Техническая информация
Вредоносные функции:
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.0) tcms-a####.wan####.ta####.com:443
- TCP(HTTP/1.1) w####.q####.dn.####.com:80
- TCP(HTTP/1.1) c.d####.mob.com:80
- TCP(HTTP/1.1) hotp####.wan####.ta####.com:80
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) s.haowa####.com:8900
- TCP(HTTP/1.1) haowa####.oss.aliy####.com:80
- TCP(HTTP/1.1) m.d####.mob.com:80
- TCP(HTTP/1.1) msg.umengc####.com:80
- TCP(HTTP/1.1) tcms-op####.wan####.ta####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) a####.m.ta####.com:80
- TCP(HTTP/1.1) w####.ta####.com:80
- TCP(HTTP/1.1) a####.a####.m.####.com:80
- TCP(SSL/3.0) a####.a####.m.####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) msg.umengc####.com:443
- TCP(TLS/1.0) s.haowa####.com:8008
- TCP(TLS/1.0) a####.a####.m.####.com:443
- TCP ope####.m.ta####.com:443
- TCP umengj####.m.ta####.com:80
- TCP 2####.204.101.107:80
- TCP zhizhi####.com:5222
Запросы DNS:
- _ja####._####.zhizhi####.com
- _xmpp-c####._####.zhizhi####.com
- a####.exc.mob.com
- a####.m.ta####.com
- a####.m.ta####.com
- a####.u####.com
- ag####.m.ta####.com
- c.d####.mob.com
- haowa####.oss.aliy####.com
- haowa####.qin####.com
- hotp####.wan####.ta####.com
- m.d####.mob.com
- msg.umengc####.com
- s.haowa####.com
- tcms-a####.wan####.ta####.com
- tcms-op####.wan####.ta####.com
- umen####.m.ta####.com
- umengj####.m.ta####.com
- w####.ta####.com
- www.go####.com
- zhizhi####.com
Запросы HTTP GET:
- haowa####.oss.aliy####.com/10dd544cf21503aa7b492b1f91a3ab66
- haowa####.oss.aliy####.com/16be7629655a5c087451716f6d068438
- haowa####.oss.aliy####.com/30dbd252b83fccb8afcd71d275304416
- haowa####.oss.aliy####.com/44bf5fe6ad3d8f9bbb37c0f04e373e6f
- haowa####.oss.aliy####.com/46534669db8eeb1d00844d5d5f4ac387
- haowa####.oss.aliy####.com/4aa0cfacc884c4268c4406234540cb29
- haowa####.oss.aliy####.com/53979bed61fcea7c79ae3988fab2c50c
- haowa####.oss.aliy####.com/5fd3ab3d35e40acb1133f2ffd09fe27c
- haowa####.oss.aliy####.com/61ed29be3002935322d9d40905076ffa
- haowa####.oss.aliy####.com/914e02f7d41bf3f5cbf8ff44329a4fea
- haowa####.oss.aliy####.com/a4b88e6250b7e91bcbc3dc91238ed55a
- haowa####.oss.aliy####.com/a580a7728b92a1c1f7f5fd69ca56b576
- haowa####.oss.aliy####.com/a795a88c45d030ae767b30b6b80d65fd
- haowa####.oss.aliy####.com/a82c042ca8096aef00d05443f2938de9
- haowa####.oss.aliy####.com/c3711b88e51235e2a5724a9fe2f6d5cd
- haowa####.oss.aliy####.com/ccd68c03d9e622146ccaa30f83c26e7f
- haowa####.oss.aliy####.com/d004797d132a0e96d458e7e4671669e7
- haowa####.oss.aliy####.com/d0cc1cd5714299ac5a7907851c35958f
- haowa####.oss.aliy####.com/ea7beab11fe24c4c3d545a3e80799102
- haowa####.oss.aliy####.com/f128401176f50bf01fb31b1e413e9540
- haowa####.oss.aliy####.com/f5a9c527e4d5c59ecdb2d8c67304646a
- hotp####.wan####.ta####.com/patch?version=####&patchver=####&platform=##...
- m.d####.mob.com/v3/cconf?appkey=####&plat=####&apppkg=####&appver=####&n...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetAppreClassInfo?jid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/GetAppreciation?jid=####&acti...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetComList?noteid=####&visid=...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetInvcode?jid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/GetNewsList?jid=####&newsid=#...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetNoteContent?noteid=####&ji...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetNoteInfo?noteid=####&jid=#...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetRecomUser?page=####&subtyp...
- s.haowa####.com:8900/RegisterDemo1/servlet/GetUserInfo?jid=####&vsjid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/SyncSp?jid=####
- s.haowa####.com:8900/RegisterDemo1/servlet/UpLoadUmToken?jid=####&passwd...
- tcms-a####.wan####.ta####.com:443/imlogingw/tcp60login?devid=####&ver=####
- tcms-op####.wan####.ta####.com/getapprule?appkey=####&appId=####
- w####.q####.dn.####.com/04bf30fb84cb4247d51894adca54ca20
- w####.q####.dn.####.com/2017-11-12-10-27-54nywptnvc-0.png
- w####.q####.dn.####.com/2018-01-21-13-28-55ncopruxk-0.png
- w####.q####.dn.####.com/2018-02-07-10-06-21e3z22g7s-0.png
- w####.q####.dn.####.com/25dd1f4b0e5cc67842248bb6ab504ad7
- w####.q####.dn.####.com/28f573aee5cdf8a8511d55e14f5f8bc8
- w####.q####.dn.####.com/3f3d1e6735586f4d2c445c7f183eaa16
- w####.q####.dn.####.com/4a4a5cd9cdf056d57713105f1aec62bf
- w####.q####.dn.####.com/4ed4a8b1036296f29bd635e44420c001
- w####.q####.dn.####.com/58089e31c090a413928eeab1e8efd6b0
- w####.q####.dn.####.com/6a4013bb5bd68a65c539f91777a7c504
- w####.q####.dn.####.com/7255837473991c791be01f270bb13077
- w####.q####.dn.####.com/7c8757a31db2db0fb83ad851766d7551
- w####.q####.dn.####.com/80b09c5e77a96d9146fca7de1a666f4b
- w####.q####.dn.####.com/80cd15493cd6a3ed3056bb98967b1cbc
- w####.q####.dn.####.com/8962b223c9d390cb6ccc8ce1b53ccf98
- w####.q####.dn.####.com/b0727c3f119e27c3c26a5e2c7315497e
- w####.q####.dn.####.com/b679634cc1efbc355692ab5edff8ac7d
- w####.q####.dn.####.com/c511f5bc610122db44a4571208fcff49
- w####.q####.dn.####.com/d003382f6093d76bef294fb02e51cdc2
- w####.q####.dn.####.com/d2ba3616d43c86267bf46509973c2ddb
- w####.q####.dn.####.com/deb7245fcc7458d35662e013845c4811
- w####.q####.dn.####.com/e116cd4eeea1927495dca8c87c3c663c
- w####.q####.dn.####.com/e4c84edb75cca5cd0aa52e3625b2fd9a
Запросы HTTP POST:
- a####.a####.m.####.com/amdc/mobileDispatch?appkey=####&platform=####&v=#...
- a####.exc.mob.com/errconf
- a####.m.ta####.com/rest/gc?dd=####&nsgs=####&ak=####&av=####&c=####&v=##...
- a####.m.ta####.com/rest/gc?dd=m+5K####&nsgs=####&ak=####&av=####&c=####&...
- a####.m.ta####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=####&...
- a####.u####.com/app_logs
- c.d####.mob.com/v2/cdata
- msg.umengc####.com/register
- w####.ta####.com/api/user/getUser.json
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/####/-DeSgngymPtZ263NLsJxUfnqVWA.387934082.tmp
- <Package Folder>/cache/####/0RU2Ve8oECL3AZa80rKAqLvlTBk.1822420646.tmp
- <Package Folder>/cache/####/0aa5e78402817d79f68c5bd3ab09fc9c.0.tmp
- <Package Folder>/cache/####/0aa5e78402817d79f68c5bd3ab09fc9c.1.tmp
- <Package Folder>/cache/####/0fadd801893e2ba0784fe5870b9c4fc6.0.tmp
- <Package Folder>/cache/####/0fadd801893e2ba0784fe5870b9c4fc6.1.tmp
- <Package Folder>/cache/####/125548c30498eae0cf9e391c63e0ebe5.0.tmp
- <Package Folder>/cache/####/125548c30498eae0cf9e391c63e0ebe5.1.tmp
- <Package Folder>/cache/####/168057ae5964fd7a9c90831b994927b0.0.tmp
- <Package Folder>/cache/####/168057ae5964fd7a9c90831b994927b0.1.tmp
- <Package Folder>/cache/####/1eba64e8d51966439c332589ba746c39.0.tmp
- <Package Folder>/cache/####/1eba64e8d51966439c332589ba746c39.1.tmp
- <Package Folder>/cache/####/29757c70bbe96eac31cd85c3909b95b9.0.tmp
- <Package Folder>/cache/####/29757c70bbe96eac31cd85c3909b95b9.1.tmp
- <Package Folder>/cache/####/2J2uSpZ1jxKhBJHA538CZTrSO0g.2137864067.tmp
- <Package Folder>/cache/####/2fb214e6e612ef99a05814d5e162b044.0.tmp
- <Package Folder>/cache/####/2fb214e6e612ef99a05814d5e162b044.1.tmp
- <Package Folder>/cache/####/31b21030e1bbd5c2cc95f5f74e65dcd1.0.tmp
- <Package Folder>/cache/####/31b21030e1bbd5c2cc95f5f74e65dcd1.1.tmp
- <Package Folder>/cache/####/340ee8b5f768bcbaccaa1024c041a461.0.tmp
- <Package Folder>/cache/####/340ee8b5f768bcbaccaa1024c041a461.1.tmp
- <Package Folder>/cache/####/373d28878b26c9a97bc7864a1bfda335.0.tmp
- <Package Folder>/cache/####/373d28878b26c9a97bc7864a1bfda335.1.tmp
- <Package Folder>/cache/####/39116fd9f9d447319bc0fa56ef285e48.0.tmp
- <Package Folder>/cache/####/39116fd9f9d447319bc0fa56ef285e48.1.tmp
- <Package Folder>/cache/####/3f8d94b30baacf92229f634eae6ec9ed.0.tmp
- <Package Folder>/cache/####/3f8d94b30baacf92229f634eae6ec9ed.1.tmp
- <Package Folder>/cache/####/3yBHTXN6Fiiz5SIW-KfyKElDU_I.-1131504385.tmp
- <Package Folder>/cache/####/462e2b40e73eedb7ead1679382ec6667.0.tmp
- <Package Folder>/cache/####/462e2b40e73eedb7ead1679382ec6667.1.tmp
- <Package Folder>/cache/####/490eeb48e05f3c12e6cd384d58aa7b66.0.tmp
- <Package Folder>/cache/####/490eeb48e05f3c12e6cd384d58aa7b66.1.tmp
- <Package Folder>/cache/####/517782b8dfacf0f829ae4b655b59b772.0.tmp
- <Package Folder>/cache/####/517782b8dfacf0f829ae4b655b59b772.1.tmp
- <Package Folder>/cache/####/5856f260460549d362dd6c485c843cd6.0.tmp
- <Package Folder>/cache/####/5856f260460549d362dd6c485c843cd6.1.tmp
- <Package Folder>/cache/####/5fdd86e09afbb6720d0a2d0dd0f24b33.0.tmp
- <Package Folder>/cache/####/5fdd86e09afbb6720d0a2d0dd0f24b33.1.tmp
- <Package Folder>/cache/####/608bae4536ab7e501c0ec173e28ae622.0.tmp
- <Package Folder>/cache/####/608bae4536ab7e501c0ec173e28ae622.1.tmp
- <Package Folder>/cache/####/60927711ca8744c6d4faf45a9f83eb7b.0.tmp
- <Package Folder>/cache/####/60927711ca8744c6d4faf45a9f83eb7b.1.tmp
- <Package Folder>/cache/####/632d67bd7801264d89949ec58a1abd10.0.tmp
- <Package Folder>/cache/####/632d67bd7801264d89949ec58a1abd10.1.tmp
- <Package Folder>/cache/####/6921718911ceca68cb5bb3177fcef9e0.0.tmp
- <Package Folder>/cache/####/6921718911ceca68cb5bb3177fcef9e0.1.tmp
- <Package Folder>/cache/####/6f84d8643c94b124e39ecaab5f02179f.0.tmp
- <Package Folder>/cache/####/6f84d8643c94b124e39ecaab5f02179f.1.tmp
- <Package Folder>/cache/####/72be6cc1e188a10e3442da9fa2906478.0.tmp
- <Package Folder>/cache/####/72be6cc1e188a10e3442da9fa2906478.1.tmp
- <Package Folder>/cache/####/75faacc6d47ddb0a6f16f0a452637368.0.tmp
- <Package Folder>/cache/####/75faacc6d47ddb0a6f16f0a452637368.1.tmp
- <Package Folder>/cache/####/7f088cf01909bfcac56080d9ee9710d1.0.tmp
- <Package Folder>/cache/####/7f088cf01909bfcac56080d9ee9710d1.1.tmp
- <Package Folder>/cache/####/7uibPjmGwhJN43hD06J3jPNd9Lo.-1209757136.tmp
- <Package Folder>/cache/####/814c765be7d1365b7ee32fa5cf90ec5f.0.tmp
- <Package Folder>/cache/####/814c765be7d1365b7ee32fa5cf90ec5f.1.tmp
- <Package Folder>/cache/####/8669e718da164e7c94edb9740a0cc345.0.tmp
- <Package Folder>/cache/####/8669e718da164e7c94edb9740a0cc345.1.tmp
- <Package Folder>/cache/####/8a2bf81f70a8b343a9b80cb0ef14cc69.0.tmp
- <Package Folder>/cache/####/8a2bf81f70a8b343a9b80cb0ef14cc69.1.tmp
- <Package Folder>/cache/####/90f9380c121bf6fc4734e7c62c190e53.0.tmp
- <Package Folder>/cache/####/90f9380c121bf6fc4734e7c62c190e53.1.tmp
- <Package Folder>/cache/####/92dcfbe2264982ceee8d2f03f0414272.0.tmp
- <Package Folder>/cache/####/92dcfbe2264982ceee8d2f03f0414272.1.tmp
- <Package Folder>/cache/####/99398de3ce17d5571cdc4aa73a6b2039.0.tmp
- <Package Folder>/cache/####/99398de3ce17d5571cdc4aa73a6b2039.1.tmp
- <Package Folder>/cache/####/9b2dfe102b5591ee6979267530092740.0.tmp
- <Package Folder>/cache/####/9b2dfe102b5591ee6979267530092740.1.tmp
- <Package Folder>/cache/####/9b57134b3e3093ae8d9f3aee99c7e0ee.0.tmp
- <Package Folder>/cache/####/9b57134b3e3093ae8d9f3aee99c7e0ee.1.tmp
- <Package Folder>/cache/####/9dJgxyVYq3FHb65Cc1_EsLphJYA.170785084.tmp
- <Package Folder>/cache/####/9da8a84e6d71c01b71979295f16053a8.0.tmp
- <Package Folder>/cache/####/9da8a84e6d71c01b71979295f16053a8.1.tmp
- <Package Folder>/cache/####/9fdab80705d15497cc62b015f0776f4a.0.tmp
- <Package Folder>/cache/####/9fdab80705d15497cc62b015f0776f4a.1.tmp
- <Package Folder>/cache/####/<Package>_2080
- <Package Folder>/cache/####/<Package>_2734
- <Package Folder>/cache/####/<Package>_TcmsService_2127
- <Package Folder>/cache/####/AiIRShtpEpv-yIbiG6Xpd73i9qE.-1420850682.tmp
- <Package Folder>/cache/####/B7xaHmTeSdha4KwB_IC9Ww0yAQQ.-2110094443.tmp
- <Package Folder>/cache/####/BaB4ST7Q762WsCejODVerfIuw7Q.689926495.tmp
- <Package Folder>/cache/####/EZ3nU1pSanHy6jag3Z7KJQGB_qo.1733223174.tmp
- <Package Folder>/cache/####/ExJaFYSC-xBGfqvquu70qugHNeM.1115600503.tmp
- <Package Folder>/cache/####/FWSjVFxZRIpBI4N4NmfjwlGBal4.-812376296.tmp
- <Package Folder>/cache/####/Hk7nSl9Mdq8U_V_rApZfQRXxCVU.1621829705.tmp
- <Package Folder>/cache/####/JLHBisKKT1lHq90sVGyVvEIRHuo.-149380467.tmp
- <Package Folder>/cache/####/Jzv2EtPWE--w7JBOLu7tV46jAIk.2117459804.tmp
- <Package Folder>/cache/####/K1xb8TW6ZxWWe2ihZlzPCJP9Ae0.-309296675.tmp
- <Package Folder>/cache/####/K6IWUrNz6kdvSzCIxy2mBZGRfHo.-1875292173.tmp
- <Package Folder>/cache/####/LJeiV6sgIhzTi5s4hxdnzDNtrcg.-1731611363.tmp
- <Package Folder>/cache/####/PwrELOTWftVCWrho8AspgLysTHY.328678212.tmp
- <Package Folder>/cache/####/RLbCFDD-ROxGv8F67BAs7bdR870.-1400090786.tmp
- <Package Folder>/cache/####/VHRgWZiXyUXmW8-v2g-cjtRkUn4.222350204.tmp
- <Package Folder>/cache/####/VjblQ0Ce5DDiuGeCm2hgta6qgIM.-1871599432.tmp
- <Package Folder>/cache/####/VkClJdmuqojCzi3TLuNV5z7R0k8.913801660.tmp
- <Package Folder>/cache/####/ZPZbdNWo_N3tdS5VEHC0_vj7QBM.-1227369176.tmp
- <Package Folder>/cache/####/_95mgsMnpd2j4iz95HrTJhS5Ao8.-998268834.tmp
- <Package Folder>/cache/####/a2d07e8e3e7aa73e51b857ca8ad6905c.0.tmp
- <Package Folder>/cache/####/a2d07e8e3e7aa73e51b857ca8ad6905c.1.tmp
- <Package Folder>/cache/####/a4e354c08d95d5eac64a8638ddebbb5e.0.tmp
- <Package Folder>/cache/####/a4e354c08d95d5eac64a8638ddebbb5e.1.tmp
- <Package Folder>/cache/####/b803f0f17a02092c7f94d6fac459e927.0.tmp
- <Package Folder>/cache/####/b803f0f17a02092c7f94d6fac459e927.1.tmp
- <Package Folder>/cache/####/b967d79515ebdc75ebac03d4888b5b33.0.tmp
- <Package Folder>/cache/####/b967d79515ebdc75ebac03d4888b5b33.1.tmp
- <Package Folder>/cache/####/caYvYgrzmNFy1iMWvTsWLIAHUfM.-668751423.tmp
- <Package Folder>/cache/####/cppVuE4iOnbT7gXiIhIk1Rx7VSI.1548743480.tmp
- <Package Folder>/cache/####/cppVuE4iOnbT7gXiIhIk1Rx7VSI.cnt
- <Package Folder>/cache/####/ddaf132f67080b96d6602f435f4a0a05.0.tmp
- <Package Folder>/cache/####/ddaf132f67080b96d6602f435f4a0a05.1.tmp
- <Package Folder>/cache/####/eCNnwTtWhP2jJ5aaIklj5zZRypc.-613307887.tmp
- <Package Folder>/cache/####/f00cc861e3d33d6d17a87e2a3937928f.0.tmp
- <Package Folder>/cache/####/f00cc861e3d33d6d17a87e2a3937928f.1.tmp
- <Package Folder>/cache/####/f1c9886d910aa300fcad252fe8b29b99.0.tmp
- <Package Folder>/cache/####/f1c9886d910aa300fcad252fe8b29b99.1.tmp
- <Package Folder>/cache/####/f51bae7d6120b9e6111fc401e7fa98df.0.tmp
- <Package Folder>/cache/####/f51bae7d6120b9e6111fc401e7fa98df.1.tmp
- <Package Folder>/cache/####/fE9Ryeca_hJERj_dl-2mghJ88RM.60145897.tmp
- <Package Folder>/cache/####/fad5d9bbde654871aa17575568390b8d.0.tmp
- <Package Folder>/cache/####/fad5d9bbde654871aa17575568390b8d.1.tmp
- <Package Folder>/cache/####/fqayeN5o3wLbGqoar0iIkxD1X3k.41059837.tmp
- <Package Folder>/cache/####/fs44ui4e4V8oqcLHoidNfPB3jDM.489900348.tmp
- <Package Folder>/cache/####/gnl_FZ_IWL-I-1xfIkZG-jpMoNo.-1596282238.tmp
- <Package Folder>/cache/####/i-27BK32gVeElBeqmlbc6LaFhPk.1922028688.tmp
- <Package Folder>/cache/####/itetP0lVKtLKmxVbVDHBfX1jUBk.-1305430620.tmp
- <Package Folder>/cache/####/journal
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/####/kSEnvq6rlH9_cuDhquJ2xWDkPn8.-1956756109.tmp
- <Package Folder>/cache/####/kZonLW7LtUYHgTvuVCzwXw1YXxY.-689638837.tmp
- <Package Folder>/cache/####/meRjMCGs6hHOZTtMVOoHEWff2Lw.-2044286286.tmp
- <Package Folder>/cache/####/ofqDD_eL4YatMK3NoHmEv7qarCY.1163349864.tmp
- <Package Folder>/cache/####/ptFx1hbcnGJ-pCkvmqFgVBBC2iA.211686967.tmp
- <Package Folder>/cache/####/qoscR0av0jFHLhW1vIntBErMLK8.693403216.tmp
- <Package Folder>/cache/####/qumyWf29F8SAhjTtctH7p16xc_A.-1689992018.tmp
- <Package Folder>/cache/####/r6FgcxOUuW5NDNdhWfSUqA3Iwmk.-1885647671.tmp
- <Package Folder>/code_cache/####/<Package>-1.apk.classes2.dex
- <Package Folder>/code_cache/####/<Package>-1.apk.classes788331187.zip
- <Package Folder>/databases/9bee4a4473b7280a4b9477b6aa942255
- <Package Folder>/databases/9bee4a4473b7280a4b9477b6aa942255-journal
- <Package Folder>/databases/MessageStore.db
- <Package Folder>/databases/MessageStore.db-journal
- <Package Folder>/databases/MsgLogStore.db
- <Package Folder>/databases/MsgLogStore.db-journal
- <Package Folder>/databases/ThrowalbeLog.db
- <Package Folder>/databases/ThrowalbeLog.db-journal
- <Package Folder>/databases/accs.db
- <Package Folder>/databases/accs.db-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/hmdb
- <Package Folder>/databases/hmdb-journal
- <Package Folder>/databases/logdb.db
- <Package Folder>/databases/logdb.db-journal
- <Package Folder>/databases/message_accs_db
- <Package Folder>/databases/message_accs_db-journal
- <Package Folder>/databases/paintgame.db
- <Package Folder>/databases/paintgame.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
- <Package Folder>/eudemon
- <Package Folder>/files/####/1d2b904cbeadfb72ed9546111a231c85.0
- <Package Folder>/files/####/24c110e1f76093b35c3c2df1927aab79.0
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/journal
- <Package Folder>/files/####/journal.tmp
- <Package Folder>/files/.imprint
- <Package Folder>/files/.lock
- <Package Folder>/files/DaemonServer
- <Package Folder>/files/agoo.pid
- <Package Folder>/files/crash-1510833345799.cr
- <Package Folder>/files/exid.dat
- <Package Folder>/files/sp.lock
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ACCS_BINDumeng;52a0242156240b5b4a0104f9.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml
- <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
- <Package Folder>/shared_prefs/AGOO_BIND.xml
- <Package Folder>/shared_prefs/Agoo_AppStore.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/UTCommon.xml
- <Package Folder>/shared_prefs/UTMCConf-818791854.xml
- <Package Folder>/shared_prefs/UTMCLog-818791854.xml
- <Package Folder>/shared_prefs/channel_pre.xml
- <Package Folder>/shared_prefs/cn_feng_skin_pref.xml
- <Package Folder>/shared_prefs/mob_commons_1.xml
- <Package Folder>/shared_prefs/mob_sdk_exception_1.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/tcms_setting_sp.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/ywAccount.xml
- <Package Folder>/shared_prefs/ywPrefsTools.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/.bar
- <SD-Card>/.com.taobao.dp/6c709c11d2d46a7b
- <SD-Card>/.com.taobao.dp/dd7893586a493dc3
- <SD-Card>/.serveruuid
- <SD-Card>/<Package>/####/2_20171116_r
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/0271fd8454f747ea89cc6058a23b04c2
- <SD-Card>/Android/####/473db770bc294d7b93f7461659cc05bd
- <SD-Card>/Android/####/cc76b8588a83485c9022f0f36ca47f86
- <SD-Card>/Android/####/deviceToken
- <SD-Card>/Android/####/inapp_20171116.log
- <SD-Card>/Mob/####/.al
- <SD-Card>/Mob/####/.dh
- <SD-Card>/Mob/####/.dh-journal
- <SD-Card>/Mob/####/.dhlock
- <SD-Card>/Mob/####/.dic_lock
- <SD-Card>/Mob/####/.duid
- <SD-Card>/Mob/####/.globalLock
- <SD-Card>/Mob/####/.nulal
- <SD-Card>/Mob/####/.nulplt
- <SD-Card>/Mob/####/.pkg_lock
- <SD-Card>/Mob/####/.plst
- <SD-Card>/Mob/####/.rcTag
- <SD-Card>/Mob/####/.rc_lock
- <SD-Card>/amap/####/1510833290436.db
- <SD-Card>/amap/####/1510833291585.db
- <SD-Card>/amap/####/1510833300790.db
- <SD-Card>/amap/####/1510833340878.db
- <SD-Card>/amap/####/1510833351519.db
- <SD-Card>/amap/####/alsn20170807.db
- <SD-Card>/amap/####/alsn20170807.db-journal
- <SD-Card>/huaba/####/20171116115545.txt
- <SD-Card>/huaba/####/b0727c3f119e27c3c26a5e2c7315497e
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:52a0242156240b5b4a0104f9","utdid":"Wg18iO4pl5kDAGdzx1Hd2NRh","sdkVersion":"220"} -I agoodm.m.taobao.com -O 80 -T -Z
- app_process /system/bin com.android.commands.pm.Pm list packages
- cat /proc/cpuinfo | grep Serial
- chmod 500 <Package Folder>/files/DaemonServer
- getprop
- getprop ro.product.cpu.abi
- grep -E -v root|shell|system
- ls -l /system/xbin/su
- pm list packages
- sh
- top -d 0 -n 1
Загружает динамические библиотеки:
- fb_jpegturbo
- imagepipeline
- inet.2.0
- neh
- securitysdk-3.1
- tnet-3.1
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- RSA-ECB-PKCS1Padding
- RSA-NONE-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-NoPadding
- AES-ECB-PKCS5Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
