Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) img.su####.com.####.com:80
- TCP(HTTP/1.1) mch.sz####.com:80
- TCP(HTTP/1.1) hm.b####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) idu####.qini####.com:80
- TCP(HTTP/1.1) ping####.qq.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) q.q####.cn:80
- TCP(HTTP/1.1) 2####.243.193.47:80
- TCP(HTTP/1.1) t.si####.net:80
- TCP(HTTP/1.1) img-a####.b0.upa####.com:80
- TCP(HTTP/1.1) nm.a####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) c####.im.qq.com:80
- TCP(HTTP/1.1) d####.ol####.com:8085
- TCP(HTTP/1.1) ipswitc####.fmscach####.ou####.com:80
- TCP(HTTP/1.1) sa.meme####.com:80
- TCP(HTTP/1.1) api.meme####.com:80
- TCP(HTTP/1.1) f.xingch####.com.####.com:80
- TCP(TLS/1.0) sa.meme####.com:9001
- TCP(TLS/1.0) c####.im.ta####.com:443
- TCP(TLS/1.0) 301.disp####.spcd####.com:443
- TCP(TLS/1.0) img.su####.com.####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) api.meme####.com:443
Запросы DNS:
- a####.u####.com
- and####.b####.qq.com
- api.map.b####.com
- api.meme####.com
- app.su####.com
- c####.im.qq.com
- c####.im.ta####.com
- d####.ol####.com
- dl.su####.com
- f.xingch####.com
- hm.b####.com
- img-a####.b0.upa####.com
- img.lezh####.com
- img.su####.com
- js.fund####.cn
- lib.su####.com
- loc.map.b####.com
- m.2####.com
- mch.sz####.com
- p####.ws.su####.com
- pi####.qq.com
- ping####.qq.com
- q.q####.cn
- sa.meme####.com
- t.si####.net
- ws.meme####.com
Запросы HTTP GET:
- api.meme####.com/activity/packet_list
- api.meme####.com/app/index
- api.meme####.com/appload/load_page?qd=####
- api.meme####.com/properties/list
- api.meme####.com/public/blackword_list/0
- api.meme####.com/public/blackword_list/1
- api.meme####.com/public/inform?size=####&type=####
- api.meme####.com/public/poster/2
- api.meme####.com/public/room_list?sort=####&page=####&live=####&live_typ...
- api.meme####.com/public/t_hex
- api.meme####.com/show/bell_gift_list
- api.meme####.com/show/cars_list
- api.meme####.com/show/gift_list
- api.meme####.com/show/gift_list?app_live=####
- api.meme####.com/statistic/welcome_event?date=####&button=####&qd=####&i...
- api.meme####.com/zone/mission_num
- c####.im.qq.com/cgi-bin/cgi_svrtime
- d####.ol####.com:8085/hladserver/jsonp/999?jsonpCallBack=####&channelId=...
- f.xingch####.com.####.com/201801/wet.jar
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&ep=####&et=#...
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&et=####&ja=#...
- hm.b####.com/hm.gif?cc=0&ck=1&cl=16-bit&ds=800x600&vl=833&ep=1443,1443&e...
- hm.b####.com/hm.js?a97087b####
- idu####.qini####.com/1/1/1203265_0.jpg?v=####
- idu####.qini####.com/1/1/1515656966273.jpg
- idu####.qini####.com/11/3/4482059_0.jpg?v=####
- idu####.qini####.com/17/1/58327121_0.jpg?v=####
- idu####.qini####.com/18/2/21443794_0.jpg?v=####
- idu####.qini####.com/19/3/37346067_0_200200.jpg?v=####
- idu####.qini####.com/20/4/51354644_0_200200.jpg?v=####
- idu####.qini####.com/22/6/1510811892246.jpg
- idu####.qini####.com/25/1/59286105_0_200200.jpg?v=####
- idu####.qini####.com/26/2/51390810_0_200200.jpg?v=####
- idu####.qini####.com/31/7/1515049846751.jpg
- idu####.qini####.com/32/0/58530464_0.jpg?v=####
- idu####.qini####.com/33/1/25737953_0.jpg?v=####
- idu####.qini####.com/36/4/47836324_0.jpg?v=####
- idu####.qini####.com/37/5/1515656979173.jpg
- idu####.qini####.com/45/5/1201389_0.jpg?v=####
- idu####.qini####.com/45/5/51372909_0.jpg?v=####
- idu####.qini####.com/48/0/38228144_0.jpg?v=####
- idu####.qini####.com/49/1/60829745_0.jpg?v=####
- idu####.qini####.com/56/0/1208056_0_200200.jpg?v=####
- idu####.qini####.com/56/0/38487608_0.jpg?v=####
- idu####.qini####.com/59/3/1452150023355.jpg
- idu####.qini####.com/6/6/1202566_0_200200.jpg?v=####
- idu####.qini####.com/6/6/7003014_0.jpg?v=####
- idu####.qini####.com/60/4/56396988_0.jpg?v=####
- idu####.qini####.com/7/7/54146247_0.jpg?v=####
- idu####.qini####.com/9/1/39412297_0.jpg?v=####
- idu####.qini####.com/9/1/42195849_0.jpg?v=####
- img-a####.b0.upa####.com/
- img-a####.b0.upa####.com/21873099/1001/0af0652ae51e3f2edfa42dbbf291b6e4....
- img-a####.b0.upa####.com/32368598/0112/114341d425055c329435f03e17e6e87b....
- img-a####.b0.upa####.com/39415081/1217/6e11f4f5a93804bb76cd7ec9f7d945a5....
- img-a####.b0.upa####.com/44742564/0125/d1701c23ad28f470e5c53e<SMS Addres...
- img-a####.b0.upa####.com/46719380/0119/a622458f141d8b38dba4a46842f56f3a....
- img-a####.b0.upa####.com/47836324/0119/09b0d0ed7c46019adf6aee7dd54e2358....
- img-a####.b0.upa####.com/47836324?clickfrom=####
- img-a####.b0.upa####.com/50952556/1201/84ada19adb2f74b24416c89b8e3f34d7....
- img-a####.b0.upa####.com/51328399/1210/aa0d40bc0a8c4e4908c06d40afd2006b....
- img-a####.b0.upa####.com/51823985/0122/d6695ebdd6fe1355cbc7761942c19055....
- img-a####.b0.upa####.com/53559016/0813/4c65967b20e20014d2c7c2ed9088776a....
- img-a####.b0.upa####.com/56017591/1221/c5ed4c0ba058867c725e4b2405538a47....
- img-a####.b0.upa####.com/56315596/0111/9d6e1c386cd3a44ca13f52b3f9928e27....
- img-a####.b0.upa####.com/58319674/0123/0435c4d6fad04ced6159327b3da09360....
- img-a####.b0.upa####.com/60545534/0119/ad21ad424a1485dc6fbe2b38bd9d22dc....
- img-a####.b0.upa####.com/60588784/0126/a833fa7fa3f5f367bba2ec12ec545f84....
- img-a####.b0.upa####.com/60845253/0125/1f3b1e95f53b4e41615b930ef4fefa91....
- img-a####.b0.upa####.com/7904174/0117/cf644ed4f96dc1deaa5ff1276039c8d7.j...
- img-a####.b0.upa####.com/activity/2017/weekstar.html?weekstar=####
- img.su####.com.####.com/11/3/1463043658379.jpg
- img.su####.com.####.com/11/3/1485169680971.jpg
- img.su####.com.####.com/13/5/1429582714317.jpg
- img.su####.com.####.com/13/5/1461739023373.jpg
- img.su####.com.####.com/14/6/1493348043470.jpg
- img.su####.com.####.com/17/1/1486433151121.jpg
- img.su####.com.####.com/17/1/1494842897425.jpg
- img.su####.com.####.com/19/3/1449108603603.jpg
- img.su####.com.####.com/2/2/1490841039042.jpg
- img.su####.com.####.com/20/4/1492536061844.jpg
- img.su####.com.####.com/23/7/1442305926679.jpg
- img.su####.com.####.com/2339/m/static/base/styles/font/iconfont_4f7fd81....
- img.su####.com.####.com/2339/m/static/base/styles/images/icon-base2_d267...
- img.su####.com.####.com/2339/m/static/base/styles/images/search-icon_8bd...
- img.su####.com.####.com/2339/m/static/base/styles/public_dd676a6.css
- img.su####.com.####.com/2339/m/static/base/styles/theme/logo_9417166.png
- img.su####.com.####.com/2339/m/static/page/activity/2017/goldtop30/goldt...
- img.su####.com.####.com/2339/m/static/page/activity/2017/weekstar/images...
- img.su####.com.####.com/2339/m/static/page/activity/2017/weekstar/weekst...
- img.su####.com.####.com/2339/m/static/page/index/dropload_3ce2455.js
- img.su####.com.####.com/2339/m/static/page/index/dropload_f758ae0.css
- img.su####.com.####.com/2339/m/static/page/index/index_2072921.css
- img.su####.com.####.com/2339/m/static/page/index/index_cd4a8a9.js
- img.su####.com.####.com/2339/m/static/page/index/jquery.mobile_fea5da4.js
- img.su####.com.####.com/2339/m/static/page/index/tmpl_109bf56.js
- img.su####.com.####.com/2339/m/static/page/index/wawa_2283120.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/activity/2017/tr...
- img.su####.com.####.com/2339/m/static/page/live/scripts/activity_3ce996f...
- img.su####.com.####.com/2339/m/static/page/live/scripts/auth_d877ca1.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/banner_6e4d43e.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/car_05d8dca.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/game/card_0bbdd7...
- img.su####.com.####.com/2339/m/static/page/live/scripts/game/egg_8fe735f...
- img.su####.com.####.com/2339/m/static/page/live/scripts/game/football_2f...
- img.su####.com.####.com/2339/m/static/page/live/scripts/game/racing_cfe4...
- img.su####.com.####.com/2339/m/static/page/live/scripts/main_a06bb3d.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/notice_34052f3.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/pay_e0702bc.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/room_afd64f9.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/socket_2b15e75.js
- img.su####.com.####.com/2339/m/static/page/live/scripts/video_8463aaa.js
- img.su####.com.####.com/2339/m/static/page/live/styles/live_f97c454.css
- img.su####.com.####.com/2339/m/static/page/live_common/js/bag_a716be1.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/chatAuth_5c15d...
- img.su####.com.####.com/2339/m/static/page/live_common/js/chat_e8924b4.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/extra_54b7d10.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/fans_34b45e1.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/gift_36074a7.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/maoer_fad1113.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/menu_fb33d00.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/message_1a5669...
- img.su####.com.####.com/2339/m/static/page/live_common/js/seat_b9b1724.js
- img.su####.com.####.com/2339/m/static/page/live_common/js/socketHandle_d...
- img.su####.com.####.com/2339/m/static/page/live_common/js/socketTmpl_653...
- img.su####.com.####.com/2339/m/static/page/live_common/js/union_8d8bf60.js
- img.su####.com.####.com/2339/m/static/page/live_common/styles/images/all...
- img.su####.com.####.com/2339/m/static/page/live_common/styles/images/app...
- img.su####.com.####.com/2339/m/static/page/live_common/styles/images/cha...
- img.su####.com.####.com/2339/m/static/page/live_common/styles/images/mao...
- img.su####.com.####.com/2339/m/static/page/live_common/styles/images/mil...
- img.su####.com.####.com/2339/m/static/page/live_common/styles/images/mor...
- img.su####.com.####.com/2339/m/static/page/live_common/styles/images/top...
- img.su####.com.####.com/2339/m/static/page/live_common/styles/live_156f1...
- img.su####.com.####.com/2339/m/static/page/live_common/template/gift_a50...
- img.su####.com.####.com/2339/m/static/page/live_common/template/main_df3...
- img.su####.com.####.com/2339/m/static/page/live_common/template/msg_438c...
- img.su####.com.####.com/2339/m/static/pkg/base_f58e8a6.js
- img.su####.com.####.com/24/0/1480556318040.jpg
- img.su####.com.####.com/28/4/1426750171036.jpg
- img.su####.com.####.com/30/6/1485169565598.jpg
- img.su####.com.####.com/34/2/1457664359778.jpg
- img.su####.com.####.com/35/3/1492522643811.jpg
- img.su####.com.####.com/35/3/1498551790819.jpg
- img.su####.com.####.com/36/4/1435644545252.jpg
- img.su####.com.####.com/36/4/1478766324580.jpg
- img.su####.com.####.com/43/3/1415844338219.jpg
- img.su####.com.####.com/43/3/1457664322283.jpg
- img.su####.com.####.com/44/4/1493376914860.jpg
- img.su####.com.####.com/45/5/1418008399917.jpg
- img.su####.com.####.com/45/5/1469503457837.jpg
- img.su####.com.####.com/46/6/1516962328494.jpg
- img.su####.com.####.com/47/7/1493376723055.jpg
- img.su####.com.####.com/48/0/1442211575216.jpg
- img.su####.com.####.com/51/3/1404113662771.jpg
- img.su####.com.####.com/53/5/1404113732021.jpg
- img.su####.com.####.com/54/6/1494917034358.jpg
- img.su####.com.####.com/56/0/1501830032760.jpg
- img.su####.com.####.com/57/1/1493376699001.jpg
- img.su####.com.####.com/58/2/1492522201210.jpg
- img.su####.com.####.com/58/2/1498638914490.jpg
- img.su####.com.####.com/6/6/1432694554502.jpg
- img.su####.com.####.com/60/4/1490841324412.jpg
- img.su####.com.####.com/63/7/1503554774655.jpg
- img.su####.com.####.com/9/1/1422624662729.jpg
- img.su####.com.####.com/base/scripts/--/jquery.js,util/oo.js,util/json2....
- img.su####.com.####.com/base/styles/--/normalize.css,level/level_h5.css
- img.su####.com.####.com/base/styles/level/images_3/anchor/11-15.png
- img.su####.com.####.com/base/styles/level/images_3/anchor/16-25.png
- img.su####.com.####.com/base/styles/level/images_3/anchor/26-35.png
- img.su####.com.####.com/base/styles/level/images_3/anchor/36-45.png
- img.su####.com.####.com/base/styles/level/images_3/anchor/46-55.png
- ipswitc####.fmscach####.ou####.com/10000?ws_getip=####
- mch.sz####.com/adv.do?ge####&distributionId=####&openId=####
- nm.a####.com/app/memezhibo.apk
- ping####.qq.com/pingd?dm=####&pvi=####&si=####&url=####&arg=####&ty=####...
- ping####.qq.com/pingd?dm=####&pvi=####&si=####&url=####&arg=cli####&ty=#...
- q.q####.cn/qqapp/101118713/41177DD3F21AA7341345D513EA2D2A9E/100
- s####.tc.qq.com/h5/stats.js
- sa.meme####.com/api/vtrack/config/Android.conf
Запросы HTTP POST:
- a####.u####.com/app_logs
- and####.b####.qq.com/rqd/async
- loc.map.b####.com/offline_loc
- loc.map.b####.com/sdk.php
- t.si####.net/t1?requestId=####&g=####
- t.si####.net/t2
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/f_00000c
- <Package Folder>/cache/####/f_00000d
- <Package Folder>/cache/####/f_00000e
- <Package Folder>/cache/####/f_00000f
- <Package Folder>/cache/####/f_000010
- <Package Folder>/cache/####/f_000011
- <Package Folder>/cache/####/f_000012
- <Package Folder>/cache/####/f_000013
- <Package Folder>/cache/####/f_000014
- <Package Folder>/cache/####/f_000015
- <Package Folder>/cache/####/f_000016
- <Package Folder>/cache/####/f_000017
- <Package Folder>/cache/####/f_000018
- <Package Folder>/cache/####/f_000019
- <Package Folder>/cache/####/f_00001a
- <Package Folder>/cache/####/f_00001b
- <Package Folder>/cache/####/f_00001c
- <Package Folder>/cache/####/f_00001d
- <Package Folder>/cache/####/f_00001e
- <Package Folder>/cache/####/f_00001f
- <Package Folder>/cache/####/f_000020
- <Package Folder>/cache/####/f_000021
- <Package Folder>/cache/####/f_000022
- <Package Folder>/cache/####/f_000023
- <Package Folder>/cache/####/f_000024
- <Package Folder>/cache/####/f_000025
- <Package Folder>/cache/####/f_000026
- <Package Folder>/cache/####/index
- <Package Folder>/cache/AllRoomList
- <Package Folder>/cache/BANNER
- <Package Folder>/cache/BELL_GIFT_LIST
- <Package Folder>/cache/CHEST_GIFT_LIST
- <Package Folder>/cache/GIFT_LIST
- <Package Folder>/cache/KEY_WORD
- <Package Folder>/cache/MISSION_COUNT
- <Package Folder>/cache/MOBILE_GIFT_LIST
- <Package Folder>/cache/MOUNT_MALL
- <Package Folder>/cache/MixRoomList
- <Package Folder>/cache/PLAZA_DATA
- <Package Folder>/cache/PROPERTIES_LIST
- <Package Folder>/cache/RECHARGE_AWARD
- <Package Folder>/cache/RED_PACKET_LIST
- <Package Folder>/cache/RTMP_BACKUP_IP
- <Package Folder>/cache/SENSITIVE_WORD
- <Package Folder>/cache/last_cache_time
- <Package Folder>/databases/UmengLocalNotificationStore.db-journal
- <Package Folder>/databases/bugly_db_-journal
- <Package Folder>/databases/downloadswc
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/databases/sensorsdata
- <Package Folder>/databases/sensorsdata-journal
- <Package Folder>/databases/show.db-journal
- <Package Folder>/databases/user_message_record.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/firll.dat
- <Package Folder>/files/####/ofl.config
- <Package Folder>/files/####/ofl_location.db
- <Package Folder>/files/####/ofl_location.db-journal
- <Package Folder>/files/####/ofl_statistics.db
- <Package Folder>/files/####/ofl_statistics.db-journal
- <Package Folder>/files/.imprint
- <Package Folder>/files/flag
- <Package Folder>/files/libcuid.so
- <Package Folder>/files/local_crash_lock
- <Package Folder>/files/mobclick_agent_cached_<Package>2018012518
- <Package Folder>/files/security_info
- <Package Folder>/files/shuzilm.db
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/<Package>_prefs.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/AppStore.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/Zego_live_demo2.xml
- <Package Folder>/shared_prefs/com.sensorsdata.analytics.android...PI.xml
- <Package Folder>/shared_prefs/jg_so_upgrade_setting.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/sensorsdata.xml
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/xx.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/0216af1a1dc04092aacc9b044bfec4e3.tmp
- <SD-Card>/Android/####/03c74f856738cca9a2588caeb9b4dd44.tmp
- <SD-Card>/Android/####/0727586962d6f893febaf3b089b5de03.tmp
- <SD-Card>/Android/####/0917fc2ee5214b7f3e391c2e86c42d4d.tmp
- <SD-Card>/Android/####/0e6ec971071ad8db2fcb8a62e5e2bb96.tmp
- <SD-Card>/Android/####/0ebe3541e6e005b9fc915de4d8142d38.tmp
- <SD-Card>/Android/####/0efba33624d1faf5abdd4c1eda93ff67.tmp
- <SD-Card>/Android/####/10f2da58401c491a31734f02df6c2091.tmp
- <SD-Card>/Android/####/15872ce8e587d00dce665b6b5b4031e2.tmp
- <SD-Card>/Android/####/16fe23ab70e74be86f27e58207a1ddd8.tmp
- <SD-Card>/Android/####/3bf015aabfe0b451c30e16bba52c6f5a.tmp
- <SD-Card>/Android/####/3c8f3f7357420728549bc4c3f02313ee.tmp
- <SD-Card>/Android/####/42e88ab413fe05003ab095510a197dc6.tmp
- <SD-Card>/Android/####/43e23fd3b22079b6e73f28dbe19bf2cd.tmp
- <SD-Card>/Android/####/49d97af79a54049db74bcd7a6101a0c7.tmp
- <SD-Card>/Android/####/5643d254841aea1ff23d34afcd2081bc.tmp
- <SD-Card>/Android/####/5cd92f2ed9c4eb26eef527b06650a8a1.tmp
- <SD-Card>/Android/####/6364b24e8897313880a1b4476916a444.tmp
- <SD-Card>/Android/####/66165ce8d3fa4a90b31d1fa94edd33fb.tmp
- <SD-Card>/Android/####/68cd67bc014b1a54833bfe65d5545cbc.tmp
- <SD-Card>/Android/####/6c60b819c8552f4b9440edfe8528f9bc.tmp
- <SD-Card>/Android/####/6de519f204d879d284de5d86a477802a.tmp
- <SD-Card>/Android/####/6e4e0d52fbfad9c8d09b141c1c728b18.tmp
- <SD-Card>/Android/####/6ef2918ea71b0ad15173eec12d6f7eae.tmp
- <SD-Card>/Android/####/73374ce881f699a00170c6c65b55b336.tmp
- <SD-Card>/Android/####/7670a6b9fe7c6b592de28d37daacadb5.tmp
- <SD-Card>/Android/####/78f8c1075332ea692601299a45d47f93.tmp
- <SD-Card>/Android/####/7ee0bd8f0911d5964fc742be3c06d03c.tmp
- <SD-Card>/Android/####/81b6ba4b52487087417dc92354592d79.tmp
- <SD-Card>/Android/####/83468ba11ea69b3d294ef52d417e58b7.tmp
- <SD-Card>/Android/####/97dd6d8c02250ce39684e659d1af4931.tmp
- <SD-Card>/Android/####/_driver.dat
- <SD-Card>/Android/####/_system.dat
- <SD-Card>/Android/####/a3e81ed08676518323ffd82cb4ad9e46.tmp
- <SD-Card>/Android/####/ac95960639dbe65e89f6121d79179673.tmp
- <SD-Card>/Android/####/af08cde4e56cbc664559539cb70b5204.tmp
- <SD-Card>/Android/####/b0eff06b9ce7b1e2c7b6cf8c6ec5dd27.tmp
- <SD-Card>/Android/####/ba732d7f274e3aa3ce09ea7192f5fa66.tmp
- <SD-Card>/Android/####/bcf7746ac52cc0510a3b87e92680088a.tmp
- <SD-Card>/Android/####/c1350429f955cfb23de752bfd63847d0.tmp
- <SD-Card>/Android/####/c97540e3de70c264e72c0b8948b84a76.tmp
- <SD-Card>/Android/####/cba6253375d0586ab1cdffa6d5ee3124.tmp
- <SD-Card>/Android/####/cdfe164bc000b76000527e9cb04284cf.tmp
- <SD-Card>/Android/####/config.dat
- <SD-Card>/Android/####/d4435119712305fdcbfd02ea6fc15139.tmp
- <SD-Card>/Android/####/d447e43bd49eb61fdb1f2998f3ab60d0.tmp
- <SD-Card>/Android/####/da454718512f1a952ffe0083d8a46783.tmp
- <SD-Card>/Android/####/e5a1634186165454b605737662cf5675.tmp
- <SD-Card>/Android/####/f12cd7222deb782bef0f705f2941b895.tmp
- <SD-Card>/Android/####/fa822078ffcb846d82781954ee47a1d5.tmp
- <SD-Card>/Android/####/lut
- <SD-Card>/Download/####/5.0wet.jar.t
- <SD-Card>/Download/memezhibo.apk
- <SD-Card>/backups/####/.cuid
- <SD-Card>/backups/####/.cuid2
- <SD-Card>/baidu/####/conlts.dat
- <SD-Card>/baidu/####/ller.dat
- <SD-Card>/baidu/####/ls.db
- <SD-Card>/baidu/####/ls.db-journal
- <SD-Card>/dt/restime.dat
- <SD-Card>/test.0
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop androVM.vbox_dpi
- /system/bin/sh -c getprop gsm.sim.state
- /system/bin/sh -c getprop gsm.sim.state2
- /system/bin/sh -c getprop qemu.sf.fake_camera
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.debuggable
- /system/bin/sh -c getprop ro.genymotion.version
- /system/bin/sh -c getprop ro.secure
- /system/bin/sh -c type su
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- getprop androVM.vbox_dpi
- getprop gsm.sim.state
- getprop gsm.sim.state2
- getprop ro.board.platform
- getprop ro.genymotion.version
- ls /dev/socket
- netstat
- service call iphonesubinfo 1
- sh -c cat /proc/cpuinfo
- sh -c cat /proc/net/arp
- sh -c cat /proc/sys/kernel/osrelease
- sh -c cat /proc/sys/kernel/random/boot_id
- sh -c cat /proc/sys/kernel/random/uuid
Загружает динамические библиотеки:
- Bugly
- du
- game
- libjiagu
- locSDK6a
- openal
- zegoavkit
- zegoavkit2_jni
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
- RSA
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
