Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.thirdsdk.getui.NPushService 24970 300 0
- <Package Folder>/lib/libxguardian.so <Package>,2100294216; 55403 203.205.128.130 [{ idx :0, ts :%d, et :2000, si :0, ui : <IMEI> , ky : Axg%lu , mid : 0 , ev :{ ov : 18 , sr : 600*752 , md : <System Property> , lg : en , sv : 3.23 , mf : unknown , apn : %s }}] 0 18
- chmod 444/storage/emulated/0/.td-3
- chmod 444/storage/emulated/0/.tdck
- chmod 444/storage/emulated/0/Alarms/.tdck
- chmod 444/storage/emulated/0/Android/.td-3
- chmod 444/storage/emulated/0/Android/.tdck
- chmod 444/storage/emulated/0/DCIM/.td-3
- chmod 444/storage/emulated/0/DCIM/.tdck
- chmod 444/storage/emulated/0/Download/.td-3
- chmod 444/storage/emulated/0/Download/.tdck
- chmod 444/storage/emulated/0/Movies/.td-3
- chmod 444/storage/emulated/0/Movies/.tdck
- chmod 444/storage/emulated/0/Music/.td-3
- chmod 444/storage/emulated/0/Music/.tdck
- chmod 444/storage/emulated/0/Notifications/.td-3
- chmod 444/storage/emulated/0/Notifications/.tdck
- chmod 444/storage/emulated/0/Pictures/.td-3
- chmod 444/storage/emulated/0/Pictures/.tdck
- chmod 444/storage/emulated/0/Podcasts/.td-3
- chmod 444/storage/emulated/0/Podcasts/.tdck
- chmod 444/storage/emulated/0/Ringtones/.td-3
- chmod 444/storage/emulated/0/Ringtones/.tdck
- chmod 444/storage/emulated/0/libs/.tdck
- chmod 444/storage/emulated/0/system/.td-3
- chmod 444/storage/emulated/0/system/.tdck
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu-1110564872.so
- date
- df
- getprop
- getprop net.dns1
- id
- logcat -d -v threadtime
- ls -l /system/xbin/su
- ls /system/fonts
- mkdir -p <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/
- ps
- service call iphonesubinfo 1
- sh -c cat
- sh -c cat /proc/meminfo
- sh -c cat /proc/sys/kernel/osrelease
- sh -c cat /proc/sys/kernel/random/boot_id
- sh -c cat /proc/sys/kernel/random/uuid
- sh -c cat /proc/uptime
- sh -c cat /sys/block/mmcblk0/device/cid
- sh -c cat /sys/class/net/eth0/address
- sh -c cat /sys/class/net/eth1/address
- sh -c cat /sys/class/net/eth2/address
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..ccdid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..ccvid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..cvtid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._android.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._driver.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._system.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccdid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccvid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.cvtid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_android.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_driver.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_system.dat
- sh -c cd /proc/;cat cpuinfo
- sh -c cd /proc/net/ && cat arp
- sh -c cd /proc/self/;cat status
- sh -c cd /sys/class/net/eth0/ && cat address
- sh -c cd /sys/class/net/wlan0/ && cat address
- sh -c echo MjRDNjhCRjJGRTcwRDZBMjdBMzM2RjUwMjIwRjNFRTRjOGZ2NXhDVjUrMllMaEtrSGRjWjQ2NGp3aGlwbGFNMTV4R3gydjFBVUIxUXMzVUNHMGN5OC9qNFJUK3E5N0xkbGYxdkF6WE5udSsxTDV0MnF6dSt5QnphWHRvODdJUmNxTjAvenE2bDBMeWpza3Zva0Z1UnFxMTdOMW9iWWFSZlArVkZJOE5oS0MvUmcvaWVtYkFyVG1jQlRJZWlJSGlJb3NNaDhZNFNRdFlVUGhBM2pFb3V4TEpJeHozSDdPN25wdEhrRTNqYXVMS1NndFlWY3Y4NXljSzE4YU5IaS9zSHBvWnF4S2FEMWgxVXRjd01wSmlFWlZRaHcvcnM5bmp4SUQvNEpCekE2SHJPS0syK2ljQXBpejJwUWc5Y09Pd3ovWWk2YXFoY3Q4NnJwb0g3Tk4vbTZqYjQzcTZvZ3pzK1lPQ2JRY1ZQRkd4NG1EdGZTKzJVbDYwTzRURlJNdWd5azVjSG43UnVjZ1VnOHM1RStxWUM1eEQ2YUdrZUNFc29vOHAzajNjbjJSWT0= > <SD-Card>/../../../../../..<SD-Card>/..ccdid
- sh -c echo MjRDNjhCRjJGRTcwRDZBMjdBMzM2RjUwMjIwRjNFRTRjOGZ2NXhDVjUrMllMaEtrSGRjWjQ2NGp3aGlwbGFNMTV4R3gydjFBVUIxUXMzVUNHMGN5OC9qNFJUK3E5N0xkbGYxdkF6WE5udSsxTDV0MnF6dSt5QnphWHRvODdJUmNxTjAvenE2bDBMeWpza3Zva0Z1UnFxMTdOMW9iWWFSZlArVkZJOE5oS0MvUmcvaWVtYkFyVG1jQlRJZWlJSGlJb3NNaDhZNFNRdFlVUGhBM2pFb3V4TEpJeHozSDdPN25wdEhrRTNqYXVMS1NndFlWY3Y4NXljSzE4YU5IaS9zSHBvWnF4S2FEMWgxVXRjd01wSmlFWlZRaHcvcnM5bmp4SUQvNEpCekE2SHJPS0syK2ljQXBpejJwUWc5Y09Pd3ovWWk2YXFoY3Q4NnJwb0g3Tk4vbTZqYjQzcTZvZ3pzK1lPQ2JRY1ZQRkd4NG1EdGZTKzJVbDYwTzRURlJNdWd5azVjSG43UnVjZ1VnOHM1RStxWUM1eEQ2YUdrZUNFc29vOHAzajNjbjJSWT0= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccdid
- sh -c echo NkRGMTFDMTFGMTFBODA1M0MwMjQ1QTZCQTVDNkU4MzIyMDE4MDIwOTAwMDM= > <SD-Card>/../../../../../..<SD-Card>/..ccvid
- sh -c echo NkRGMTFDMTFGMTFBODA1M0MwMjQ1QTZCQTVDNkU4MzIyMDE4MDIwOTAwMDM= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccvid
- sh -c echo OTc0QjA1RDEzRDgwOUE2RUUxMzc3MkIyRUJFNDJDNTExMEQ3RjQ6RTM5QzUxOkZDOTc5Nw== > <SD-Card>/../../../../../..<SD-Card>/._android.dat
- sh -c echo OTc0QjA1RDEzRDgwOUE2RUUxMzc3MkIyRUJFNDJDNTExMEQ3RjQ6RTM5QzUxOkZDOTc5Nw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_android.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/._system.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_system.dat
- sh -c echo RDc4Q0FBMEQ0N0JBN0YyQjVCQUIyMDNGMUM0QjVGN0YxNTM0NDkwMTkx > <SD-Card>/../../../../../..<SD-Card>/..cvtid
- sh -c echo RDc4Q0FBMEQ0N0JBN0YyQjVCQUIyMDNGMUM0QjVGN0YxNTM0NDkwMTkx > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.cvtid
- sh -c echo RjFFODY0Q0E3OEZDOTQ0QTdBQzZFM0EyMzRERTZFOTI4NjlDNjA6Mzc1NzBCOkEzQzM2OQ== > <SD-Card>/../../../../../..<SD-Card>/._driver.dat
- sh -c echo RjFFODY0Q0E3OEZDOTQ0QTdBQzZFM0EyMzRERTZFOTI4NjlDNjA6Mzc1NzBCOkEzQzM2OQ== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_driver.dat
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.thirdsdk.getui.NPushService 24970 300 0
Загружает динамические библиотеки:
- Bugly
- du
- getuiext2
- libjiagu-1110564872
- tongdun
- tpnsSecurity
Использует следующие алгоритмы для шифрования данных:
- AES
- AES-CBC-PKCS7Padding
- AES-CFB8-NoPadding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- RSA
- RSA-ECB-PKCS1PADDING
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CFB8-NoPadding
- AES-GCM-NoPadding
- DES-ECB-PKCS5Padding
- desede-CBC-NoPadding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации о настроках APN.
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.