Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.728.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) dl.api.kyli####.com:80
- TCP(HTTP/1.1) apk.91h####.com:80
- TCP(HTTP/1.1) p####.q####.cn.####.net:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) ada####.m.ta####.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) wx.q####.cn:80
- TCP(HTTP/1.1) qiy####.com.edg####.net:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) sh.wagbr####.alibaba####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) api.con####.kyli####.com:666
- TCP(HTTP/1.1) api.91h####.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) cdn.1####.wang:80
- TCP(HTTP/1.1) 4####.97.20.12:80
- TCP(HTTP/1.1) weiboi####.g####.sina####.com:80
- TCP(HTTP/1.1) 4a34####.cdn.uc####.####.cn:80
- TCP(HTTP/1.1) p.icap####.com:6088
- TCP(HTTP/1.1) 1####.75.3.32:8881
- TCP(HTTP/1.1) ad####.m.ta####.com:80
- TCP(HTTP/1.1) amdc####.m.ta####.com:80
- TCP(HTTP/1.1) ubv.91####.com:80
- TCP(HTTP/1.1) p.rqco####.com:8806
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) weib####.g####.sina####.com:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) t####.91####.com:80
- TCP(HTTP/1.1) img.h####.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) hjq.91h####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) d####.wos####.com:80
- TCP(HTTP/1.1) int.d####.s####.####.cn:80
- TCP(TLS/1.0) loc.map.b####.com:443
- TCP(TLS/1.0) weib####.g####.sina####.com:443
- TCP(TLS/1.0) 2####.107.1.97:443
- TCP(TLS/1.0) weiboi####.g####.sina####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) feedbac####.aliy####.com:443
- TCP ope####.m.ta####.com:443
- TCP umengj####.m.ta####.com:80
Запросы DNS:
- a####.man.aliy####.com
- a####.u####.com
- ad####.m.ta####.com
- ada####.m.ta####.com
- ag####.m.ta####.com
- amdc####.m.ta####.com
- and####.b####.qq.com
- api.91h####.com
- api.con####.kyli####.com
- api.map.b####.com
- apk.91h####.com
- cdn.1####.wang
- d####.wos####.com
- dl.api.kyli####.com
- feedbac####.aliy####.com
- hjq.91h####.com
- i0.h####.com
- i1.h####.com
- int.d####.s####.####.cn
- kldyn####.u####.uc####.####.cn
- l####.tbs.qq.com
- loc.map.b####.com
- log.u####.com
- mi.g####.qq.com
- oc.u####.com
- p####.q####.cn
- p.icap####.com
- p.rqco####.com
- pic.91h####.com
- s####.e.qq.com
- t####.91####.com
- u7.qiy####.com
- ubv.91####.com
- umen####.m.ta####.com
- umengj####.m.ta####.com
- v####.v####.qq.com
- ww3.sin####.cn
- wx.q####.cn
- wx1.sin####.cn
- wx2.sin####.cn
- wx3.sin####.cn
- wx4.sin####.cn
Запросы HTTP GET:
- 4####.97.20.12/ad/ad_size.do?s=####&nt=####&n=####&o=####&v=####&c=####&...
- 4####.97.20.12/memcenter/imei_record.do?s=####&nt=####&n=####&o=####&v=#...
- 4a34####.cdn.uc####.####.cn/1527318181554_utils.ttf
- ad####.m.ta####.com/rest/gc2?ak=####&av=####&c=####&d=####&sv=####&t=###...
- apk.91h####.com/apk/p_le_16.png
- apk.91h####.com/apk/urlparse_66252_a.zip
- cdn.1####.wang/sc_151_3
- hjq.91h####.com/hjq/api/login.ashx?annoid=####&a=####&version=####&nwtim...
- hjq.91h####.com/hjq/other/sys?sign=####&ime=####&nwtime=####&os=####&ver...
- hjq.91h####.com/hjq/servers/Korean_Info.ashx?method=####&os=####&version...
- hjq.91h####.com/hjq/userlabel/checklabel?sign=####&ime=####&nwtime=####&...
- img.h####.com/bfs/archive/0f272528616f739cd89536e3609b00984d8531c5.jpg
- img.h####.com/bfs/archive/35faf58eaaf15d645cd613f51b1f87200ebb4d27.jpg
- img.h####.com/bfs/archive/b0ba94776779181505596d13542f992019bb9655.jpg
- int.d####.s####.####.cn/iplookup/iplookup.php?format=####
- mi.g####.qq.com/gdt_mview.fcg?datatype=####&posid=####&count=####&r=####...
- p####.q####.cn.####.net/vpic/0/i0666ariq85_160_90_3.jpg/0
- p.rqco####.com:8806/c/1526453994693
- qiy####.com.edg####.net/image/20180526/56/97/uv_3079696832_m_601_180_101...
- s####.tc.qq.com/77627306/l066573gqef_160_90_3.jpg
- sh.wagbr####.alibaba####.com/bar/get/56fcdf9f67e58e6e4c000cee/?ud_get=####
- ti####.c####.l####.####.com/0509c2a8157a5734edcc23daf34b71f8
- ti####.c####.l####.####.com/1af2f5f231f9439ca36ab37df8d33f01.imgfile1
- ti####.c####.l####.####.com/4d9b4de6-d922-4ad4-bf24-61fcb8d27d77.jpg
- ti####.c####.l####.####.com/95f7ac4dd0d30f7480e93987512968f5
- ti####.c####.l####.####.com/a079c10e2ca8fff395ddb7f4383353c0
- ti####.c####.l####.####.com/ae8089c4f0ff2fe914029130cce4b406
- ti####.c####.l####.####.com/b5e17aaf-70ed-440a-b2fe-69ad15160c5a.jpg
- ti####.c####.l####.####.com/dae4748a-6ee3-4fe9-8fc5-b99b66712bba.jpg
- ti####.c####.l####.####.com/ed049a6be158496bb6515c4e309b96a9.imgfile1
- ti####.c####.l####.####.com/oaDsNw_gxX9186dIqoIpfFhPhCfU201805180758200....
- ti####.c####.l####.####.com/oaDsNw_gxX9186dIqoIpfFhPhCfU201805180758201....
- ti####.c####.l####.####.com/ooQjZwSMwJTZjcXuVrmMXR_FQARE201805192354580....
- ti####.c####.l####.####.com/ooQjZwSMwJTZjcXuVrmMXR_FQARE201805192354581....
- ti####.c####.l####.####.com/ooQjZwSMwJTZjcXuVrmMXR_FQARE201805192354582....
- ti####.c####.l####.####.com/ooQjZwSfOGiXGC3XmLLIgVDvK73Y201805251546430....
- ti####.c####.l####.####.com/ooQjZwSfOGiXGC3XmLLIgVDvK73Y201805251546431....
- ti####.c####.l####.####.com/ooQjZwSfOGiXGC3XmLLIgVDvK73Y201805251546432....
- ti####.c####.l####.####.com/ooQjZwb3_FRuRi-4i5SogZrKqTaQ201805270040510....
- ti####.c####.l####.####.com/ooQjZwb3_FRuRi-4i5SogZrKqTaQ201805270040511....
- ti####.c####.l####.####.com/ooQjZwb3_FRuRi-4i5SogZrKqTaQ201805270040512....
- ti####.c####.l####.####.com/ooQjZweZVddmZCBIoE1G9ZC8GKnc201805192356500....
- ti####.c####.l####.####.com/ooQjZweZVddmZCBIoE1G9ZC8GKnc201805192356501....
- ti####.c####.l####.####.com/ooQjZweZVddmZCBIoE1G9ZC8GKnc201805192356502....
- weib####.g####.sina####.com/mw690/005NMrrXgy1frmfg8dgbdj30ku08c43f.jpg
- weib####.g####.sina####.com/mw690/006qOKOtgy1flpv4tnxdlj3024024jr6.jpg
- weib####.g####.sina####.com/mw690/006qOKOtgy1flpv4u7dcnj302a02aa9v.jpg
- weib####.g####.sina####.com/mw690/006qOKOtgy1flpv4um2kwj302a02ajr6.jpg
- weib####.g####.sina####.com/mw690/006qOKOtgy1flpv4vydlfj302a02adfn.jpg
- weib####.g####.sina####.com/mw690/006qOKOtgy1flpv4xivyvj302a02aq2q.jpg
- weib####.g####.sina####.com/mw690/006qOKOtgy1flpv4y64i7j302a02at8i.jpg
- weib####.g####.sina####.com/mw690/006whUskgy1fqfti0qvbxj308c0ciq3u.jpg
- weib####.g####.sina####.com/mw690/006whUskgy1frfgm3ulv0j30e10l24ks.jpg
- weib####.g####.sina####.com/mw690/006whUskgy1friy16m2fvj306h09p74p.jpg
- weib####.g####.sina####.com/mw690/006whUskgy1frl0vdhfwcj30ep0m1gpm.jpg
- weib####.g####.sina####.com/mw690/006zfkKAgw1fbulpz9q5yj302e01q0sj.jpg
- weiboi####.g####.sina####.com/mw690/006qOKOtgy1flpv4v5xgdj302a02ajr6.jpg
- weiboi####.g####.sina####.com/mw690/006qOKOtgy1flpv4wljhdj302a02a0sj.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1fq0jkjhvnaj302k01v0si.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1fq0nxltgphj302k01v3yb.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1fqfll1f5zpj30ku08cdhb.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1fqxvvqg89pj30bs0hotbv.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1fqz4n7c31rj30fp0nje81.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1frlc118j1uj30ku08cdks.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1frmhvd5jtkj30ku08caay.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1frmmvkwlxuj30ku08cwhy.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1frnotmdk9qj30ku08c407.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1frnov90hvwj30ku08c40g.jpg
- weiboi####.g####.sina####.com/mw690/006whUskgy1frnprfwh7xj30ku08cwgv.jpg
- wx.q####.cn/mmopen/PiajxSqBRaEKfjVLCu3yulazN9dWshORtBahsnJHEgt9AIEnJjzmF...
Запросы HTTP POST:
- 4####.97.20.12/short/cate_list.do?s=####&nt=####&n=####&o=####&v=####&c=...
- 4####.97.20.12/short/first_list.do?s=####&nt=####&n=####&o=####&v=####&c...
- a####.u####.com/app_logs
- ada####.m.ta####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=###...
- amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
- and####.b####.qq.com/rqd/async
- and####.b####.qq.com/rqd/async?aid=####
- api.91h####.com/korean/ip/GetArea?sign=####&ime=####&nwtime=####&os=####...
- api.con####.kyli####.com:666/v1/config
- d####.wos####.com/upload/longheartbeat.jsp
- d####.wos####.com/upload/sdklongheartbeat.jsp
- dl.api.kyli####.com/v2/load/mobile
- hjq.91h####.com/hjq/Common/post_info_a
- hjq.91h####.com/hjq/common/home_message
- hjq.91h####.com/hjq/main/homepage
- hjq.91h####.com/hjq/other/update_device_user_info
- l####.tbs.qq.com/ajax?c=####&k=####
- oc.u####.com/v2/check_config_update
- oc.u####.com/v2/get_update_time
- p.icap####.com:6088/s/
- p.rqco####.com:8806/p/1526453995027
- s####.e.qq.com/activate
- sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
- t####.91####.com/tribe-web/topic/mycaretopic.do
- t####.91####.com/tribe-web/topic/queryFirst.do
- t####.91####.com/tribe-web/topic/recommendtopic.do
- t####.91####.com/tribe-web/tribe/myTribe.do
- ubv.91####.com/ubv/col/app.do
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1147628818
- /data/data/####/-485729015
- /data/data/####/.imprint
- /data/data/####/03751BCA345F56C07CFA4B3FF24986DC.jar
- /data/data/####/03751BCA345F56C07CFA4B3FF24986DC.tmp
- /data/data/####/0a5fb61755a9a08e64c53801c5dcc04334eff3f07af9df0....0.tmp
- /data/data/####/0ea5e328c7b62c6cddf8b5d071ecccd2.0.tmp
- /data/data/####/0ea5e328c7b62c6cddf8b5d071ecccd2.1.tmp
- /data/data/####/1002
- /data/data/####/1004
- /data/data/####/13f0719bc3ae1975304fb3de1ca0bbec.0.tmp
- /data/data/####/13f0719bc3ae1975304fb3de1ca0bbec.1.tmp
- /data/data/####/144ea4175913334a4a835637cb6cc111e14dad994749cf9....0.tmp
- /data/data/####/154d5f1b29f8474af36acdf1852b621d3e788499737e268....0.tmp
- /data/data/####/15589702b90328021ceacf8f192e06aa.0.tmp
- /data/data/####/15589702b90328021ceacf8f192e06aa.1.tmp
- /data/data/####/1a6ad056b25f71d0d89b7ecf59bd180b007ddabaad3b799....0.tmp
- /data/data/####/23b1ccd49fae7596bca4b23bf4e3b30b.0.tmp
- /data/data/####/23b1ccd49fae7596bca4b23bf4e3b30b.1.tmp
- /data/data/####/240e4a0d444d3c18349efffc01f006ddf9059a837401319....0.tmp
- /data/data/####/24e0c4ac7a8873450836d0ea1531b916.0.tmp
- /data/data/####/24e0c4ac7a8873450836d0ea1531b916.1.tmp
- /data/data/####/273bb9ee44f84de2c1bd6cb73c8f3ff2170a654a330ed52....0.tmp
- /data/data/####/30f99482fcac10960b9460e6b42424f52905f986c90b370....0.tmp
- /data/data/####/317d21db6815712b67e13df5b56f602436fd1067f768ddf....0.tmp
- /data/data/####/3eabb775d810e4fc38c60eb1d7b5810606c9db135baa254....0.tmp
- /data/data/####/42e529bc5e00578f6138b73a610e1f175bef85b6304dbc0....0.tmp
- /data/data/####/456c07ffb6c596aecc31f00e6abb2b0d27c0b12c7c498a5....0.tmp
- /data/data/####/471397940.dex
- /data/data/####/471397940.jar
- /data/data/####/494b59d9e859c312e120e3231352c3bf.0.tmp
- /data/data/####/494b59d9e859c312e120e3231352c3bf.1.tmp
- /data/data/####/4f359207d68dea13517bdea8157b45bc8fa78e1ed7d5b6a....0.tmp
- /data/data/####/525065fe171ff37355d3bc73cfee8e67.0.tmp
- /data/data/####/525065fe171ff37355d3bc73cfee8e67.1.tmp
- /data/data/####/546a2a4721aee5a20357f392841aeec3.0.tmp
- /data/data/####/546a2a4721aee5a20357f392841aeec3.1.tmp
- /data/data/####/54f4d814409380b1d30a739be8f5f58846f1ddfe174a869....0.tmp
- /data/data/####/57382c36b55ead15aac5e351bc0438a91af039bea84ca51....0.tmp
- /data/data/####/5847284edd000a307b5a254b647754823dc2979ad4b0aec....0.tmp
- /data/data/####/5ce221ec73b01d268f591e208c05bbfdf4bd6d1f7c6d4bd....0.tmp
- /data/data/####/5ea543e43f3989b8b670af2886f03f87cac154afbd71d12....0.tmp
- /data/data/####/650b643118f052e97c8501b36916799dbc13946fa7821c1....0.tmp
- /data/data/####/6697fd9de748f368bc3fbc61d144b0c6e6a66aad41dae81....0.tmp
- /data/data/####/686b0cec7e5898a6ecc4fdcb6dae7208dd59ed0554823b7....0.tmp
- /data/data/####/6c92662fdd01060e80f9429e0c9c7aec53e2bfd43ad9088....0.tmp
- /data/data/####/6d91168f1e68974b89817154342ce0c638593d562daabc9....0.tmp
- /data/data/####/704369070a90a8ae243c38517e447299157b17e0fae901c....0.tmp
- /data/data/####/7dc3ec93570457f1a9b3248d3c7ab56037f1af59fc63d85....0.tmp
- /data/data/####/86c0347e7e032c8f5c188e44dbc3816dc0fb949434b0a59....0.tmp
- /data/data/####/92c79c8253ab8ca6865201403abc6eb0d2df68b774221ac....0.tmp
- /data/data/####/93eada0fe61e4f650bc3de28e8d1332a35f0dc2f6fe07d3....0.tmp
- /data/data/####/93eea49de3e74364b47b666d066c8b90.0.tmp
- /data/data/####/93eea49de3e74364b47b666d066c8b90.1.tmp
- /data/data/####/96b23dc33d97730c283ed3058f723a67ef05d299baf3e69....0.tmp
- /data/data/####/9713f710d68ee3b5e20a9894c22e4bf0e1b87d9668470e6....0.tmp
- /data/data/####/9ce16fcc8a5752ae0a599c5d4e378df7.0.tmp
- /data/data/####/9ce16fcc8a5752ae0a599c5d4e378df7.1.tmp
- /data/data/####/ACCS_BINDumeng;56fcdf9f67e58e6e4c000cee.xml
- /data/data/####/ACCS_SDK.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml.bak
- /data/data/####/AGOO_BIND.xml
- /data/data/####/Agoo_AppStore.xml
- /data/data/####/Alvin2.xml
- /data/data/####/COUNTLY_STORE.xml
- /data/data/####/ContextData.xml
- /data/data/####/DaemonServer
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/MessageStore.db-journal
- /data/data/####/MsgLogStore.db-journal
- /data/data/####/MultiDex.lock
- /data/data/####/UTCommon.xml
- /data/data/####/a081cfe56a02b67b521a44a4b74985306b9673f431ff794....0.tmp
- /data/data/####/a093f4410467f1a6bc1601e90ca8ad8dc77fcc05655f146....0.tmp
- /data/data/####/a2cf129444dd6cc781fa963238921fa5.0.tmp
- /data/data/####/a2cf129444dd6cc781fa963238921fa5.1.tmp
- /data/data/####/a4ff2200a17f6752df2bdcc2c54a6ae09ab9b741aefbfb2....0.tmp
- /data/data/####/a710285009f7a6ce6283e3f5daf45e1e6a257e44c230788....0.tmp
- /data/data/####/a887874e51e2d2aa79c875bc26952ea016d8bf522cc7ea0....0.tmp
- /data/data/####/accs.db-journal
- /data/data/####/ad1352148e1c0aebdb18277c32d784e1e60ffdafc5e8f0b....0.tmp
- /data/data/####/agoo.pid
- /data/data/####/android-util.ttf
- /data/data/####/android-util.zip
- /data/data/####/ap.Lock
- /data/data/####/authStatus_com.leku.hmsq;remote.xml
- /data/data/####/bb1836bb673f435c07cbd1f424579131b97cdc51ce57327....0.tmp
- /data/data/####/bugly_db_-journal
- /data/data/####/bugly_db_legu-journal
- /data/data/####/caa198e5b9e072da4d3b1e58406d7127915e9dc99620411....0.tmp
- /data/data/####/com.leku.hmsq.BETA_VALUES.xml
- /data/data/####/com.leku.hmsq_preferences.xml
- /data/data/####/core_info
- /data/data/####/crashrecord.xml
- /data/data/####/d0f9b69cc552df48165e26785b14a760.0.tmp
- /data/data/####/d0f9b69cc552df48165e26785b14a760.1.tmp
- /data/data/####/d442ea0f87077c44a33134884d9c1dd47e27b86490c1ed2....0.tmp
- /data/data/####/d62d47ee4d4ecd80fdb09042256d3ee342cdd5075c61428....0.tmp
- /data/data/####/d7da3c5c6706a5f8b682f2290ade466c.0.tmp
- /data/data/####/d7da3c5c6706a5f8b682f2290ade466c.1.tmp
- /data/data/####/d86fb840d141c8bd77c908f00706b8f70edf45066dd5c99....0.tmp
- /data/data/####/d9694e8a516e3398ab65deb92fe87a2351b03a31ac8b2f1....0.tmp
- /data/data/####/dcSharedPreferences.dat.xml
- /data/data/####/dcSharedPreferences.dat.xml (deleted)
- /data/data/####/defaultpref1.xml
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/e0ada438bff6e4b3bce8f0b94e283e88209eb35d63ad5b8....0.tmp
- /data/data/####/e648ea9400affbabe38b8561ffdeed74b5c3d23f55945a1....0.tmp
- /data/data/####/e6f945f74518bd040cf30d967e58beca2d679495dce038f....0.tmp
- /data/data/####/eb4aa257647f7be10327eb0b8165fb550e7c4fc8752e239....0.tmp
- /data/data/####/ee19176ea4de5fda8f58ae6e25ac3154f722ad0e5bc1b79....0.tmp
- /data/data/####/evernote_jobs.db-journal
- /data/data/####/evernote_jobs.xml
- /data/data/####/exchangeIdentity.json
- /data/data/####/f00650cdcf6dfac6c7a176bfa3b8172e3cf286ca7b42042....0.tmp
- /data/data/####/f2109c2fe917c2642a67d005cb5f4c15479276606f16392....0.tmp
- /data/data/####/f633ded0581769665c6eae8ec8d7258c.0.tmp
- /data/data/####/f633ded0581769665c6eae8ec8d7258c.1.tmp
- /data/data/####/file_multithreading_info.db-journal
- /data/data/####/firll.dat
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_suid
- /data/data/####/hjtv.xml
- /data/data/####/hmsq.xml
- /data/data/####/hst.db
- /data/data/####/hst.db-journal
- /data/data/####/httpdns_config_cache.xml
- /data/data/####/journal.tmp
- /data/data/####/kk_spf.xml
- /data/data/####/libcuid.so
- /data/data/####/libshahe.so
- /data/data/####/libshella-2.8.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/message_accs_db
- /data/data/####/message_accs_db-journal
- /data/data/####/mix.dex
- /data/data/####/mobclick_agent_cached_com.leku.hmsq2100
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/oglfvj
- /data/data/####/onlineconfig_agent_online_setting_com.leku.hmsq.xml
- /data/data/####/p.l
- /data/data/####/pl_sp.xml
- /data/data/####/plugin_v3_471397940.jar.lock
- /data/data/####/plugins.xml
- /data/data/####/rdata_@apkloader-unique.pkgname@.new
- /data/data/####/rws_sp.xml
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/security_info
- /data/data/####/sp_config.xml
- /data/data/####/sp_rvp.xml
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_config.xml (deleted)
- /data/data/####/tbs_download_config.xml.bak
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_socialize.xml
- /data/data/####/update_lc
- /data/data/####/ut.db
- /data/data/####/ut.db-journal
- /data/data/####/util_RSS_COUNTLY_STORE.xml
- /data/data/####/util_rws_sp.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/ysdq.db-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.jsDex.apk
- /data/media/####/.nomedia
- /data/media/####/.urlparse.zip
- /data/media/####/3dde3e1c694845c79879aaaae01f0b0a
- /data/media/####/4687932bb5df42d1828ea356574c70b2
- /data/media/####/8a10315a88e64a468d0f454f624f29a3
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/adv
- /data/media/####/config
- /data/media/####/deviceId
- /data/media/####/deviceToken
- /data/media/####/e99512559faf40098194d63f4b8ab9a0
- /data/media/####/master
- /data/media/####/master.lock
- /data/media/####/urlparse.js
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:56fcdf9f67e58e6e4c000cee","utdid":"WvvWzpTP6EEDAGdzx1GvsiIi","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
- chmod 500 <Package Folder>/files/DaemonServer
- chmod 700 /data/user/0/<Package>/tx_shell/libnfix.so
- chmod 700 /data/user/0/<Package>/tx_shell/libshella-2.8.so
- chmod 700 /data/user/0/<Package>/tx_shell/libufix.so
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.8.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.product.cpu.abi
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
- mount
- sh
Загружает динамические библиотеки:
- Bugly
- libnfix
- libshahe
- libshella-2.8
- libufix
- locSDK7b
- nfix
- tnet-3.1
- ufix
- ut_c_api
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- DES-CBC-PKCS5Padding
- RSA-ECB-NoPadding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
