Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Tool.SilentInstaller.3.origin
Предлагает установить сторонние приложения.
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) p2.q####.com:80
- TCP(HTTP/1.1) pro####.sj.360.cn:80
- TCP(HTTP/1.1) up####.api.sj.####.cn:80
- TCP(HTTP/1.1) 1####.91.33.51:80
- TCP(HTTP/1.1) 1####.188.2.235:80
- TCP(HTTP/1.1) st####.360.cn.####.com:80
- TCP(HTTP/1.1) ope####.mob####.360.cn:80
- TCP(HTTP/1.1) www.go####.com:80
- TCP(HTTP/1.1) com####.mob####.360.cn:80
- TCP(HTTP/1.1) sh####.360t####.com:80
- TCP(HTTP/1.1) api.ku####.360.cn:80
- TCP(HTTP/1.1) p6.q####.com:80
- TCP(HTTP/1.1) p3.q####.com:80
- TCP(HTTP/1.1) and####.api.36####.com:80
- TCP(HTTP/1.1) s.3####.cn:80
- TCP(HTTP/1.1) d####.360####.com:80
- TCP(HTTP/1.1) m.sh####.360t####.com:80
- TCP(HTTP/1.1) 1####.91.33.52:80
- TCP(HTTP/1.1) i####.z####.mob####.####.com:80
- TCP(HTTP/1.1) 1####.188.2.236:80
- TCP(HTTP/1.1) p7.q####.com:80
- TCP(HTTP/1.1) p9.q####.com:80
- TCP(HTTP/1.1) s####.s.360.cn:80
- TCP(HTTP/1.1) p1.q####.com:80
- TCP(HTTP/1.1) 1####.199.124.155:80
- TCP(HTTP/1.1) 1####.199.124.154:80
- TCP(HTTP/1.1) recom####.api.sj.####.cn:80
- TCP(HTTP/1.1) m.i####.com:80
- TCP(HTTP/1.1) p0.q####.com:80
- TCP(HTTP/1.1) md.ope####.360.cn:80
- TCP(HTTP/1.1) p.s.3####.cn:80
- TCP(HTTP/1.1) res.qhs####.com:80
- TCP(HTTP/1.1) www.go####.nl:80
- TCP(HTTP/1.1) s####.m.me####.com:80
- TCP(HTTP/1.1) p4.q####.com:80
- TCP(HTTP/1.1) a####.p.360.cn:80
- TCP(TLS/1.0) t####.me####.com:443
- TCP(TLS/1.0) sh####.me####.com:443
- TCP(TLS/1.0) api.ku####.360.cn:443
- TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
- TCP(TLS/1.0) s####.tf.360.cn:443
- TCP(TLS/1.0) s####.m.me####.com:443
- TCP(TLS/1.0) sdkc####.e.360.cn:443
- TCP(TLS/1.0) api####.me####.com:443
- TCP(TLS/1.0) sdk.me####.com:443
- TCP 2####.181.132.91:80
- TCP 2####.181.132.89:80
Запросы DNS:
- a####.p.360.cn
- and####.api.36####.com
- api####.me####.com
- api.ku####.360.cn
- com####.mob####.360.cn
- d####.360####.com
- i####.z####.mob####.####.cn
- m.i####.com
- m.sh####.360t####.com
- md.ope####.360.cn
- mso####.360.cn
- mt####.go####.com
- ope####.mob####.360.cn
- p.s.3####.cn
- p0.q####.com
- p1.q####.com
- p1.q####.com
- p2.q####.com
- p3.q####.com
- p4.q####.com
- p6.q####.com
- p7.q####.com
- p9.q####.com
- plb####.u####.com
- pro####.sj.360.cn
- recom####.api.sj.####.cn
- res.qhs####.com
- s####.m.me####.com
- s####.s.360.cn
- s####.tf.360.cn
- s.3####.cn
- sdk.me####.com
- sdkc####.e.360.cn
- sh####.360t####.com
- sh####.me####.com
- st####.360.cn
- t####.me####.com
- tr.p.3####.cn
- u####.u####.com
- up####.api.sj.####.cn
- www.go####.com
- www.go####.nl
- x####.v.360.cn
Запросы HTTP GET:
- and####.api.36####.com/channel/?method=####&ss=####&token=####&ver=####&...
- and####.api.36####.com/cloud/?method=####&m=####&ss=####&token=####&ver=...
- and####.api.36####.com/cloud/?method=####&ss=####&token=####&ver=####&ch...
- and####.api.36####.com/player/?method=####&so_ver=####&so_type=####&ss=#...
- and####.api.36####.com/plugin/?method=####&source=####&cpuType=####&ss=#...
- and####.api.36####.com/tj/?method=####&m=####&ss=####&token=####&ver=###...
- and####.api.36####.com/tj/?method=####&ss=####&token=####&ver=####&ch=##...
- and####.api.36####.com/tj/?method=####&tid=####&ss=####&token=####&ver=#...
- and####.api.36####.com/upgrade/?d=####&ins=####&rel=####&&sdk=####&&m=##...
- and####.api.36####.com/welcome/?method=####&ss=####&token=####&ver=####&...
- api.ku####.360.cn/intf.php?method=####&devtype=####&m1=####&m2=####&_t=#...
- api.ku####.360.cn/intf.php?method=####&model=####&sdkversioncode=####&sd...
- com####.mob####.360.cn/comment/getCommentTags?objid=####&os=####&os_vers...
- com####.mob####.360.cn/comment/getCommentTags?objid=####&prepage=####&cu...
- com####.mob####.360.cn/comment/getComments?baike=####&level=####&start=#...
- com####.mob####.360.cn/comment/getLikes?objid=####&objtype=####&tids=###...
- com####.mob####.360.cn/comment/getReplies?baike=####&page=####&size=####...
- com####.mob####.360.cn/comment/getWeightComments?objid=####&objtype=####...
- md.ope####.360.cn/baohe/list?version=####&toid=####&pst=####&os=####&vc=...
- pro####.sj.360.cn/profile/setting/getsetting?os=####&vc=####&v=####&os_v...
- recom####.api.sj.####.cn/AppStore/getAppsbyCorp?corp=####&pname=####&typ...
- recom####.api.sj.####.cn/Iservice/AppDetail?s_stream_app=####&market_id=...
- recom####.api.sj.####.cn/Iservice/FailOver?os=####&vc=####&v=####&os_ver...
- recom####.api.sj.####.cn/Iservice/GetIndexHeader?iszip=####&logo_type=##...
- recom####.api.sj.####.cn/app/getTagAppList?s_stream_app=####&cid=####&ta...
- recom####.api.sj.####.cn/channel/getPlugInfoByPnames?&pnames=####&plugve...
- recom####.api.sj.####.cn/detail/apphistorydl?sid=####¤t_ver=####&f...
- recom####.api.sj.####.cn/html/data/save_uninstall.json
- recom####.api.sj.####.cn/iservice/pluginStatus?os=####&vc=####&v=####&os...
- recom####.api.sj.####.cn/mintf/getRecommandAppsForDetail?pname=####&num=...
- recom####.api.sj.####.cn/toolsManger/tool?ch2=####&os=####&vc=####&v=###...
- recom####.api.sj.####.cn/zhuanti/relateTopic?sid=####&os=####&os_version...
- st####.360.cn.####.com/wsm/attach/get?pjt=####&key=####&raw_file_name=##...
- www.go####.com/
- www.go####.nl/?gfe_rd=####&dcr=####&ei=####
Запросы HTTP POST:
- api.ku####.360.cn/intf.php?method=####&toid=####&_t=####&model=####&sdkv...
- md.ope####.360.cn/list/get?product=####&version=####
- recom####.api.sj.####.cn/AppRsaCheck/getCheckResult?os=####&vc=####&v=##...
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/35925aa5d3c1f33f5506fe49b777f504
- /data/data/####/612773f8e8d71cb9fbb25460fb7e9158
- /data/data/####/7093623c9b12683ab89895031acc60bc
- /data/data/####/72e70e48eadd5938b56d86399266a41c
- /data/data/####/GlobalFlag.xml
- /data/data/####/QH_DeviceSDK.xml
- /data/data/####/QH_SDK_M2.xml
- /data/data/####/QH_SDK_UserData.xml
- /data/data/####/QH_SDK_UserData.xml.bak
- /data/data/####/QH_SDK_UserData26657d5ff9020d2abefe558796b99584.xml
- /data/data/####/QH_SDK_UserData26657d5ff9020d2abefe558796b99584.xml.bak
- /data/data/####/QH_SDK_sessionID.xml
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/Y29tLnFpaG9vLnZpZGVv.tick.lock
- /data/data/####/a==7.3.1&&4.2.7_1501850141844_envelope.log
- /data/data/####/ad_percent.xml
- /data/data/####/c485d2ed5cc4ce64fcccca710c7a0bb7
- /data/data/####/com.qihoo.video_preferences.xml
- /data/data/####/com.qihoo.video_preferences.xml.bak
- /data/data/####/config.properties
- /data/data/####/cover_config
- /data/data/####/dynamic1128.jar
- /data/data/####/e6cfc2bb3c
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f489f16ba824b8889b64c9d567d33691
- /data/data/####/finalcore.jar
- /data/data/####/global.jar
- /data/data/####/info.xml
- /data/data/####/libjiagu.so
- /data/data/####/locker
- /data/data/####/mediav_settings.xml
- /data/data/####/multidex.version.xml
- /data/data/####/mzmonitor
- /data/data/####/mzmonitor-journal
- /data/data/####/p-n-freewifi.jar_tmp
- /data/data/####/p-n-safegift.jar_tmp
- /data/data/####/pptv_4_armV6.apk_new_0.tmp
- /data/data/####/profile_torch_platform.xml
- /data/data/####/sdk_config.xml
- /data/data/####/sdk_config.xml.bak
- /data/data/####/settings.xml
- /data/data/####/settings.xml.bak
- /data/data/####/syscall
- /data/data/####/torch_sdk_config.xml
- /data/data/####/torch_sdk_config.xml.bak
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_config.xml.bak
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_it.cache
- /data/data/####/ver_info.xml
- /data/data/####/video.db-journal
- /data/data/####/webview.db-journal
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/SaveMyselfPlugin/####/plugin.apk.temp
- <Package Folder>/app_MsPlugins/com.qihoo360.mobilesafe.recommend.apk
- <Package Folder>/app_plugins_v3/plugin.tmp
- <Package Folder>/cache/####/428484309F011FAC87D737209BDF94E1.apk.temp
- <Package Folder>/cache/####/428484309F011FAC87D737209BDF94E1.apk.temp!
- <Package Folder>/cache/####/com.qihoo360.mobilesafe.authguider1...leted)
- <Package Folder>/cache/####/com.qihoo360.mobilesafe.news129_plu....temp!
- <Package Folder>/cache/####/com.qihoo360.mobilesafe.news129_plu...k.temp
- <Package Folder>/cache/####/so_gifimageappstore_2.apk.temp
- <Package Folder>/cache/####/so_gifimageappstore_2.apk.temp!
- <Package Folder>/cache/####/so_imagepipelineappstore_2.apk.temp
- <Package Folder>/cache/####/so_imagepipelineappstore_2.apk.temp!
- <Package Folder>/cache/installHijackStat
- <Package Folder>/databases/360appstoreFavorites.db
- <Package Folder>/databases/360appstoreFavorites.db-journal
- <Package Folder>/databases/360appstoreInstallHistory.db
- <Package Folder>/databases/360appstoreInstallHistory.db-journal
- <Package Folder>/databases/_ire-journal
- <Package Folder>/databases/account.db
- <Package Folder>/databases/account.db-journal
- <Package Folder>/databases/download5.db-journal
- <Package Folder>/databases/filelist.db-journal
- <Package Folder>/databases/ignoreupdate_appinfo.db
- <Package Folder>/databases/ignoreupdate_appinfo.db-journal
- <Package Folder>/databases/new_downloads.db
- <Package Folder>/databases/new_downloads.db-journal
- <Package Folder>/databases/update_history.db
- <Package Folder>/databases/update_history.db-journal
- <Package Folder>/downloadStat.json
- <Package Folder>/file_prefs/####/freezer
- <Package Folder>/file_prefs/####/key_local_status
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/QHA_JSON_PERSISTER_3416a75f4cea9109...f2aefc
- <Package Folder>/files/####/Y29tLnFpaG9vLmFwcHN0b3Jl
- <Package Folder>/files/####/Y29tLnFpaG9vLmFwcHN0b3Jl (deleted)
- <Package Folder>/files/####/Y29tLnFpaG9vLmFwcHN0b3Jl.tick.lock
- <Package Folder>/files/####/clean_floatwin_doing_bg.png
- <Package Folder>/files/####/clean_floatwin_icon_doing.png
- <Package Folder>/files/####/config
- <Package Folder>/files/####/config.properties
- <Package Folder>/files/####/default_tip.gif
- <Package Folder>/files/####/default_transfer.png
- <Package Folder>/files/####/finalcore.jar
- <Package Folder>/files/####/finalcore.jar.tmp
- <Package Folder>/files/####/floatwin_calculate_normal.png
- <Package Folder>/files/####/floatwin_cb_normal.png
- <Package Folder>/files/####/floatwin_cb_selected.png
- <Package Folder>/files/####/floatwin_clock_normal.png
- <Package Folder>/files/####/floatwin_detail_icon.png
- <Package Folder>/files/####/floatwin_flashlight_normal.png
- <Package Folder>/files/####/floatwin_flashlight_pressed.png
- <Package Folder>/files/####/floatwin_mobile_data_normal.png
- <Package Folder>/files/####/floatwin_mobile_data_pressed.png
- <Package Folder>/files/####/floatwin_seekbar.png
- <Package Folder>/files/####/floatwin_top_bg.png
- <Package Folder>/files/####/floatwin_wifi_normal.png
- <Package Folder>/files/####/floatwin_wifi_pressed.png
- <Package Folder>/files/####/pic_1.png
- <Package Folder>/files/####/pic_2.png
- <Package Folder>/files/####/pic_3.png
- <Package Folder>/files/####/pic_4.png
- <Package Folder>/files/####/pic_5.png
- <Package Folder>/files/####/pic_6.png
- <Package Folder>/files/####/pic_7.png
- <Package Folder>/files/####/pic_8.png
- <Package Folder>/files/####/pic_9.png
- <Package Folder>/files/gifimageappstore_2.so
- <Package Folder>/files/imagepipelineappstore_2.so
- <Package Folder>/files/p-n-recommend.jar
- <Package Folder>/files/personal_center_setting_new
- <Package Folder>/files/plugin_v3.lock
- <Package Folder>/files/tools_cache_new
- <Package Folder>/files/uninstallRetainJson
- <Package Folder>/files<Package Folder>/####/428484309F011FAC87D...E1.zip
- <Package Folder>/invalidTask.json
- <Package Folder>/localApkInfo.json
- <Package Folder>/shared_prefs/AppStoreNotificationSharedPref.xml
- <Package Folder>/shared_prefs/BaoHe_only_pref.xml
- <Package Folder>/shared_prefs/BaoHe_only_pref.xml.bak
- <Package Folder>/shared_prefs/Daemon_Only_Pref.xml
- <Package Folder>/shared_prefs/Daemon_Only_Pref.xml.bak
- <Package Folder>/shared_prefs/MATSharedPreferences.xml
- <Package Folder>/shared_prefs/MATSharedPreferences.xml.bak
- <Package Folder>/shared_prefs/MINI360EMS.xml
- <Package Folder>/shared_prefs/MINI360EMS.xml.bak
- <Package Folder>/shared_prefs/MINI360EMS.xml.bak (deleted)
- <Package Folder>/shared_prefs/PermissionMap.xml
- <Package Folder>/shared_prefs/QH_DeviceSDK.xml
- <Package Folder>/shared_prefs/QH_SDK_M2.xml
- <Package Folder>/shared_prefs/QH_SDK_UserData.xml
- <Package Folder>/shared_prefs/QH_SDK_UserData3416a75f4cea910950...fc.xml
- <Package Folder>/shared_prefs/QH_SDK_UserData3416a75f4cea910950...ml.bak
- <Package Folder>/shared_prefs/QH_SDK_sessionID.xml
- <Package Folder>/shared_prefs/antihijack_config.xml
- <Package Folder>/shared_prefs/antihijack_config.xml.bak
- <Package Folder>/shared_prefs/app_start_time.xml
- <Package Folder>/shared_prefs/app_usage_history_for_notification.xml
- <Package Folder>/shared_prefs/battery.xml
- <Package Folder>/shared_prefs/charge_screen_config.xml
- <Package Folder>/shared_prefs/clear_shortcut.xml
- <Package Folder>/shared_prefs/connect_config.xml
- <Package Folder>/shared_prefs/crash.xml
- <Package Folder>/shared_prefs/crash.xml.bak
- <Package Folder>/shared_prefs/event_config.xml
- <Package Folder>/shared_prefs/face_detect_local_pref.xml
- <Package Folder>/shared_prefs/float_win_config.xml
- <Package Folder>/shared_prefs/float_win_config.xml.bak
- <Package Folder>/shared_prefs/game_redirect.xml
- <Package Folder>/shared_prefs/keep_alive_config.xml
- <Package Folder>/shared_prefs/keep_alive_manager_config.xml
- <Package Folder>/shared_prefs/keep_alive_manager_config.xml.bak
- <Package Folder>/shared_prefs/keep_alive_time_config.xml
- <Package Folder>/shared_prefs/launch_foreground_mgr.xml
- <Package Folder>/shared_prefs/launch_foreground_mgr.xml.bak
- <Package Folder>/shared_prefs/msplugin_zhushou.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/mysoft_drag_config.xml
- <Package Folder>/shared_prefs/mysoft_smart_sort_config.xml
- <Package Folder>/shared_prefs/new_one_line_stat.xml
- <Package Folder>/shared_prefs/news_local_config.xml
- <Package Folder>/shared_prefs/news_local_config.xml.bak (deleted)
- <Package Folder>/shared_prefs/plugins.xml
- <Package Folder>/shared_prefs/plugins_PACM.temp.xml
- <Package Folder>/shared_prefs/save_myself_config.xml
- <Package Folder>/shared_prefs/save_myself_config.xml.bak (deleted)
- <Package Folder>/shared_prefs/share_data.xml
- <Package Folder>/shared_prefs/share_data.xml.bak
- <Package Folder>/shared_prefs/share_data_<Package>;critical.xml
- <Package Folder>/shared_prefs/share_data_<Package>;critical.xml.bak
- <Package Folder>/shared_prefs/share_data_<Package>;download.xml
- <Package Folder>/shared_prefs/share_data_<Package>;download.xml.bak
- <Package Folder>/shared_prefs/share_data_com.qihoo.daemon.xml
- <Package Folder>/shared_prefs/share_data_com.qihoo.daemon.xml.bak
- <Package Folder>/shared_prefs/torch_sdk_config.xml
- <Package Folder>/shared_prefs/zhaoyaojing_config.xml
- <SD-Card>/.sfp/.sfp
- <SD-Card>/.testf
- <SD-Card>/360/####/.nomedia
- <SD-Card>/360/####/26657d5ff9020d2abefe558796b99584
- <SD-Card>/360/####/2f3cdb4b2338fff38c1a829b04730711.0.tmp
- <SD-Card>/360/####/3416a75f4cea9109507cacd8e2f2aefc
- <SD-Card>/360/####/WXf
- <SD-Card>/360/####/WXf (deleted)
- <SD-Card>/360/####/Y29tLnFpaG9vLnZpZGVv
- <SD-Card>/360/####/Y29tLnFpaG9vLnZpZGVv (deleted)
- <SD-Card>/360/####/ZQu
- <SD-Card>/360/####/ZQu (deleted)
- <SD-Card>/360/####/g3I
- <SD-Card>/360/####/g3I (deleted)
- <SD-Card>/360/####/journal.tmp
- <SD-Card>/360/####/v37
- <SD-Card>/360/####/v37 (deleted)
- <SD-Card>/360/.deviceId
- <SD-Card>/360Download/com.qihoo.video128.apk.temp
- <SD-Card>/360Download/com.qihoo.video128.apk.temp!
- <SD-Card>/360Download/com.ss.android.article.video212.apk.temp
- <SD-Card>/360Download/com.ss.android.article.video212.apk.temp!
- <SD-Card>/360Log/downloadLog_delegate
- <SD-Card>/360Log/downloadLog_main
- <SD-Card>/360Log/downloadLog_p2p
- <SD-Card>/360Log/downloadLog_statMan
- <SD-Card>/360Video/####/.file_log
- <SD-Card>/Android/####/-14132494211764098739
- <SD-Card>/Android/####/-1530922503500578810
- <SD-Card>/Android/####/-1598440752-2012879244
- <SD-Card>/Android/####/-19929583851152347629
- <SD-Card>/Android/####/-2192007571314320345
- <SD-Card>/Android/####/-228332497-1693860271
- <SD-Card>/Android/####/-48974294-328953192
- <SD-Card>/Android/####/-728142500-1307223218
- <SD-Card>/Android/####/-924715107-751424921
- <SD-Card>/Android/####/-Thok0M5cWwB6ILXnVGjqKyjcqU.-2073940501.tmp
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/.sfp
- <SD-Card>/Android/####/.testf
- <SD-Card>/Android/####/0vM2friP1ZqnOtbafLISV-GK1XY.798326947.tmp
- <SD-Card>/Android/####/1251139916-1627309076
- <SD-Card>/Android/####/1314514064-1272686377
- <SD-Card>/Android/####/1489843484-672954452
- <SD-Card>/Android/####/1634378730-328953192
- <SD-Card>/Android/####/25387169688644548
- <SD-Card>/Android/####/2E_6ZyV3hwkWK_s4g3ZiWGEpjGI.1918458716.tmp
- <SD-Card>/Android/####/2RbDCB8IawZEbMt73cMgRM4Mjm0.2113859491.tmp
- <SD-Card>/Android/####/3507478361532565100
- <SD-Card>/Android/####/3bUFwIMW3fY9KieqdWxDFmSHeBM.656333514.tmp
- <SD-Card>/Android/####/45Q2-Okv5fnNcszY-xVBrb2ODdo.1808224431.tmp
- <SD-Card>/Android/####/4VIsdG6i6RW8UNPPDB3_QAwl5DQ.35405980.tmp
- <SD-Card>/Android/####/65VThAMvAVzl_vR5UTmNOefzZO4.1057057646.tmp
- <SD-Card>/Android/####/69iWoZRI8jfq0DxjWo_BLpbylVk.427056886.tmp
- <SD-Card>/Android/####/714887760-1272686377
- <SD-Card>/Android/####/71qOLmc6tKtls7uGw7RJw4ZFuSQ.806600746.tmp
- <SD-Card>/Android/####/836636667-1212969257
- <SD-Card>/Android/####/88fwvn0idImlm58qzR-OIA8wcns.-33752680.tmp
- <SD-Card>/Android/####/9O8DZOAkNj5r3lBV80xDDFBaWAE.2066415797.tmp
- <SD-Card>/Android/####/9zAKbZaucTsbS9ct0yy0SgFPolQ.1447691086.tmp
- <SD-Card>/Android/####/B4I5TaxPWidi19xWZag39bFkeUE.171405283.tmp
- <SD-Card>/Android/####/CxW1xDIqvCCod0Fa_GGEn_v3xLY.-1369591757.tmp
- <SD-Card>/Android/####/DwCj5rS4WkY2Mhr0Jz827SBMdFA.676591603.tmp
- <SD-Card>/Android/####/FYH6HaG3DXl-LkHoctSBFya1elg.1089681579.tmp
- <SD-Card>/Android/####/GTbzNdWF3iLJsifgv_v1BT58PTI.1693683979.tmp
- <SD-Card>/Android/####/GsOmp1j17eyqz2xzKH2Fp-lGTJ4.-1743087258.tmp
- <SD-Card>/Android/####/GtNVNjpPX0_oSf-uL2kuHWnPnTQ.-2142367632.tmp
- <SD-Card>/Android/####/HkPVaZBt6lcvgAhpBdGvCbh2L2U.1214861474.tmp
- <SD-Card>/Android/####/ILyDAXVZ7FRh9RRcrURh3dTkJUg.1243387899.tmp
- <SD-Card>/Android/####/IrlP-7_UDZqwmP_LscnQrrFuucA.545599654.tmp
- <SD-Card>/Android/####/K1gfkr3u3VLVcDN38AKpK2h_in4.-2110596759.tmp
- <SD-Card>/Android/####/KxiAoSO_LWfljxL8B321pA7VaJg.1406179496.tmp
- <SD-Card>/Android/####/MI4s2iR0arXNLmMQUAGqCp-7Dd8.289936807.tmp
- <SD-Card>/Android/####/NwYnjZEJqi6ihf3jWIkx_QaT5hk.1415226552.tmp
- <SD-Card>/Android/####/PCDG-vmH3Hnjz5Fm_wSIrdHPZog.-1270644135.tmp
- <SD-Card>/Android/####/Q2xrXzTdz9RcIsPv4XKNF2inws0.-2005658709.tmp
- <SD-Card>/Android/####/QJUlM5Umy78f_qjTmjZJ4HMkEaE.-1635301268.tmp
- <SD-Card>/Android/####/RtUUT7oNjJbQiwkO67RaG5NTiSA.560146027.tmp
- <SD-Card>/Android/####/SSyHwwBZLA7UBcJSYFODtd2wLC8.297184326.tmp
- <SD-Card>/Android/####/S_kasT1GuU0iiCnDmvMxmPuK5uo.20740840.tmp
- <SD-Card>/Android/####/V_OQdSmVAVgThsAZN5_5K0_ipAk.639071886.tmp
- <SD-Card>/Android/####/VfDssFpeu2a0iTrczl6ZuiArv-k.425080826.tmp
- <SD-Card>/Android/####/Xbuxl1bZ9TnC1sqrpn0JMJXbUhk.-1296705219.tmp
- <SD-Card>/Android/####/XqwZRI_NnTKMImf7lnp7_4w2ERw.2031985253.tmp
- <SD-Card>/Android/####/YZkDFs36e4Lq5QxUX5arHDkCNrA.1842090163.tmp
- <SD-Card>/Android/####/ZF9eLWDWg5mG9gYql4xYO6rAomM.-489929621.tmp
- <SD-Card>/Android/####/Zty8gl9I84dLwRDxb4AjsvbFJe4.-1670550787.tmp
- <SD-Card>/Android/####/aUj0eC8UliurH3sXYKiXoBFg-N0.-990182481.tmp
- <SD-Card>/Android/####/aopxw6ZG8lqp84NRrDvAtdO6Oss.-924716107.tmp
- <SD-Card>/Android/####/bVHA-Ikz4lI3g19brL7zsN0lmX8.1354790023.tmp
- <SD-Card>/Android/####/cA7Uy2sZzlpM0CNAW6DtluHe_54.478566017.tmp
- <SD-Card>/Android/####/cKnwXK80jRPZTuOUtUOAe7sClkI.656088121.tmp
- <SD-Card>/Android/####/data.lock
- <SD-Card>/Android/####/hW026cgiuMc8wJTT4QDIJ-vW8b0.-1818968938.tmp
- <SD-Card>/Android/####/huBIfGleRZPAXAyLAjgu4YtCLLk.1702445217.tmp
- <SD-Card>/Android/####/iN45Pd_O4YR5JTG70hRMGUHRkmE.-2089455104.tmp
- <SD-Card>/Android/####/ifSu-PR6xU8Bcf_FifJa7zQuQxU.923254498.tmp
- <SD-Card>/Android/####/j39X1NAhixPQcXRHb5M9EImB-PQ.608304161.tmp
- <SD-Card>/Android/####/k2vfvkTWNxBKSwjX0oE5NWsB2zU.2062438389.tmp
- <SD-Card>/Android/####/l6EYGQN6PtupeRY831bAGAhD0E8.1546261503.tmp
- <SD-Card>/Android/####/mvad_updatesdk_error
- <SD-Card>/Android/####/o7C9jt6ccNmGmoIhKoAi4JAfY0Q.-1817017890.tmp
- <SD-Card>/Android/####/ozc6kNTpCzNCXhB8wvP8VJlWUiU.1980914276.tmp
- <SD-Card>/Android/####/prhFsBiPg4SBpxrxn2-rGehdbtk.1113256377.tmp
- <SD-Card>/Android/####/qbSlOmJuTvH31ezZ5wcyjDzwIRM.1028321859.tmp
- <SD-Card>/Android/####/qlTXzEatRZt8WpDaguCu54jPnGw.1042091631.tmp
- <SD-Card>/Android/####/report.lock
- <SD-Card>/Android/####/sFMdRJoBvwK4QUH2h_Smnbu0c9Q.-489401145.tmp
- <SD-Card>/Android/####/sjbNU_KmabSb2_qFqf4AePoQUk4.-1195956154.tmp
- <SD-Card>/Android/####/wWlwbwq3lcxFCIc-OxaAGWFwmmM.-33415681.tmp
- <SD-Card>/Android/####/zjUiKjyrB1PeFqkQERPUemAf46I.-1638663421.tmp
- <SD-Card>/temp.tmp~
Другие:
Запускает следующие shell-скрипты:
- /data/data/com.qihoo.video/files/syscall com.qihoo.video 1800 am startservice -a com.qihoo.video.PUSHSERVICE --user 0
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 106.120.160.203
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 106.120.160.207
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 111.13.66.125
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 125.88.193.217
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 182.118.31.99
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 218.30.118.222
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.208
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
- /system/bin/sh
- app_process / <Package>.rootcommand.persistent.CoreDaemon --nice-name=<Package>_CoreDaemon --daemon
- app_process /system/bin com.android.commands.pm.Pm list packages
- cat /proc/version
- chmod 755 /data/data/com.qihoo.video/.jiagu/libjiagu.so
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- getprop net.dns1
- getprop net.dns2
- logcat -v time
- ls /
- ls /sys/class/thermal
- pm list packages
- ps
- sh /data/data/com.qihoo.video/files/syscall com.qihoo.video 1800 am startservice -a com.qihoo.video.PUSHSERVICE --user 0
Загружает динамические библиотеки:
- CoreDaemon
- gifimageappstore_2
- imagepipelineappstore_2
- libjiagu
- uninstall-feedback
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS7Padding
- DES-CBC-PKCS5Padding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о настроках APN.
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
