Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Dowgin.14.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) t.p####.ico####.com:80
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) p####.ico####.com:80
- TCP(HTTP/1.1) api.s####.mob.com:80
- TCP(HTTP/1.1) 7s####.v2.com.####.com:80
- TCP(TLS/1.0) gl####.w.kunl####.####.com:443
- TCP(TLS/1.0) nm.a####.com:443
Запросы DNS:
- a####.exc.mob.com
- a####.u####.com
- api.s####.mob.com
- c####.comi####.cn
- cdn.ico####.com
- oc.u####.com
- p####.ico####.com
- t.p####.ico####.com
- u####.comi####.cn
Запросы HTTP GET:
- 7s####.v2.com.####.com/10148_ccover_hp_245b1a44b673eb32.jpg?imageVi####
- 7s####.v2.com.####.com/10151_ccover_hp_89dd6c55556f0483.jpg?imageVi####
- 7s####.v2.com.####.com/10155_ccover_hp_5190d3949a07d869.jpg?imageVi####
- 7s####.v2.com.####.com/10991_ccover_hp_230e68252df79db6.jpg?imageVi####
- 7s####.v2.com.####.com/11546_10_acover_67f001dce391fe9f.jpg?imageVi####
- 7s####.v2.com.####.com/11546_11_acover_758883ac81df4e67.jpg?imageVi####
- 7s####.v2.com.####.com/11546_12_acover_545257ec2b25161a.jpg?imageVi####
- 7s####.v2.com.####.com/11546_1_acover_bff73be25648df01.jpg?imageVi####
- 7s####.v2.com.####.com/11546_2_10_fa9dc3f297e98328.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_11_f5cb7de27d0e9483.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_12_9428bd2215bad066.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_13_23fea4b6c917d2bd.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_14_a433c80dcbf35429.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_15_6da5bd4df7b1f3dd.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_16_3b7431b01c734002.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_17_37fc24fb3b734ef3.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_18_7663140293303cd6.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_19_cb798c9ea167b83c.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_1_c508b0ede5066e53.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_20_14c7c6e156acd130.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_21_4c1d69a927f16508.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_22_1882bdcd9afbec4d.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_23_9ac3dc76d145c809.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_24_ecf9efe62c881f2f.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_25_1b2236ed185fb894.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_26_96d48599f28149a3.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_27_d8bd4631424a15d9.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_28_d44f797a5df039f5.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_29_9b0a34fa7bc56a10.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_2_b758ac52370df68f.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_30_a46256b09dc91b3c.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_31_5fd9dc7dfb7b74e7.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_32_f436f836510ee96e.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_33_be0e60fb1ae27e3a.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_34_92f8de730781c529.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_35_6a8e742d16541de9.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_36_0ea2a37bf558416b.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_37_538442e7a514a23e.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_38_46c6aaddc3ce4f4c.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_39_01f8f351b33feb28.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_3_e8fe8f15120dd718.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_40_cb19342f86cf9e17.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_41_1775c168420ab722.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_42_a9c64eb5f0a39eeb.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_43_43088532032d7ccf.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_44_ede46a68c18aec83.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_45_5fc607e540c1fa41.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_46_54ee5ac5c9030f35.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_47_135de2471592329a.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_48_c2a6d064505f7e9c.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_49_bc86bfeacdf23c5e.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_4_2539a8f93c9e6b77.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_50_54ee1d499c05652e.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_51_47679e8fa2200357.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_52_2186495e9984e1b7.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_5_a67365bf01e1bc95.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_6_cbaa8da67a81a2b3.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_7_70a78713fab2f011.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_8_882af23a846cc540.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_9_4cf3d844a0437dc8.jpg?imageMo####
- 7s####.v2.com.####.com/11546_2_acover_853d34dafc7054b6.jpg?imageVi####
- 7s####.v2.com.####.com/11546_3_acover_d1092ed7e7cd5b8c.jpg?imageVi####
- 7s####.v2.com.####.com/11546_4_acover_90b6247d32a9bea9.jpg?imageVi####
- 7s####.v2.com.####.com/11546_5_acover_ff593bafc825afe1.jpg?imageVi####
- 7s####.v2.com.####.com/11546_6_acover_fd99a990e5d80ab3.jpg?imageVi####
- 7s####.v2.com.####.com/11546_7_acover_9a7e69fab373e0c9.jpg?imageVi####
- 7s####.v2.com.####.com/11546_83_acover_15fdba7970eb9878.jpg?imageVi####
- 7s####.v2.com.####.com/11546_85_acover_a05ab68f59debd0e.jpg?imageVi####
- 7s####.v2.com.####.com/11546_86_acover_aa78c6b1c7468071.jpg?imageVi####
- 7s####.v2.com.####.com/11546_87_acover_ce8ca4003a778fcb.jpg?imageVi####
- 7s####.v2.com.####.com/11546_88_acover_68f6dfba02199f88.jpg?imageVi####
- 7s####.v2.com.####.com/11546_89_acover_4c4d775110fa77e7.jpg?imageVi####
- 7s####.v2.com.####.com/11546_8_acover_675932a8e68a865a.jpg?imageVi####
- 7s####.v2.com.####.com/11546_90_acover_37fd7c0eae09fad0.jpg?imageVi####
- 7s####.v2.com.####.com/11546_91_acover_b1c82642e8bf5a92.jpg?imageVi####
- 7s####.v2.com.####.com/11546_92_acover_9a79427e833c278c.jpg?imageVi####
- 7s####.v2.com.####.com/11546_93_acover_20c940da23fc2852.jpg?imageVi####
- 7s####.v2.com.####.com/11546_94_acover_6b7732bcd6bcc516.jpg?imageVi####
- 7s####.v2.com.####.com/11546_95_acover_f6f0ad94c4dc920e.jpg?imageVi####
- 7s####.v2.com.####.com/11546_9_acover_023d72102c9c4d04.jpg?imageVi####
- 7s####.v2.com.####.com/11546_ccover_551727b5d30e4542.jpg?imageVi####
- 7s####.v2.com.####.com/11651_ccover_hp_d6265eb81c63927a.jpg?imageVi####
- 7s####.v2.com.####.com/11940_ccover_hp_be444c325dbeb3d5.jpg?imageVi####
- 7s####.v2.com.####.com/12035_ccover_hl_ffe351b8b8a9d02e.jpg?imageVi####
- 7s####.v2.com.####.com/12040_ccover_hp_021acf3fc2ecfd94.jpg?imageVi####
- 7s####.v2.com.####.com/12066_ccover_hp_2e09fe66c0f59fde.jpg?imageVi####
- 7s####.v2.com.####.com/12216_ccover_hp_f4ea749ab3afb388.jpg?imageVi####
- 7s####.v2.com.####.com/12446_ccover_hp_a27c995395fe7875.jpg?imageVi####
- 7s####.v2.com.####.com/12457_ccover_hp_b482666855e0f855.jpg?imageVi####
- 7s####.v2.com.####.com/12523_ccover_hp_c9b651907554843a.jpg?imageVi####
Запросы HTTP POST:
- a####.exc.mob.com/errconf
- a####.u####.com/app_logs
- api.s####.mob.com/conf4
- api.s####.mob.com/conn
- api.s####.mob.com/data2
- api.s####.mob.com/log4
- api.s####.mob.com/snsconf
- oc.u####.com/v2/check_config_update
- oc.u####.com/v2/get_update_time
- p####.ico####.com/categorylist
- p####.ico####.com/handshake
- p####.ico####.com/homepage
- t.p####.ico####.com/comicdetail
- t.p####.ico####.com/epinfo
- t.p####.ico####.com/getcomments2
- t.p####.ico####.com/getextinfo
- t.p####.ico####.com/splashinfo
- t.p####.ico####.com/syncextinfo
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/9bef9bc7611d15f8644ddd24dbfa316ax.jar
- /data/data/####/Alvin2.xml
- /data/data/####/AppStore.xml
- /data/data/####/ContextData.xml
- /data/data/####/ICOMICO_PREFERENCE.xml
- /data/data/####/ThrowalbeLog.db-journal
- /data/data/####/icomico_db-journal
- /data/data/####/libjiagu-2102788895.so
- /data/data/####/mob_sdk_exception_1.xml
- /data/data/####/mobclick_agent_cached_com.txj.anime.cartoon802
- /data/data/####/mobclick_agent_online_setting_com.txj.anime.cartoon.xml
- /data/data/####/share_sdk_1.xml
- /data/data/####/sharesdk.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_message_state.xml
- /data/data/####/webview.db-journal
- /data/data/####/zab95b3ae.xml
- /data/media/####/.ba
- /data/media/####/.dk
- /data/media/####/.lock
- /data/media/####/13uneu0if9y5hb9qepb5kuv8t.0.tmp
- /data/media/####/13uneu0if9y5hb9qepb5kuv8t.downtmp.downtmp
- /data/media/####/14nkucag3qgo470v2ekhnb0tv.0.tmp
- /data/media/####/164jsh4tmujfdtxf1vjbcu88q.0.tmp
- /data/media/####/1dd6gua51by2n6u56f933sgrg.0.tmp
- /data/media/####/1ep1k74p15denlmz9eplq71zw.0.tmp
- /data/media/####/1ep1k74p15denlmz9eplq71zw.downtmp.downtmp
- /data/media/####/1gkengezehvd5mr85vpn5jvn.0.tmp
- /data/media/####/1gkengezehvd5mr85vpn5jvn.downtmp.downtmp
- /data/media/####/1hk11lmmi87wuk93z5dqwdb43.0.tmp
- /data/media/####/1hk11lmmi87wuk93z5dqwdb43.downtmp.downtmp
- /data/media/####/1m4322lww8xte1uk9hf686ijk.0.tmp
- /data/media/####/1m4322lww8xte1uk9hf686ijk.downtmp.downtmp
- /data/media/####/1m5hg064nbtnxj0fgowugmvna.0.tmp
- /data/media/####/1m5hg064nbtnxj0fgowugmvna.downtmp.downtmp
- /data/media/####/22b859do4kktj58mnelzmpkcq.0.tmp
- /data/media/####/22b859do4kktj58mnelzmpkcq.downtmp.downtmp
- /data/media/####/230f0nigglf70iejpnmk7dhfi.0.tmp
- /data/media/####/230f0nigglf70iejpnmk7dhfi.downtmp.downtmp
- /data/media/####/26bpu093zc6ovafbrdpcp01ns.0.tmp
- /data/media/####/26q27aw3cf69bwuckpb7bsiys.0.tmp
- /data/media/####/26q27aw3cf69bwuckpb7bsiys.downtmp.downtmp
- /data/media/####/290yzqni3oz7o9tq5huyomlqk.0.tmp
- /data/media/####/29kksaa9yeu7ko75cscv5frln.0.tmp
- /data/media/####/29kksaa9yeu7ko75cscv5frln.downtmp.downtmp
- /data/media/####/2byanbew8tred2d9rpxrpzh1r.0.tmp
- /data/media/####/2k7otai56m0cwz76u2zvwb9fd.0.tmp
- /data/media/####/2llkfigh3cajx2mevvv7c60nc.0.tmp
- /data/media/####/2myanylk4vg6vlqset3rj3tsr.0.tmp
- /data/media/####/2sodpjwmvfswjci8tw2972l0g.0.tmp
- /data/media/####/2sodpjwmvfswjci8tw2972l0g.downtmp.downtmp
- /data/media/####/2y8goxntjva9slvn0qrjlup5l.0.tmp
- /data/media/####/30ewxfomdq5mvuntg9hswk8iw.0.tmp
- /data/media/####/30ewxfomdq5mvuntg9hswk8iw.downtmp.downtmp
- /data/media/####/3amja3zuokzt1dds7um3mq99d.0.tmp
- /data/media/####/3bfko6u5i72vkt64j55hvgmg6.0.tmp
- /data/media/####/3bfko6u5i72vkt64j55hvgmg6.downtmp.downtmp
- /data/media/####/3d2laaxg77losry1fwcbsak58.0.tmp
- /data/media/####/3dd2kdspvb3rqfhayjsxvvmsw.0.tmp
- /data/media/####/3hxhwjvp5j0g3zlpsstfenkw.0.tmp
- /data/media/####/3hxhwjvp5j0g3zlpsstfenkw.downtmp.downtmp
- /data/media/####/3kc289dcohx721empvax0fvsn.0.tmp
- /data/media/####/3kshgzgxod9zjtlu9zwawfsaq.0.tmp
- /data/media/####/3kshgzgxod9zjtlu9zwawfsaq.downtmp.downtmp
- /data/media/####/3q6n8zjqso9w6o7jfoqa2pfne.0.tmp
- /data/media/####/3xbn6ll86y39a765u1d48lki6.0.tmp
- /data/media/####/3xbn6ll86y39a765u1d48lki6.downtmp.downtmp
- /data/media/####/3z0v919zz62w1gqjagybf78ot.0.tmp
- /data/media/####/42h1cmey9hlo8m1xw3xu5f05m.0.tmp
- /data/media/####/43bvoyip6080haipfvfgiqbn9.0.tmp
- /data/media/####/4bxv12lnrmo0xw0wa358bdakt.0.tmp
- /data/media/####/4fnq6uxgcolc2i458utcsbm30.0.tmp
- /data/media/####/4fth9g8tihsf3nwcm2dx51ivy.0.tmp
- /data/media/####/4fth9g8tihsf3nwcm2dx51ivy.downtmp.downtmp
- /data/media/####/4obf1ghv2af1u4khclf3lvfr.0.tmp
- /data/media/####/4qi3orr0obhnor3p14sh41yf9.0.tmp
- /data/media/####/4qi3orr0obhnor3p14sh41yf9.downtmp.downtmp
- /data/media/####/4qqia6l39w9gwfwai0wlh8loj.0.tmp
- /data/media/####/4qqia6l39w9gwfwai0wlh8loj.downtmp.downtmp
- /data/media/####/4vx73k3h6dlo1wus4bei39gok.0.tmp
- /data/media/####/4vx73k3h6dlo1wus4bei39gok.downtmp.downtmp
- /data/media/####/4w1d4w5m0ukne33g3tr80w9ur.0.tmp
- /data/media/####/4w1d4w5m0ukne33g3tr80w9ur.downtmp.downtmp
- /data/media/####/4w9key53cjivq76w2w0u6r3l.0.tmp
- /data/media/####/4wf0o3hnrla51vj8mdilmehf0.0.tmp
- /data/media/####/4wf0o3hnrla51vj8mdilmehf0.downtmp.downtmp
- /data/media/####/4xzq4jx52kqnijs2emla16b4t.0.tmp
- /data/media/####/4xzq4jx52kqnijs2emla16b4t.downtmp.downtmp
- /data/media/####/50kfmddzvgto08bey1vuzfs6w.0.tmp
- /data/media/####/50kfmddzvgto08bey1vuzfs6w.downtmp.downtmp
- /data/media/####/53pe2u8h7xrocol61wz3qrpr3.0.tmp
- /data/media/####/55qadqhjxijyeqwari4l4vhr3.0.tmp
- /data/media/####/55qadqhjxijyeqwari4l4vhr3.downtmp.downtmp
- /data/media/####/59l9djscxkn1g6mcj33pkppt6.0.tmp
- /data/media/####/5bn1l9jx9s9znjo34hvn73vvr.0.tmp
- /data/media/####/5bn1l9jx9s9znjo34hvn73vvr.downtmp.downtmp
- /data/media/####/5dcsg6qli63zspl4n60x5mzia.0.tmp
- /data/media/####/5er0hdqftde23s8o4xzkc1bbd.0.tmp
- /data/media/####/5er0hdqftde23s8o4xzkc1bbd.downtmp.downtmp
- /data/media/####/5h20og5px4ehz50gf48u9yvf9.0.tmp
- /data/media/####/5jbtodkly061jgyabqieptajx.0.tmp
- /data/media/####/5jr4avnxvrp0gk8nb5bjj4yah.0.tmp
- /data/media/####/5nhkuu96t18cveim2atbrubzj.0.tmp
- /data/media/####/5nhkuu96t18cveim2atbrubzj.downtmp.downtmp
- /data/media/####/5vnvusntfd3346aii8vjb59ed.0.tmp
- /data/media/####/5zho43j5hfm8knnzpv9dmjzi1.0.tmp
- /data/media/####/5zho43j5hfm8knnzpv9dmjzi1.downtmp.downtmp
- /data/media/####/5zukyqi5bdv5rfqzh6rd5xkey.0.tmp
- /data/media/####/5zukyqi5bdv5rfqzh6rd5xkey.downtmp.downtmp
- /data/media/####/623lhp6q4b5ajhs6tulm23x28.0.tmp
- /data/media/####/6btaysp5iznjrc1s1fcwlzqvg.0.tmp
- /data/media/####/6btaysp5iznjrc1s1fcwlzqvg.downtmp.downtmp
- /data/media/####/6chxuzd9m7jeit2453qdhuvc5.0.tmp
- /data/media/####/6chxuzd9m7jeit2453qdhuvc5.downtmp.downtmp
- /data/media/####/6h7rux3z9fe2etcwpqdq0fsd7.0.tmp
- /data/media/####/6h7rux3z9fe2etcwpqdq0fsd7.downtmp.downtmp
- /data/media/####/6hso2uiqwbh7synoryxe1mvy6.0.tmp
- /data/media/####/6hso2uiqwbh7synoryxe1mvy6.downtmp.downtmp
- /data/media/####/6kplrtv1or6o50me0wvegnq0b.0.tmp
- /data/media/####/6kplrtv1or6o50me0wvegnq0b.downtmp.downtmp
- /data/media/####/6n4k7n43hv4mxwt3wqtbrh2gu.0.tmp
- /data/media/####/6n4k7n43hv4mxwt3wqtbrh2gu.downtmp.downtmp
- /data/media/####/6qghzkju1epn9h180rdqoef1c.0.tmp
- /data/media/####/6qghzkju1epn9h180rdqoef1c.downtmp.downtmp
- /data/media/####/6rxzqxdgo4dqg6kzucea9szle.0.tmp
- /data/media/####/6rxzqxdgo4dqg6kzucea9szle.downtmp.downtmp
- /data/media/####/6ssr9dtvakhasjhwwnjrcu0m4.0.tmp
- /data/media/####/70y0mhp5q7x9uocryvlngrey9.0.tmp
- /data/media/####/75e3of9l5yh0phxqt8matk7nt.0.tmp
- /data/media/####/75e3of9l5yh0phxqt8matk7nt.downtmp.downtmp
- /data/media/####/76qhn11qj24fo8o5v2shn17ru.0.tmp
- /data/media/####/76qhn11qj24fo8o5v2shn17ru.downtmp.downtmp
- /data/media/####/7aamphejn3c4sjiy4y4hoixaa.0.tmp
- /data/media/####/7aamphejn3c4sjiy4y4hoixaa.downtmp.downtmp
- /data/media/####/7crbis89ignf652jgqys029v1.0.tmp
- /data/media/####/7e3h4lusm8zbawcs81s9bq33i.0.tmp
- /data/media/####/7ksa6mjh8mj9qqbxujtlrmbam.0.tmp
- /data/media/####/7ksa6mjh8mj9qqbxujtlrmbam.downtmp.downtmp
- /data/media/####/8r2g11ucp0r0heiw0dkjm15n.0.tmp
- /data/media/####/9uc3tjc3yfmp6qtq2xxqg5v2.0.tmp
- /data/media/####/9uc3tjc3yfmp6qtq2xxqg5v2.downtmp.downtmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/a531894c6a6c1614b83562b7e4915916.downtmp
- /data/media/####/b0rvetan86cvrhdtbjvu27xe.0.tmp
- /data/media/####/e57917c123a2ce6b65286e168ec6b31a.downtmp
- /data/media/####/ik6n084g6vjc632gmxa8dowv.0.tmp
- /data/media/####/ik6n084g6vjc632gmxa8dowv.downtmp.downtmp
- /data/media/####/jd302tg4j6025ombpg6e0w7x.0.tmp
- /data/media/####/jd302tg4j6025ombpg6e0w7x.downtmp.downtmp
- /data/media/####/journal.tmp
- /data/media/####/l63pl24oimn911e1cgpxk8z8.0.tmp
- /data/media/####/lateny3nbkoaodlsw5ft1wxb.0.tmp
- /data/media/####/lateny3nbkoaodlsw5ft1wxb.downtmp.downtmp
- /data/media/####/lhqmbbxk141emfzgh78dk8wj.0.tmp
- /data/media/####/mt5olxdsaqs5b3apac87zwmz.0.tmp
- /data/media/####/or9c0ctzuw7gc97b34693bo3.0.tmp
- /data/media/####/or9c0ctzuw7gc97b34693bo3.downtmp.downtmp
- /data/media/####/ptszi4iyb0a40sdrxztdixvk.0.tmp
- /data/media/####/pvxgfm5l8r3fs7edamgwmenk.0.tmp
- /data/media/####/pvxgfm5l8r3fs7edamgwmenk.downtmp.downtmp
- /data/media/####/qkhoavsxzug2bcmepvtvtbku.0.tmp
- /data/media/####/qkhoavsxzug2bcmepvtvtbku.downtmp.downtmp
- /data/media/####/zo8w3xmbk4gsiubujhoy0dd6.0.tmp
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/.jiagu/libjiagu-2102788895.so
Загружает динамические библиотеки:
- libjiagu-2102788895
- neh
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS7Padding
- DES
Использует следующие алгоритмы для расшифровки данных:
- AES-ECB-NoPadding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
