Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Click.171.origin
- Android.DownLoader.478.origin
- Android.RemoteCode.93.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) serv####.m####.com:80
- TCP(HTTP/1.1) log.t####.in:80
- TCP(HTTP/1.1) c11.la4.down####.####.com:7080
- TCP(HTTP/1.1) f####.google####.com:80
- TCP(HTTP/1.1) c10.la2.down####.####.com:7080
- TCP(HTTP/1.1) fb.vi####.com:80
- TCP(HTTP/1.1) dpl.b####.com:80
- TCP(HTTP/1.1) f####.gst####.com:80
- TCP(HTTP/1.1) www.technol####.co.uk:80
- TCP(HTTP/1.1) g####.u####.com:80
- TCP(HTTP/1.1) c4.la4.down####.####.com:7080
- TCP(HTTP/1.1) www.face####.com:80
- TCP(HTTP/1.1) c12.la4.down####.####.com:7080
- TCP(HTTP/1.1) f####.cdn.1####.com:80
- TCP(HTTP/1.1) c7.la4.down####.####.com:7080
- TCP(HTTP/1.1) c9.la2.down####.####.com:7080
- TCP(HTTP/1.1) o####.d####.9####.com:80
- TCP(HTTP/1.1) c2.la4.down####.####.com:7080
- TCP(HTTP/1.1) s####.mob####.b####.com:80
- TCP(HTTP/1.1) c5.la4.down####.####.com:7080
- TCP(HTTP/1.1) api.mob####.b####.com:80
- TCP(HTTP/1.1) 8.37.2####.19:80
- TCP(HTTP/1.1) www.mmmmmm####.com:80
- TCP(HTTP/1.1) 1####.179.9.106:80
- TCP(HTTP/1.1) rp.freeind####.com:80
- TCP(HTTP/1.1) img.p####.b####.####.net:80
- TCP(HTTP/1.1) l.a####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) real####.icec####.org:80
- TCP(HTTP/1.1) www.admobim####.com:80
- TCP(HTTP/1.1) u####.b####.com:80
- TCP(HTTP/1.1) na####.sno####.1####.com:8111
- TCP(HTTP/1.1) 1####.254.223.129:80
- TCP(HTTP/1.1) c7.la2.down####.####.com:7080
- TCP(HTTP/1.1) mo.freeind####.com:80
- TCP(HTTP/1.1) 2####.177.13.68:8288
- TCP(HTTP/1.1) c6.la4.down####.####.com:7080
- TCP(HTTP/1.1) pl####.mob####.b####.com:80
- TCP(HTTP/1.1) c10.la4.down####.####.com:7080
- TCP(HTTP/1.1) p####.a####.com:80
- TCP(HTTP/1.1) c3.la4.down####.####.com:7080
- TCP(HTTP/1.1) p####.u####.com:80
- TCP(HTTP/1.1) c1.la4.down####.####.com:7080
- TCP(HTTP/1.1) ak.icec####.org:80
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) 1####.179.9.96:44353
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) 1####.168.73.254:39661
- TCP(TLS/1.0) y####.ali####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) st####.xx.f####.net:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) 1####.254.223.129:443
- TCP(TLS/1.0) 1####.168.73.254:40317
Запросы DNS:
- ak.icec####.org
- and####.cli####.go####.com
- api.mob####.b####.com
- c1.la4.down####.####.com
- c10.la2.down####.####.com
- c10.la4.down####.####.com
- c11.la4.down####.####.com
- c12.la4.down####.####.com
- c2.la4.down####.####.com
- c3.la4.down####.####.com
- c4.la4.down####.####.com
- c5.la4.down####.####.com
- c6.la4.down####.####.com
- c7.la2.down####.####.com
- c7.la4.down####.####.com
- c9.la2.down####.####.com
- dpl.b####.com
- f####.cdn.1####.com
- f####.google####.com
- f####.gst####.com
- fb.vi####.com
- g####.u####.com
- googl####.g.doublec####.net
- img.p####.b####.com
- l.a####.com
- log.t####.in
- mo.freeind####.com
- na####.sno####.1####.com
- o####.d####.9####.com
- p####.a####.com
- p####.u####.com
- pag####.googles####.com
- pl####.mob####.b####.com
- real####.icec####.org
- rp.freeind####.com
- s####.mob####.b####.com
- serv####.m####.com
- st####.xx.f####.net
- tpc.googles####.com
- u####.b####.com
- us.y####.al####.com
- www.admobim####.com
- www.face####.com
- www.go####.com
- www.google-####.com
- www.mmmmmm####.com
- www.technol####.co.uk
Запросы HTTP GET:
- api.mob####.b####.com/index.php?r=####&al=####&l=####&p=####&hp=####&lc=...
- api.mob####.b####.com/strategy/api/v1/rule/get?p=####&hp=####&l=####&c=#...
- c1.la4.down####.####.com:7080/group2/M00/B1/8D/QQ0DAFl2tECADI5jAAAKTseVL...
- c1.la4.down####.####.com:7080/group2/M00/CE/50/QQ0DAFmRbJmATSjuAAAKQx9Jp...
- c1.la4.down####.####.com:7080/group2/M02/D9/05/QQ0DAFmd5h6AUXtwAAAIBn5By...
- c10.la2.down####.####.com:7080/group2/M00/CE/50/RQ0DAFmRbTyAG-sAAAAPFMOr...
- c10.la4.down####.####.com:7080/group2/M00/A4/E7/RA0DAFlshyWAOF1vAAAHVTZT...
- c11.la4.down####.####.com:7080/group2/M00/CE/50/RA0DAFmRbRCASJQ9AAAKE_ki...
- c11.la4.down####.####.com:7080/group2/M00/D3/83/QQ0DAFmWjS-AUQisAAANmeQp...
- c12.la4.down####.####.com:7080/group2/M01/B9/2F/QQ0DAFl9dg6AH9onAAAi3woS...
- c2.la4.down####.####.com:7080/group2/M00/25/8F/RA0DAFkbur-AcdbOAAAI51t9I...
- c2.la4.down####.####.com:7080/group2/M00/CE/50/RA0DAFmRbQ2AHSGqAAAOfsr6v...
- c3.la4.down####.####.com:7080/group2/M00/5F/29/RQ0DAFk7O0aAUCDHAAAXfqE3H...
- c3.la4.down####.####.com:7080/group2/M00/BC/40/RA0DAFmAOKKAd9zhAAATLZPSk...
- c3.la4.down####.####.com:7080/group2/M00/CE/50/QQ0DAFmRbJaAPjjeAAAKUcowh...
- c3.la4.down####.####.com:7080/group2/M00/CE/50/Qg0DAFmRbNSAQPOAAAAL-cklY...
- c3.la4.down####.####.com:7080/group2/M01/C8/D4/RA0DAFmMDwaAP3XfAAAPMOIsr...
- c3.la4.down####.####.com:7080/group2/M01/CB/21/RA0DAFmOIieABkHAAAAIYmr-y...
- c3.la4.down####.####.com:7080/group2/M01/DB/A1/RA0DAFmhUDmALDi0AAAKYCtyu...
- c3.la4.down####.####.com:7080/group2/M02/CA/8C/Qg0DAFmNhGyAHkgbAAAP8pi5J...
- c4.la4.down####.####.com:7080/group1/M00/3C/F4/p4YBAFfWC0eAFrvGAAAKdmCuB...
- c4.la4.down####.####.com:7080/group2/M00/60/AA/RQ0DAFk8fbWANrr5AAAfZGh0v...
- c4.la4.down####.####.com:7080/group2/M00/C3/FC/Qg0DAFmHemSAf-eoAAAME1U6E...
- c4.la4.down####.####.com:7080/group2/M00/CE/50/Qg0DAFmRbNeAd0O6AAAM3t9m2...
- c4.la4.down####.####.com:7080/group2/M02/CE/50/QQ0DAFmRbE-Ad1ECAAAIs4WY4...
- c4.la4.down####.####.com:7080/group2/M02/CE/50/RA0DAFmRbFyAUD_cAAAIyA8jd...
- c5.la4.down####.####.com:7080/group1/M00/7C/6C/qIYBAFkH_DWATu_FAAASB8Cwn...
- c5.la4.down####.####.com:7080/group1/M02/0A/C7/q4YBAFhmW9uAPRECAAAQyfKX2...
- c5.la4.down####.####.com:7080/group2/M00/B3/8D/QQ0DAFl4kDeAW8QQAAAPR1A3c...
- c5.la4.down####.####.com:7080/group2/M00/C4/4B/RQ0DAFmH1S6ADQjaAAAYEuj10...
- c6.la4.down####.####.com:7080/group2/M00/81/03/RA0DAFlTXpSAO3SZAAAhM5XoL...
- c6.la4.down####.####.com:7080/group2/M00/CE/50/RQ0DAFmRbT6AcaG5AAAJwgaWt...
- c6.la4.down####.####.com:7080/group2/M01/D6/70/Qg0DAFmamj2AblL1AAAMdyX3C...
- c6.la4.down####.####.com:7080/group2/M02/BF/2C/QQ0DAFmCopWAYXBxAAAdyDJv5...
- c6.la4.down####.####.com:7080/group2/M02/CE/56/Qg0DAFmRdKeAYCFMAAAF5XVdh...
- c7.la2.down####.####.com:7080/group2/M00/C8/7E/RA0DAFmLzSKABf6_AAAJA-yL-...
- c7.la4.down####.####.com:7080/group2/M00/AB/9D/QQ0DAFlxxyeAP4znAAASM3m85...
- c7.la4.down####.####.com:7080/group2/M01/B1/8A/QQ0DAFl2sL6AX3FdAAASP4Our...
- c7.la4.down####.####.com:7080/group2/M01/C7/02/QQ0DAFmKo_OAHF3uAABdQmGiO...
- c9.la2.down####.####.com:7080/group1/M01/D2/D8/poYBAFeqZxiACY5lAAAO2SSCg...
- c9.la2.down####.####.com:7080/group2/M01/DE/12/QQ0DAFmkx7mAeZkUAAAdUA2QA...
- c9.la2.down####.####.com:7080/group2/M02/D6/3F/RQ0DAFmaUEGAClOZAAAOw13LM...
- dpl.b####.com/M01/01/AD/CvJJDVmj_4CAOZroAArECPaKkRM544.zip
- f####.google####.com/css?family=####&ver=####
- f####.gst####.com/s/lato/v13/MZ1aViPqjfvZwVD_tzjjkwLUuEpTyoUstqEm5AMlJo4...
- f####.gst####.com/s/robotoslab/v6/dazS1PrQQuCxC3iOAJFEJTdGNerWpg2Hn6A-Bx...
- fb.vi####.com/?utm_medium=####&utm_campaign=####&cid=####
- fb.vi####.com/?utm_term=####&clickverify=####&utm_content=####
- fb.vi####.com/proc.php?48dd394####
- o####.d####.9####.com/upload/common/2017/8/11/22/176e286b-3b56-466e-9938...
- o####.d####.9####.com/upload/common/2017/8/11/22/f13454ed-b089-4555-832a...
- p####.a####.com/img/bd4058r1.png
- p####.u####.com/u1/zz259z3145z6417775z132zz45783z48996z2878715zzzzz1zz11...
- pag####.googles####.com/pagead/js/adsbygoogle.js
- pag####.googles####.com/pagead/js/r20170823/r20170110/reactive_library.js
- pag####.googles####.com/pagead/js/r20170823/r20170110/show_ads_impl.js?2...
- serv####.m####.com/119987?t=0.9880166440270841&ref=&lu=http://www.techno...
- u####.b####.com/setting/grobal_strategy?p=####&hp=####&l=####&c=####&pro...
- www.face####.com/plugins/likebox.php?href=####&w####&height=####&colorsc...
Запросы HTTP POST:
- log.t####.in/i.php
- log.t####.in/sal.php
- mo.freeind####.com/detail/getOfferListNew?enc=####
- na####.sno####.1####.com:8111/native/api/v1/update
- na####.sno####.1####.com:8111/native/sdk/api/ad/client_action
- na####.sno####.1####.com:8111/native/sdk/api/regclient
- pl####.mob####.b####.com/ad_dex.php
- rp.freeind####.com/business/impression
- s####.mob####.b####.com/cgi-bin-py/ad_sdk.cgi?ty=####&enc=####&bt=####
- www.mmmmmm####.com/osp/oaen_get.action?tasktype=####&imei=####&imsi=####...
- www.mmmmmm####.com/osp/oaen_reg.action
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.mbj/####/classes.zip
- <Package Folder>/HasStarted
- <Package Folder>/app_SGLib/####/libsgmainso-5.3.7011.so.tmp
- <Package Folder>/app_SGLib/####/lock.lock
- <Package Folder>/app_jniLibs/libcrash_1.5.0.0.so
- <Package Folder>/app_libs/.atmp9.jar
- <Package Folder>/app_libs/.atmp_8.log
- <Package Folder>/app_osdk/adflash_shell.jar
- <Package Folder>/app_osdk/t.zip
- <Package Folder>/app_stat_log3/1501850207625
- <Package Folder>/app_stat_log3/1501850217641
- <Package Folder>/app_stat_log3/1501850228007
- <Package Folder>/app_stat_log3/1501850258280
- <Package Folder>/app_wa/####/12hqtegf_1501850212164002113.wa
- <Package Folder>/app_wa/####/13irufhg_1501850215051002113.wa
- <Package Folder>/app_wa/####/15ktwhji_1501850224011002113.wa
- <Package Folder>/app_wa/####/41tztufn_1501850212163002113.wa
- <Package Folder>/app_wa/####/44w2wxiq_1501850224010002113.wa
- <Package Folder>/cache/####/027c5ec9875620a15fb8c78526c39439.0
- <Package Folder>/cache/####/027c5ec9875620a15fb8c78526c39439.1
- <Package Folder>/cache/####/0668fe2947e3a3e51b5494df94b77448.0
- <Package Folder>/cache/####/0668fe2947e3a3e51b5494df94b77448.1
- <Package Folder>/cache/####/1c078c17f0e19c0132acb6a3371fdc15.0
- <Package Folder>/cache/####/1c078c17f0e19c0132acb6a3371fdc15.1
- <Package Folder>/cache/####/2942fc64632abe69e503af564c7af33f.0
- <Package Folder>/cache/####/2942fc64632abe69e503af564c7af33f.1
- <Package Folder>/cache/####/2f074f3679567e55d543ef74b095d50b.0.tmp
- <Package Folder>/cache/####/2f074f3679567e55d543ef74b095d50b.1
- <Package Folder>/cache/####/30fc35911a0a03ad33ba4743d10401f3.0
- <Package Folder>/cache/####/30fc35911a0a03ad33ba4743d10401f3.1
- <Package Folder>/cache/####/3b60c90a1471f3023af3fbd722042bba.0
- <Package Folder>/cache/####/3b60c90a1471f3023af3fbd722042bba.1
- <Package Folder>/cache/####/45cfbb44ce468f8e387def10b6af886d.0.tmp
- <Package Folder>/cache/####/45cfbb44ce468f8e387def10b6af886d.1
- <Package Folder>/cache/####/5095790c80d62fdc007b37565819c7e1.0
- <Package Folder>/cache/####/5095790c80d62fdc007b37565819c7e1.1
- <Package Folder>/cache/####/55910d9dca170a639547046944689445.0.tmp
- <Package Folder>/cache/####/55910d9dca170a639547046944689445.1
- <Package Folder>/cache/####/5b2dd45f27cd1b6e558fc78890149c36.0
- <Package Folder>/cache/####/5b2dd45f27cd1b6e558fc78890149c36.1
- <Package Folder>/cache/####/7c00ac116ec191a066e4892b8072cf16.0.tmp
- <Package Folder>/cache/####/7c00ac116ec191a066e4892b8072cf16.1
- <Package Folder>/cache/####/7e12fdfd93dd03c7d29b2132e0d94bb7.0
- <Package Folder>/cache/####/7e12fdfd93dd03c7d29b2132e0d94bb7.1
- <Package Folder>/cache/####/85b46262dca0997aa130f320df41ef39.0
- <Package Folder>/cache/####/85b46262dca0997aa130f320df41ef39.1
- <Package Folder>/cache/####/96b68644967d831a9482d607440e6490.0
- <Package Folder>/cache/####/96b68644967d831a9482d607440e6490.1
- <Package Folder>/cache/####/97254fd38c149b2108163b0176a4992a.0
- <Package Folder>/cache/####/97254fd38c149b2108163b0176a4992a.1
- <Package Folder>/cache/####/b5143e8598d2f0f123799e6094b374a1.0
- <Package Folder>/cache/####/b5143e8598d2f0f123799e6094b374a1.1
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/dc6a28939ee51e85913593694eda61d3.0
- <Package Folder>/cache/####/dc6a28939ee51e85913593694eda61d3.1
- <Package Folder>/cache/####/e12e42f736539a176d35b29c32a04fca.0
- <Package Folder>/cache/####/e12e42f736539a176d35b29c32a04fca.1
- <Package Folder>/cache/####/e735472f370c4ab049ac65e60c12e001.0
- <Package Folder>/cache/####/e735472f370c4ab049ac65e60c12e001.1
- <Package Folder>/cache/####/eb0915b2e2e354b28e4d5c1494df34f9.0
- <Package Folder>/cache/####/eb0915b2e2e354b28e4d5c1494df34f9.1
- <Package Folder>/cache/####/ecd876e86b177a7c64f7379a305dd425.0
- <Package Folder>/cache/####/ecd876e86b177a7c64f7379a305dd425.1
- <Package Folder>/cache/####/f7e3111e8be7e08308a82f4c3379d8a3.0
- <Package Folder>/cache/####/f7e3111e8be7e08308a82f4c3379d8a3.1
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/index
- <Package Folder>/cache/####/journal
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.bb
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ff
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.meminfo
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.pid
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.ps
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.start
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.time
- <Package Folder>/crashsdk/####/PPAIDNI0ELIBOM0MOC.uptime
- <Package Folder>/crashsdk/####/REKROW1PPAIDNI0ELIBOM0MOC.bb
- <Package Folder>/crashsdk/####/unique
- <Package Folder>/databases/9apps.db-journal
- <Package Folder>/databases/WaValue.db-journal
- <Package Folder>/databases/adblib.db-journal
- <Package Folder>/databases/arrkii.native.sdk.db-journal
- <Package Folder>/databases/downloader-journal
- <Package Folder>/databases/message-journal
- <Package Folder>/databases/my.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/0a231bd8575dcf72.txt
- <Package Folder>/files/SGMANAGER_DATA2
- <Package Folder>/files/SGMANAGER_DATA2.tmp
- <Package Folder>/files/adflashcore.jar
- <Package Folder>/files/daemon
- <Package Folder>/files/dc5d6d69f358084b98
- <Package Folder>/files/google.db
- <Package Folder>/files/sp.lock
- <Package Folder>/files/t.jar
- <Package Folder>/no_backup/com.google.android.gms.appid-no-backup
- <Package Folder>/shared_prefs/3710d74b68e6af8cade5ec187cc0f996dabc7e3c.xml
- <Package Folder>/shared_prefs/9apps.xml
- <Package Folder>/shared_prefs/9apps.xml (deleted)
- <Package Folder>/shared_prefs/9apps.xml.bak
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ActivatePreUtil.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml
- <Package Folder>/shared_prefs/AdsBusiness-data.xml.bak
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/BusinessPreUtil.xml
- <Package Folder>/shared_prefs/BusinessPreUtil.xml.bak
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml
- <Package Folder>/shared_prefs/LoginPreUtil.xml.bak
- <Package Folder>/shared_prefs/OfferPreUtil.xml
- <Package Folder>/shared_prefs/SYSTEM_CACHE.xml
- <Package Folder>/shared_prefs/adflash.xml
- <Package Folder>/shared_prefs/adflash.xml.bak
- <Package Folder>/shared_prefs/ak.native.sdk.xml
- <Package Folder>/shared_prefs/ak.native.sdk.xml.bak
- <Package Folder>/shared_prefs/aps.xml
- <Package Folder>/shared_prefs/aps.xml.bak
- <Package Folder>/shared_prefs/apsad.xml
- <Package Folder>/shared_prefs/apscomm.xml
- <Package Folder>/shared_prefs/arrkiiad.xml
- <Package Folder>/shared_prefs/arrkiiad.xml.bak
- <Package Folder>/shared_prefs/com.google.android.gms.appid.xml
- <Package Folder>/shared_prefs/device_info.xml
- <Package Folder>/shared_prefs/dns_cache.xml
- <Package Folder>/shared_prefs/dns_cache.xml.bak
- <Package Folder>/shared_prefs/f4acd030da61bd739ac44e37218b4567f7dd880f.xml
- <Package Folder>/shared_prefs/ffc1d42b1ca5e3db2657d00b91997f6a.xml
- <Package Folder>/shared_prefs/hunter_config.xml
- <Package Folder>/shared_prefs/other_config.xml
- <Package Folder>/shared_prefs/service_config.xml
- <Package Folder>/shared_prefs/service_config.xml.bak
- <Package Folder>/shared_prefs/settingsLog.xml
- <Package Folder>/shared_prefs/settingsLog.xml.bak
- <Package Folder>/shared_prefs/sp_config.xml
- <Package Folder>/shared_prefs/t_ini.xml
- <Package Folder>/shared_prefs/t_ini.xml.bak
- <Package Folder>/shared_prefs/v71.xml
- <Package Folder>/shared_prefs/v71.xml.bak
- <Package Folder>/shared_prefs/worker_preferences.xml
- <Package Folder>/shared_prefs/worker_preferences.xml.bak
- <Package Folder>/tiny_wa/1501850214954.wa
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.androidsystem/####/49.x-4.3.5-vs.apk
- <SD-Card>/.androidsystem/####/PlugShareData
- <SD-Card>/.androidsystem/####/files.db
- <SD-Card>/.androidsystem/####/plugxml.xml
- <SD-Card>/.androidsystem/507a255039f8e5c6e8747b515fb488f5.jpg
- <SD-Card>/.androidsystem/7a1ab4ff2a0a803265e986e131d41e47.jpg
- <SD-Card>/.androidsystem/99952f438058e97b39a2f790573a1a13.jpg
- <SD-Card>/.androidsystem/Plugin.zip
- <SD-Card>/.androidsystem/b0904b881bd1a68404ce0c25fa5be11f.jpg
- <SD-Card>/.com.taobao.dp/dd7893586a493dc3
- <SD-Card>/.com.taobao.dp/hid.dat
- <SD-Card>/9appsPro/####/libcrash_1.5.0.0.so.tmp
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/01654265b3a169f129c64365002cddcb36add196....0.tmp
- <SD-Card>/Android/####/02dbdef847ed03aa58f4c9c37a83885cc35ee325....0.tmp
- <SD-Card>/Android/####/09a878dfe460c737cd62357cf98c674c4c36bbd9....0.tmp
- <SD-Card>/Android/####/191a02b5cdc7680d7a5d16da119a88603032b478....0.tmp
- <SD-Card>/Android/####/1aeec429645577ce8f8b63d373388f2f2676aab8....0.tmp
- <SD-Card>/Android/####/22c7aeea8b18a06dfec434b49b5622f0e0242179....0.tmp
- <SD-Card>/Android/####/237af98a15dbd61e2551a55d9639ca12cd858219....0.tmp
- <SD-Card>/Android/####/239a6bb408c45944b95055c4fa0d6367d2d9ca26....0.tmp
- <SD-Card>/Android/####/2d232f3e556379724d57be1de3bfbeb41b00f015....0.tmp
- <SD-Card>/Android/####/394f819bb6c9ebb4cb2f05d02e39ccc6dddf654e....0.png
- <SD-Card>/Android/####/394f819bb6c9ebb4cb2f05d02e39ccc6dddf654e....0.tmp
- <SD-Card>/Android/####/39f70ab2e2acff4ece717196259b097520d17044....0.tmp
- <SD-Card>/Android/####/5037aa7a8a74d6c0b952a2c983bc651ada42a618....0.tmp
- <SD-Card>/Android/####/606a5e4a60c451dd5f9833233ce5be76e0f493c4....0.tmp
- <SD-Card>/Android/####/62af85c78d05359b7e0cff79c24dc2b485671936....0.tmp
- <SD-Card>/Android/####/69ae44459c9d91c5d185b25b6487a01a32a63f04....0.tmp
- <SD-Card>/Android/####/6d86c5d893fb3411a16c8dce895b1117322a589c....0.tmp
- <SD-Card>/Android/####/6f74ae322643838a450a7a26f85f5ba2e816c12f....0.tmp
- <SD-Card>/Android/####/7053cd514707db4d9708374cdf9fed42c18de9ea....0.tmp
- <SD-Card>/Android/####/7913c9b4f26c7bd00398558684685fa2f238be8c....0.tmp
- <SD-Card>/Android/####/7c7b2080e45fda4963452dbc2de806676e6886a6....0.tmp
- <SD-Card>/Android/####/8bed71e72b400159e36c7c705480dd61478a30cf....0.tmp
- <SD-Card>/Android/####/8ecae722d39096cf5d6579795b1eab41d2d14dc2....0.tmp
- <SD-Card>/Android/####/99cdb87ab451ab422549e01f96692760194a3a9a....0.tmp
- <SD-Card>/Android/####/99f1540019cd3e68dffb81ef3069424e45df986d....0.tmp
- <SD-Card>/Android/####/9c0d8b3e4234c67a8c4e84f1436617cf9f874edd....0.tmp
- <SD-Card>/Android/####/9c2893e4ed2335bce057b5d38ca76e5359f80958....0.tmp
- <SD-Card>/Android/####/9d12b76aa7fc44f1fbcbaf5c7620c4ae23f3ff40....0.tmp
- <SD-Card>/Android/####/9e2172b6dd3d0130704833d7fc551f0d4828b6da....0.tmp
- <SD-Card>/Android/####/a01287c277711a050b7f79c8e5f75acb3bd9b8f2....0.tmp
- <SD-Card>/Android/####/a04c420f99a68769cbdbe0e552ad3974b5ae473e....0.tmp
- <SD-Card>/Android/####/a89b73b4a0ccd388c2ffb9861176efe175c266c9....0.tmp
- <SD-Card>/Android/####/ac25228a4bcd6f602860b1d0bfefd725133ddfa9....0.tmp
- <SD-Card>/Android/####/c64884f47a6b57404ad093a9783cd1af45350be0....0.tmp
- <SD-Card>/Android/####/c72ada65df49f17932094803032d023952035634....0.png
- <SD-Card>/Android/####/c72ada65df49f17932094803032d023952035634...7e5a.0
- <SD-Card>/Android/####/c9f85dad2297ddafc4d720cc2e50f7aa70a851da....0.tmp
- <SD-Card>/Android/####/d488d6fbe576c4f33219d72b94c4d23efb2f9556....0.tmp
- <SD-Card>/Android/####/d53e038c21ac4a01762a9c111b2a01c6ad8a43d3....0.tmp
- <SD-Card>/Android/####/dea379cce5ae862735dc31969de9416b7f86937e....0.tmp
- <SD-Card>/Android/####/e34ced667cf367c7e42ca308a0316227000e78d9....0.tmp
- <SD-Card>/Android/####/e4bd42d44b16200c9c7a2e4ef54a31de6685e0e9....0.tmp
- <SD-Card>/Android/####/e95c967c46c6f273c8fd77855ab83ca142477431....0.tmp
- <SD-Card>/Android/####/f69d8a7f69054231a7607f2a2204c1e6b758ccdc....0.tmp
- <SD-Card>/Android/####/journal.tmp
- <SD-Card>/LogN/####/sp
- <SD-Card>/baidu/####/journal.tmp
- <SD-Card>/baidu/.cuid
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- <Package Folder>/files/dc5d6d69f358084b98
- chmod 777 <Package Folder>/files/daemon
- ps
- sh
Загружает динамические библиотеки:
- IncrementalUpdate
- libcrash_1.5.0.0
- ppapkpatchso
- sgmainso-5.3
- uninstall
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-NoPadding
- AES-ECB-PKCS5Padding
- DES-CBC-PKCS5Padding
- desede-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- desede-ECB-PKCS5Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
