tWNQn_VM.2136005071.tmp
- <SD-Card>/Android/####/Uez1In6cttgameOPza6FZ2P6aME.367575599.tmp
- <SD-Card>/Android/####/V_OQdSmVAVgThsAZN5_5K0_ipAk.1236621888.tmp
- <SD-Card>/Android/####/W-lvVSSqx-Bb4B5v1bXrbuBF7aw.725479106.tmp
- <SD-Card>/Android/####/Wyq4-WEwTtbv8OEQb6QDoQYRA2Q.1645354023.tmp
- <SD-Card>/Android/####/Xbuxl1bZ9TnC1sqrpn0JMJXbUhk.-149569960.tmp
- <SD-Card>/Android/####/XqwZRI_NnTKMImf7lnp7_4w2ERw.1888283443.tmp
- <SD-Card>/Android/####/ZRD3VIU6P3UIYOTonoQhOysavck.-1616836651.tmp
- <SD-Card>/Android/####/ZRHpZSrZolIzXOnapzT-xi4o0rc.-1463824121.tmp
- <SD-Card>/Android/####/_9tJiOlI5L5F706AGjN79Rm5NVA.1486202484.tmp
- <SD-Card>/Android/####/bMVIQ5qtadaqN6Yx3cluJhXuUGM.1440139202.tmp
- <SD-Card>/Android/####/bz6a4-KfvY-KLBTVYNv7Nzfv-RU.546808928.tmp
- <SD-Card>/Android/####/cKnwXK80jRPZTuOUtUOAe7sClkI.1509606420.tmp
- <SD-Card>/Android/####/cYULAyOl3aCuPWimL8vqpk0UJJk.907537252.tmp
- <SD-Card>/Android/####/cp-E7GaL4WlTK7HOUM_huiDGc8Y.-580872515.tmp
- <SD-Card>/Android/####/data.lock
- <SD-Card>/Android/####/eDqy4fxwWJu9D2ZtxydUzmnMS8Q.-633895416.tmp
- <SD-Card>/Android/####/eIcb1fz_v2_NoCAGICXZKV3R-FU.1172859899.tmp
- <SD-Card>/Android/####/eUlwrObGynYRgy6yLkgR7OmolF8.-1733259055.tmp
- <SD-Card>/Android/####/f5jrW-dl5bEa2WwPJOwvr_4lIjY.-918944083.tmp
- <SD-Card>/Android/####/gPjo26zthEU3nTolA9k4Rt6pDwE.1044687094.tmp
- <SD-Card>/Android/####/gW08s7F4SVhawhVgvd3tD-vgMic.965876466.tmp
- <SD-Card>/Android/####/kk1SDTDLjDEZrJ_o0vV2CuYf1iU.2072157547.tmp
- <SD-Card>/Android/####/orxthRKH7q7ZOh_RtgjbVvCN1dc.589240877.tmp
- <SD-Card>/Android/####/ozc6kNTpCzNCXhB8wvP8VJlWUiU.-672001171.tmp
- <SD-Card>/Android/####/rWMoK_oqxogbgtpkzqogp-hvUPk.1565861467.tmp
- <SD-Card>/Android/####/report.lock
- <SD-Card>/Android/####/sCqgXojGWR71bTdyO7Eh03K6hdE.-1660647497.tmp
- <SD-Card>/Android/####/sFMdRJoBvwK4QUH2h_Smnbu0c9Q.1018560420.tmp
- <SD-Card>/Android/####/tdbn8OghXNPXjssQ_Wv3L_H9T40.1044593380.tmp
- <SD-Card>/Android/####/uuw-Gx19prJK_ND2whH3bNvSvgM.-344634926.tmp
- <SD-Card>/Android/####/v2DH0amxEQ93J2Uxb4HLqUjRqKM.-20792032.tmp
- <SD-Card>/Android/####/viFnirT7IcS_hsTg8cmOmunKZaY.1999344558.tmp
- <SD-Card>/Android/####/wlwjor-k-bkJyKPH6f6hzEzmsC8.620788032.tmp
- <SD-Card>/Android/####/wsaANYeSy7mMfTS9u4_zeYtnI4I.-308501932.tmp
- <SD-Card>/Android/####/zjUiKjyrB1PeFqkQERPUemAf46I.-868643145.tmp
- <SD-Card>/Android/####/zje9oebqLchUyZ-Q_HaUeWW8MR0.-496999042.tmp
- <SD-Card>/Android/####/zsJYg-bMOWOaziKS-Z-l5NAGc50.1205303902.tmp
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 106.120.160.207
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 111.13.66.125
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 182.118.31.99
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
- /system/bin/sh
- app_process / <Package>.rootcommand.persistent.CoreDaemon --nice-name=<Package>_CoreDaemon --daemon
- app_process /system/bin com.android.commands.pm.Pm list packages
- cat /proc/version
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- pm list packages
- ps
Загружает динамические библиотеки:
- CoreDaemon
- gifimageappstore_2
- imagepipelineappstore_2
- libjiagu
- uninstall-feedback
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS7Padding
- DES-CBC-PKCS5Padding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о настроках APN.
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
