Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Gexin.2.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) ads.ku####.cn:80
- TCP(HTTP/1.1) la####.m####.com:80
- TCP(HTTP/1.1) log####.suishe####.cn:80
- TCP(HTTP/1.1) 5b0988e####.cdn.so####.####.com:80
- TCP(HTTP/1.1) t####.dmp.y####.net:80
- TCP(HTTP/1.1) tinyali####.c####.l####.####.com:80
- TCP(HTTP/1.1) up####.app.2####.com:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) pc.suishe####.net.####.com:80
- TCP(HTTP/1.1) i####.v####.com.cn:80
- TCP(HTTP/1.1) syy-ima####.b0.upa####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) gs.g####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) c####.g####.com:80
- TCP(HTTP/1.1) v.g####.qq.com:80
- TCP(HTTP/1.1) b####.g####.com:80
- TCP(HTTP/1.1) i####.gua####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) client####.suishe####.cn:80
- TCP(HTTP/1.1) c.g####.qq.com:80
- TCP(HTTP/1.1) l####.c####.q####.####.net:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) s.y####.net:80
- TCP(TLS/1.0) cac####.b####.com:443
- TCP(TLS/1.0) publish####.b####.com.####.com:443
- TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
- TCP(TLS/1.0) cpu.b####.com:443
- TCP(TLS/1.0) hpd.b####.com:443
- TCP(TLS/1.0) res####.a####.com:443
- TCP(TLS/1.0) g####.un####.50####.org:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) g####.bdst####.com:443
- TCP(TLS/1.0) s####.ml####.cc:443
- TCP sdk.o####.t####.####.com:5224
Запросы DNS:
- 5b0988e####.cdn.so####.com
- 8####.nd####.y####.com
- a####.u####.com
- ads.ku####.cn
- amap####.cn-hang####.oss####.####.com
- api.ku####.cn
- app.50####.org
- b####.g####.com
- bro####.ku####.cn
- c####.g####.com
- c####.g####.ig####.com
- c.g####.qq.com
- cac####.b####.com
- client####.suishe####.cn
- cpu.b####.com
- g####.bdst####.com
- g####.un####.50####.org
- gs.g####.com
- hm.b####.com
- hpd.b####.com
- i####.gua####.com
- i####.gua####.com
- i####.v####.com.cn
- i####.v####.com.cn
- im####.9l####.com
- img####.st####.suishe####.net
- imgc####.qq.com
- l####.tbs.qq.com
- la####.m####.com
- log####.suishe####.cn
- log.u####.com
- marke####.et####.cn
- mi.g####.qq.com
- p####.ugd####.com
- pc.suishe####.net
- publish####.b####.com
- res####.a####.com
- s####.e.qq.com
- s####.gw.y####.net
- s####.ml####.cc
- s####.u####.com
- s.y####.net
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- sdk.st####.y####.com
- st####.et####.cn
- t####.dmp.y####.net
- up####.app.2####.com
- v.g####.qq.com
Запросы HTTP GET:
- 5b0988e####.cdn.so####.####.com/c_fill,w_150,h_100,g_faces,q_70/images/2...
- c.g####.qq.com/gdt_mclick.fcg?viewid=####&jtype=####&i=####&os=####&asi=...
- i####.gua####.com/images/2018/07/21/9639a7d7b44e384e33d775a634439fe4.jpeg
- i####.gua####.com/images/2018/07/21/bea97d1ca09bbe6840198cf84e8472f8.jpeg
- i####.v####.com.cn/images/2018/07/26/1d4244f51d9d6dd5b820e6950604d9d2.jpeg
- i####.v####.com.cn/images/2018/07/26/2b58deea40c6c9ccc7f825648573b416.jpeg
- i####.v####.com.cn/images/2018/07/26/775cdfa8cf44c53c6c26fd33fccdd7c9.jpeg
- i####.v####.com.cn/images/2018/08/02/4f21675349a5268ba9de7379f0f033b8.jpeg
- i####.v####.com.cn/images/2018/08/02/8f287868fae899b03501d9a413b97904.jpeg
- i####.v####.com.cn/images/2018/08/02/ce07b00392c53d20acf16645897c24fd.jpeg
- i####.v####.com.cn/images/2018/08/02/d1c303b722a3cb330b3cd68149224d0b.jpeg
- i####.v####.com.cn/images/2018/08/02/e6a6e842b078637dd9b3a9268f7c22c3.jpeg
- i####.v####.com.cn/images/2018/08/02/f26841f0ccc277631dbf5b75d18872de.jpeg
- l####.c####.q####.####.net/config/hz-hzv3.conf
- l####.c####.q####.####.net/core/aos-dex/1807/8211/99e5f5c2
- l####.c####.q####.####.net/core/aos-so/1611/7000/ad389c56.so
- la####.m####.com/km/v2/recommend
- mi.g####.qq.com/gdt_mview.fcg?datatype=####&posid=####&count=####&r=####...
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- pc.suishe####.net.####.com/km_task/api/v1/articles/29?city_key=####&ver_...
- pc.suishe####.net.####.com/km_task/api/v1/articles/3?city_key=####&ver_c...
- pc.suishe####.net.####.com/km_task/api/v1/articles/55?city_key=####&ver_...
- pc.suishe####.net.####.com/km_task/api/v1/articles/57?city_key=####&ver_...
- pc.suishe####.net.####.com/km_task/api/v1/articles/59?city_key=####&ver_...
- pc.suishe####.net.####.com/km_task/api/v1/category/all?city_key=####&app...
- pc.suishe####.net.####.com/km_task/api/v1/continue_check_in/setting?city...
- pc.suishe####.net.####.com/km_task/api/v1/search/keyword/hot?city_key=##...
- pc.suishe####.net.####.com/km_task/api/v1/system/configs?city_key=####&v...
- pc.suishe####.net.####.com/km_task/api/v1/tag/all?city_key=####&ver_code...
- pc.suishe####.net.####.com/km_task/api/v2/article/addition/604329196?cit...
- pc.suishe####.net.####.com/km_task/api/v2/getLoginMode?city_key=####&app...
- pc.suishe####.net.####.com/peacock/api/adspool?&appid=####&publisher=###...
- pc.suishe####.net.####.com/peacock/api/gate?&pkg=####&appid=####&dex=###...
- s####.tc.qq.com/gdt/0/DAAcz6jAPoAIwABTBa1bQyC4Jyjbf_.jpg/0?ck=####
- s####.tc.qq.com/gdt/0/DAAd4dsAUAALQABfBbTXQhDyQJkBB3.jpg/0?ck=####
- s####.tc.qq.com/gdt/0/DAAeHsVAUAALQABQBbWpk7Ae2UfzVo.jpg/0?ck=####
- s.y####.net/aos/v3/initf?s=####
- s.y####.net/stat/aos/v3/pkc?s=####
- s.y####.net/stat/aos/v3/pku?s=####
- s.y####.net/stat/v3/udt2?appid=####&s=####
- sh.wagbr####.aliyun####.com/sdkcoor/android/x86/libJni_wgs2gcj.so
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/1023c89b4cb5...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/36214932eb4e...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/42a69fbca2f1...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/49019dbe4567...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/4d219485db8d...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/93a5c044df33...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/bb4e671bb529...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/bf6e2810a1d1...
- syy-ima####.b0.upa####.com/2e52e1dc5ac9d868e9983bd3fd8ced1c/fd87b94e70e2...
- tinyali####.c####.l####.####.com/image/201808/02/053cc22878ad6552694e4b0...
- tinyali####.c####.l####.####.com/image/201808/02/0ac0312cbf68f2dd8f16d87...
- tinyali####.c####.l####.####.com/image/201808/02/46d1b7fd585b44955af7a88...
- tinyali####.c####.l####.####.com/image/201808/02/88592d57955a4c551b01514...
- tinyali####.c####.l####.####.com/image/201808/02/a2a85a29cd0fafed3a9a57b...
- tinyali####.c####.l####.####.com/image/201808/02/b34990d1edeb485850bd73f...
- tinyali####.c####.l####.####.com/image/201808/02/c7eb183d3803d4f43ffa135...
- tinyali####.c####.l####.####.com/image/201808/02/cd52206d094278db56bfc99...
- tinyali####.c####.l####.####.com/image/201808/02/fdc86eb1986ab6146f3aa58...
Запросы HTTP POST:
- a####.u####.com/app_logs
- ads.ku####.cn/kuaima_ads/api/ad/get
- b####.g####.com/api.php?format=####&t=####
- c####.g####.com/api.php?format=####&t=####
- client####.suishe####.cn/ssy-dmp/api/app/feedback?
- gs.g####.com/encryption/key/fetch
- gs.g####.com/geshu/sdkStatistics/bindInfo
- gs.g####.com/geshu/sdkStatistics/uploadBI
- l####.tbs.qq.com/ajax?c=####&k=####
- log####.suishe####.cn/collect/ce/log?
- log####.suishe####.cn/collect/event/log?
- s####.e.qq.com/activate
- s####.e.qq.com/click
- s####.e.qq.com/launch
- sdk.o####.p####.####.com/api.php?format=####&t=####
- t####.dmp.y####.net/v1/android/packages?rt=####&sign=####
- t####.dmp.y####.net/v2/android/pkgtime?rt=####&sign=####
- up####.app.2####.com/index.php
- v.g####.qq.com/gdt_stats.fcg
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/0.xml
- /data/data/####/1533226127099.log
- /data/data/####/1533226129623.log
- /data/data/####/1533226129636.log
- /data/data/####/2018-08-03-00-08-49.log
- /data/data/####/2018-08-03-00-08-57.log
- /data/data/####/2018-08-03-00-09-05.log
- /data/data/####/2018-08-03-00-09-30.log
- /data/data/####/65716db50c22a880b6b254871748cfd6-journal
- /data/data/####/6bf36c4fc25f16f2492706c4201119ca
- /data/data/####/6bf36c4fc25f16f2492706c4201119ca-journal
- /data/data/####/Alvin2.xml
- /data/data/####/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml
- /data/data/####/CE94557724F842149D690D0E8CBB1CBD.xml
- /data/data/####/ContextData.xml
- /data/data/####/DownloadMarket.db-journal
- /data/data/####/ECalendarPreferences.xml
- /data/data/####/ECalendarPreferences.xml.bak
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/KM_preference.xml
- /data/data/####/MultiDex.lock
- /data/data/####/P15pKIjsm64m
- /data/data/####/P15pKIjsm64m-journal
- /data/data/####/SuishenAd_prf.xml
- /data/data/####/SuishenExitPageSDK_v72.apk
- /data/data/####/T1oX0rhhuXWt
- /data/data/####/T1oX0rhhuXWt-journal
- /data/data/####/Update.db.xml
- /data/data/####/UserInfo.xml
- /data/data/####/XKwVoK0huy3R
- /data/data/####/XKwVoK0huy3R-journal
- /data/data/####/_nohttp_cookies_db.db
- /data/data/####/_nohttp_cookies_db.db-journal
- /data/data/####/a666ed17ac2f19017e5f069b5f86d2b9
- /data/data/####/a666ed17ac2f19017e5f069b5f86d2b9-journal
- /data/data/####/back_process.xml
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cmdList.xml
- /data/data/####/core_info
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/debug.conf
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/device_data.xml
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_suid
- /data/data/####/getui_sp.xml
- /data/data/####/gtc.db-journal
- /data/data/####/hc_hoclib_sdk.xml
- /data/data/####/hmdb
- /data/data/####/hmdb-journal
- /data/data/####/ias.db-journal
- /data/data/####/ias_sp.xml
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/jqIqJYOT3JpT
- /data/data/####/jqIqJYOT3JpT-journal
- /data/data/####/libabcdefgh.so.new
- /data/data/####/libjiagu-912781003.so
- /data/data/####/live_data.xml
- /data/data/####/loctemp.so
- /data/data/####/logdb.db
- /data/data/####/logdb.db-journal
- /data/data/####/mobAds.jar
- /data/data/####/multidex.version.xml
- /data/data/####/mwsdk_analytics.db-journal
- /data/data/####/persistent_data.xml
- /data/data/####/pref.xml
- /data/data/####/push.pid
- /data/data/####/pushsdk.db-journal
- /data/data/####/qihoo_jiagu_crash_report.xml
- /data/data/####/run.pid
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/sdk_mobAds.db-journal
- /data/data/####/suishen_ad.db-journal
- /data/data/####/suishen_ad_pramas.xml
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbs_download_stat.xml
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_socialize.xml
- /data/data/####/update_lc
- /data/data/####/upgrade_download_data.xml
- /data/data/####/userlist.xml
- /data/data/####/wIU6pTyUBYWX
- /data/data/####/wIU6pTyUBYWX-journal
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/wsUL1uCdKvjD
- /data/data/####/wsUL1uCdKvjD-journal
- /data/data/####/ymdex.jar
- /data/data/####/ymdex.jar.new
- /data/media/####/00098d00ec96569368029877e94b928e6418403c08d39d....0.tmp
- /data/media/####/008c71afa8319f7443c935c708438508a8c8c32f747c81....0.tmp
- /data/media/####/03ec09681370e97a82219d1d82a44301e66e8c94fa50d4....0.tmp
- /data/media/####/08ec64c7851dd9f3bcf077168ea4f56a649bd29355d2ba....0.tmp
- /data/media/####/0bf8c833cb8741bab7f6882b4b4846c34176e61c64bd3e....0.tmp
- /data/media/####/110c99445a8e6a9d27004f4784723540ee72a81c20f138....0.tmp
- /data/media/####/11c3cacc5c3206a559f262b203f3d93939db4e53c128a6....0.tmp
- /data/media/####/194d69e08d0bcc6d8dc35a07ac3bb8f5ea23a1407ba531....0.tmp
- /data/media/####/23e107ac2bb72b8206174dea360899988dfd5cac247880....0.tmp
- /data/media/####/24fc6b477aa6e7923d70ef283cef345534d146f58633c3....0.tmp
- /data/media/####/2cf04090797d5cf767da8299ebcb2bcaa6a40eb76f7915....0.tmp
- /data/media/####/337f4cab46c4916477577f1356d5d44ee08852134164e4....0.tmp
- /data/media/####/33e05815dd5bbdf8619b21ce8b8f19c3c62f4c38cb2a77....0.tmp
- /data/media/####/33fc6d06eb1e4c03fb218d81ab87e6030d8c58a5dfe9bd....0.tmp
- /data/media/####/357ba25ca99b8ca1bca95d81228ead4971ead940fc5ab3....0.tmp
- /data/media/####/372fa14ce5a71814eb19b794dc84d82097d76ac997065f....0.tmp
- /data/media/####/37735caea8a091e641a4349f5dacdaa5125d7e9be0824e....0.tmp
- /data/media/####/39723d91718164ed73284f8a39194143
- /data/media/####/3ebc814170ccaf764b12787ae066550c1a0a01f331f2bd....0.tmp
- /data/media/####/3ef0288cca17a93ad0755fd515e4c11a3e2e9cbd73a6da....0.tmp
- /data/media/####/48c02cc4c56ced47ee37740fde187385d4e43a494f5359....0.tmp
- /data/media/####/4a85c2202a4a51bea84d6f1c20b9f9786a5926ed73233a....0.tmp
- /data/media/####/4aa5f38bc8a3ff43a54c73939c26f937d9361dc4b45855....0.tmp
- /data/media/####/4b0c294f4582ad40572106d3cc37948d08ba88e7b7fe23....0.tmp
- /data/media/####/55d077ab8d3197a25f4120e19fc587e42d33cea5a0e6ef....0.tmp
- /data/media/####/6bcca96279828740bf57137a8ecddca02aa8e2affa256a....0.tmp
- /data/media/####/6e723599df7b9e611a862d4ca87705425a72a91fe86a18....0.tmp
- /data/media/####/773e1c2433cc340d9846781849165f8cd77396072475ad....0.tmp
- /data/media/####/7cf34d6d711684f439db03d27a582fd769a105e49e7bf2....0.tmp
- /data/media/####/8196271c4bcde14df07a508864748378779ea1cb0490e8....0.tmp
- /data/media/####/846481411332ccf6f19cdf3a9972abe0
- /data/media/####/84af1bcf2eec8cb14143a14a3c92e94f3d430d123fdf0e....0.tmp
- /data/media/####/859a82a4069d388994d74fa12775876a2b9cdb89d9e422....0.tmp
- /data/media/####/8a2be90ea0d10dbaa62372f0362c2040b0c358d322619b....0.tmp
- /data/media/####/8d1ab18bf24e9eb96fea3e7a1a19173744680d1f549e64....0.tmp
- /data/media/####/93661e6c5a27118da451da1cb0d51ab1b76e8e108ec6ab....0.tmp
- /data/media/####/942620d04f7c8ffb1e2898dec5d3a43f3f1c8827b797ab....0.tmp
- /data/media/####/94c47f094500e579c25ca62308bcb9b62849a6081780e4....0.tmp
- /data/media/####/98a2f7d1f1ce880c6e81bdd8b2f029d6d27069c87a70f3....0.tmp
- /data/media/####/995b68f5c95c61bdf99856efa5528298f690321ae2bd3c...leted)
- /data/media/####/9aa32f0f4d8fad7033989bd0617e8bfc7122d594570a04....0.tmp
- /data/media/####/9aa86bd31529eb3328e937d1f6078765c4a1be68180d3e....0.tmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/DXTX902KJZX9JASLDJF
- /data/media/####/DXTX902KJZX9JASLDJF.ymtf
- /data/media/####/SOX90123JSOALK2098SD
- /data/media/####/SOX90123JSOALK2098SD.ymtf
- /data/media/####/a02cd7fa2707698e20768da95ffbde8b60dc7bd21f331b....0.tmp
- /data/media/####/a28189f9e0d31918be5d115dc2ffa938487cde9b3e3d62....0.tmp
- /data/media/####/a313de17214a80537c68ca6982f82b993814aae7dca0cd....0.tmp
- /data/media/####/a6e9791aac31d99f89950fe20500a0deb33f124b4059cb....0.tmp
- /data/media/####/als.db
- /data/media/####/als.db-journal
- /data/media/####/b84a09fc107f215c54d4239be038e937d22494217a319d....0.tmp
- /data/media/####/b9af8ff2b35f597e5f28225fb391e2e67894d9ec125b23....0.tmp
- /data/media/####/blank.png
- /data/media/####/btn_nav_bg.9.png
- /data/media/####/btn_nav_sel.9.png
- /data/media/####/cab6881a25fce4a6019503e9a8582adde9973e29943479....0.tmp
- /data/media/####/com.kuaima.browser.bin
- /data/media/####/com.kuaima.browser_.db
- /data/media/####/d1c9d8cbab7e88e0462867a751feefa3236c604bf32449....0.tmp
- /data/media/####/d3a1e6179409b0ea527846f9c3ff065cf8179c84d381a5....0.tmp
- /data/media/####/d42865d8a242e2f71ff651ff6d799fa24b661bd5735d50....0.tmp
- /data/media/####/d60f47b77b66cfc53f579ef6af5450ea4a7dcf35f83072....0.tmp
- /data/media/####/dfa7142fa39c1db9c560991c97975bd8707594e2e4d910....0.tmp
- /data/media/####/dialog_details_bg.9.png
- /data/media/####/dialog_dismiss.png
- /data/media/####/dialog_dismiss_sel.png
- /data/media/####/download_btn_normal.9.png
- /data/media/####/e36ceb8015c5378812f4c863405fcd33a18bac9c0492cf....0.tmp
- /data/media/####/ea6cce730d53d93f8a2ca894f93e441394a0b4e42802e0....0.tmp
- /data/media/####/ec93de09508f45674acb79c19cb42059bbed0d6415bab5....0.tmp
- /data/media/####/f0788ed018ae4d0a2e7db151bfbdb4eb752625dd0ba993....0.tmp
- /data/media/####/f10724064ecf9385359c659cd5cf5dc3f407e79f66c8c7....0.tmp
- /data/media/####/f34157c13820e73fea48b8debe0abc29a7fe1330b21a46....0.tmp
- /data/media/####/f34a7a98f0146ed9091acba76ca7cce4a57128770f2067....0.tmp
- /data/media/####/fb9bed2a68a67df97da39f3b135c4c855c262c746d01b8....0.tmp
- /data/media/####/fcad4c152faeeb3c9e798504dd012ac1779c2f2417c92e....0.tmp
- /data/media/####/fcd93ad7c8e31e67a463cce93491087b6bf6ac8444a3d5....0.tmp
- /data/media/####/fes_type_sel.9.png
- /data/media/####/grid_bg.9.png
- /data/media/####/grid_sel.9.png
- /data/media/####/i42d45df023jnkdd93la483f9xGFKXI
- /data/media/####/ic_btn_down.png
- /data/media/####/ic_default.png
- /data/media/####/info
- /data/media/####/journal.tmp
- /data/media/####/list_bg_sel.png
- /data/media/####/mac_imei.txt
- /data/media/####/s92TjjdfoP2n3o9dfji2l9s1olkjf0p
- /data/media/####/top_btn_normal.9.png
- /data/media/####/top_btn_selected.9.png
- /data/media/####/update_btn_normal.9.png
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/kernel_max
- chmod 755 <Package Folder>/.jiagu/libjiagu-912781003.so
- getprop ro.product.cpu.abi
- su -c id
Загружает динамические библиотеки:
- EcalendarLib
- abcdefgh
- getuiext2
- libjiagu-912781003
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- DESede
- PBEWITHMD5andDES
- RSA-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- PBEWITHMD5andDES
- RSA-ECB-PKCS1Padding
Использует повышенные привилегии.
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
