Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) 52.52.2####.56:80
- TCP(HTTP/1.1) go.hotw####.top:80
- TCP(HTTP/1.1) a####.you####.com:80
- TCP(HTTP/1.1) w####.q####.dn.####.com:80
- TCP(HTTP/1.1) d2.ireader####.com:80
- TCP(HTTP/1.1) cdn.app.kac####.####.com:80
- TCP(HTTP/1.1) d1.ireader####.com:80
- TCP(HTTP/1.1) a.appj####.com:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(HTTP/1.1) cdn.game####.org:80
- TCP(TLS/1.0) www.ireader####.com:443
- TCP(TLS/1.0) st####.suiyue####.com.####.com:443
Запросы DNS:
- a####.you####.com
- a.appj####.com
- cdn.app.h####.top
- cdn.app.kac####.cn
- cdn.game####.org
- cdn.img.h####.top
- d1.ireader####.com
- d2.ireader####.com
- fb.u####.com
- go.hotw####.top
- st####.suiyue####.com
- t####.qin####.com
- www.ireader####.com
Запросы HTTP GET:
- a####.you####.com/sx/GetConfigInfo.aspx?ver=####&passID=####&ver=####&cl...
- cdn.app.kac####.####.com/sfile/201711/16/all/cp_V2.8.1.txt
- cdn.app.kac####.####.com/upload/201711/30/img/20171130182651140.png
- cdn.app.kac####.####.com/upload/201712/14/img/20171214144834510.png
- cdn.app.kac####.####.com/upload/201801/29/app/20180129095744533.apk
- cdn.game####.org/strategy/UnknownDev
- cdn.game####.org/strategy/base
- cdn.game####.org/strategy/dev_root
- cdn.game####.org/strategy/dev_root2
- cdn.game####.org/strategy/larger4.3
- cdn.game####.org/strategy/loss_4.3
- cdn.game####.org/strategy/sul18
- cdn.game####.org/strategy/symlink-adbd
- d1.ireader####.com/GoodBooks/Books/cover/2015-01-26/c96e50eb-498f-4cbc-9...
- d1.ireader####.com/GoodBooks/Books/cover/2015-01-28/a7911529-7d23-497b-8...
- d1.ireader####.com/GoodBooks/Books/cover/2015-06-29/a1cf9831-e030-4f7f-b...
- d1.ireader####.com/GoodBooks/Books/cover/2015-08-05/f53843a9-4e97-4e4a-a...
- d1.ireader####.com/GoodBooks/Books/cover/2015-08-31/58a5cf60-5b82-457f-b...
- d1.ireader####.com/GoodBooks/Books/cover/2015-10-14/f366f2ed-746f-4db4-a...
- d1.ireader####.com/GoodBooks/Books/cover/2015-11-03/ff8545ea-e91c-461e-a...
- d1.ireader####.com/GoodBooks/Books/cover/2015-11-27/32efcb2f-821b-4be0-9...
- d1.ireader####.com/GoodBooks/Books/cover/2016-07-01/9e79be7d-68a9-4685-b...
- d1.ireader####.com/GoodBooks/Books/cover/2016-07-07/f6507fc7-7de7-4111-9...
- d1.ireader####.com/GoodBooks/Books/cover/2016-09-08/f86446a4-7bf4-4f63-9...
- d1.ireader####.com/GoodBooks/Books/cover/2016-11-05/72ec7342-7440-4c7b-b...
- d1.ireader####.com/GoodBooks/Books/cover/2017-01-13/d3278a6f-c620-4600-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-03-10/a07b5ba3-55c8-429a-8...
- d1.ireader####.com/GoodBooks/Books/cover/2017-04-11/c4025ad1-76f3-4dc6-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-05-26/689c3f29-5d7e-4d51-8...
- d1.ireader####.com/GoodBooks/Books/cover/2017-06-02/d3328395-600b-40b3-8...
- d1.ireader####.com/GoodBooks/Books/cover/2017-06-12/6e75b679-baf6-4247-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-07-15/7c3f113d-7b24-4e77-b...
- d1.ireader####.com/GoodBooks/Books/cover/2017-07-17/894bb53b-27d6-4d79-8...
- d1.ireader####.com/GoodBooks/Books/cover/2017-08-18/51642350-d17b-4982-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-10-20/b3ae7736-7993-4ac1-a...
- d1.ireader####.com/GoodBooks/Books/cover/2017-10-29/98faa8c5-008b-4dc9-8...
- d1.ireader####.com/GoodBooks/Books/cover/2017-11-01/7b606446-9bc9-40dc-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-11-25/409c2b50-6859-463d-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-12-03/11b301c4-4a50-44b1-8...
- d1.ireader####.com/GoodBooks/Books/cover/2017-12-08/6379d5c6-ab88-462f-a...
- d1.ireader####.com/GoodBooks/Books/cover/2017-12-21/10c202d0-5888-49b7-9...
- d1.ireader####.com/GoodBooks/Books/cover/2017-12-26/807adf2d-f6c9-4ed0-8...
- d1.ireader####.com/GoodBooks/Books/cover/2018-01-19/ab9ba9da-fb91-46cf-a...
- d2.ireader####.com/GoodBooks/Books/cover/2015-01-14/1c585d71-4afb-4772-a...
- d2.ireader####.com/GoodBooks/Books/cover/2015-01-26/c96e50eb-498f-4cbc-9...
- d2.ireader####.com/GoodBooks/Books/cover/2015-03-10/a2f711ff-aae6-455e-b...
- d2.ireader####.com/GoodBooks/Books/cover/2015-03-19/1937d9e3-8a29-4d79-b...
- d2.ireader####.com/GoodBooks/Books/cover/2015-03-23/bd4fee55-f0a2-4558-9...
- d2.ireader####.com/GoodBooks/Books/cover/2015-03-25/46ada586-e5d4-461e-9...
- d2.ireader####.com/GoodBooks/Books/cover/2015-05-21/3153ad5b-df2b-4e2c-8...
- d2.ireader####.com/GoodBooks/Books/cover/2015-05-21/54a06eda-4142-447d-a...
- d2.ireader####.com/GoodBooks/Books/cover/2015-06-29/a1cf9831-e030-4f7f-b...
- d2.ireader####.com/GoodBooks/Books/cover/2015-08-31/e3bfbbf9-5029-4280-8...
- d2.ireader####.com/GoodBooks/Books/cover/2015-09-02/bb37cd59-fa0f-41fb-a...
- d2.ireader####.com/GoodBooks/Books/cover/2015-10-14/f366f2ed-746f-4db4-a...
- d2.ireader####.com/GoodBooks/Books/cover/2015-10-29/4a268329-dbe4-4c20-a...
- d2.ireader####.com/GoodBooks/Books/cover/2015-12-03/3bf728d6-6e75-45bd-8...
- d2.ireader####.com/GoodBooks/Books/cover/2016-02-24/7d9fd626-ef22-42ad-8...
- d2.ireader####.com/GoodBooks/Books/cover/2016-05-25/492e359f-3f56-4036-a...
- d2.ireader####.com/GoodBooks/Books/cover/2016-05-30/9bf7568b-45fa-46cb-8...
- d2.ireader####.com/GoodBooks/Books/cover/2016-06-15/9f3415fd-3b42-44ff-b...
- d2.ireader####.com/GoodBooks/Books/cover/2016-07-25/045fa6f0-32aa-43ba-a...
- d2.ireader####.com/GoodBooks/Books/cover/2016-07-25/e0d6d171-f6c7-4daa-8...
- d2.ireader####.com/GoodBooks/Books/cover/2017-02-28/17b8ac9a-ea8a-42a4-9...
- d2.ireader####.com/GoodBooks/Books/cover/2017-03-02/fdf5f231-6d9f-4abf-9...
- d2.ireader####.com/GoodBooks/Books/cover/2017-03-10/a07b5ba3-55c8-429a-8...
- d2.ireader####.com/GoodBooks/Books/cover/2017-05-03/c34d6917-9ce9-4c21-8...
- d2.ireader####.com/GoodBooks/Books/cover/2017-05-31/edb5c764-b0c7-4025-9...
- d2.ireader####.com/GoodBooks/Books/cover/2017-06-20/8847a238-2680-4719-8...
- d2.ireader####.com/GoodBooks/Books/cover/2017-09-25/1776267c-1bcf-4481-b...
- d2.ireader####.com/GoodBooks/Books/cover/2017-10-28/0cab00ab-148a-4463-8...
- d2.ireader####.com/GoodBooks/Books/cover/2017-11-02/d4508507-8473-4b13-b...
- d2.ireader####.com/GoodBooks/Books/cover/2017-11-14/3741a3f2-16f0-4309-9...
- d2.ireader####.com/GoodBooks/Books/cover/2017-11-16/26c36d4c-4715-4cca-9...
- d2.ireader####.com/GoodBooks/Books/cover/2017-11-21/106baf2e-d1dc-4e21-a...
- d2.ireader####.com/GoodBooks/Books/cover/2017-11-22/bca2c2b1-848c-4684-9...
- d2.ireader####.com/GoodBooks/Books/cover/2017-11-28/a3548f3b-4d47-4f2d-b...
- d2.ireader####.com/GoodBooks/Books/cover/2017-12-09/36992838-65f1-4b0f-9...
- d2.ireader####.com/GoodBooks/Books/cover/2017-12-18/60127fea-5930-4942-b...
- d2.ireader####.com/GoodBooks/Books/cover/2017-12-26/807adf2d-f6c9-4ed0-8...
- d2.ireader####.com/GoodBooks/Books/cover/2018-01-12/0456534c-f14f-4530-a...
- d2.ireader####.com/GoodBooks/Books/cover/2018-01-12/fda31dca-d599-4d72-8...
- w####.q####.dn.####.com/sxsplash20160727_579817d469bca.jpg
- w####.q####.dn.####.com/sxsplash20160727_579817da499fb.jpg
- w####.q####.dn.####.com/sxsplash20160727_579817de0f457.jpg
- w####.q####.dn.####.com/sxsplash20160727_579817e1da72a.jpg
- w####.q####.dn.####.com/sxsplash20160727_57981808344f4.jpg
Запросы HTTP POST:
- a.appj####.com/ad-service/ad/mark
- go.hotw####.top/hadat/aa/vdwci
- go.hotw####.top/hadat/e/r
- go.hotw####.top/hadat/g/exyp
- go.hotw####.top/hadat/rcj/fbx
- go.hotw####.top/hadat/rxblc/jrwr
- go.hotw####.top/jzbdt/fzfnq/fh
- go.hotw####.top/jzbdt/rkiq/ul
- go.hotw####.top/jzbdt/xchhz/jvm/lbvmh
- go.hotw####.top/sdf/l
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/Matrix
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/ddexe
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/debuggerd
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/device.db
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/fileWork
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/insta...ery.sh
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/pidof
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/root3
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/su
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/supolicy
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/toolbox
- <Package Folder>/app_26db9036-ac81-49d4-bf66-89867a566b02/wsroot.sh
- <Package Folder>/app_5a8acf57-c399-4899-a21c-a12c3f285c44/checker.jar
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/Matrix
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/ddexe
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/debuggerd
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/fileWork
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/insta...ery.sh
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/pidof
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/su
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/supolicy
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/toolbox
- <Package Folder>/app_6401ec02-4393-48b5-b51d-a05cc1549b2a/wsroot.sh
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/Matrix
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/ddexe
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/debuggerd
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/fileWork
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/insta...ery.sh
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/pidof
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/su
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/supolicy
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/toolbox
- <Package Folder>/app_914d7332-3b5b-43d3-a573-d0b7061ac08a/wsroot.sh
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/Matrix
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/ddexe
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/debuggerd
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/fileWork
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/insta...ery.sh
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/pidof
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/su
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/supolicy
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/toolbox
- <Package Folder>/app_963d383b-5810-4e71-996b-b0a12fd83cb3/wsroot.sh
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/Matrix
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/ddexe
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/debuggerd
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/fileWork
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/insta...ery.sh
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/pidof
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/su
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/supolicy
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/toolbox
- <Package Folder>/app_b8c58778-ff85-414c-93f8-2f0c740be5c0/wsroot.sh
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/Matrix
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/ddexe
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/debuggerd
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/fileWork
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/insta...ery.sh
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/pidof
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/su
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/supolicy
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/toolbox
- <Package Folder>/app_ebdba627-787e-4c05-bdcc-fdcfb27a6c50/wsroot.sh
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/app_plugin_download/9598adb0-881e-49d0-ab77-822e5a251f87
- <Package Folder>/app_plugin_download/fe80ce02-4d18-4db9-ae35-cc98fc527cbc
- <Package Folder>/app_sslcache/www.ireadercity.com.443
- <Package Folder>/app_subox/1740c449fc10be62df60ba0f18696c9f
- <Package Folder>/app_subox/32edd79a240b5f1e461d069caab1ec3e
- <Package Folder>/app_subox/8b6f263391259b7a8e5f58ee71852ca8
- <Package Folder>/app_subox/b0141e478b25af7c40a8cca8de6c4708
- <Package Folder>/app_subox/b18a021d11a3004d25017230b681476b
- <Package Folder>/app_subox/c61913b615fb6224701377a119081f36
- <Package Folder>/app_subox_download/3819ebce-a6b7-4a36-95c0-c684cd640069
- <Package Folder>/app_subox_download/5f6e5eb1-be47-42da-b726-0bf46db4fb24
- <Package Folder>/app_subox_download/9a98c019-5a39-4431-bd0c-7b5c96f073ab
- <Package Folder>/app_subox_download/bb2562f9-2cf8-4f4e-b469-a17a659ae295
- <Package Folder>/app_subox_download/bf6e6d8a-e4c1-4323-8697-f712607c227f
- <Package Folder>/app_subox_download/d313d798-0058-4a4f-b260-f576e22bd84d
- <Package Folder>/app_subox_download/e8520b15-f5eb-419c-8706-76ef9899cd49
- <Package Folder>/app_subox_download/f4a29793-7ce9-47c9-9297-866333aa3776
- <Package Folder>/databases/aireader_v2-journal
- <Package Folder>/databases/ireader.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/SUBOXLOG_
- <Package Folder>/files/dc.jar
- <Package Folder>/files/qj.jar
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/com_ireader_city_you_qi.xml
- <Package Folder>/shared_prefs/dsi.xml
- <Package Folder>/shared_prefs/jg_app_update_settings_random.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/sfe.xml
- <Package Folder>/shared_prefs/subox.xml
- <Package Folder>/shared_prefs/umeng_feedback_conversations.xml
- <Package Folder>/shared_prefs/umeng_feedback_user_info.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/umeng_message_state.xml
- <Package Folder>/shared_prefs/wv.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.SystemConfig/.did
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.system/.did
- <SD-Card>/AIReader/####/.did
- <SD-Card>/AIReader/####/00180b85fb584e2b97a64f90d502f977jpgx.tmp
- <SD-Card>/AIReader/####/003593366c134990901351afaa06d1f7jpgx.tmp
- <SD-Card>/AIReader/####/003d3cda90444ac189acbb6555991cd6jpgx.tmp
- <SD-Card>/AIReader/####/00432e6b9b564d589825a7ff7563c933jpgx.tmp
- <SD-Card>/AIReader/####/005d64a241c6480899c2cbee77589260jpgx.tmp
- <SD-Card>/AIReader/####/0083cf6782714392aba4044afa5eb893jpgx.tmp
- <SD-Card>/AIReader/####/008f39854dbc436c95188799e80dc83cjpgx.tmp
- <SD-Card>/AIReader/####/00a7959ec2b24185b46602cc9c47f205jpgx.tmp
- <SD-Card>/AIReader/####/00aa259815fd4b5981f9963b5aeffca6jpgx.tmp
- <SD-Card>/AIReader/####/00f9290fd49b45f4af2be4db9e92f35ejpgx.tmp
- <SD-Card>/AIReader/####/00f996a3153149de94c6800debdb55cfjpgx.tmp
- <SD-Card>/AIReader/####/01044ea7022441f3ac04613f9f53040fjpgx.tmp
- <SD-Card>/AIReader/####/012905ab33414b039469b86bb800d269jpgx.tmp
- <SD-Card>/AIReader/####/01558687d1554599a1e6c7c20024181cjpgx.tmp
- <SD-Card>/AIReader/####/18105590628443d59c30318c7eb57f85jpgx.tmp
- <SD-Card>/AIReader/####/1bc1d1f3233d46fbb4b7e0f7bfe04bc0jpgx.tmp
- <SD-Card>/AIReader/####/1cbd8d74a48a46609f660b6dd9dcdc68jpgx.tmp
- <SD-Card>/AIReader/####/1cf642ef8f8a41f28fc1003dd0c23eb8jpgx.tmp
- <SD-Card>/AIReader/####/21185340a96d4d068c8c1700c11e5116jpgx.tmp
- <SD-Card>/AIReader/####/29f794b143924ab29693deae51ad40eajpgx.tmp
- <SD-Card>/AIReader/####/2b2bc73ad2ce41e89a51d158f3d734f9jpgx.tmp
- <SD-Card>/AIReader/####/2c5b53667c3b4a3bab27587d07ba91a6jpgx.tmp
- <SD-Card>/AIReader/####/36f8068c1f9f4337addc9b4c8103b4a6jpgx.tmp
- <SD-Card>/AIReader/####/3e6d272050844ec2a64d3887a80e35efjpgx.tmp
- <SD-Card>/AIReader/####/441d684236714b9bbab87440ad91443fjpgx.tmp
- <SD-Card>/AIReader/####/460c0bd2de9a4a44a1c8674a8a337370jpgx.tmp
- <SD-Card>/AIReader/####/4a288aac6ce647e7a95b0b63d353dfe6jpgx.tmp
- <SD-Card>/AIReader/####/53d07a4d4c564a53bc077372aba4584cjpgx.tmp
- <SD-Card>/AIReader/####/53d07a4d4c564a53bc077372aba4584cjpgx_bak
- <SD-Card>/AIReader/####/553f3d16dd574f4cb77bff71939f7a44jpgx.tmp
- <SD-Card>/AIReader/####/5769df25042e480990d939dbe157fbccjpgx.tmp
- <SD-Card>/AIReader/####/5ccfdd18bc47443689b39601b2704132jpgx.tmp
- <SD-Card>/AIReader/####/744e634b119e4de08f4a9cc2250f110bjpgx.tmp
- <SD-Card>/AIReader/####/81afa8789543424cbb564cdc157767b4jpgx.tmp
- <SD-Card>/AIReader/####/82a224a38b2144ad8e1d7293af8d680ajpgx.tmp
- <SD-Card>/AIReader/####/840bf0ce1d394f9baf7ff67b56f30f61jpgx.tmp
- <SD-Card>/AIReader/####/8c05dcdd707f40b6be5fbe4d22dbe416jpgx.tmp
- <SD-Card>/AIReader/####/93914d5262244d4d95eaab67741fef7djpgx.tmp
- <SD-Card>/AIReader/####/982d4d5c6e134d81be8a7421f3ce16fejpgx.tmp
- <SD-Card>/AIReader/####/9b84db4903c947718fa0db9347b75f4ejpgx.tmp
- <SD-Card>/AIReader/####/9cdd93574105464f9771837e392caa4cjpgx.tmp
- <SD-Card>/AIReader/####/9d3fc522b7df4719a5ab01317bcbb213jpgx.tmp
- <SD-Card>/AIReader/####/a2ad623e227f41efba763ed6ab29e184jpgx.tmp
- <SD-Card>/AIReader/####/adv_self_config.dat
- <SD-Card>/AIReader/####/aedf271398ce4318a8ab7376dc452ef3jpgx.tmp
- <SD-Card>/AIReader/####/b27d4601e024480dbcb49c7b8213403ejpgx.tmp
- <SD-Card>/AIReader/####/b495e9b231134ebfbd0d9a95a6a10200jpgx.tmp
- <SD-Card>/AIReader/####/b4c02e54d618432ea61ce720d3e5d0cfjpgx.tmp
- <SD-Card>/AIReader/####/c6d00581e9604ef19de75a9f386129eajpgx.tmp
- <SD-Card>/AIReader/####/ca84bbe39a4745babc4ed227265450fejpgx.tmp
- <SD-Card>/AIReader/####/cd6cc6128c2f436e93358fa3d7e912c2jpgx.tmp
- <SD-Card>/AIReader/####/cfg_rank.data
- <SD-Card>/AIReader/####/config.data
- <SD-Card>/AIReader/####/d175c6abf2aa429192c6f3b056a1db9bjpgx.tmp
- <SD-Card>/AIReader/####/d274ac52bd3f4365a89b42c02188f5bbjpgx.tmp
- <SD-Card>/AIReader/####/d2d995edddff44449cdd746671d511d6jpgx.tmp
- <SD-Card>/AIReader/####/d4df77c8161942899bd11597f4e5b29fjpgx.tmp
- <SD-Card>/AIReader/####/d9c4d56f8200487184dbb13c0cdc4b99jpgx.tmp
- <SD-Card>/AIReader/####/e633d17d73034fb68fc0786fcfc14fe0jpgx.tmp
- <SD-Card>/AIReader/####/eceb44516cda4ddf9636a60adf7ba1c2jpgx.tmp
- <SD-Card>/AIReader/####/edede334275c4837b95641aa4ef94afdjpgx.tmp
- <SD-Card>/AIReader/####/ef87ae0d5fdc472abc142fd242d68f45jpgx.tmp
- <SD-Card>/AIReader/####/f3c590f30e9f4c67a808d253894a7ff6jpgx.tmp
- <SD-Card>/AIReader/####/fcaef69021d3423b9b546c4f8962e3c9jpgx.tmp
- <SD-Card>/AIReader/####/fcc821d12a74490c9ca6a6771ee44df9jpgx.tmp
- <SD-Card>/AIReader/####/fce42527a81444a595a1dc01d8b58113jpgx.tmp
- <SD-Card>/AIReader/####/fd065c1ba03d417da1290928657327cfjpgx.tmp
- <SD-Card>/AIReader/####/ff653b1b4017457ba157198761f8345ejpgx.tmp
- <SD-Card>/AIReader/####/home_infos_1.dat
- <SD-Card>/AIReader/####/home_infos_2.dat
- <SD-Card>/AIReader/####/import.dat
- <SD-Card>/AIReader/####/releated_list_00180b85fb584e2b97a64f90d502f977.dat
- <SD-Card>/AIReader/####/releated_list_aedf271398ce4318a8ab7376dc452ef3.dat
- <SD-Card>/AIReader/####/sxsplash20160727_579817d469bca.jpgx_bak
- <SD-Card>/AIReader/####/sxsplash20160727_579817da499fb.jpgx_bak
- <SD-Card>/AIReader/####/sxsplash20160727_579817de0f457.jpgx_bak
- <SD-Card>/AIReader/####/sxsplash20160727_579817e1da72a.jpgx_bak
- <SD-Card>/AIReader/####/sxsplash20160727_57981808344f4.jpgx_bak
- <SD-Card>/Android/####/2bf173392a472728666d3e5271ef44e8.apk
- <SD-Card>/Android/####/7821153e5b964
- <SD-Card>/Android/####/V2.8.1.txt
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/b08ffbe76bc53
- <SD-Card>/Android/.did
- <SD-Card>/data/.did
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/2bf173392a472728666d3e5271ef44e8.apk
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- sh
Загружает динамические библиотеки:
- _df301
- libjiagu
- smssdk
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- DES
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Отрисовывает собственные окна поверх других приложений.
