Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Packed.18526
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) xi####.5####.top:80
- TCP(HTTP/1.1) hui.shuming####.com.cn:80
- TCP(HTTP/1.1) h5.hao####.com.####.com:80
- TCP(HTTP/1.1) www.go####.com:80
- TCP(HTTP/1.1) pi####.qq.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) pin####.qq.com:80
- TCP(HTTP/1.1) ds.b####.cn:80
- TCP(HTTP/1.1) shp.q####.cn:80
- TCP(HTTP/1.1) 09.img####.eas####.####.com:80
- TCP(HTTP/1.1) c####.huitou####.com.cn:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
- TCP(HTTP/1.1) q####.qq.com:80
- TCP(HTTP/1.1) isds####.qq.com:80
- TCP(HTTP/1.1) bc.w####.com:80
- TCP(HTTP/1.1) c####.s####.top:80
- TCP(HTTP/1.1) c####.pub.qq.com:80
- TCP(HTTP/1.1) 0####.s####.com.####.com:80
- TCP(HTTP/1.1) p.q####.cn:80
- TCP(HTTP/1.1) w####.k####.cn.####.com:80
- TCP(TLS/1.0) wapif####.dftou####.com:443
- TCP(TLS/1.0) 1####.146.74.34:443
- TCP(TLS/1.0) res.id-lin####.com:443
- TCP(TLS/1.0) ci####.s####.com:443
- TCP(TLS/1.0) em.b####.com:443
- TCP(TLS/1.0) c####.baidust####.com:443
- TCP(TLS/1.0) j####.qq.com:443
- TCP(TLS/1.0) 09.img####.eas####.####.com:443
- TCP(TLS/1.0) wn.pos.b####.com:443
- TCP(TLS/1.0) m####.eas####.com.####.com:443
- TCP(TLS/1.0) 03.img####.eas####.####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) d####.eas####.com:443
- TCP(TLS/1.0) si####.jom####.com:443
- TCP(TLS/1.0) wapac####.dftou####.com:443
- TCP(TLS/1.0) t####.eas####.com:443
- TCP(TLS/1.0) h5.hao####.com.####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) softwor####.dftou####.com:443
- TCP(TLS/1.0) detail####.dftou####.com:443
- TCP(TLS/1.0) s####.im:443
- TCP(TLS/1.0) wapht####.s####.com:443
- TCP(TLS/1.0) 1####.217.20.110:443
- TCP(TLS/1.0) 05.img####.eas####.####.com:443
Запросы DNS:
- 0####.s####.com
- 00.img####.eas####.com
- 01.img####.eas####.com
- 02.img####.eas####.com
- 03.img####.eas####.com
- 04.img####.eas####.com
- 05.img####.eas####.com
- 06.img####.eas####.com
- 07.img####.eas####.com
- 08.img####.eas####.com
- 09.img####.eas####.com
- aexcep####.b####.qq.com
- and####.b####.qq.com
- bc.w####.com
- c####.baidust####.com
- c####.huitou####.com.cn
- c####.pub.qq.com
- c####.s####.top
- ci####.s####.com
- d####.eas####.com
- detail####.dftou####.com
- ds.b####.cn
- em.b####.com
- f10.b####.com
- f11.b####.com
- f12.b####.com
- h5.hao####.com
- hm.b####.com
- hui.shuming####.com.cn
- isds####.qq.com
- j####.qq.com
- m####.eas####.com
- m####.k####.cn
- p.q####.cn
- pi####.qq.com
- pin####.qq.com
- pos.b####.com
- q####.qq.com
- res.id-lin####.com
- s####.im
- shp.q####.cn
- softwor####.dftou####.com
- t####.eas####.com
- t10.b####.com
- t12.b####.com
- wapac####.dftou####.com
- wapht####.s####.com
- wapif####.dftou####.com
- wn.pos.b####.com
- www.go####.com
- xi####.5####.top
Запросы HTTP GET:
- 0####.s####.com.####.com/h5/partner/zfbc.min.js
- 09.img####.eas####.####.com/mobile/20171124/20171124090442_971883f45b457...
- 09.img####.eas####.####.com/mobile/20171206/20171205_55a34e2adcdb6001b99...
- 09.img####.eas####.####.com/mobile/20171206/20171205_fe98857c1e73fffb3d7...
- 09.img####.eas####.####.com/mobile/20171206/20171206_741bf297f97648f33fe...
- 09.img####.eas####.####.com/mobile/20171208/20171208_0c9a867e7045c58d7b7...
- 09.img####.eas####.####.com/mobile/20171208/20171208_31ec2c07e0cf2a4fe4b...
- 09.img####.eas####.####.com/mobile/20171208/20171208_75acb51b279f2a062ac...
- 09.img####.eas####.####.com/mobile/20171213/20171213_3da08da4783187a4eb8...
- 09.img####.eas####.####.com/mobile/20171213/20171213_b2c38a5931252d92eea...
- 09.img####.eas####.####.com/mobile/20171213/20171213_dbde761ccd1bf443094...
- 09.img####.eas####.####.com/mobile/20180208/20180208_5a0889ee3552502d3c7...
- 09.img####.eas####.####.com/mobile/20180208/20180208_62e23ab1e87bcfed54d...
- 09.img####.eas####.####.com/mobile/20180208/20180208_a872d1e44a888a6b011...
- 09.img####.eas####.####.com/mobile/20180215/20180215_08651441faf9fded497...
- 09.img####.eas####.####.com/mobile/20180215/20180215_6ca254c0941ba79e6ab...
- 09.img####.eas####.####.com/mobile/20180215/20180215_87f2b7562e79ca3f3b3...
- 09.img####.eas####.####.com/mobile/20180224/20180224_14ad2b322f2d23c562a...
- 09.img####.eas####.####.com/mobile/20180224/20180224_73cd903efdc0c3d1e25...
- 09.img####.eas####.####.com/mobile/20180224/20180224_f31d38978917b7617f5...
- 09.img####.eas####.####.com/mobile/20180309/20180309_b994f1ea3db6cece5dc...
- 09.img####.eas####.####.com/mobile/20180309/20180309_c593a4abc83ff9810d4...
- 09.img####.eas####.####.com/mobile/20180309/20180309_e92c2614602bfa244d7...
- 09.img####.eas####.####.com/mobile/20180317/20180317_174aa4495160be84169...
- 09.img####.eas####.####.com/mobile/20180317/20180317_50a27d31a5ffe23dd82...
- 09.img####.eas####.####.com/mobile/20180317/20180317_e51df703cccafc41c56...
- 09.img####.eas####.####.com/mobile/20180326/20180326120319_5e4ef26e1352f...
- 09.img####.eas####.####.com/mobile/20180328/20180328_21faaf494a5ea733064...
- 09.img####.eas####.####.com/mobile/20180328/20180328_5e075d3f8d9a690b6cd...
- 09.img####.eas####.####.com/mobile/20180328/20180328_9b72f9544488bf6843d...
- 09.img####.eas####.####.com/mobile/20180409/20180409_553f418d01246f6c0dd...
- 09.img####.eas####.####.com/mobile/20180409/20180409_be4602eadcaa8dd0e9e...
- 09.img####.eas####.####.com/mobile/20180409/20180409_d517bf7440c753f8c41...
- 09.img####.eas####.####.com/mobile/20180418/20180418035605_c5063fd3f18b4...
- 09.img####.eas####.####.com/mobile/20180420/20180420164121_58d7d21cf0d9b...
- 09.img####.eas####.####.com/mobile/20180421/20180421185918_fdcfc20af40a1...
- 09.img####.eas####.####.com/mobile/20180423/20180423114815_8c8696eb7775e...
- 09.img####.eas####.####.com/mobile/20180424/20180424021527_e6a4e7d151b5c...
- 09.img####.eas####.####.com/mobile/20180424/20180424094642_5677a76631425...
- 09.img####.eas####.####.com/mobile/20180424/20180424153947_d67261bbbba22...
- 09.img####.eas####.####.com/mobile/20180424/20180424195005_35fe1e71ae685...
- 09.img####.eas####.####.com/mobile/20180424/20180424_51ace2e07300fee1cf6...
- 09.img####.eas####.####.com/mobile/20180424/20180424_793e5f297ae95b0b63a...
- 09.img####.eas####.####.com/mobile/20180424/20180424_de2a8757e69366d70e6...
- 09.img####.eas####.####.com/mobile/20180425/20180425020632_a7e0992652a8e...
- 09.img####.eas####.####.com/mobile/20180425/20180425_0eb01220c030d1a91fa...
- 09.img####.eas####.####.com/mobile/20180425/20180425_22da3cb2e96df00eaed...
- 09.img####.eas####.####.com/mobile/20180425/20180425_36d2ec1fa64c8f35f04...
- 09.img####.eas####.####.com/mobile/20180425/20180425_3929665cb7b377ce19b...
- 09.img####.eas####.####.com/mobile/20180425/20180425_5258e4951bd61555700...
- 09.img####.eas####.####.com/mobile/20180425/20180425_743f6ffd2df7b3c463e...
- 09.img####.eas####.####.com/mobile/20180425/20180425_77162ad9253cbe98a9b...
- 09.img####.eas####.####.com/mobile/20180425/20180425_8b17ff3e3088f749ab3...
- 09.img####.eas####.####.com/mobile/20180425/20180425_d3d31a25109e66907f3...
- 09.img####.eas####.####.com/mobile/20180426/20180426_18d815b25f4fb060111...
- 09.img####.eas####.####.com/mobile/20180426/20180426_5820ee941d27da42819...
- 09.img####.eas####.####.com/mobile/20180426/20180426_643e1ddf935adda8dc7...
- 09.img####.eas####.####.com/mobile/20180426/20180426_6b152589d30dccc4eb3...
- 09.img####.eas####.####.com/mobile/20180426/20180426_73da344d11e4ebf6afc...
- 09.img####.eas####.####.com/mobile/20180426/20180426_89012edd3091230e553...
- 09.img####.eas####.####.com/mobile/20180426/20180426_ae19b59c924ab7dfe88...
- 09.img####.eas####.####.com/mobile/20180426/20180426_d43ec2d496d3e808010...
- 09.img####.eas####.####.com/mobile/20180426/20180426_d4a4e1137e0de4196a5...
- 09.img####.eas####.####.com/mobile/20180426/20180426_e2784cccf72ef85168f...
- 09.img####.eas####.####.com/mobile/20180426/20180426_e3bdaffb0cde1f93931...
- 09.img####.eas####.####.com/mobile/20180426/20180426_ee976ef6ee3aaa6fa42...
- 09.img####.eas####.####.com/mobile/20180426/20180426_ef6fae1a3b38e3cec74...
- 09.img####.eas####.####.com/mobile/20180426/20180426_f20fcdd46161012e8b3...
- 09.img####.eas####.####.com/mobile/20180426/20180426_f90803110e1a7b8180e...
- 09.img####.eas####.####.com/mobile/20180427/20180427065833_211d1598a311b...
- 09.img####.eas####.####.com/mobile/20180427/20180427065833_2b320435c1908...
- 09.img####.eas####.####.com/mobile/20180427/20180427065833_7298a8d2e4e25...
- 09.img####.eas####.####.com/mobile/20180427/20180427114930_7139db79d3ab2...
- 09.img####.eas####.####.com/mobile/20180427/20180427161557_27719c818bd56...
- 09.img####.eas####.####.com/mobile/20180427/20180427201746_5eb75c9377ea5...
- 09.img####.eas####.####.com/mobile/20180427/20180427233657_d30930c5e58aa...
- 09.img####.eas####.####.com/mobile/20180427/20180427234057_e793b481e5c79...
- 09.img####.eas####.####.com/mobile/20180427/20180427_337f8e066188ad16f19...
- 09.img####.eas####.####.com/mobile/20180427/20180427_8131d63e25387b2b05f...
- 09.img####.eas####.####.com/mobile/20180427/20180427_b24b5a3a44b54ae8fe5...
- 09.img####.eas####.####.com/mobile/20180428/20180428151931_46ba70c9d91b3...
- 09.img####.eas####.####.com/mobile/20180428/20180428151931_5faf47bae6504...
- 09.img####.eas####.####.com/mobile/20180428/20180428151931_be3565ec129ed...
- 09.img####.eas####.####.com/mobile/20180428/20180428_1bc0ccc1dec47b66acb...
- 09.img####.eas####.####.com/mobile/20180428/20180428_21bb83d88764b8de48f...
- 09.img####.eas####.####.com/mobile/20180428/20180428_93140d03c41aff6cb67...
- 09.img####.eas####.####.com/mobile/20180428/20180428_c3917851347933ce7e1...
- 09.img####.eas####.####.com/mobile/20180428/20180428_ef10df629d74df90c35...
- 09.img####.eas####.####.com/mobile/20180428/20180428_f9ddece55f3bd3029e3...
- 09.img####.eas####.####.com/mobile/20180429/20180429182917_cd55ddd0b9471...
- 09.img####.eas####.####.com/mobile/20180430/20180430152442_733967b0cfc58...
- 09.img####.eas####.####.com/mobile/20180501/20180501112311_a36f632571a38...
- 09.img####.eas####.####.com/mobile/20180502/20180502113809_524e59c6dcc82...
- 09.img####.eas####.####.com/mobile/20180503/20180503101154_f59319eef23bd...
- 09.img####.eas####.####.com/mobile/20180503/20180503170931_4e5f5713f756c...
- 09.img####.eas####.####.com/mobile/20180503/20180503183455_223a0082d3d82...
- 09.img####.eas####.####.com/mobile/20180503/20180503191805_19711322660d3...
- 09.img####.eas####.####.com/mobile/20180503/20180503201230_ca6840beee02b...
- 09.img####.eas####.####.com/mobile/20180503/20180503220123_da0f5063d192f...
- 09.img####.eas####.####.com/mobile/20180503/20180503222933_c898eea1cd696...
- 09.img####.eas####.####.com/mobile/20180503/20180503223037_1b7c7ed7c658d...
- 09.img####.eas####.####.com/mobile/20180503/20180503_22dde03e797b7c58b15...
- 09.img####.eas####.####.com/mobile/20180503/20180503_65bc4f1963e6ef9a9b2...
- 09.img####.eas####.####.com/mobile/20180503/20180503_66d6e123692ca2d34e5...
- 09.img####.eas####.####.com/mobile/20180503/20180503_6c40db11ad1c8b065d9...
- 09.img####.eas####.####.com/mobile/20180503/20180503_7b15203b70365746f36...
- 09.img####.eas####.####.com/mobile/20180503/20180503_8ea675894e0d8444157...
- 09.img####.eas####.####.com/mobile/20180503/20180503_9946c8547e7c95456d1...
- 09.img####.eas####.####.com/mobile/20180503/20180503_b0e5b9fc19c01989e9f...
- 09.img####.eas####.####.com/mobile/20180503/20180503_ef68944fc4a43555095...
- 09.img####.eas####.####.com/mobile/20180503/20180503_f9a0883732335e8d262...
- 09.img####.eas####.####.com/mobile/20180504/20180504192056_4b321fe30b593...
- 09.img####.eas####.####.com/mobile/20180504/20180504201213_d9d9438a025d8...
- 09.img####.eas####.####.com/mobile/20180504/20180504222844_9a919ada0eb1a...
- 09.img####.eas####.####.com/mobile/20180504/20180504222947_3d8429a7ea5a2...
- 09.img####.eas####.####.com/mobile/20180504/20180504_2cf61f21ed0e561305a...
- 09.img####.eas####.####.com/mobile/20180504/20180504_7a0c94aa7fbec68ab63...
- 09.img####.eas####.####.com/mobile/20180504/20180504_87cffb4da9f9da18b5a...
- 09.img####.eas####.####.com/mobile/20180504/20180504_8a490657c5a98d19981...
- 09.img####.eas####.####.com/mobile/20180504/20180504_c0bba66e4e5fc0a9ff2...
- 09.img####.eas####.####.com/mobile/20180504/20180504_fc1abe7a361d7510e8c...
- 09.img####.eas####.####.com/mobile/20180505/20180505000119_7cc3a45071cac...
- 09.img####.eas####.####.com/mobile/20180505/20180505000141_cba9aa9daed43...
- 09.img####.eas####.####.com/mobile/20180506/20180506060255_7d917fbe833aa...
- 09.img####.eas####.####.com/mobile/20180506/20180506074358_00502aa599540...
- 09.img####.eas####.####.com/mobile/20180506/20180506081338_832f38588119c...
- 09.img####.eas####.####.com/mobile/20180506/20180506090701_1bab03b66c9e6...
- 09.img####.eas####.####.com/mobile/20180506/20180506110836_22281188b7637...
- 09.img####.eas####.####.com/mobile/20180506/20180506110836_2cf8820a18181...
- 09.img####.eas####.####.com/mobile/20180506/20180506110836_ddc11620c6671...
- 09.img####.eas####.####.com/mobile/20180506/20180506111105_727317b460a64...
- 09.img####.eas####.####.com/mobile/20180506/20180506123116_c3fc304c03c56...
- 09.img####.eas####.####.com/mobile/20180506/20180506134225_683a29afdbcd8...
- 09.img####.eas####.####.com/mobile/20180506/20180506140703_8b9afb159c269...
- 09.img####.eas####.####.com/mobile/20180506/20180506140705_b656216f623e0...
- 09.img####.eas####.####.com/mobile/20180506/20180506144251_1e356bb818311...
- 09.img####.eas####.####.com/mobile/20180506/20180506144251_745d72e7a4758...
- 09.img####.eas####.####.com/mobile/20180506/20180506144251_f1d5e67683807...
- 09.img####.eas####.####.com/mobile/20180506/20180506151414_9f5a7fdcc1abc...
- 09.img####.eas####.####.com/mobile/20180506/20180506151414_b8c53a7949a56...
- 09.img####.eas####.####.com/mobile/20180506/20180506151414_d288735a4df5e...
- 09.img####.eas####.####.com/mobile/20180506/20180506152447_17cc70b5e9b9c...
- 09.img####.eas####.####.com/mobile/20180506/20180506152910_ce161af4a07fb...
- 09.img####.eas####.####.com/mobile/20180506/20180506161042_5fd0d9fa126ea...
- 09.img####.eas####.####.com/mobile/20180506/20180506163129_e646f9045f65d...
- bc.w####.com/bbs/book_view.aspx?siteid=####&classid=####&id=####&lpage=#...
- bc.w####.com/bbs/book_view.aspx?siteid=####&classid=####&lpage=####&id=#...
- c####.huitou####.com.cn/frontend/web/read/track?id=####
- c####.huitou####.com.cn/frontend/web/read/track?id=####&token=####
- c####.pub.qq.com/report/bnl?data=####
- h5.hao####.com.####.com/h5/css/common.min.css
- h5.hao####.com.####.com/h5/css/page_details.min.css
- h5.hao####.com.####.com/h5/css/photoswipe/photoswipe.min.css
- h5.hao####.com.####.com/h5/js/common.min.js
- h5.hao####.com.####.com/h5/js/gg_details.min.js
- h5.hao####.com.####.com/h5/js/page_details.min.js
- h5.hao####.com.####.com/h5/js/photoswipe/photoswipe.min.js
- h5.hao####.com.####.com/h5/js/responsive.min.js
- h5.hao####.com.####.com/toutiaoh5/channeljs/h5toutiao/h5toutiaocookie.js
- h5.hao####.com.####.com/toutiaoh5/channeljs/h5toutiao/huitt_wc/ttdetails...
- h5.hao####.com.####.com/toutiaoh5/img/down.png
- h5.hao####.com.####.com/toutiaoh5/img/img_preview.png
- hui.shuming####.com.cn/huitoutiao/js/common.js
- hui.shuming####.com.cn/huitoutiao/js/jquery-1.8.3.min.js
- hui.shuming####.com.cn/huitoutiao/news-share.html?id=####
- isds####.qq.com/cgi-bin/r.cgi?flag1=####&flag2=####&flag3=####&1=####
- p.q####.cn/qqconadmin/0/b095d8d0ad144de3943f5dcba95a9624/0
- q####.qq.com/cgi-bin/qm/qr?k=####&auth=####
- q####.qq.com/favicon.ico
- shp.q####.cn/collector/55473276/da23a4a8-9a1d-4ba4-8ddc-ef60b496e8fa/0
- w####.k####.cn.####.com/m/180425092833739.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180427233609508.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180503194213437.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180504065255436.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180504065607227.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180504070557557.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180504075133290.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180504084335990.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180504084337005.html?fr=####&qid=####&apptypei...
- w####.k####.cn.####.com/m/180504084337475.html?fr=####&qid=####&apptypei...
- www.go####.com/complete/search?hl=####&client=####&q=####
Запросы HTTP POST:
- aexcep####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- c####.s####.top/ajax.php?act=####
- ds.b####.cn/ajax.php?act=####
- pi####.qq.com/mstat/report/?index=####
- pin####.qq.com/request
- xi####.5####.top/ajax.php?act=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/bugly_db_legu-journal
- /data/data/####/com.xfkjylzy.wrnmmp.mid.world.ro.xml
- /data/data/####/com.xfkjylzy.wrnmmp_preferences.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002d (deleted)
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000048 (deleted)
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_00006a
- /data/data/####/f_00006b
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/f_00006f
- /data/data/####/f_000070
- /data/data/####/f_000071
- /data/data/####/f_000072
- /data/data/####/f_000073
- /data/data/####/f_000074
- /data/data/####/f_000075
- /data/data/####/f_000076
- /data/data/####/f_000077
- /data/data/####/f_000078
- /data/data/####/f_000079
- /data/data/####/f_00007a
- /data/data/####/f_00007b
- /data/data/####/f_00007c
- /data/data/####/f_00007d
- /data/data/####/f_00007e
- /data/data/####/f_00007f
- /data/data/####/f_000080
- /data/data/####/f_000081
- /data/data/####/f_000082
- /data/data/####/f_000083
- /data/data/####/f_000084
- /data/data/####/f_000085
- /data/data/####/f_000086
- /data/data/####/f_000087
- /data/data/####/f_000088
- /data/data/####/f_000089
- /data/data/####/f_00008a
- /data/data/####/f_00008b
- /data/data/####/f_00008c
- /data/data/####/f_00008d
- /data/data/####/f_00008e
- /data/data/####/f_00008f
- /data/data/####/f_000090
- /data/data/####/f_000091
- /data/data/####/f_000092
- /data/data/####/f_000093
- /data/data/####/f_000094
- /data/data/####/f_000095
- /data/data/####/f_000096
- /data/data/####/f_000097
- /data/data/####/f_000098
- /data/data/####/f_000099
- /data/data/####/f_00009a
- /data/data/####/f_00009b
- /data/data/####/f_00009c
- /data/data/####/f_00009d
- /data/data/####/f_00009e
- /data/data/####/f_00009f
- /data/data/####/f_0000a0
- /data/data/####/f_0000a1
- /data/data/####/f_0000a2
- /data/data/####/f_0000a3
- /data/data/####/f_0000a4
- /data/data/####/f_0000a5
- /data/data/####/f_0000a6
- /data/data/####/f_0000a7
- /data/data/####/f_0000a8
- /data/data/####/f_0000a9
- /data/data/####/f_0000aa
- /data/data/####/f_0000ab
- /data/data/####/f_0000ac
- /data/data/####/f_0000ad
- /data/data/####/f_0000ae
- /data/data/####/f_0000af
- /data/data/####/f_0000b0
- /data/data/####/f_0000b1
- /data/data/####/f_0000b2
- /data/data/####/f_0000b3
- /data/data/####/f_0000b4
- /data/data/####/f_0000b5
- /data/data/####/f_0000b6
- /data/data/####/f_0000b7
- /data/data/####/f_0000b8
- /data/data/####/f_0000b9
- /data/data/####/f_0000ba
- /data/data/####/f_0000bb
- /data/data/####/f_0000bc
- /data/data/####/f_0000bd
- /data/data/####/f_0000be
- /data/data/####/f_0000bf
- /data/data/####/f_0000c0
- /data/data/####/f_0000c1
- /data/data/####/f_0000c2
- /data/data/####/f_0000c3
- /data/data/####/f_0000c4
- /data/data/####/f_0000c5
- /data/data/####/f_0000c6
- /data/data/####/f_0000c7
- /data/data/####/f_0000c8
- /data/data/####/f_0000c9
- /data/data/####/f_0000ca
- /data/data/####/f_0000cb
- /data/data/####/f_0000cc
- /data/data/####/f_0000cd
- /data/data/####/f_0000ce
- /data/data/####/f_0000cf
- /data/data/####/f_0000d0
- /data/data/####/f_0000d1
- /data/data/####/f_0000d2
- /data/data/####/f_0000d3
- /data/data/####/f_0000d4
- /data/data/####/f_0000d5
- /data/data/####/f_0000d6
- /data/data/####/f_0000d7
- /data/data/####/f_0000d8
- /data/data/####/f_0000d9
- /data/data/####/f_0000da
- /data/data/####/f_0000db
- /data/data/####/f_0000dc
- /data/data/####/f_0000dd
- /data/data/####/f_0000de
- /data/data/####/f_0000df
- /data/data/####/f_0000e0
- /data/data/####/f_0000e1
- /data/data/####/f_0000e2
- /data/data/####/f_0000e3
- /data/data/####/f_0000e4
- /data/data/####/f_0000e5
- /data/data/####/f_0000e6
- /data/data/####/f_0000e7
- /data/data/####/f_0000e8
- /data/data/####/f_0000e9
- /data/data/####/f_0000ea
- /data/data/####/f_0000eb
- /data/data/####/f_0000ec
- /data/data/####/f_0000ed
- /data/data/####/f_0000ee
- /data/data/####/f_0000ef
- /data/data/####/f_0000f0
- /data/data/####/f_0000f1
- /data/data/####/f_0000f2
- /data/data/####/f_0000f3
- /data/data/####/f_0000f4
- /data/data/####/f_0000f5
- /data/data/####/f_0000f6
- /data/data/####/f_0000f7
- /data/data/####/f_0000f8
- /data/data/####/f_0000f9
- /data/data/####/f_0000fa
- /data/data/####/f_0000fb
- /data/data/####/f_0000fc
- /data/data/####/f_0000fd
- /data/data/####/f_0000fe
- /data/data/####/f_0000ff
- /data/data/####/f_000100
- /data/data/####/f_000101
- /data/data/####/f_000102
- /data/data/####/f_000103
- /data/data/####/f_000104
- /data/data/####/f_000105
- /data/data/####/f_000106
- /data/data/####/f_000107
- /data/data/####/f_000108
- /data/data/####/f_000109
- /data/data/####/f_00010a
- /data/data/####/f_00010b
- /data/data/####/f_00010c
- /data/data/####/f_00010d
- /data/data/####/f_00010e
- /data/data/####/f_00010f
- /data/data/####/f_000110
- /data/data/####/f_000111
- /data/data/####/f_000112
- /data/data/####/f_000113
- /data/data/####/f_000114
- /data/data/####/f_000115
- /data/data/####/f_000116
- /data/data/####/f_000117
- /data/data/####/f_000118
- /data/data/####/f_000119
- /data/data/####/f_00011a
- /data/data/####/f_00011b
- /data/data/####/f_00011c
- /data/data/####/f_00011d
- /data/data/####/f_00011e
- /data/data/####/f_00011f
- /data/data/####/f_000120
- /data/data/####/f_000121
- /data/data/####/f_000122
- /data/data/####/f_000123
- /data/data/####/f_000124
- /data/data/####/f_000125
- /data/data/####/f_000126
- /data/data/####/f_000127
- /data/data/####/f_000128
- /data/data/####/f_000129
- /data/data/####/f_00012a
- /data/data/####/f_00012b
- /data/data/####/f_00012c
- /data/data/####/f_00012d
- /data/data/####/f_00012e
- /data/data/####/f_00012f
- /data/data/####/f_000130
- /data/data/####/f_000131
- /data/data/####/f_000132
- /data/data/####/f_000133
- /data/data/####/f_000134
- /data/data/####/f_000135
- /data/data/####/f_000136
- /data/data/####/f_000137
- /data/data/####/f_000138
- /data/data/####/f_000139
- /data/data/####/f_00013a
- /data/data/####/f_00013b
- /data/data/####/f_00013c
- /data/data/####/f_00013d
- /data/data/####/f_00013e
- /data/data/####/f_00013f
- /data/data/####/f_000140
- /data/data/####/f_000141
- /data/data/####/f_000142
- /data/data/####/f_000143
- /data/data/####/f_000144
- /data/data/####/f_000145
- /data/data/####/f_000146
- /data/data/####/f_000147
- /data/data/####/f_000148
- /data/data/####/f_000149
- /data/data/####/f_00014a
- /data/data/####/f_00014b
- /data/data/####/f_00014c
- /data/data/####/f_00014d
- /data/data/####/f_00014e
- /data/data/####/f_00014f
- /data/data/####/f_000150
- /data/data/####/f_000151
- /data/data/####/f_000152
- /data/data/####/f_000153
- /data/data/####/f_000154
- /data/data/####/f_000155
- /data/data/####/f_000156
- /data/data/####/f_000157
- /data/data/####/f_000158
- /data/data/####/f_000159
- /data/data/####/f_00015a
- /data/data/####/f_00015b
- /data/data/####/f_00015c
- /data/data/####/f_00015d
- /data/data/####/f_00015e
- /data/data/####/f_00015f
- /data/data/####/f_000160
- /data/data/####/f_000161
- /data/data/####/f_000162
- /data/data/####/f_000163
- /data/data/####/f_000164
- /data/data/####/f_000165
- /data/data/####/f_000166
- /data/data/####/f_000167
- /data/data/####/f_000168
- /data/data/####/f_000169
- /data/data/####/f_00016a
- /data/data/####/http_milan.kzw15.cn_0.localstorage-journal
- /data/data/####/https_mini.eastday.com_0.localstorage-journal
- /data/data/####/index
- /data/data/####/legu_tencent_analysis.db_com.xfkjylzy.wrnmmp-journal
- /data/data/####/libnfix.so
- /data/data/####/libshella-2.8.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/mix.dex
- /data/data/####/native_record_lock
- /data/data/####/pri_legu_tencent_analysis.db_com.xfkjylzy.wrnmmp-journal
- /data/data/####/security_info
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/182588417311533511.xzz
- /data/media/####/tp.tp.xml
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.8.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
Загружает динамические библиотеки:
- Bugly
- MtaNativeCrash
- libnfix
- libshella-2.8
- libufix
- nfix
- ufix
- ygsiyu
Использует следующие алгоритмы для шифрования данных:
- AES-CFB-NoPadding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-PKCS1PADDING
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CFB-NoPadding
- AES-GCM-NoPadding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о сети.
Отрисовывает собственные окна поверх других приложений.
