Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.657.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) log.sn####.com.####.net:80
- TCP(HTTP/1.1) ib.sn####.com:80
- TCP(HTTP/1.1) s6.ps####.com.####.com:80
- TCP(HTTP/1.1) a3.byt####.cn:80
- TCP(HTTP/1.1) d14uy7w####.cloudf####.net:80
- TCP(HTTP/1.1) icha####.sn####.com:80
- TCP(HTTP/1.1) 47.92.1####.96:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(HTTP/1.1) b####.x.jd.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) cdn.img.h####.####.com:80
- TCP(HTTP/1.1) p9.ps####.com.####.com:80
- TCP(HTTP/1.1) cdn.game####.org:80
- TCP(HTTP/1.1) a####.a####.m.####.com:80
- TCP(TLS/1.0) lg.sn####.com:443
- TCP(TLS/1.0) nbsdk-b####.al####.com:443
- TCP(TLS/1.0) f####.l####.top:443
- TCP(TLS/1.0) a####.wagbr####.ta####.####.com:443
- TCP(TLS/1.0) secu####.sn####.com:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) regi####.xm####.xi####.com:443
- TCP(TLS/1.0) msg.umengc####.com:443
- TCP(TLS/1.0) log.sn####.com.####.net:443
- TCP(TLS/1.0) ib.sn####.com:443
- TCP 1####.205.160.76:443
- TCP umengj####.m.ta####.com:80
Запросы DNS:
- a####.m.ta####.com
- a####.u####.com
- a3.byt####.cn
- ag####.m.ta####.com
- b####.x.jd.com
- cdn.app.h####.top
- cdn.game####.org
- cdn.img.h####.top
- d14uy7w####.cloudf####.net
- dm.tou####.com
- dong####.al####.com
- f####.l####.top
- i####.sn####.com
- ib.sn####.com
- icha####.sn####.com
- lf.sn####.com
- lg.sn####.com
- lh.sn####.com
- log.sn####.com
- mon.sn####.com
- msg.umengc####.com
- nbsdk-b####.al####.com
- o####.l####.top
- p1.ps####.com
- p3.ps####.com
- p9.ps####.com
- regi####.xm####.xi####.com
- s0.ps####.com
- s0z.ps####.com
- s3.ps####.com
- s6.ps####.com
- secu####.sn####.com
- tunion####.m.ta####.com
- umengj####.m.ta####.com
- wgo.mm####.com
- x####.l####.top
- z####.l####.top
Запросы HTTP GET:
- a3.byt####.cn/article/content/17/1/6527811934060806663/65278119340608066...
- a3.byt####.cn/article/content/17/1/6527868401459659267/65278684014596592...
- a3.byt####.cn/article/content/17/1/6527919815766573575/65279198157665735...
- a3.byt####.cn/article/content/17/1/6527924700977299971/65279247009772999...
- a3.byt####.cn/article/content/17/1/6527942571480580615/65279425714805806...
- a3.byt####.cn/article/content/17/1/6527945966232797699/65279459662327976...
- a3.byt####.cn/article/content/17/1/6527988966023496205/65279889660234962...
- b####.x.jd.com/app/config?os=####&key=####&sdkv=####
- cdn.game####.org/strategy/UnknownDev
- cdn.game####.org/strategy/base
- cdn.game####.org/strategy/dev_root
- cdn.game####.org/strategy/dev_root2
- cdn.game####.org/strategy/larger4.3
- cdn.game####.org/strategy/loss_4.3
- cdn.game####.org/strategy/sul18
- cdn.game####.org/strategy/symlink-adbd
- cdn.img.h####.####.com/large/w640/61ec0001ad7df1699c9d.webp
- cdn.img.h####.####.com/list/190x124/65ba0014de68c75c2728.webp
- cdn.img.h####.####.com/list/190x124/65be0007eee8b201bcd4.webp
- cdn.img.h####.####.com/list/190x124/66be00039539c52ce94c.webp
- cdn.img.h####.####.com/upload/201803/1/app/20180301132200019.apk
- cdn.img.h####.####.com/upload/201803/1/img/20180301132145970.png
- d14uy7w####.cloudf####.net/download/key
- ib.sn####.com/2/article/v68/refresh_tip/?category=####&min_behot_time=##...
- ib.sn####.com/api/ad/refresh/v1/?iid=####&device_id=####&ac=####&channel...
- ib.sn####.com/api/news/feed/v68/?list_count=####&refer=####&refresh_reas...
- ib.sn####.com/search/suggest/homepage_suggest/?flag=####&suggest_params=...
- icha####.sn####.com/feedback/2/list/?appkey=####&count=####&iid=####&dev...
- icha####.sn####.com/service/2/app_alert/?has_market=####&lang=####&carri...
- log.sn####.com.####.net/2/article/city/?iid=####&device_id=####&ac=####&...
- log.sn####.com.####.net/2/user/info/?abc=####&iid=####&device_id=####&ac...
- log.sn####.com.####.net/entry/subscription_list/v1/?req_type=####&iid=##...
- log.sn####.com.####.net/get_domains/v4/?abi=####&iid=####&device_id=####...
- log.sn####.com.####.net/list/190x124/65bc0008800f81ddee7a.webp
- log.sn####.com.####.net/list/190x124/65bc0009e279d78bb7ab.webp
- log.sn####.com.####.net/list/190x124/pgc-image/15198877073783434fdd185.w...
- log.sn####.com.####.net/monitor/appmonitor/v2/settings?sdk_version=####&...
- log.sn####.com.####.net/network/get_network/?iid=####&device_id=####&ac=...
- log.sn####.com.####.net/origin/679000001f95a99ed6fc
- log.sn####.com.####.net/promotion/app/lt/?openudid=####&version_name=###...
- log.sn####.com.####.net/service/1/app_activity/?view_cursor=####&iid=###...
- log.sn####.com.####.net/service/1/app_notice_status/?openudid=####&versi...
- log.sn####.com.####.net/service/settings/v2/?app=####&default=####&iid=#...
- log.sn####.com.####.net/site/download/app/apk/news_article/app_replaceab...
- log.sn####.com.####.net/site/download/app/hijack/113/black_list_20171129...
- log.sn####.com.####.net/site/download/app/pl/news_article/64001/ss_plugi...
- log.sn####.com.####.net/toutiao/app_web_article_online_updates/android_3...
- log.sn####.com.####.net/user/tab/tabs/?iid=####&device_id=####&ac=####&c...
- p9.ps####.com.####.com/list/190x124/66be00038dd85c9aa444.webp
- p9.ps####.com.####.com/origin/678b000044d49ffbad2c
- s6.ps####.com.####.com/site/download/app/apk/news_release2/img/android_p...
Запросы HTTP POST:
- a####.a####.m.####.com/amdc/mobileDispatch?appkey=####&platform=####&v=#...
- a####.u####.com/app_logs
- ib.sn####.com/api/ad/comment/v1/?iid=####&device_id=####&ac=####&channel...
- ib.sn####.com/api/ad/share/v1/?iid=####&device_id=####&ac=####&channel=#...
- ib.sn####.com/api/news/feed/v68/?list_count=####&category=####&refer=###...
- ib.sn####.com/article/category/get_subscribed/v2/?iid=####&device_id=###...
- ib.sn####.com/cloudpush/update_sender/?openudid=####&version_name=####&o...
- ib.sn####.com/service/1/z_app_stats/?iid=####&device_id=####&ac=####&cha...
- ib.sn####.com/service/2/device_register/?ac=####&channel=####&aid=####&a...
- log.sn####.com.####.net/cloudpush/callback/register_device/?openudid=###...
- log.sn####.com.####.net/location/suloin/?iid=####&device_id=####&ac=####...
- log.sn####.com.####.net/monitor/collect/?sdk_version=####&version_name=#...
- log.sn####.com.####.net/rc/device_info/v1/collection/?tt_data=####&iid=#...
- log.sn####.com.####.net/service/1/collect_settings/?iid=####&device_id=#...
- log.sn####.com.####.net/service/14/app_ad/?_unused=####&carrier=####&mcc...
- log.sn####.com.####.net/service/2/app_log/?ac=####&channel=####&aid=####...
- log.sn####.com.####.net/service/2/app_log/?iid=####&device_id=####&ac=##...
- log.sn####.com.####.net/service/2/log_settings/?iid=####&device_id=####&...
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/Matrix
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/ddexe
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/debuggerd
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/device.db
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/fileWork
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/insta...ery.sh
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/pidof
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/root3
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/su
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/supolicy
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/toolbox
- <Package Folder>/app_342dda1a-347f-4b76-b64d-e190f0b88da6/wsroot.sh
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/Matrix
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/ddexe
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/debuggerd
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/fileWork
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/insta...ery.sh
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/pidof
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/su
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/supolicy
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/toolbox
- <Package Folder>/app_37acd346-c0a8-44df-bba2-61ce14bfba56/wsroot.sh
- <Package Folder>/app_50be359d-c913-4dd0-8cc4-b711d011ff45/096cd...c9.jar
- <Package Folder>/app_7ac4b64e-7e84-4ce0-a255-c4a4fc19cceb/495c9...8a.jar
- <Package Folder>/app_7c370703-f56a-409c-9d2e-e2d9e1ae76a1/e531a...e9.jar
- <Package Folder>/app_8409c3ad-ac91-4b14-b8db-bc9c9f328431/0a6a7...38.jar
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/Matrix
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/ddexe
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/debuggerd
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/device.db
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/fileWork
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/insta...ery.sh
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/pidof
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/root3
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/su
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/supolicy
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/toolbox
- <Package Folder>/app_882fc83e-ae47-4479-a17a-2d32a9fcec5f/wsroot.sh
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/Matrix
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/ddexe
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/debuggerd
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/fileWork
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/insta...ery.sh
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/pidof
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/su
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/supolicy
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/toolbox
- <Package Folder>/app_912ca6bd-9204-4613-9241-668e1be84e5a/wsroot.sh
- <Package Folder>/app_b17cb4d0-fa7b-4baf-8099-7df645342ff3/c9c98...73.jar
- <Package Folder>/app_bc7f07fc-a389-474b-be07-2c31adfd40fd/8c88e...f1.jar
- <Package Folder>/app_c8015010-29cf-49df-be04-9b1f9ba16cea/3b472...5c.jar
- <Package Folder>/app_cba6337b-c305-4d20-9e29-f4662cc3e269/6af7c...29.jar
- <Package Folder>/app_priv_res/21e14907-ce07-456b-8a94-3fa051637dff
- <Package Folder>/app_priv_res/34c5c1f5-8d2a-4ff2-9599-a46866b25ed4
- <Package Folder>/app_priv_res/4d142797-a852-4e7c-9067-5416c8b59c90
- <Package Folder>/app_priv_res/5262e564-a429-477e-ab05-04355d9bd07c
- <Package Folder>/app_priv_res/9beb1722-2228-48a5-8b09-7e52784b771f
- <Package Folder>/app_priv_res/c7ceda10-a5f3-4f1d-a362-98934f3e21a7
- <Package Folder>/app_priv_res/f7b6f0c5-04b7-47c3-9815-1d5ded096287
- <Package Folder>/app_priv_res/fe63b321-81b8-4349-97f6-bb402b3e6146
- <Package Folder>/app_subox/1740c449fc10be62df60ba0f18696c9f
- <Package Folder>/app_subox/32edd79a240b5f1e461d069caab1ec3e
- <Package Folder>/app_subox/8b6f263391259b7a8e5f58ee71852ca8
- <Package Folder>/app_subox/b0141e478b25af7c40a8cca8de6c4708
- <Package Folder>/app_subox/b18a021d11a3004d25017230b681476b
- <Package Folder>/app_subox/c61913b615fb6224701377a119081f36
- <Package Folder>/app_subox_download/01d89914-2f5e-462c-8638-17d8bcc82e1b
- <Package Folder>/app_subox_download/11fd7cb2-ecd0-4a98-b28f-53fa8889e418
- <Package Folder>/app_subox_download/12941ab1-9e1e-4272-b7d1-d9bdd707d279
- <Package Folder>/app_subox_download/18b3d158-2764-406e-b0eb-feaa8dd1186e
- <Package Folder>/app_subox_download/29d1904f-5082-4038-af1e-bbb...leted)
- <Package Folder>/app_subox_download/340d7ad4-2e17-411f-9dd9-8355efca380c
- <Package Folder>/app_subox_download/3720fced-3196-4bee-8873-342b41fe7323
- <Package Folder>/app_subox_download/38784698-2c56-4342-ae3d-0337acdbf25f
- <Package Folder>/app_subox_download/3c1732fc-e6fe-4420-a12b-981...leted)
- <Package Folder>/app_subox_download/3df8823b-60bf-47c1-945c-ea7...leted)
- <Package Folder>/app_subox_download/467c4a18-4aa9-44b4-866d-dff6145d0255
- <Package Folder>/app_subox_download/5041cf86-2ec1-4d36-b0db-001ff7bbaf45
- <Package Folder>/app_subox_download/524ac436-81d7-4948-a845-9f6...leted)
- <Package Folder>/app_subox_download/531f53dd-dec4-481f-999e-8b8e7a3727f6
- <Package Folder>/app_subox_download/62ae42f6-9479-43ab-9619-269d92b3d001
- <Package Folder>/app_subox_download/7b40d912-ff56-4b12-9c53-e66...leted)
- <Package Folder>/app_subox_download/7de49477-0464-4696-8e10-c54...leted)
- <Package Folder>/app_subox_download/9fed35a3-c341-413d-81f0-5dfdbf5eb579
- <Package Folder>/app_subox_download/a16a3814-cf78-4ae5-ade7-d1e64882564d
- <Package Folder>/app_subox_download/a1767841-8b3a-4321-8f01-272...leted)
- <Package Folder>/app_subox_download/b52da8f7-d639-402f-98d1-f5149d9db4cb
- <Package Folder>/app_subox_download/c6b80520-3db6-4288-aa48-ee685eafe6f9
- <Package Folder>/app_subox_download/e4651ce1-5dfa-41c7-b5dc-be10893e39eb
- <Package Folder>/app_subox_download/e6d00149-91d3-4019-a6e3-39c...leted)
- <Package Folder>/app_subox_download/f1bbeafe-50d6-4a85-9ef0-d7b...leted)
- <Package Folder>/app_subox_download/fcba8aef-ed08-4a06-b3cb-d83cea91a83c
- <Package Folder>/cache/####/18e3aac2b765a3f22b750d90eac0a044.0.tmp
- <Package Folder>/cache/####/18e3aac2b765a3f22b750d90eac0a044.1.tmp
- <Package Folder>/cache/####/1lkncXXa30aaADTS6VGkYuLuE3Q.-1177255710.tmp
- <Package Folder>/cache/####/3JL9pfzUbIG_1mqUkEZ9N0SVWKQ.-141272175.tmp
- <Package Folder>/cache/####/4_wTpiHOlc1NQsmhnIbl4R308JU.1904384568.tmp
- <Package Folder>/cache/####/6dc13b6725c29c4f426fa2e8cd14bd0c.0.tmp
- <Package Folder>/cache/####/6dc13b6725c29c4f426fa2e8cd14bd0c.1.tmp
- <Package Folder>/cache/####/7728d83bc75e0251fe4126045987c4a0.0.tmp
- <Package Folder>/cache/####/7728d83bc75e0251fe4126045987c4a0.1.tmp
- <Package Folder>/cache/####/MoSTjpi_ugSnPJx_HCa3SG46pdI.-1434393938.tmp
- <Package Folder>/cache/####/PIsNOd0UntvC7-U4t0Tddpo8SY4.1391306838.tmp
- <Package Folder>/cache/####/b844b063d38377ad9062a45d39705777.0.tmp
- <Package Folder>/cache/####/b844b063d38377ad9062a45d39705777.1.tmp
- <Package Folder>/cache/####/bpah9L-esGXCLlEEm0ZG5NtNRek.2018073886.tmp
- <Package Folder>/cache/####/dJdiMJ1mAwFL8dhlXhzxt2nrIbY.-379122067.tmp
- <Package Folder>/cache/####/draft_list_0
- <Package Folder>/cache/####/draft_list_0 (deleted)
- <Package Folder>/cache/####/e0223c0f7c47852aefde297e02454921.0.tmp
- <Package Folder>/cache/####/e0223c0f7c47852aefde297e02454921.1.tmp
- <Package Folder>/cache/####/f1Sr2vIYkldUTg981DxSfNx_wc8.1660701992.tmp
- <Package Folder>/cache/####/gVQE8ExZu9sRA1tlHCNuK3GBVps.1035222531.tmp
- <Package Folder>/cache/####/h85Hw5iooPfYKsY7JSnsb94aZ6I.1890810026.tmp
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/####/vHaAI4MLYh9r8N9isCwXoqDaN9A.1331220788.tmp
- <Package Folder>/cache/####/z7oW-XKTSUI_8kqaAQl-rbzi6VY.2035326483.tmp
- <Package Folder>/cache/load_dex.tmp
- <Package Folder>/databases/MessageStore.db-journal
- <Package Folder>/databases/MsgLogStore.db-journal
- <Package Folder>/databases/account_share.db-journal
- <Package Folder>/databases/accs.db-journal
- <Package Folder>/databases/article.db
- <Package Folder>/databases/article.db-journal
- <Package Folder>/databases/cc.db
- <Package Folder>/databases/cc.db-journal
- <Package Folder>/databases/feedback.db-journal
- <Package Folder>/databases/geofencing.db
- <Package Folder>/databases/geofencing.db-journal
- <Package Folder>/databases/hmdb
- <Package Folder>/databases/hmdb-journal
- <Package Folder>/databases/lib_log_queue.db-journal
- <Package Folder>/databases/logdb.db
- <Package Folder>/databases/logdb.db-journal
- <Package Folder>/databases/message_accs_db
- <Package Folder>/databases/message_accs_db-journal
- <Package Folder>/databases/mzmonitor
- <Package Folder>/databases/mzmonitor-journal
- <Package Folder>/databases/ss_app_log.db-journal
- <Package Folder>/databases/ss_app_monitor.db-journal
- <Package Folder>/databases/ss_downloads.db-journal
- <Package Folder>/databases/ss_push_log.db
- <Package Folder>/databases/ss_push_log.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/databases/ua.db
- <Package Folder>/databases/ua.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/databases/webviewCookiesChromiumPrivate.db-journal
- <Package Folder>/files/####/1d2b904cbeadfb72ed9546111a231c85.0
- <Package Folder>/files/####/228.zip
- <Package Folder>/files/####/24c110e1f76093b35c3c2df1927aab79.0
- <Package Folder>/files/####/5074124460171.0
- <Package Folder>/files/####/<Package>-1.apk.classes-1177255710.zip
- <Package Folder>/files/####/<Package>-1.apk.classes-1434393938.zip
- <Package Folder>/files/####/Play@2x.png
- <Package Folder>/files/####/Play@3x.png
- <Package Folder>/files/####/Play_night@2x.png
- <Package Folder>/files/####/Play_night@3x.png
- <Package Folder>/files/####/android-common-forum.js
- <Package Folder>/files/####/android-common.js
- <Package Folder>/files/####/android-forum.js
- <Package Folder>/files/####/android.css
- <Package Folder>/files/####/android.js
- <Package Folder>/files/####/android.js.dat
- <Package Folder>/files/####/dashed_split_line.png
- <Package Folder>/files/####/dashed_split_line_night.png
- <Package Folder>/files/####/data.json
- <Package Folder>/files/####/data2.json
- <Package Folder>/files/####/detect.js.dat
- <Package Folder>/files/####/exchangeIdentity.json
- <Package Folder>/files/####/feed_publish.png
- <Package Folder>/files/####/feed_publish_night.png
- <Package Folder>/files/####/feed_publish_night_pressed.png
- <Package Folder>/files/####/feed_publish_pressed.png
- <Package Folder>/files/####/film_stars_sprites.png
- <Package Folder>/files/####/forum.css
- <Package Folder>/files/####/free_day@3x.png
- <Package Folder>/files/####/free_night@3x.png
- <Package Folder>/files/####/hijack_temp.json
- <Package Folder>/files/####/iconfont.ttf
- <Package Folder>/files/####/image_bg_click.png
- <Package Folder>/files/####/image_bg_click_night.png
- <Package Folder>/files/####/journal
- <Package Folder>/files/####/journal.tmp
- <Package Folder>/files/####/lib-forum.js
- <Package Folder>/files/####/lib.js
- <Package Folder>/files/####/loading-white@2x.png
- <Package Folder>/files/####/loading-white@3x.png
- <Package Folder>/files/####/loading@2x.png
- <Package Folder>/files/####/loading@3x.png
- <Package Folder>/files/####/loading_night@2x.png
- <Package Folder>/files/####/loading_night@3x.png
- <Package Folder>/files/####/red_packet2_night@3x.png
- <Package Folder>/files/####/red_packet@3x.png
- <Package Folder>/files/####/red_packet_night@3x.png
- <Package Folder>/files/####/red_packet_shadow@3x.png
- <Package Folder>/files/####/red_packet_shadow_night@3x.png
- <Package Folder>/files/####/refresh.png
- <Package Folder>/files/####/refresh_night.png
- <Package Folder>/files/####/sell_day@3x.png
- <Package Folder>/files/####/sell_night@3x.png
- <Package Folder>/files/####/ss_plugin.json
- <Package Folder>/files/####/tab_background.png
- <Package Folder>/files/####/tab_background_night.png
- <Package Folder>/files/####/tab_follow.png
- <Package Folder>/files/####/tab_follow_night.png
- <Package Folder>/files/####/tab_follow_night_pressed.png
- <Package Folder>/files/####/tab_follow_pressed.png
- <Package Folder>/files/####/tab_huoshan.png
- <Package Folder>/files/####/tab_huoshan_night.png
- <Package Folder>/files/####/tab_huoshan_night_pressed.png
- <Package Folder>/files/####/tab_huoshan_pressed.png
- <Package Folder>/files/####/tab_mine.png
- <Package Folder>/files/####/tab_mine_night.png
- <Package Folder>/files/####/tab_mine_night_pressed.png
- <Package Folder>/files/####/tab_mine_pressed.png
- <Package Folder>/files/####/tab_no_login.png
- <Package Folder>/files/####/tab_no_login_night.png
- <Package Folder>/files/####/tab_no_login_night_pressed.png
- <Package Folder>/files/####/tab_no_login_pressed.png
- <Package Folder>/files/####/tab_stream.png
- <Package Folder>/files/####/tab_stream_night.png
- <Package Folder>/files/####/tab_stream_night_pressed.png
- <Package Folder>/files/####/tab_stream_pressed.png
- <Package Folder>/files/####/tab_topic.png
- <Package Folder>/files/####/tab_topic_night.png
- <Package Folder>/files/####/tab_topic_night_pressed.png
- <Package Folder>/files/####/tab_topic_pressed.png
- <Package Folder>/files/####/tab_video.png
- <Package Folder>/files/####/tab_video_night.png
- <Package Folder>/files/####/tab_video_night_pressed.png
- <Package Folder>/files/####/tab_video_pressed.png
- <Package Folder>/files/####/tab_weitoutiao.png
- <Package Folder>/files/####/tab_weitoutiao_night.png
- <Package Folder>/files/####/tab_weitoutiao_night_pressed.png
- <Package Folder>/files/####/tab_weitoutiao_pressed.png
- <Package Folder>/files/####/tempimage-1535786124.tmp
- <Package Folder>/files/####/tempimage-1704696270.tmp
- <Package Folder>/files/####/tempimage-733524612.tmp
- <Package Folder>/files/####/tempimage264344679.tmp
- <Package Folder>/files/####/tempimage884581618.tmp
- <Package Folder>/files/.imprint
- <Package Folder>/files/5.jar
- <Package Folder>/files/DaemonServer
- <Package Folder>/files/SUBOXLOG_
- <Package Folder>/files/agoo.pid
- <Package Folder>/files/exid.dat
- <Package Folder>/files/process.lock
- <Package Folder>/files/timestamp
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/shared_prefs/6.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/ACCS_BIND.xml
- <Package Folder>/shared_prefs/ACCS_SDK.xml
- <Package Folder>/shared_prefs/ACCS_SDK_CHANNEL.xml
- <Package Folder>/shared_prefs/Agoo_AppStore.xml
- <Package Folder>/shared_prefs/Alvin2.xml
- <Package Folder>/shared_prefs/ContextData.xml
- <Package Folder>/shared_prefs/KEY_DERIVATIVE_ENABLE.xml
- <Package Folder>/shared_prefs/KEY_NEED_UPLOAD_LAUNCHLOG.xml
- <Package Folder>/shared_prefs/KEY_SP_JSON_DATA.xml
- <Package Folder>/shared_prefs/_andfix_.xml
- <Package Folder>/shared_prefs/app_crash_copy.xml
- <Package Folder>/shared_prefs/app_log_encrypt_switch_count.xml
- <Package Folder>/shared_prefs/app_setting.xml
- <Package Folder>/shared_prefs/app_setting.xml.bak
- <Package Folder>/shared_prefs/app_track.xml
- <Package Folder>/shared_prefs/applog_stats.xml
- <Package Folder>/shared_prefs/auth_sdk_device.xml
- <Package Folder>/shared_prefs/auth_shared.xml
- <Package Folder>/shared_prefs/com.ss.spipe_setting.xml
- <Package Folder>/shared_prefs/custom_channels.xml
- <Package Folder>/shared_prefs/hijack_html_black_list_table.xml
- <Package Folder>/shared_prefs/host_monitor_config.xml
- <Package Folder>/shared_prefs/image_opt_table.xml
- <Package Folder>/shared_prefs/imei.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/local_settings.prefs.xml
- <Package Folder>/shared_prefs/logSP_1.xml
- <Package Folder>/shared_prefs/main_app_settings.xml
- <Package Folder>/shared_prefs/mipush.xml
- <Package Folder>/shared_prefs/mipush_extra.xml
- <Package Folder>/shared_prefs/misc_config.xml
- <Package Folder>/shared_prefs/monitor_config.xml
- <Package Folder>/shared_prefs/mpush.xml
- <Package Folder>/shared_prefs/multi_process_config.xml
- <Package Folder>/shared_prefs/multidex.version.xml
- <Package Folder>/shared_prefs/plugin_update_info.xml
- <Package Folder>/shared_prefs/pre_control.xml
- <Package Folder>/shared_prefs/pref.xml
- <Package Folder>/shared_prefs/push_multi_process_config.xml
- <Package Folder>/shared_prefs/push_multi_process_config.xml.bak
- <Package Folder>/shared_prefs/snssdk_openudid.xml
- <Package Folder>/shared_prefs/sp_anti_fraud.xml
- <Package Folder>/shared_prefs/ss_app_config.xml
- <Package Folder>/shared_prefs/ss_comment_ad.xml
- <Package Folder>/shared_prefs/ss_location.xml
- <Package Folder>/shared_prefs/ss_pull_refresh_ad.xml
- <Package Folder>/shared_prefs/ss_share_ad.xml
- <Package Folder>/shared_prefs/ss_splash_ad.xml
- <Package Folder>/shared_prefs/tb_session.xml
- <Package Folder>/shared_prefs/traffic_monitor_info.xml
- <Package Folder>/shared_prefs/tt_web_view_resource_version.xml
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/vbz.xml
- <SD-Card>/.DataStorage/ContextData.xml
- <SD-Card>/.UTSystemConfig/####/Alvin2.xml
- <SD-Card>/Android/####/.nomedia
- <SD-Card>/Android/####/39cffb7107866b3ec8dd36f9b0eaf6b8.apk
- <SD-Card>/Android/####/7e8b169255b64ade9b1e5264af81e9a0
- <SD-Card>/Android/####/8c834555af324c349ba08d87b42e6893
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/cb09663b4a974913a4f1c1f249718d58
- <SD-Card>/Android/####/clientudid.dat
- <SD-Card>/Android/####/com.bytedance.concernrelated.apk
- <SD-Card>/Android/####/com.ss.android.ugc.apk
- <SD-Card>/Android/####/com.ss.android.video.apk
- <SD-Card>/Android/####/com.ss.android.wenda.apk
- <SD-Card>/Android/####/device_parameters.dat
- <SD-Card>/Android/####/e1ae2e5a655449fbc9a125bd135d076d.dat
- <SD-Card>/Android/####/eb2d82c431253
- <SD-Card>/Android/####/log.lock
- <SD-Card>/Android/####/log1.txt
- <SD-Card>/Android/####/logInfo.mmap
- <SD-Card>/Android/####/tempimage961683741.tmp
- <SD-Card>/amap/####/1510833319358.db
- <SD-Card>/amap/####/alsn.db
- <SD-Card>/amap/####/alsn.db-journal
- <SD-Card>/bytedance/device_parameters.dat
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:4fd805175270154a3c000005","utdid":"Wg18oOKpds8DAGdzx1EoX4qX","sdkVersion":"214"} -I agoodm.m.taobao.com -O 80 -T -Z
- <Package Folder>/lib/libsupervisor.so <Package> com.ss.android.message.NotifyService <Package>:push <Package Folder> 0
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/39cffb7107866b3ec8dd36f9b0eaf6b8.apk
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- getprop ro.build.version.emui
- getprop ro.letv.release.version
- getprop ro.vivo.os.build.display.id
- sh
- sh <Package Folder>/lib/libsupervisor.so <Package> com.ss.android.message.NotifyService <Package>:push <Package Folder> 0
Загружает динамические библиотеки:
- andfix
- antifraud
- gifimage
- imagepipeline
- native-lib-process-lock
- tnet-3.1
- ttEncrypt
- ttnativecrash
- weibosdkcore
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- DES
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- DES
- RSA-ECB-PKCS1Padding
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Осуществляет доступ к информации о зарегистрированных на устройстве аккаунтах (Google, Facebook и тд.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
