Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Dowgin.14.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) t.p####.ico####.com:80
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) p####.ico####.com:80
- TCP(HTTP/1.1) api.s####.mob.com:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) si.ci.s####.com:80
- TCP(TLS/1.0) tinyq####.ove####.b0.####.com:443
- TCP(TLS/1.0) nm.a####.com:443
Запросы DNS:
- a####.exc.mob.com
- a####.u####.com
- api.s####.mob.com
- c####.comi####.cn
- cdn.ico####.com
- oc.u####.com
- p####.ico####.com
- si.ci.s####.com
- t.p####.ico####.com
- u####.comi####.cn
Запросы HTTP GET:
- si.ci.s####.com/e?a=####
- ti####.c####.l####.####.com/11405_ccover_hp_36bbb386cb5df1c0.jpg?imageVi...
- ti####.c####.l####.####.com/11813_ccover_hp_559ad394c6d8dd0c.jpg?imageVi...
- ti####.c####.l####.####.com/12086_30_10_42040f0424a6ecc6.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_11_dd1f634eca5ab184.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_12_b6efc4076cb98bf9.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_13_37f3b5ae9ae6cd28.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_14_b8468590aed6027a.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_15_a88e763ab475304b.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_16_6895a8fa044feb31.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_17_52de297734e8e60d.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_18_d7f4ec38a7a50806.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_19_32561172a46e8550.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_1_f28dc0ca0b0ae7a1.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_20_8c70fdb20bf0aa43.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_21_26bdca34bc2d816f.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_22_eebb0d74dc6fd281.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_23_f1c3eb7fdc8b697e.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_24_7dcd4acfa7895b2e.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_25_697059b753010c96.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_26_5fa7183a88bb5b07.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_27_d5fc1cf18aed2200.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_28_668fecf44244565a.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_29_e849afc6b18b4101.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_2_1a56fc0454b47f40.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_30_de52e86d4e973c4a.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_31_1702f796db908752.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_32_faed085f44e78ec2.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_33_9f7dfb41c97691ab.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_34_70b5f2e86d68be57.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_35_03eca0a5679e95bf.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_3_9482af2df603effa.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_4_287a0ca60306a0cb.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_5_23bd66941cf3889d.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_6_a481830a811428fe.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_7_bd86509c6c7fcabb.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_8_13962ea7e22638bb.jpg?imageMo####
- ti####.c####.l####.####.com/12086_30_9_7ae2e3a7da68d99d.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_10_f0f539db9179b51e.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_11_bdeac2e32e57f6b7.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_12_7d723bdaeae1fa87.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_13_3a98562ad5bd0749.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_14_e06432e2d04f1cba.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_15_31f0c2567839adcc.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_16_d6588ea1654f8952.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_17_b2a0e769c2ed7bba.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_18_63bab60dcd49d305.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_19_345218376f2509d8.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_1_f28dc0ca0b0ae7a1.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_20_5f28f69e5e493693.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_21_e5fd890b5eabe41d.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_22_da38738cfeafbf8a.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_23_91b141ffefebffad.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_24_c52da0716eecbf0c.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_25_2c259cb69b7abf69.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_26_77e69caafff3815f.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_27_d4b202995f884951.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_28_98687437ab5ba25c.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_29_1a2af4f9704cde19.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_2_acc89c23dfb00914.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_30_9345761d1b4bbbb5.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_31_ee701e17e823fee2.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_32_2a684c4428aa5b3c.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_33_7f95a65a2e61d14f.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_34_70b5f2e86d68be57.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_35_03eca0a5679e95bf.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_3_9d4133cce008c473.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_4_a9a3269b6efbb313.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_5_7ec0c7f8a5720bff.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_6_53c5199b25140523.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_7_d7e31c826b979537.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_8_8f3e0d09193fe097.jpg?imageMo####
- ti####.c####.l####.####.com/12086_31_9_13dde5a2f0592fc7.jpg?imageMo####
- ti####.c####.l####.####.com/12086_ccover_b2148ceb0b103e4b.jpg?imageVi####
- ti####.c####.l####.####.com/12086_ccover_hp_ccfdca9dc57d6746.jpg?imageVi...
- ti####.c####.l####.####.com/12485_ccover_hp_48a4adacd316227e.jpg?imageVi...
- ti####.c####.l####.####.com/12759_ccover_hp_63c871e3fe98b264.jpg?imageVi...
- ti####.c####.l####.####.com/12923_ccover_hp_4a60189a5c161f5f.jpg?imageVi...
Запросы HTTP POST:
- a####.exc.mob.com/errconf
- a####.u####.com/app_logs
- api.s####.mob.com/conf4
- api.s####.mob.com/conn
- api.s####.mob.com/data2
- api.s####.mob.com/log4
- api.s####.mob.com/snsconf
- oc.u####.com/v2/check_config_update
- oc.u####.com/v2/get_update_time
- p####.ico####.com/categorylist
- p####.ico####.com/handshake
- p####.ico####.com/homepage
- t.p####.ico####.com/comicdetail
- t.p####.ico####.com/epinfo
- t.p####.ico####.com/getcomments2
- t.p####.ico####.com/getextinfo
- t.p####.ico####.com/splashinfo
- t.p####.ico####.com/syncextinfo
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/9f38a47a5dbd168b68bd484cba4ff17bx.jar
- /data/data/####/Alvin2.xml
- /data/data/####/AppStore.xml
- /data/data/####/ContextData.xml
- /data/data/####/ICOMICO_PREFERENCE.xml
- /data/data/####/ThrowalbeLog.db-journal
- /data/data/####/icomico_db-journal
- /data/data/####/libjiagu-2102788895.so
- /data/data/####/mob_sdk_exception_1.xml
- /data/data/####/mobclick_agent_cached_com.txj.anime.cartoon796
- /data/data/####/mobclick_agent_online_setting_com.txj.anime.cartoon.xml
- /data/data/####/share_sdk_1.xml
- /data/data/####/sharesdk.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_message_state.xml
- /data/data/####/webview.db-journal
- /data/data/####/zab95b3ae.xml
- /data/media/####/.ba
- /data/media/####/.dk
- /data/media/####/.lock
- /data/media/####/18gpcdjbdbkpf93ew35o4wi4q.0.tmp
- /data/media/####/18gpcdjbdbkpf93ew35o4wi4q.downtmp.downtmp
- /data/media/####/1a1848756d7d2d028fa8e96ba7f77907.downtmp
- /data/media/####/1apdyqhtoklsob1r5nci53rb8.0.tmp
- /data/media/####/1apdyqhtoklsob1r5nci53rb8.downtmp.downtmp
- /data/media/####/1g5n4rkzo13icx0q5nzh5pat7.0.tmp
- /data/media/####/1g5n4rkzo13icx0q5nzh5pat7.downtmp.downtmp
- /data/media/####/1go6akylshyn3tlvwldgkq6os.0.tmp
- /data/media/####/1go6akylshyn3tlvwldgkq6os.downtmp.downtmp
- /data/media/####/1l6rokoahwfrgtmiga6e0ujmv.0.tmp
- /data/media/####/1l6rokoahwfrgtmiga6e0ujmv.downtmp.downtmp
- /data/media/####/1mngmwl7y9a9h7bqjnb34n56p.0.tmp
- /data/media/####/1mngmwl7y9a9h7bqjnb34n56p.downtmp.downtmp
- /data/media/####/1nlmzjmuq5oaezhnxst2v1ahq.0.tmp
- /data/media/####/1nlmzjmuq5oaezhnxst2v1ahq.downtmp.downtmp
- /data/media/####/1ojcrriarrbssoje4u52r8maf.0.tmp
- /data/media/####/1ojcrriarrbssoje4u52r8maf.downtmp.downtmp
- /data/media/####/1sfgh4uzgg1rasxus7xba3pv8.0.tmp
- /data/media/####/1sfgh4uzgg1rasxus7xba3pv8.downtmp.downtmp
- /data/media/####/1w5w0ct19n2dgcvsid502ynmr.0.tmp
- /data/media/####/1w5w0ct19n2dgcvsid502ynmr.downtmp.downtmp
- /data/media/####/1xd3cqky7me60ycm29w8qnn92.0.tmp
- /data/media/####/1xd3cqky7me60ycm29w8qnn92.downtmp.downtmp
- /data/media/####/1yoj09sd4cx9db3xfhg540xui.0.tmp
- /data/media/####/1yoj09sd4cx9db3xfhg540xui.downtmp.downtmp
- /data/media/####/20vrj14o6zxg5fwqm5dizcks0.0.tmp
- /data/media/####/20vrj14o6zxg5fwqm5dizcks0.downtmp.downtmp
- /data/media/####/21fodzhwtsbycqp7u6le8gqm2.0.tmp
- /data/media/####/21fodzhwtsbycqp7u6le8gqm2.downtmp.downtmp
- /data/media/####/27ft8lnqw4hl3m0n5rs7vbvaa.0.tmp
- /data/media/####/27ft8lnqw4hl3m0n5rs7vbvaa.downtmp.downtmp
- /data/media/####/27zq3sdy1onum6a1spx6hqyhf.0.tmp
- /data/media/####/2cdgm6pu5d255k0neot2mdfbl.0.tmp
- /data/media/####/2clzijp5ujo8gszr0ckxx8uce.0.tmp
- /data/media/####/2clzijp5ujo8gszr0ckxx8uce.downtmp.downtmp
- /data/media/####/2nwm0stv2u7la4ubmjjyl3s8k.0.tmp
- /data/media/####/2nwm0stv2u7la4ubmjjyl3s8k.downtmp.downtmp
- /data/media/####/2rrpyx69ifcyz5mekmgf6n0lt.0.tmp
- /data/media/####/2rrpyx69ifcyz5mekmgf6n0lt.downtmp.downtmp
- /data/media/####/2tun148glnwzmmpnd9b4tnrul.0.tmp
- /data/media/####/2tun148glnwzmmpnd9b4tnrul.downtmp.downtmp
- /data/media/####/2tzed59em3wb1735e0dxno9qb.0.tmp
- /data/media/####/2tzed59em3wb1735e0dxno9qb.downtmp.downtmp
- /data/media/####/2wuaudkiznyqznml2z7e48ksf.0.tmp
- /data/media/####/35a3yw360t9iyculcex72tnlr.0.tmp
- /data/media/####/35a3yw360t9iyculcex72tnlr.downtmp.downtmp
- /data/media/####/35colqtg52txrhr368rsud03r.0.tmp
- /data/media/####/37e5d7u6eh26d4pg3fuu8oxap.0.tmp
- /data/media/####/37e5d7u6eh26d4pg3fuu8oxap.downtmp.downtmp
- /data/media/####/37zt2maeqwhw19wgkhizkeh1a.0.tmp
- /data/media/####/37zt2maeqwhw19wgkhizkeh1a.downtmp.downtmp
- /data/media/####/38r5jt6ed0nlmv3p9m2yh2lcg.0.tmp
- /data/media/####/38r5jt6ed0nlmv3p9m2yh2lcg.downtmp.downtmp
- /data/media/####/39s4svz40a9s46p93sdpqk234.0.tmp
- /data/media/####/3bdddwl3gato603po9vqof27g.0.tmp
- /data/media/####/3bdddwl3gato603po9vqof27g.downtmp.downtmp
- /data/media/####/3uzqb3jv2gzf8ifgj79srimqi.0.tmp
- /data/media/####/3uzqb3jv2gzf8ifgj79srimqi.downtmp.downtmp
- /data/media/####/3vc8k5bjt73h8jskwsaiwero2.0.tmp
- /data/media/####/3vc8k5bjt73h8jskwsaiwero2.downtmp.downtmp
- /data/media/####/3voiwmbayyg5dg6k5qgl49eh1.0.tmp
- /data/media/####/3voiwmbayyg5dg6k5qgl49eh1.downtmp.downtmp
- /data/media/####/3zyusrvauuehhmym89leserbn.0.tmp
- /data/media/####/3zyusrvauuehhmym89leserbn.downtmp.downtmp
- /data/media/####/42s0i1x1j8jodzljzl3w5tbt0.0.tmp
- /data/media/####/42s0i1x1j8jodzljzl3w5tbt0.downtmp.downtmp
- /data/media/####/4hz8ig75o28vky3xvbckbknb3.0.tmp
- /data/media/####/4igzimrs4bwrmxce1dgbm4udr.0.tmp
- /data/media/####/4igzimrs4bwrmxce1dgbm4udr.downtmp.downtmp
- /data/media/####/4jkag5nmlmop74m1t0vg3ljwf.0.tmp
- /data/media/####/4jkag5nmlmop74m1t0vg3ljwf.downtmp.downtmp
- /data/media/####/4jnkgczu4y5mbg4z6kxscvsqz.0.tmp
- /data/media/####/4jnkgczu4y5mbg4z6kxscvsqz.downtmp.downtmp
- /data/media/####/4jnog4cvjb155id7a13fpu3rx.0.tmp
- /data/media/####/4jnog4cvjb155id7a13fpu3rx.downtmp.downtmp
- /data/media/####/4lyybm78eni0mcpwzzucvcm88.0.tmp
- /data/media/####/4lyybm78eni0mcpwzzucvcm88.downtmp.downtmp
- /data/media/####/4oggv59b0q5f1ycg1p2mlfe2m.0.tmp
- /data/media/####/4oggv59b0q5f1ycg1p2mlfe2m.downtmp.downtmp
- /data/media/####/4tztwp1rz91sf2mqvh43w73x.0.tmp
- /data/media/####/4tztwp1rz91sf2mqvh43w73x.downtmp.downtmp
- /data/media/####/519yd05cemgviu78lqu1fcnz.0.tmp
- /data/media/####/519yd05cemgviu78lqu1fcnz.downtmp.downtmp
- /data/media/####/52d4ekjmyfk0ibb3e1t5gu1pp.0.tmp
- /data/media/####/52d4ekjmyfk0ibb3e1t5gu1pp.downtmp.downtmp
- /data/media/####/5h66x8dn8q2sek4c5q4tfbkmn.0.tmp
- /data/media/####/5h66x8dn8q2sek4c5q4tfbkmn.downtmp.downtmp
- /data/media/####/5j5sgcj446njhwykcttypu9f6.0.tmp
- /data/media/####/5j5sgcj446njhwykcttypu9f6.downtmp.downtmp
- /data/media/####/5jsgf3syptjp2g90cd7knpyu.0.tmp
- /data/media/####/5jsgf3syptjp2g90cd7knpyu.downtmp.downtmp
- /data/media/####/5tmemrqcxphlgix37fh1wbtl6.0.tmp
- /data/media/####/64zl7e4ltc062hh7d6eyc72lw.0.tmp
- /data/media/####/64zl7e4ltc062hh7d6eyc72lw.downtmp.downtmp
- /data/media/####/65j33xm7w28cndvxpjdx9zehq.0.tmp
- /data/media/####/65j33xm7w28cndvxpjdx9zehq.downtmp.downtmp
- /data/media/####/6au9r9ncreei2bulxi76r6az.0.tmp
- /data/media/####/6au9r9ncreei2bulxi76r6az.downtmp.downtmp
- /data/media/####/6ea1b4ad95lgpq8xxngwsmq7o.0.tmp
- /data/media/####/6ea1b4ad95lgpq8xxngwsmq7o.downtmp.downtmp
- /data/media/####/6ltuorrr7dlam1ea97k7ee8f6.0.tmp
- /data/media/####/6mmpgl0rqszz801nfaiduq2z7.0.tmp
- /data/media/####/6n4g1ehueghstwmoiwc8wbrvp.0.tmp
- /data/media/####/6n4g1ehueghstwmoiwc8wbrvp.downtmp.downtmp
- /data/media/####/6tdbe6c69xohgv7k029qldup8.0.tmp
- /data/media/####/6tdbe6c69xohgv7k029qldup8.downtmp.downtmp
- /data/media/####/6ugv4co6vvefo2nk9m75nc46r.0.tmp
- /data/media/####/6ugv4co6vvefo2nk9m75nc46r.downtmp.downtmp
- /data/media/####/6y00j2zwsnc5z7ph2b6xq6ky5.0.tmp
- /data/media/####/70lyj2hyl4dd4ss1lkacobw6g.0.tmp
- /data/media/####/70lyj2hyl4dd4ss1lkacobw6g.downtmp.downtmp
- /data/media/####/733cux3u975c3fosr6duzx6qa.0.tmp
- /data/media/####/733cux3u975c3fosr6duzx6qa.downtmp.downtmp
- /data/media/####/73cfhfw5859lk1multy0cfxqc.0.tmp
- /data/media/####/73cfhfw5859lk1multy0cfxqc.downtmp.downtmp
- /data/media/####/77chqlj3iaimfienyec3ymdjo.0.tmp
- /data/media/####/77chqlj3iaimfienyec3ymdjo.downtmp.downtmp
- /data/media/####/77mekfmf89twj6mhgdsblkjls.0.tmp
- /data/media/####/77mekfmf89twj6mhgdsblkjls.downtmp.downtmp
- /data/media/####/78sb180r0x65cathsi9qu41f8.0.tmp
- /data/media/####/7bouijyyito826r9cdbqkio4u.0.tmp
- /data/media/####/7bouijyyito826r9cdbqkio4u.downtmp.downtmp
- /data/media/####/98tg3innlmtmubnk9foovfyn.0.tmp
- /data/media/####/98tg3innlmtmubnk9foovfyn.downtmp.downtmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/avcjfnlqahkpa7juhwiobgpe.0.tmp
- /data/media/####/avcjfnlqahkpa7juhwiobgpe.downtmp.downtmp
- /data/media/####/f1cc500667dc3fcd2f125855474b34af.downtmp
- /data/media/####/gxk60wmenb7oili6fx1nydhv.0.tmp
- /data/media/####/gxk60wmenb7oili6fx1nydhv.downtmp.downtmp
- /data/media/####/journal.tmp
- /data/media/####/pv24x51s1qgoq54eyzcobs9f.0.tmp
- /data/media/####/pv24x51s1qgoq54eyzcobs9f.downtmp.downtmp
- /data/media/####/q5904ybgbq6dmgekw7rz5n1z.0.tmp
- /data/media/####/qzou02vuq7tezqvn4ad3u3gn.0.tmp
- /data/media/####/qzou02vuq7tezqvn4ad3u3gn.downtmp.downtmp
- /data/media/####/t3fq77izg7div82lp2h418xc.0.tmp
- /data/media/####/t3fq77izg7div82lp2h418xc.downtmp.downtmp
- /data/media/####/uqhjou8psxk5mmdzngijr63l.0.tmp
- /data/media/####/uqhjou8psxk5mmdzngijr63l.downtmp.downtmp
- /data/media/####/uxdmkqf7m4g42xk04jd5sv9y.0.tmp
- /data/media/####/uxdmkqf7m4g42xk04jd5sv9y.downtmp.downtmp
- /data/media/####/xeedcb3yaq86dwfbrydlprx5.0.tmp
- /data/media/####/z5mh3atmvt0ghs7zdve1lr56.0.tmp
- /data/media/####/z5mh3atmvt0ghs7zdve1lr56.downtmp.downtmp
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu-2102788895.so
Загружает динамические библиотеки:
- libjiagu-2102788895
- neh
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS7Padding
- DES
Использует следующие алгоритмы для расшифровки данных:
- AES-ECB-NoPadding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
