Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Adware.Gexin.2.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) i####.meitu####.com:80
- TCP(HTTP/1.1) i####.meitu####.com.####.com:80
- TCP(HTTP/1.1) m.me####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) p####.babytre####.com.####.com:80
- TCP(HTTP/1.1) trac####.me####.com:80
- TCP(TLS/1.0) res####.a####.com:443
- TCP(TLS/1.0) p####.babytre####.com.####.com:443
- TCP c####.g####.ig####.com:5226
- TCP sdk.o####.t####.####.com:5224
Запросы DNS:
- 7j####.c####.z0.####.com
- a####.u####.com
- amap####.cn-hang####.oss####.####.com
- c####.g####.ig####.com
- c-h####.g####.com
- i####.meitu####.com
- i####.meitu####.com
- i####.meitu####.com
- i####.meitu####.com
- i####.meitu####.com
- m.me####.com
- p####.babytre####.com
- p####.babytre####.com
- res####.a####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- trac####.me####.com
Запросы HTTP GET:
- i####.meitu####.com.####.com/group1/M00/04/92/a469294fa6f04c77a7977e637a...
- i####.meitu####.com.####.com/group1/M00/1A/47/wKgyOldAMQqAWjAFAAARHxP6kz...
- i####.meitu####.com.####.com/group1/M00/1B/9F/wKgyOldCrIuANZHRAADS7lNi5E...
- i####.meitu####.com.####.com/group1/M00/1B/B7/wKgyOldCvVaABNrTAAAaHNty1g...
- i####.meitu####.com.####.com/group1/M00/1D/79/wKgyOldEKVuAJXoQAAAScsFnDW...
- i####.meitu####.com.####.com/group1/M00/1D/EE/wKgyOldFEpqAdl82AAATjFPR8K...
- i####.meitu####.com.####.com/group1/M00/1F/1F/71f8043db12f482590ff7fc9db...
- i####.meitu####.com.####.com/group1/M00/20/AC/wKgyOldG0lCAKdDTAAAtf-BCO3...
- i####.meitu####.com.####.com/group1/M00/24/D9/wKgyOldNI5iAagPzAAAViH6JU3...
- i####.meitu####.com.####.com/group1/M00/33/74/b767f61c745f4b16a29e3350a7...
- i####.meitu####.com.####.com/group1/M00/34/51/wKgyOldekASAdq01AAAVlgda4v...
- i####.meitu####.com.####.com/group1/M00/34/51/wKgyOldekFSARoqxAAALzx9cPp...
- i####.meitu####.com.####.com/group1/M00/34/52/wKgyOldekQ2AMBeRAAAdKNu_kK...
- i####.meitu####.com.####.com/group1/M00/44/60/c877c29297bc46049feef9d0b4...
- i####.meitu####.com.####.com/group1/M00/53/99/5c233b6513d3437991eadf54c5...
- i####.meitu####.com.####.com/group1/M00/5B/6D/5c0f176ddc024865b36590ff8e...
- i####.meitu####.com.####.com/group1/M00/75/94/bcee949d75634a32b4f20433a3...
- i####.meitu####.com.####.com/group1/M00/87/67/33f67c0ffdb2481b871fde9d4d...
- i####.meitu####.com.####.com/group1/M00/8E/20/974ae2671bd648e3b34452081f...
- i####.meitu####.com.####.com/group1/M00/8F/F1/a300578048044987903d8520e8...
- i####.meitu####.com.####.com/group1/M00/F7/AC/04b6179acddc44f58a81854325...
- i####.meitu####.com/group1/M00/01/BE/wKgyOlVILySAZqzEAAImlwKI2To411.jpg?...
- i####.meitu####.com/group1/M00/06/64/349e88ab06534b2ba064b1d41e36b637.jp...
- i####.meitu####.com/group1/M00/0E/07/2886e2c95c0744b9901b158fcc0e8123.jp...
- i####.meitu####.com/group1/M00/0E/2C/wKgyOlc5dlKAdXyxAABub4fAB18753.jpg?...
- i####.meitu####.com/group1/M00/0E/30/wKgyOlc5eqmAbd1vAAA_rXn2-kU426.jpg?...
- i####.meitu####.com/group1/M00/0E/78/wKgyOlc5m7OAZ8HGAADOjfn52Lg188.jpg?...
- i####.meitu####.com/group1/M00/10/D4/bb3a659f9c1d48a9bf10130ab75efb27.pn...
- i####.meitu####.com/group1/M00/11/F3/wKgyOlc6w6mASJAFAAAXX-MlvdA951.jpg?...
- i####.meitu####.com/group1/M00/13/B3/b3568d913dbe4b07a57a1d4f00f5f9ea.png
- i####.meitu####.com/group1/M00/15/B9/9d83da8d841b48be9bfebfbf5715b9ae.jp...
- i####.meitu####.com/group1/M00/17/EC/wKgyOlc9dWGAcFyoAAhkyAkMwKQ489.jpg?...
- i####.meitu####.com/group1/M00/1A/46/wKgyOldAL72AXgj2AAAU0r0Nh4s943.jpg?...
- i####.meitu####.com/group1/M00/1A/46/wKgyOldALX6AQG4uAAARaXG__8c707.jpg?...
- i####.meitu####.com/group1/M00/1A/46/wKgyOldALnOAC7lXAAAbOKZ22bA914.jpg?...
- i####.meitu####.com/group1/M00/1A/47/wKgyOldAMHuAPVT4AAANeW0IK7Q547.jpg?...
- i####.meitu####.com/group1/M00/1A/47/wKgyOldAMaGAZV5DAAAVd-TbNmU055.jpg?...
- i####.meitu####.com/group1/M00/1A/47/wKgyOldAMm6AEN3yAAAX2edCpiQ039.jpg?...
- i####.meitu####.com/group1/M00/1B/9F/wKgyOldCrH2ALgIIAAC257ddhVs314.jpg?...
- i####.meitu####.com/group1/M00/1B/B6/wKgyOldCvD6AGkI2AABkY510qg0063.jpg?...
- i####.meitu####.com/group1/M00/1B/B6/wKgyOldCvFaALdduAAA0ro_RpaE085.jpg?...
- i####.meitu####.com/group1/M00/1B/BD/wKgyOldCwWqAJ8yQAACcMB4LR1Q346.jpg?...
- i####.meitu####.com/group1/M00/1D/13/wKgyOldD_oiAUC30AAAU5MRHIM0887.jpg?...
- i####.meitu####.com/group1/M00/1D/62/wKgyOldEHSeAGrGWAAA32gQTUN0526.jpg?...
- i####.meitu####.com/group1/M00/1D/63/wKgyOldEHciANL7dAABD_Z-rGFY779.jpg?...
- i####.meitu####.com/group1/M00/1D/65/wKgyOldEHmmAPIO8AAA8qg2sA0g128.jpg?...
- i####.meitu####.com/group1/M00/1D/66/wKgyOldEHvmAMSTnAABDX-6RgPY487.jpg?...
- i####.meitu####.com/group1/M00/1D/79/wKgyOldEKTKAGMXfAAAT8TRBES4580.jpg?...
- i####.meitu####.com/group1/M00/1D/7A/wKgyOldEKd6APgzBAAAP_DSEFnQ437.jpg?...
- i####.meitu####.com/group1/M00/1D/7A/wKgyOldEKf-AbB9SAAASn35aMb0889.jpg?...
- i####.meitu####.com/group1/M00/1D/7B/wKgyOldEKjWAEjFtAAAR5WIa0lg850.jpg?...
- i####.meitu####.com/group1/M00/1D/ED/wKgyOldFEZ-AJA42AABRek-48T0846.jpg?...
- i####.meitu####.com/group1/M00/1D/ED/wKgyOldFEgiAUPe1AAAwEW9gOXk381.jpg?...
- i####.meitu####.com/group1/M00/20/A8/wKgyOldGzbKAFkXQAAA6FjAjrMg567.jpg?...
- i####.meitu####.com/group1/M00/20/A9/wKgyOldGzryAAGWQAABHh5OK-Zs254.jpg?...
- i####.meitu####.com/group1/M00/20/AB/wKgyOldG0LqAWNCgAAAgO_Fdleg613.png?...
- i####.meitu####.com/group1/M00/20/AC/wKgyOldG0jOAU3pkAAA5t3bU75k031.jpg?...
- i####.meitu####.com/group1/M00/20/AC/wKgyOldG0mqAKqH8AABL_pbnSSw112.jpg?...
- i####.meitu####.com/group1/M00/27/56/4f2e909a6136427cb86aa7d0247562ef.jp...
- i####.meitu####.com/group1/M00/2B/75/wKgyOldVRoyAXj_jAAAh1a5JbGY776.jpg?...
- i####.meitu####.com/group1/M00/2D/CA/wKgyOldXf-iAOum0AAAU0aeBv3Q304.jpg?...
- i####.meitu####.com/group1/M00/34/52/wKgyOldekImANxCQAAALO9jCc-c551.jpg?...
- i####.meitu####.com/group1/M00/34/52/wKgyOldekM2ACDVJAAAQ95sQ5LM684.jpg?...
- i####.meitu####.com/group1/M00/39/4C/c4c9392f98d44cb8b2e8f85df89cc678.jp...
- i####.meitu####.com/group1/M00/3F/D4/2f823f62c12d435db326c7500fc3f18f.jp...
- i####.meitu####.com/group1/M00/40/B4/bb53d0500ced4789ac3d387149b40abb.jp...
- i####.meitu####.com/group1/M00/42/58/2422bee809944a758df1c3ccef755cb6.pn...
- i####.meitu####.com/group1/M00/43/0D/67da8a740d4d43389b66d038ecde0600.jp...
- i####.meitu####.com/group1/M00/47/3B/2d0b9e36c0d14e9ebba1716f473bb71b.jp...
- i####.meitu####.com/group1/M00/47/C0/a690258255dc44758ce8d73a9edc0a0f.jp...
- i####.meitu####.com/group1/M00/4B/E8/e8184b07ba614c9ab06ef4b9610a22fc.jp...
- i####.meitu####.com/group1/M00/50/50/b9d6b45057904f7992a207fa009ad6a0.jp...
- i####.meitu####.com/group1/M00/51/D4/82b65b09be6d46238f451a559b8b866f.jpg
- i####.meitu####.com/group1/M00/57/72/c47294a579dc4aa08396a2942689b58a.pn...
- i####.meitu####.com/group1/M00/5B/8A/75a64e8a3bb746d0b5b2d572f722f215.pn...
- i####.meitu####.com/group1/M00/66/6B/d1966b6baa99426e8ea5a66f1b28f3cc.jp...
- i####.meitu####.com/group1/M00/81/6B/e65da21360fc4d6b8d6481b55db839e5.jp...
- i####.meitu####.com/group1/M00/8A/70/970e238a8a71431d8a8ff813e350bd29.png
- i####.meitu####.com/group1/M00/8B/35/634f35a57f8b481d810597fec3574b77.jp...
- i####.meitu####.com/group1/M00/8E/48/305136b2047b43268ee2489e5d07e1e7.jp...
- i####.meitu####.com/group1/M00/8F/03/766038a4998f4abab4eab48fe1e1809e.jp...
- i####.meitu####.com/group1/M00/97/4E/wKgyOlb89ZaASgKhAABgnBm6gVU143.jpg?...
- i####.meitu####.com/group1/M00/9D/BC/7c9d6549bc5047fbb2b23d24a24d5846.png
- i####.meitu####.com/group1/M00/A1/24/31e9d0b12924447cb1f1ba8d76a1a8f6.jp...
- i####.meitu####.com/group1/M00/A7/AF/wKgyOlffVYmAAZDVAABNG-kZAM4460.jpg?...
- i####.meitu####.com/group1/M00/A8/9F/73e060ee57a74a9fb1edc7c2211b6a8a.jp...
- i####.meitu####.com/group1/M00/AB/CC/bc1af848ac2b422dbab942cc4ea269df.jp...
- i####.meitu####.com/group1/M00/B5/B5/9e4b5852e33b4ad2a07b387239fc45fb.jp...
- i####.meitu####.com/group1/M00/B6/38/03824b0859b6446783e0c7ff7e3bfab6.jp...
- i####.meitu####.com/group1/M00/C5/69/21ea16f960514699a6ef961c5fe4e769.jp...
- i####.meitu####.com/group1/M00/C5/88/81b6ea4ce60345f897c5588bbfdb7e0b.jp...
- i####.meitu####.com/group1/M00/C8/74/132b1687f4e7494983c5618b1c8d6d13.png
- i####.meitu####.com/group1/M00/CA/34/wKgyOlgG3hSAOdrAAAAqaLAbBc0367.jpg?...
- i####.meitu####.com/group1/M00/D1/A5/41acbd0c839e4bd1aff8a5c24f989c43.png
- i####.meitu####.com/group1/M00/D8/7D/588d84637dad4ca9aab301bf4839be52.jp...
- i####.meitu####.com/group1/M00/D9/52/3052da1268d74e99b28d62c09aad9ac2.jp...
- i####.meitu####.com/group1/M00/DE/5F/c85fb2712eba4ddb8cdeae1b20a9958e.jp...
- i####.meitu####.com/group1/M00/EA/80/f84ad5c3f28340dea51dbb8074128802.png
- i####.meitu####.com/group1/M00/EC/C0/d1dec98e4c904246a74c05470b7a6f71.png
- i####.meitu####.com/group1/M00/ED/40/c7b45390edcc40c5864995db42f3845c.jp...
- i####.meitu####.com/group1/M00/EE/24/b920ee1b8a0249628ddab67c31f5c9a6.jp...
- i####.meitu####.com/group1/M00/F2/E2/ed45b44f20064416bf2fe2dc58844930.jp...
- i####.meitu####.com/group1/M00/F4/54/92f4ad65a1b54c66a735e60e2f25bdbb.jp...
- i####.meitu####.com/group1/M00/FD/AB/19c32b9fabbd41e18516ae37a3cfd9a4.jp...
- m.me####.com/mobile/app/upgrade.htm?apptype=####&appversion=####&cityid=...
- m.me####.com/mobile/fightgroup/moregroup.htm?apptype=####&appversion=###...
- m.me####.com/mobile/search/v2/getagecategory.htm?apptype=####&appversion...
- m.me####.com/mobile/search/v2/getbrandcategory.htm?apptype=####&appversi...
- m.me####.com/mobile/search/v2/getcategorymenu.htm?apptype=####&appversio...
- m.me####.com/mobile/search/v2/getcommoncategory.htm?apptype=####&appvers...
- m.me####.com/mobile/system/getRequestBaseInfo.htm?apptype=####&appversio...
- m.me####.com/mobile/system/getcurrenttime.htm?apptype=####&appversion=##...
- m.me####.com/newapi/cms/findHomeModuleList?agekeyids=####&ageweek=####&c...
- m.me####.com/newapi/cms/findHomeWordNavigator?cityid=####&protocol=####&...
- m.me####.com/newapi/cms/findModuleInfoList?cityid=####&curpage=####&page...
- m.me####.com/newapi/cms/findUserAgeData?birthday=####&cityid=####&protoc...
- m.me####.com/newapi/comment/itemComment?cityid=####&mt=####&promotiontyp...
- m.me####.com/newapi/item/getPriceStock?cityid=####&mt=####&promotionid=#...
- m.me####.com/newapi/item/getProdBasicInfo?cityid=####&mt=####&promotioni...
- m.me####.com/newapi/item/itemCollectService?cityid=####&mt=####&promotio...
- m.me####.com/newapi/mobile/common/close_site_notice?cityid=####&protocol...
- m.me####.com/newapi/mobile/common/querySwitch?cityid=####&protocol=####&...
- m.me####.com/newapi/search/getSearchGroupResult?backendcategoryid=####&b...
- m.me####.com/newapi/search/getSearchProdResult?agerangeid=####&allprods=...
- m.me####.com/newapi/topic/topicflow/findTopicListByChannelType?channelty...
- m.me####.com/newapi/tptf/tptfproductService?birthday=####&cityid=####&cu...
- p####.babytre####.com.####.com/foto3/thumbs/2016/0625/47/0/1fd1aca81a3ad...
- p####.babytre####.com.####.com/foto3/thumbs/2016/1006/75/7/430c6e9c9836d...
- sh.wagbr####.aliyun####.com/sdkcoor/android/x86/libJni_wgs2gcj.so
- t####.c####.q####.####.com/config/hz-hzv3.conf
- t####.c####.q####.####.com/tdata_Soq141
- t####.c####.q####.####.com/tdata_vxj811
Запросы HTTP POST:
- a####.u####.com/app_logs
- c-h####.g####.com/api.php?format=####&t=####
- m.me####.com/mobile/appbase/newestPatch.htm
- m.me####.com/mobile/community/getAppInitAdvertiseInfo.htm
- sdk.o####.p####.####.com/api.php?format=####&t=####
- trac####.me####.com/service/T0001
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1523292255-297407143
- /data/data/####/-3157421091129340108
- /data/data/####/-DqOnt7Pk0zg9eWRcalxDlX2IoI.1311203749.tmp
- /data/data/####/-Ss8Eelb5Vvlb1hOSsVAC-gxQ18.-721904177.tmp
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/0VqPY534Xi3vz9nqKTOiXJfSkq8.1490572296.tmp
- /data/data/####/0adBqpKC1lO2H8zZP5DU6sDwqRg.-1189154163.tmp
- /data/data/####/0r57VJoPMTiQwymccQM5Jmi1MxA.58459306.tmp
- /data/data/####/1d2b904cbeadfb72ed9546111a231c85.0
- /data/data/####/2EAn6FceiRA5KIbDXA3NSeorVDc.-1747038533.tmp
- /data/data/####/2OUJTLsf3uhQcmM4V-PCMSbHXR8.-1602097650.tmp
- /data/data/####/36f33P9_xx0Is_DCk2YZufQg7AA.183895118.tmp
- /data/data/####/3DrxccF5ZsocvOXNzgavyIe4ljE.-1183922522.tmp
- /data/data/####/3wDXf_3FA5hayqSCVxMGS9qtn2A.-977844818.tmp
- /data/data/####/42xT0_1eNvD8ETwl0T26g6r3KvI.-1831234579.tmp
- /data/data/####/4qSjemHMTiWsx3GrW9PRMf_dwOY.2138062661.tmp
- /data/data/####/5uR61Gp49OnzplPPzua894JFcPU.1605119078.tmp
- /data/data/####/5xTXKI9VssnX-77Dny-S7mM78lA.1886596600.tmp
- /data/data/####/6LQJI5sFj0AV-8cP5PNxgN7xMFQ.-2075063445.tmp
- /data/data/####/6jJgu2t6j6qqZ2c_w9zolf09hU0.-1798881310.tmp
- /data/data/####/6nXmwdulf_vEiQ81_ukc0Fifsc4.-974205182.tmp
- /data/data/####/7c0KxCwHIOyl49HON2ioAXu58Ws.-1809161561.tmp
- /data/data/####/7vgAW6YiHPsmlioZDBh9BSmQAbo.872541100.tmp
- /data/data/####/7vgAW6YiHPsmlioZDBh9BSmQAbo.cnt
- /data/data/####/AElRqoVeMSTa5ne9Xbz4P21JGl4.267306273.tmp
- /data/data/####/AxemfqNWCNk1YJKeboLm-XZVRgo.-1162201250.tmp
- /data/data/####/BY4EXo_yT3ebcgQ3DB_Gvr2OoGw.-1903118041.tmp
- /data/data/####/Bl7m1HxaKgZdiM_BJd4n5PC1hzs.-1338350977.tmp
- /data/data/####/CX6sW1UVybFjbhJXpekj2tkkr4Y.1420897144.tmp
- /data/data/####/CZ3o7EEdSINobS42tAdQDSgblf4.-1384043804.tmp
- /data/data/####/Constant.xml
- /data/data/####/Dc0C4_jFN-rpF94iReUVPbYsF3M.-92084404.tmp
- /data/data/####/DpecZLr5-nxGqz_0FG7oYiMuBKQ.745618204.tmp
- /data/data/####/E7TuF5cCzmVKS4_DyXkcQgA9UOk.739894820.tmp
- /data/data/####/E92Qwu6v_1I6nebU4jKqd06xFy0.-898254747.tmp
- /data/data/####/G5OB8AjyVoydfW5zlClaU3OzUyI.1906514676.tmp
- /data/data/####/GASu_OxQjIHqXsR_G8u9JW_HDFU.1327250518.tmp
- /data/data/####/GJUdmILICHGt7w-wof9T-cAME0g.1206472603.tmp
- /data/data/####/GvxXXPRYwL0vENYA4RMu8R5R0zY.-205524387.tmp
- /data/data/####/H_zMcIN69fmXFPPW_By1flM9mXs.-125064803.tmp
- /data/data/####/HhwZYKAPVaQBA9LGNHM1RSH0t58.970397520.tmp
- /data/data/####/HwX4xeWarJCsQirp5DeNPmf8o94.-1762877292.tmp
- /data/data/####/JkgUsmdMyKW_nGlvLmlwzybMvnA.1972419326.tmp
- /data/data/####/LWl3qH-NdUx3qekK3Hv8JIwGiRI.2074035621.tmp
- /data/data/####/LpqwXRKTyRBGv7fr-dSUEW8JLX4.-727836474.tmp
- /data/data/####/Lyc-152i7JR4Pk7g4tVjnSouq8A.-1240593881.tmp
- /data/data/####/MFqoxQfpT9XB8uYz-Zr_0_nhoSw.2115312502.tmp
- /data/data/####/Mj82Re5AzwoGYzqp3Q49Mmydf4I.-1397190464.tmp
- /data/data/####/N9zbVvJipfDKMWsv9iny-YTxt-g.-365286385.tmp
- /data/data/####/N9zbVvJipfDKMWsv9iny-YTxt-g.cnt
- /data/data/####/OByTowuLemmXLcO96beGKcOIUf0.-2108653546.tmp
- /data/data/####/ORcejuzR6WLzUnNxjPnCnN-tOpE.1171989543.tmp
- /data/data/####/PDm_o5l34jNtYAihwtmtNyi3XKU.1166344435.tmp
- /data/data/####/QfRX8VtY61EwgYzSCa3wf_MfSFE.-1854333524.tmp
- /data/data/####/SPQJ3UNrDrLmxqa9lH3TvaHwMpA.1291847992.tmp
- /data/data/####/Sr_iVBzKdBlcps6xyjFxz9S_Dj0.-403303696.tmp
- /data/data/####/T3JqmrQVnzInN6LskwuESUW2cAM.-741389389.tmp
- /data/data/####/UU130WaTMbuMLmZo6N8tZ9l4WCw.-732421931.tmp
- /data/data/####/Ub11eAsvt5bDWwJJbPtZ4gZMElI.-1282707628.tmp
- /data/data/####/UiQ67p7QDChSc_4PJioLT8R40c0.468841636.tmp
- /data/data/####/VeNrPS1aiOJZaKnQEKooCJG5Des.-2121097409.tmp
- /data/data/####/Vr49HwjMcxwDaEVtc0TYgPlJTcg.1422155995.tmp
- /data/data/####/Vwgo6jasvtSAQ-VR5uyw98eirrs.-1112321249.tmp
- /data/data/####/WyGPZWKptR8mCCW2CFnsxl5ugD0.-1694585804.tmp
- /data/data/####/XNSDKStore1.0.xml
- /data/data/####/XNclientid.xml
- /data/data/####/XNdmsOvkLYt5G_6V9ZIUk0IPD_A.-281147065.tmp
- /data/data/####/XNmachineid.xml
- /data/data/####/XReZ9c1oGQ7Cf2v6oLM7mpnrAQQ.483026299.tmp
- /data/data/####/YB3YAdV9anqa-yOJnBDFYWl8qOI.955858131.tmp
- /data/data/####/YPjKwUSvz5IkqbaN1XFq_Foh_S8.222805206.tmp
- /data/data/####/ZAnoev-kU47Zn5FYDRVUf5TM85M.94895504.tmp
- /data/data/####/ZDeKmzO84biiVnPssaTuujHygUk.-1327627566.tmp
- /data/data/####/Zl_w4KbbVPC8eoY2jAWLxxe8coA.-2048323784.tmp
- /data/data/####/_andfix_.xml
- /data/data/####/aHcJ3yMRdEAKCKn50N-7PqZmSxw.-932754581.tmp
- /data/data/####/bVLvZGDs-CIhgeK9oXksralu9pU.-1257613706.tmp
- /data/data/####/bcc0mT2VZNZCoQin_ilNZYpUH3U.-1507217557.tmp
- /data/data/####/com.meitun.mama_preferences.xml
- /data/data/####/cseEaS6honjzeu3ke8qawpLkEwM.-2111267013.tmp
- /data/data/####/dSKMkGAq2wpVu8b2afAW_iBQ23Y.1578181971.tmp
- /data/data/####/dx_BUVwnJ03Q-LnRZXxF5q_l1lw.1633193503.tmp
- /data/data/####/e1besRQfrCbaR3CVXK8SiSYjj4A.873994227.tmp
- /data/data/####/eZ5OrF653Kj6cRnIytTtDZEVHMI.-1924297329.tmp
- /data/data/####/eylLJu1WOjpfUJ2PoZb1kYVyeFI.-1215772887.tmp
- /data/data/####/f1CmmtRb2prLVX7Bu_IWKdIZa3o.-1529707407.tmp
- /data/data/####/g1OgdepTEftcnnN1NRWW17N0BVk.130399536.tmp
- /data/data/####/g7EsOaSpMGwAixBES2hRh3ieZPg.548393477.tmp
- /data/data/####/g8zrbsObbJW6I07b542i6El7Zbk.249089492.tmp
- /data/data/####/gTuBpc8pA121Nud075Lwe9Lz1ZI.1933385861.tmp
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gg6IrrK0GtwkAMAqG4nBkQWDi1Q.-1685588094.tmp
- /data/data/####/gx_sp.xml
- /data/data/####/h9zjPcREZROrag4sg8xy0xWQ7tc.2061376453.tmp
- /data/data/####/hivCYWpQu4bdK_okJ5GLtCJxMLc.1686616493.tmp
- /data/data/####/hmdb
- /data/data/####/hmdb-journal
- /data/data/####/i8_KaCfDS1qiCQ8vQ9N8rjwEB20.1850790931.tmp
- /data/data/####/iH2VvpjamVLPy7FTihsn9A56l14.1866147285.tmp
- /data/data/####/iZS-EoC82beuJNq5-Y6Gc9UoOwo.964671110.tmp
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/iwA1mKaBP06tTm5RTqySRm_W7jI.-1112918573.tmp
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/k49dmBYil7IYmdE3bTQxDdgyILk.-1141993806.tmp
- /data/data/####/kKqCChz2cjotP6rx28YR9TR0AIs.1098163188.tmp
- /data/data/####/lSB4NC14-sZHtsV2EjwPIDU2R08.-542142882.tmp
- /data/data/####/libjiagu.so
- /data/data/####/lm48-z1KaHonCsgXXfojGESR2jI.749532201.tmp
- /data/data/####/loctemp.so
- /data/data/####/logdb.db
- /data/data/####/logdb.db-journal
- /data/data/####/meitun_statistics.db-journal
- /data/data/####/mobclick_agent_online_setting_com.meitun.mama.xml
- /data/data/####/mt_1000_ISME9754_guest8824555625990303363243281...ournal
- /data/data/####/multidex.version.xml
- /data/data/####/nZcQH6T13nQbB0Z0KSLqEH3gHCg.-166110815.tmp
- /data/data/####/nqwiOlcOuJKFZ41RaQ0vHZaVvQs.1869135122.tmp
- /data/data/####/o4VX3YCyiJiUbGOfxx-Um6aN7_g.-698202500.tmp
- /data/data/####/okfo62uQvzrkRGZnySkJ7M7l_1g.-280689296.tmp
- /data/data/####/p6bxdq3lDINYsrSURbkRRsCqNiY.-1044835253.tmp
- /data/data/####/pCQm4XpSyEUBWiEDzC5lwGgozdY.-2006617136.tmp
- /data/data/####/pJgbclRaHNxNZpAGIkpdtYKDW5s.1748537806.tmp
- /data/data/####/ph71q6GDi5uB8F9m--wrf1ic0dc.-1753901899.tmp
- /data/data/####/pref.xml
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/qICIv84o5NhLDqokJW1m2fXjoLU.1230276778.tmp
- /data/data/####/rXgQStyF33gw6auli4hecrKrlFE.-2051891726.tmp
- /data/data/####/run.pid
- /data/data/####/s0CJuiQBXcEL-GSYQPZw3EaeQfM.476321463.tmp
- /data/data/####/sRp8W_RcUHMa-bpBYO6bm5HiJs0.1460074563.tmp
- /data/data/####/se8tssF_PbRNByDxC0XU79uVjIU.1116290465.tmp
- /data/data/####/setting.db-journal
- /data/data/####/tdata_Soq141
- /data/data/####/tdata_Soq141.jar
- /data/data/####/tdata_vxj811
- /data/data/####/tdata_vxj811.jar
- /data/data/####/tq6OKlTk9jI45jjko_6EtKCuzMY.1993940790.tmp
- /data/data/####/ud1SMvon0teTfh_hi3sC-HP-5nE.-1524650178.tmp
- /data/data/####/uhHCEzDanjXxUeGzBkR8U6NGLUM.-1130349368.tmp
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/vNSMGDH34pE0DIETYz6yaHW9cWQ.-555498455.tmp
- /data/data/####/wGGPfR5rT7vz2lk1kT-6QlO_s-o.2014066808.tmp
- /data/data/####/xQIp79WI_fCSy0EEnZyumHn9sGg.-1140400262.tmp
- /data/data/####/xnsdkconfig.xml
- /data/data/####/y7wYJS_zMwa0FsGjt5gqQSdTGtY.-1085591780.tmp
- /data/data/####/ycs5mw-2_LubEymsLH2Mvfqd2Ig.-1943117425.tmp
- /data/data/####/yk1E6saXvQYE_bRRfuOGJeGieeY.627681238.tmp
- /data/media/####/1541545650930.db
- /data/media/####/1541545652710.db
- /data/media/####/alsn.db
- /data/media/####/alsn.db-journal
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.meitun.mama.bin
- /data/media/####/com.meitun.mama.db
- /data/media/####/tdata_Soq141
- /data/media/####/tdata_vxj811
- /data/media/####/test.log
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.getui.GetuiPushService 24481 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Загружает динамические библиотеки:
- andfix
- bitmaps
- getuiext2
- libjiagu
- memchunk
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- DESede
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
Использует специальную библиотеку для скрытия исполняемого байткода.
Осуществляет доступ к информации о геолокации.
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, IMEI и т. д.).
Осуществляет доступ к информации об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
