Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.73.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) www.apxadtr####.net:80
- TCP(HTTP/1.1) ads.dofun####.com:80
- TCP(HTTP/1.1) sp.adpusho####.com:7088
- TCP(HTTP/1.1) t####.bruce####.com:80
- TCP(HTTP/1.1) c####.tn####.com:80
- TCP(HTTP/1.1) ald####.com:80
- TCP(HTTP/1.1) www.4g####.net:80
- TCP(HTTP/1.1) 1####.241.242.234:80
- TCP(HTTP/1.1) duc####.b####.com:80
- TCP(HTTP/1.1) www.okyes####.com:8081
- TCP(HTTP/1.1) t####.iches####.net:80
- TCP(HTTP/1.1) aws.smarter####.net:80
- TCP(HTTP/1.1) trk.gl####.com:80
- TCP(HTTP/1.1) ad.lead####.net:80
- TCP(HTTP/1.1) k####.v####.m.####.me:80
- TCP(HTTP/1.1) 2-01-33####.cdx.h####.com:80
- TCP(HTTP/1.1) 1####.179.103.247:80
- TCP(HTTP/1.1) 5####.77.99.53:80
- TCP(HTTP/1.1) mtrac####.com:80
- TCP(HTTP/1.1) c.s####.co:80
- TCP(HTTP/1.1) wa####.go2c####.org:80
- TCP(HTTP/1.1) api.c.avazuna####.com:80
- TCP(HTTP/1.1) c####.what####.com:80
- TCP(HTTP/1.1) 1####.243.80.140:80
- TCP(HTTP/1.1) trac####.shootme####.com:80
- TCP(HTTP/1.1) got.pubna####.net:80
- TCP(HTTP/1.1) t####.ray####.com:80
- TCP(HTTP/1.1) boo####.offerst####.net:80
- TCP(HTTP/1.1) md.apptr####.com:80
- TCP(HTTP/1.1) clk.ocea####.com:80
- TCP(HTTP/1.1) advc####.weclou####.com:80
- TCP(HTTP/1.1) trac####.suma####.com:80
- TCP(HTTP/1.1) s####.mob####.com:80
- TCP(HTTP/1.1) 45.33.1####.75:80
- TCP(HTTP/1.1) img.h5####.hz####.cn:80
- TCP(HTTP/1.1) h5####.hz####.cn:80
- TCP(HTTP/1.1) a.n####.ren:80
- TCP(HTTP/1.1) clk.apxadtr####.net:80
- TCP(HTTP/1.1) www.ret####.com:80
- TCP(HTTP/1.1) adn.vision-####.com:80
- TCP(HTTP/1.1) trac####.pubt####.com:80
- TCP(HTTP/1.1) sdk-112####.us-we####.elb.####.com:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) c####.gowa####.com:80
- TCP(HTTP/1.1) api.reac####.com:80
- TCP(HTTP/1.1) t####.m####.net:80
- TCP(HTTP/1.1) aqueous####.herok####.com:80
- TCP(HTTP/1.1) api.ap####.com:80
- TCP(HTTP/1.1) c.tra####.com:80
- TCP(HTTP/1.1) m####.com:80
- TCP(HTTP/1.1) ad.api.y####.net:80
- TCP(HTTP/1.1) api.migh####.com:80
- TCP(HTTP/1.1) apptr####.com:80
- TCP(HTTP/1.1) newrota####.com:80
- TCP(HTTP/1.1) www.tradead####.com:80
- TCP(HTTP/1.1) wdsto####.com:80
- TCP(HTTP/1.1) cl####.min####.com:80
- TCP(HTTP/1.1) www.koapk####.com:8081
- TCP(HTTP/1.1) www.bigt####.com:80
- TCP(HTTP/1.1) gl####.ymtrac####.com:80
- TCP(HTTP/1.1) c####.howdo####.net:80
- TCP(HTTP/1.1) t####.g####.com:89
- TCP(HTTP/1.1) www.mobilec####.mobi:80
- TCP(HTTP/1.1) c####.sz####.com:80
- TCP(HTTP/1.1) hy####.com:80
- TCP(HTTP/1.1) ads.a####.com:80
- TCP(HTTP/1.1) ssp.nan####.com:80
- TCP(HTTP/1.1) clickco####.com:80
- TCP(HTTP/1.1) c####.mobfl####.com:80
- TCP(HTTP/1.1) w####.go2c####.org:80
- TCP(HTTP/1.1) t####.admob####.com:80
- TCP(HTTP/1.1) d.billyaf####.com:80
- TCP(HTTP/1.1) api.fa####.com:80
- TCP(HTTP/1.1) uswild####.al####.com.####.net:80
- TCP(HTTP/1.1) v####.google####.com:80
- TCP(HTTP/1.1) clinkad####.com:80
- TCP(HTTP/1.1) shinedi####.offerst####.net:80
- TCP(HTTP/1.1) dqhmu04####.cloudf####.net:80
- TCP(HTTP/1.1) c####.shar####.com:80
- TCP(HTTP/1.1) atracki####.appf####.com:80
- TCP(HTTP/1.1) c####.tracks####.net:80
- TCP(HTTP/1.1) api.lead####.net:80
- TCP(HTTP/1.1) www.bestmob####.mobi:80
- TCP(HTTP/1.1) t.api.y####.net:80
- TCP(HTTP/1.1) www.googlet####.com:80
- TCP(HTTP/1.1) rd.gl####.com:80
- TCP(HTTP/1.1) down####.prizes####.online:80
- TCP(HTTP/1.1) t####.hxc####.com:80
- TCP(HTTP/1.1) c####.u####.u####.com:80
- TCP(HTTP/1.1) t.m####.n####.mobi:80
- TCP(HTTP/1.1) p####.fa####.com:80
- TCP(HTTP/1.1) cpgnrot####.com:80
- TCP(TLS/1.0) 2-01-33####.cdx.h####.com:443
- TCP(TLS/1.0) normale####.com:443
- TCP(TLS/1.0) mobftr####.com:443
- TCP(TLS/1.0) t####.cpa.iqop####.com:443
- TCP(TLS/1.0) t####.co####.mobi:443
- TCP(TLS/1.0) c.n####.com:443
- TCP(TLS/1.0) p####.go####.com:443
- TCP(TLS/1.0) ve####.go2af####.com:443
- TCP(TLS/1.0) c####.apprev####.com:443
- TCP(TLS/1.0) t####.tapge####.net:443
- TCP(TLS/1.0) app.ad####.com:443
- TCP(TLS/1.0) im####.google####.com:443
- TCP(TLS/1.0) despite####.com:443
- TCP(TLS/1.0) f####.google####.com:443
- TCP(TLS/1.0) billmsc####.com:443
- TCP(TLS/1.0) app.appsf####.com:443
- TCP(TLS/1.0) freeg####.net:443
- TCP(TLS/1.0) ad.lead####.net:443
- TCP(TLS/1.0) b.query####.com:443
- TCP(TLS/1.0) mpire####.com:443
- TCP(TLS/1.0) a####.app####.com:443
- TCP(TLS/1.0) mob####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) msavtrf####.com:443
- TCP(TLS/1.0) cooperm####.go2af####.com:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) freecal####.com:443
- TCP(TLS/1.0) t####.56####.com:443
Запросы DNS:
- a####.app####.com
- a####.u####.com
- a####.umengc####.com
- a.n####.ren
- activeo####.appromo####.com
- ad.api.y####.net
- ad.lead####.net
- adn.vision-####.com
- ads.a####.com
- ads.dofun####.com
- advc####.weclou####.com
- ald####.com
- api.ap####.com
- api.c.avazuna####.com
- api.fa####.com
- api.lead####.net
- api.migh####.com
- api.reac####.com
- app.ad####.com
- app.appsf####.com
- apptr####.com
- atracki####.appf####.com
- aws.smarter####.net
- b.query####.com
- billmsc####.com
- boo####.offerst####.net
- c####.apprev####.com
- c####.gowa####.com
- c####.howdo####.net
- c####.mobfl####.com
- c####.shar####.com
- c####.sz####.com
- c####.tn####.com
- c####.tracks####.net
- c####.u####.u####.com
- c####.what####.com
- c.n####.com
- c.s####.co
- c.tra####.com
- cl####.min####.com
- clickco####.com
- clinkad####.com
- clk.apxadtr####.net
- clk.ocea####.com
- cooperm####.go2af####.com
- cpgnrot####.com
- d.billyaf####.com
- despite####.com
- down####.prizes####.online
- dqhmu04####.cloudf####.net
- duc####.b####.com
- f####.google####.com
- f####.gst####.com
- freecal####.com
- freeg####.net
- g####.cdn.fa####.com
- gl####.ymtrac####.com
- got.pubna####.net
- h5####.hz####.cn
- hy####.com
- im####.google####.com
- img.cdn.fa####.com
- img.h5####.hz####.cn
- k####.v####.m.####.me
- m####.com
- md.apptr####.com
- mob####.com
- mobftr####.com
- mpire####.com
- msavtrf####.com
- mtrac####.com
- newrota####.com
- normale####.com
- p####.fa####.com
- p####.go####.com
- rd.gl####.com
- s####.mob####.com
- s.c####.aliexp####.com
- sdk-112####.us-we####.elb.####.com
- shinedi####.offerst####.net
- sp.adpusho####.com
- ssp.nan####.com
- t####.56####.com
- t####.admob####.com
- t####.bruce####.com
- t####.co####.mobi
- t####.cpa.iqop####.com
- t####.g####.com
- t####.hxc####.com
- t####.iches####.net
- t####.m####.net
- t####.ray####.com
- t####.tapge####.net
- t.api.y####.net
- t.m####.n####.mobi
- trac####.pubt####.com
- trac####.shootme####.com
- trac####.suma####.com
- trk.gl####.com
- v####.google####.com
- ve####.go2af####.com
- w####.go2c####.org
- wa####.go2c####.org
- wdsto####.com
- www.4g####.net
- www.app####.com
- www.apxadtr####.net
- www.bestmob####.mobi
- www.bigt####.com
- www.google-####.com
- www.googlet####.com
- www.gst####.com
- www.koapk####.com
- www.mobilec####.mobi
- www.okyes####.com
- www.ret####.com
- www.tradead####.com
Запросы HTTP GET:
- 2-01-33####.cdx.h####.com/flags/flag_de.png
- 2-01-33####.cdx.h####.com/flags/flag_en.png
- 2-01-33####.cdx.h####.com/flags/flag_es.png
- 2-01-33####.cdx.h####.com/flags/flag_fr.png
- 2-01-33####.cdx.h####.com/flags/flag_it.png
- 2-01-33####.cdx.h####.com/flags/flag_nl.png
- 2-01-33####.cdx.h####.com/flags/flag_pl.png
- 2-01-33####.cdx.h####.com/flags/flag_pt.png
- 2-01-33####.cdx.h####.com/flags/flag_ru.png
- 2-01-33####.cdx.h####.com/flags/flag_tr.png
- 2-01-33####.cdx.h####.com/html5games/gameapi/v1.js?e=http://games.cdn.fa...
- 2-01-33####.cdx.h####.com/html5games/t/text-twist-2/v110/?fg_domain=####...
- 2-01-33####.cdx.h####.com/portal/4638e320-4444-4514-81c4-d80a8c662371/56...
- adn.vision-####.com/API/Click.ashx?M=MTAwM####&sid=####&subid=####&gaid=...
- ads.dofun####.com/acs.php?sid=####&adid=####&gaid=####&udid=####&pb=####...
- ads.dofun####.com/acs.php?sid=####&adid=####&pb=####&gaid=####&subid=###...
- advc####.weclou####.com/advclick?advposid=####&mapid=####&aid=####&adid=...
- api.fa####.com/assets/0.2-77836862/js/gameapi.js
- api.fa####.com/gameapi/script/40935b5f-cfef-4ac2-9179-549869282f4b/4638e...
- api.migh####.com/error.html&gpid=null&androidid=a3fa7e67986f603e&aff_sub...
- api.migh####.com/server/v1/track?c=####&sub=####&gaid=####&gpid=####&and...
- api.reac####.com/api/s2s/goto?id=####&t=####&channel=####&appid=####&dev...
- api.reac####.com/api/s2s/goto?id=####&t=####&channel=####&appid=####&sub...
- c####.gowa####.com/click?transaction_id=wadogo_WAdvChinaMobisummerAPI_21...
- c####.gowa####.com/click?transaction_id=wadogo_WAdvChinaMobisummerAPI_22...
- c####.gowa####.com/click?transaction_id=wadogo_WAdvZoomyAPI_194152_1024b...
- c####.gowa####.com/click?transaction_id=wadogo_WAdvZoomyAPI_194504_10205...
- c####.gowa####.com/click?transaction_id=wadogo_emeabrand_97943_102a9454a...
- c####.mobfl####.com/mobflower/link.do/396995m9lo5fvimh?aff_id=####&offer...
- c####.u####.u####.com/index.php?service=####&pub=####&offer_id=####&subp...
- c####.u####.u####.com/index.php?service=####&pub=####&offer_id=####&uc_t...
- cl####.min####.com/tracking/click?clickid####&trafficsource=####&pub_sub...
- cl####.min####.com/tracking/click?clickid=####&trafficsource=####&offeri...
- cl####.min####.com/tracking/click?clickid=####&trafficsource=####&pub_su...
- down####.prizes####.online/?utm_medium=####&utm_campaign=####&1=####&2=#...
- duc####.b####.com/click/affClick?aff_id=####&offer_id=####&aff_sub=####&...
- duc####.b####.com/click/affClick?aff_id=####&offer_id=####&google_aid=##...
- hy####.com/28c88/4acA/76MQ/t-9Gs6VqRfgVCfcgxeCEkAI6SfAXQk8arOD0goKhos-Ud...
- img.h5####.hz####.cn/Arcade/Bananamania/icon.png
- img.h5####.hz####.cn/Arcade/Extreme-Kitten/icon.png
- img.h5####.hz####.cn/Arcade/My-Little-Dragon/icon.png
- img.h5####.hz####.cn/Arcade/Piano-Steps/icon.png
- img.h5####.hz####.cn/Arcade/Pilot-Heroes/icon.png
- img.h5####.hz####.cn/Arcade/Pirates-Of-Islets/icon.png
- img.h5####.hz####.cn/Arcade/Protect-The-Planet/icon.png
- img.h5####.hz####.cn/Arcade/Rain-Forest-Hunter/icon.png
- img.h5####.hz####.cn/Arcade/Shards/icon.png
- img.h5####.hz####.cn/Arcade/Spring-Panda/icon.png
- img.h5####.hz####.cn/Arcade/Zombies-Eat-My-Stocking/icon.png
- img.h5####.hz####.cn/Bubble-Shooter/Orange-Ranch/icon.png
- img.h5####.hz####.cn/Girls/Amazing-Me/icon.png
- img.h5####.hz####.cn/Girls/Beauty-Cat-Salon/icon.png
- img.h5####.hz####.cn/Girls/Casual-Dress-Fashion/icon.png
- img.h5####.hz####.cn/Girls/Peanut-Butter-Cookies/icon.png
- img.h5####.hz####.cn/Girls/Potato-Salad-Cooking-with-Emma/icon.png
- img.h5####.hz####.cn/Girls/Slacking-Library/icon.png
- img.h5####.hz####.cn/Girls/Sushi-Rolls-Cooking-With-Emma/icon.png
- img.h5####.hz####.cn/ImgSlide/1.jpg
- img.h5####.hz####.cn/ImgSlide/2.jpg
- img.h5####.hz####.cn/ImgSlide/3.jpg
- img.h5####.hz####.cn/Jump-Run/Kiba-Kumba-Shadow-Run/icon.png
- img.h5####.hz####.cn/Jump-Run/Outcome/icon.png
- img.h5####.hz####.cn/Match-3/Back-To-Candyland-Episode-2/icon.png
- img.h5####.hz####.cn/Match-3/Back-To-Candyland-Episode-4/icon.png
- img.h5####.hz####.cn/Match-3/Clockwork-Beetles/icon.png
- img.h5####.hz####.cn/Match-3/Fancy-Diver/icon.png
- img.h5####.hz####.cn/Match-3/Gold-Rush/icon.png
- img.h5####.hz####.cn/Match-3/Multisquare/icon.png
- img.h5####.hz####.cn/Match-3/Tabby-Island/icon.png
- img.h5####.hz####.cn/Puzzle/4x-Puzzle/icon.png
- img.h5####.hz####.cn/Puzzle/Chip-Family/icon.png
- img.h5####.hz####.cn/Puzzle/Get-10/icon.png
- img.h5####.hz####.cn/Puzzle/Jewels-Mania/icon.png
- img.h5####.hz####.cn/Puzzle/Mahjong-Master-2/icon.png
- img.h5####.hz####.cn/Puzzle/Playful-Kitty/icon.png
- img.h5####.hz####.cn/Puzzle/Puzzletag/icon.png
- img.h5####.hz####.cn/Puzzle/Sudoku-Classic/icon.png
- img.h5####.hz####.cn/Puzzle/Sushi-Backgammon/icon.png
- img.h5####.hz####.cn/Puzzle/Text-Twist-2/icon.png
- img.h5####.hz####.cn/Quiz/Alien-Quest/icon.png
- img.h5####.hz####.cn/Quiz/Animal-Quiz/icon.png
- img.h5####.hz####.cn/Quiz/Flag-Quiz/icon.png
- img.h5####.hz####.cn/Quiz/Geo-Quiz-Europe/icon.png
- img.h5####.hz####.cn/Quiz/Logo-Quiz/icon.png
- img.h5####.hz####.cn/Quiz/What-Famous-Cat-Are-You/icon.png
- img.h5####.hz####.cn/Racing/Endless-Truck/icon.png
- img.h5####.hz####.cn/Racing/Speed-Club-Nitro/icon.png
- img.h5####.hz####.cn/Racing/Speed-Maniac/icon.png
- img.h5####.hz####.cn/Sport/3D-Penalty/icon.png
- img.h5####.hz####.cn/Sport/American-Football-Kicks/icon.png
- img.h5####.hz####.cn/Sport/Arcade-Golf-NEON/icon.png
- img.h5####.hz####.cn/Sport/Euro-2016-Goal-Rush/icon.png
- img.h5####.hz####.cn/Sport/Penalty-2014/icon.png
- img.h5####.hz####.cn/Sport/World-Cup-Penalty/icon.png
- img.h5####.hz####.cn/imgs/icon/Candyland3.jpg
- img.h5####.hz####.cn/imgs/icon/DiamondHunt.jpg
- img.h5####.hz####.cn/imgs/icon/DragonPhysics.jpg
- img.h5####.hz####.cn/imgs/icon/baoshi_icon.jpg
- img.h5####.hz####.cn/imgs/icon/bwzj_icon.jpg
- img.h5####.hz####.cn/imgs/icon/cjlhj_icon.jpg
- img.h5####.hz####.cn/imgs/icon/dbfl_icon.jpg
- img.h5####.hz####.cn/imgs/icon/fwhq_icon.jpg
- img.h5####.hz####.cn/imgs/icon/grf.jpg
- img.h5####.hz####.cn/imgs/icon/jixian_icon.jpg
- img.h5####.hz####.cn/imgs/icon/jslpd_icon.jpg
- img.h5####.hz####.cn/imgs/icon/ncdwxxk_icon.jpg
- img.h5####.hz####.cn/imgs/icon/zldxts_icon.jpg
- rd.gl####.com/?r=####&l=####&p=####&c=####&gpid=####&androidid=####&aff_...
- ssp.nan####.com/aff/ssp/click?channel=####&uuid=####&id=####&aoid=####&c...
- t####.admob####.com/adTrack/track/click?oid=####&affid=####&aff_click_id...
- t####.bruce####.com/ck_jump?id=cz0z####&__if=####&__type=####&__ref=####
- t####.g####.com:89/redirect?af_channel=####&aid=####&clickid=####&af_sub...
- trac####.pubt####.com/click?offer_id=####&sub_id=####&click_id=####&sub_...
- uswild####.al####.com.####.net/app/subpay?sk=####&channel=####&sp=####&c...
- uswild####.al####.com.####.net/app/umeng?pid=####&dp=####&af=####&sk=###...
- wdsto####.com/aff_c?offer_id=####&aff_id=####&aff_sub=####&aff_sub1=####...
- www.4g####.net/ad/adu?gffw=####&frrw=####&zfbd=####&dlkvv=####&wdazz=###...
- www.google-####.com/analytics.js
- www.google-####.com/plugins/ua/linkid.js
- www.googlet####.com/gtm.js?id=####&l=####
- www.tradead####.com/script/preurl.php?r=####&sub1=####&pkg=####&gpid=###...
Запросы HTTP POST:
- img.h5####.hz####.cn/appstart.aspx
- sp.adpusho####.com:7088/sdk_p/a
- sp.adpusho####.com:7088/sdk_p/b
- v####.google####.com/api/ls
- v####.google####.com/api/o
- v####.google####.com/api/va
- www.4g####.net/ad/adc?gffw=####&frrw=####&zfbd=####&dlkvv=####&wdazz=###...
- www.bigt####.com/ad/adc?gffw=####&frrw=####&zfbd=####&dlkvv=####&wdazz=#...
- www.koapk####.com:8081/sm/sr/rt/ry
- www.okyes####.com:8081/sdk/nsd.action?b=####
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_bGlicmVz/nlim.bin
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/index
- <Package Folder>/cache/ApplicationCache.db-journal
- <Package Folder>/databases/bdownloaders.db-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/databases.db-journal
- <Package Folder>/databases/easv.data-journal
- <Package Folder>/databases/swith1014.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/um_cache_1510146583171.env
- <Package Folder>/files/201711081550.apk
- <Package Folder>/files/DEAB89CE10FEAA11
- <Package Folder>/files/c201711081550.apk
- <Package Folder>/files/exid.dat
- <Package Folder>/files/ncore.jar
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/20160121.xml
- <Package Folder>/shared_prefs/20160121.xml.bak
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/Q2hhbm5lbElES2V5MjAxNjEyMjcxODU3.xml
- <Package Folder>/shared_prefs/U.xml
- <Package Folder>/shared_prefs/_c_month.xml
- <Package Folder>/shared_prefs/af.xml
- <Package Folder>/shared_prefs/all_info_data.xml
- <Package Folder>/shared_prefs/apprater.xml
- <Package Folder>/shared_prefs/duspf6030945.xml
- <Package Folder>/shared_prefs/local_storage0.xml
- <Package Folder>/shared_prefs/local_storage1.xml
- <Package Folder>/shared_prefs/local_storage33.xml
- <Package Folder>/shared_prefs/local_storage33.xml.bak
- <Package Folder>/shared_prefs/local_storage999.xml
- <Package Folder>/shared_prefs/resource_status_xml.xml
- <Package Folder>/shared_prefs/sp.xml
- <Package Folder>/shared_prefs/sp.xml.bak
- <Package Folder>/shared_prefs/sub_preference_name.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/APPMarket/####/122190031.png.tmp
- <SD-Card>/Android/####/-100308878.tmp
- <SD-Card>/Android/####/-102001575.tmp
- <SD-Card>/Android/####/-1048554894.tmp
- <SD-Card>/Android/####/-1086572413.tmp
- <SD-Card>/Android/####/-1120353834.tmp
- <SD-Card>/Android/####/-1213714872.tmp
- <SD-Card>/Android/####/-1238106391.tmp
- <SD-Card>/Android/####/-1247158329.tmp
- <SD-Card>/Android/####/-1274669519.tmp
- <SD-Card>/Android/####/-1342692541.tmp
- <SD-Card>/Android/####/-1355425586.tmp
- <SD-Card>/Android/####/-135989397.tmp
- <SD-Card>/Android/####/-1401921281.tmp
- <SD-Card>/Android/####/-1534485910.tmp
- <SD-Card>/Android/####/-1571381151.tmp
- <SD-Card>/Android/####/-2030517892.tmp
- <SD-Card>/Android/####/-2039541067.tmp
- <SD-Card>/Android/####/-2065468143.tmp
- <SD-Card>/Android/####/-2066391664.tmp
- <SD-Card>/Android/####/-2067315185.tmp
- <SD-Card>/Android/####/-2067685141.tmp
- <SD-Card>/Android/####/-2079413176.tmp
- <SD-Card>/Android/####/-2093960329.tmp
- <SD-Card>/Android/####/-2094039685.tmp
- <SD-Card>/Android/####/-2122195101.tmp
- <SD-Card>/Android/####/-2145141769.tmp
- <SD-Card>/Android/####/-325945571.tmp
- <SD-Card>/Android/####/-332282183.tmp
- <SD-Card>/Android/####/-37244956.tmp
- <SD-Card>/Android/####/-381392190.tmp
- <SD-Card>/Android/####/-433510311.tmp
- <SD-Card>/Android/####/-455894818.tmp
- <SD-Card>/Android/####/-463879687.tmp
- <SD-Card>/Android/####/-655074423.tmp
- <SD-Card>/Android/####/-916857949.tmp
- <SD-Card>/Android/####/-921470485.tmp
- <SD-Card>/Android/####/-964900356.tmp
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/102237767.tmp
- <SD-Card>/Android/####/1027561993.tmp
- <SD-Card>/Android/####/1097113572.tmp
- <SD-Card>/Android/####/1163899921.tmp
- <SD-Card>/Android/####/1183032219.tmp
- <SD-Card>/Android/####/1318767179.tmp
- <SD-Card>/Android/####/1370466337.tmp
- <SD-Card>/Android/####/1395415682.tmp
- <SD-Card>/Android/####/1528869463.tmp
- <SD-Card>/Android/####/1588274254.tmp
- <SD-Card>/Android/####/1651968152.tmp
- <SD-Card>/Android/####/1710253195.tmp
- <SD-Card>/Android/####/1791149203.tmp
- <SD-Card>/Android/####/1824013939.tmp
- <SD-Card>/Android/####/1871422394.tmp
- <SD-Card>/Android/####/1898360908.tmp
- <SD-Card>/Android/####/1982230579.tmp
- <SD-Card>/Android/####/2026764793.tmp
- <SD-Card>/Android/####/2034675617.tmp
- <SD-Card>/Android/####/2053192240.tmp
- <SD-Card>/Android/####/273379607.tmp
- <SD-Card>/Android/####/310162667.tmp
- <SD-Card>/Android/####/376104094.tmp
- <SD-Card>/Android/####/577815492.tmp
- <SD-Card>/Android/####/5985565.tmp
- <SD-Card>/Android/####/665997638.tmp
- <SD-Card>/Android/####/685697402.tmp
- <SD-Card>/Android/####/728284239.tmp
- <SD-Card>/Android/####/876988631.tmp
- <SD-Card>/Android/####/900879327.tmp
- <SD-Card>/Android/####/92991080.tmp
- <SD-Card>/Android/####/969812617.tmp
- <SD-Card>/test1510146523523
Другие:
Запускает следующие shell-скрипты:
- .kugua
- .kugua -c id
- c201711081550.apk -p <Package> -c <Package>:fff
- cat /sys/class/net/wlan0/address
- chmod 6777 <Package Folder>/files/c201711081550.apk
- logcat -d -v time
- ps
- sh
Загружает динамические библиотеки:
- com.swart
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
