Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Adware.Gexin.2.origin
Осуществляет доступ к приватному интерфейсу ITelephony.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- UDP(DNS) 1####.114.114.114:53
- TCP(HTTP/1.1) z12.tua####.com.####.com:80
- TCP(HTTP/1.1) m.api.zh####.com:80
- TCP(HTTP/1.1) na61-####.wagbr####.ali####.####.com:80
- TCP(HTTP/1.1) pi####.qq.com:80
- TCP(HTTP/1.1) 2####.243.212.25:80
- TCP(HTTP/1.1) hk.wagbr####.non####.####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) anal####.tua####.com:80
- TCP(HTTP/1.1) ada####.m.ta####.com:80
- TCP(HTTP/1.1) ad####.m.ta####.com:80
- TCP(HTTP/1.1) 1####.254.116.117:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8011
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
- TCP(HTTP/1.1) res####.a####.com:80
- TCP(HTTP/1.1) z11.tua####.com.####.com:80
- TCP(HTTP/1.1) reso####.msg.xi####.net:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) ope####.m.ta####.com:80
- TCP(TLS/1.0) nbsdk-b####.al####.com:443
- TCP(TLS/1.0) res####.a####.com:443
- TCP(TLS/1.0) hotfix####.aliy####.com:443
- TCP(TLS/1.0) regi####.xm####.xi####.com:443
- TCP 4####.62.94.2:443
- TCP 47.74.1####.155:5222
- TCP t####.qq.com:8080
- TCP maa####.chinane####.com:6666
- TCP t####.qq.com:80
- TCP t####.qq.com:443
Запросы DNS:
- a####.b####.qq.com
- a####.man.aliy####.com
- acs4bai####.m.ta####.com
- ad####.m.ta####.com
- ada####.m.ta####.com
- aexcep####.b####.qq.com
- amap####.cn-hang####.oss####.####.com
- anal####.tua####.com
- and####.b####.qq.com
- api####.a####.com
- hotfix####.aliy####.com
- i0.tua####.com
- m####.m.zh####.com
- m.api.zh####.com
- m.k####.com
- maa####.chinane####.com
- nbsdk-b####.al####.com
- p####.m.zh####.com
- pi####.qq.com
- regi####.xm####.xi####.com
- res####.a####.com
- reso####.msg.xi####.net
- t####.qq.com
- th5.m.zh####.com
- wb.110.ta####.com
- y####.al####.com
- z####.zh####.com
- z11.tua####.com
- z12.tua####.com
- z3.tua####.com
Запросы HTTP GET:
- ad####.m.ta####.com/rest/gc2?ak=####&av=####&c=####&d=####&sv=####&t=###...
- anal####.tua####.com/app/cart/item/count
- anal####.tua####.com/app_record/monitor.gif?logData=####
- anal####.tua####.com/cn/f/brand_and_deal/status
- anal####.tua####.com/cns/push/query_download_by_pin.jsonp
- anal####.tua####.com/config/switch?keys=####&platform=####&trackid=####&...
- anal####.tua####.com/gateway/mapi/personal?user_type=####&user_role=####...
- anal####.tua####.com/gateway/mapi/taotejia/template?area=####&model=####...
- anal####.tua####.com/h5new/real/homemodule?area=####&model=####&paid=###...
- anal####.tua####.com/homepromotion/suspension/v2?user_type=####&user_rol...
- anal####.tua####.com/j/wireless/rest/bubble/list?point=####
- anal####.tua####.com/jxh5/js_dtz?ver=####
- anal####.tua####.com/mobilelog/activelog/v2/activeinfo.gif?data=####
- anal####.tua####.com/mobilelog/applog/mobilelog.gif?key=####&header=####...
- anal####.tua####.com/mobilelog/normal/report.gif?header=####&data=####
- anal####.tua####.com/ms/zhe800h5/ntfiles/dotmenu.json
- anal####.tua####.com/push/sdkconfig?brand=####&model=####
- anal####.tua####.com/zhe800_n_api/wl/taobaojingxuan/all_banners?image_mo...
- anal####.tua####.com/zhe800_n_api/wl/taobaojingxuan/biqiang
- anal####.tua####.com/zhe800_n_api/wl/taobaojingxuan/deals/v2?page=####&p...
- anal####.tua####.com/zhe800_n_api/wl/taobaojingxuan/popup?user_role=####
- anal####.tua####.com/zhe800_n_api/wl/taobaojingxuan/tags?user_type=####&...
- m.api.zh####.com/config/switch/shopdetail?platform=####&version=####
- m.api.zh####.com/config/switch?keys=####&platform=####&trackid=####&prod...
- m.api.zh####.com/deals/count/today/v1?user_type=####&user_role=####&stud...
- m.api.zh####.com/deals/muying/filter/v1
- m.api.zh####.com/feedback/unreadcounts
- m.api.zh####.com/list/deals/v2?image_type=####&tab=####&url_name=####&us...
- m.api.zh####.com/list/deals/v2?parent_tag=####&url_name=####&tab=####&us...
- m.api.zh####.com/operation/abtest/pageconfig/v1
- m.api.zh####.com/operation/banner/v1?cityid=####&show_location=####&user...
- m.api.zh####.com/operation/click/v2/getmobileinit?ip=####&bssid=####
- m.api.zh####.com/operation/notipopupinterval
- m.api.zh####.com/operation/startinfo/v1?cityid=####&image_model=####&use...
- m.api.zh####.com/operation/userinfo/v1
- m.api.zh####.com/search/recommend/v1?user_type=####&user_role=####&stude...
- m.api.zh####.com/tao800/clientcontrol/android/1/client.json
- m.api.zh####.com/tao800/commonbanner.json?ad_type=####&image_model=####&...
- m.api.zh####.com/tao800/hotbanner.json?pagetype=####&platform=####&chann...
- ope####.m.ta####.com/gw-open/mtop.taobao.tbk.sdk.config/1.0/?data=####
- reso####.msg.xi####.net/gslb/?ver=####&type=####&conpt=####&uuid=####&li...
- sh.wagbr####.aliyun####.com/sdkcoor/android/x86/libJni_wgs2gcj.so
- z11.tua####.com.####.com/bi/sca/android_045103_tao800.json?time=####
- z11.tua####.com.####.com/imagev2/customerservice/520x520.87766c43552f913...
- z11.tua####.com.####.com/imagev2/wxyy/100x100.4cfe9a1017eb02f0859e0b3316...
- z11.tua####.com.####.com/imagev2/wxyy/100x100.7506ba4682b06f4bbb1011fcd3...
- z11.tua####.com.####.com/imagev2/wxyy/100x100.8cbe36214ec2e64e2e85a0385b...
- z11.tua####.com.####.com/imagev2/wxyy/100x100.94263f33dd384388c3dad7023f...
- z11.tua####.com.####.com/imagev2/wxyy/100x100.fe660a024f6f3daddfb8d504c8...
- z11.tua####.com.####.com/imagev2/wxyy/110x110.3455a7ea7a46db29cc03c8de35...
- z11.tua####.com.####.com/imagev2/wxyy/110x110.3d20982eb2f4e8ed873268e8d2...
- z11.tua####.com.####.com/imagev2/wxyy/110x110.5cae34f688346b579a49f9b7e1...
- z11.tua####.com.####.com/imagev2/wxyy/110x110.6ae6b911b8ba4cf0e87d72d0b5...
- z11.tua####.com.####.com/imagev2/wxyy/110x110.937c2d60408120faae09801679...
- z11.tua####.com.####.com/imagev2/wxyy/110x110.a568816d3fc22f07cd5047bd2c...
- z11.tua####.com.####.com/imagev2/wxyy/111x110.ce958e9f3862da9df91ccce6fd...
- z11.tua####.com.####.com/imagev2/wxyy/128x50.68a798fc32a7b99dab3db916f85...
- z11.tua####.com.####.com/imagev2/wxyy/128x50.ac6b89b6be9ff265ef72be041ed...
- z11.tua####.com.####.com/imagev2/wxyy/150x150.9ffacd92111314a6f62d98da54...
- z11.tua####.com.####.com/imagev2/wxyy/180x88.a9d0b7e43864445fceb2dbd2e01...
- z11.tua####.com.####.com/imagev2/wxyy/187x188.973c9ad3a41716a9826d303ae6...
- z11.tua####.com.####.com/imagev2/wxyy/187x188.d2bc5c114d365ea73fe385aa8e...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.198246dcfade247fe049970cdc...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.1d1c03e186c8db7fc1eee46e4e...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.2ed7572446de94b1f52110e567...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.85f98c40d2b35a3df457651d02...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.908a85ca240e2e41c3f3d6e864...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.aa562a7f35a2cdf27fc68658ff...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.b4117d040a524d0d929292f01e...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.b83c7aabeba0e9c4782ba9f9a2...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.d17a94966514675302477a0fa8...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.d764e7f440ec1174c50b418780...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.da59ffb95e4688f5cd4edb30c9...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.ee4c4243380464a5fadd906d21...
- z11.tua####.com.####.com/imagev2/wxyy/187x222.f82676732b3c006e590acda36e...
- z11.tua####.com.####.com/imagev2/wxyy/188x222.42cb6cb70877fd7650921016b2...
- z11.tua####.com.####.com/imagev2/wxyy/188x222.a3b10dbac443e1e37d65ead9ff...
- z11.tua####.com.####.com/imagev2/wxyy/188x222.f95d8b79737596a756d6cc2112...
- z11.tua####.com.####.com/imagev2/wxyy/250x276.2a90850f99a3836f663cdcca8c...
- z11.tua####.com.####.com/imagev2/wxyy/250x276.3fc3194ccab312a34b5d2b399a...
- z11.tua####.com.####.com/imagev2/wxyy/250x276.8fd6dc3d2963d1b8d1029d63b3...
- z11.tua####.com.####.com/imagev2/wxyy/250x280.066b0af03bf1ca50e36753358a...
- z11.tua####.com.####.com/imagev2/wxyy/250x280.168321b8202883f4e6eea1254a...
- z11.tua####.com.####.com/imagev2/wxyy/250x280.eb1e590654a871ad6cefa1b09a...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.04b244561307ef919dc8febc4d...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.289e362b50205bfdbccd0e3f86...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.353b044c62d39bef9b2420ae29...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.68527724143d7f576ce6fa7816...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.7fa7b849c014872029013efe22...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.a6010f28ca136bed664578a5f7...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.c43774258c99a18a1bae010f07...
- z11.tua####.com.####.com/imagev2/wxyy/256x100.f891a0da297fd4cd46920b08e2...
- z11.tua####.com.####.com/imagev2/wxyy/375x188.fc05a54c02a6b0727171cbfc19...
- z11.tua####.com.####.com/imagev2/wxyy/375x206.7bbcd5a02e86a5005070db9ee4...
- z11.tua####.com.####.com/imagev2/wxyy/375x206.990349337322415c240c301ab0...
- z11.tua####.com.####.com/imagev2/wxyy/375x376.aa3ee3f3864c54f46cf4f19ca1...
- z11.tua####.com.####.com/imagev2/wxyy/48x48.707c6bd97b2195259103277912dc...
- z11.tua####.com.####.com/imagev2/wxyy/48x48.f238fdf8c0f634f1b12cd8200c31...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.1c04611016ca3e301bc6900c67ec...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.5193d7e2c180c415a2936c76e023...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.5614f8d3e6129edd8ca723cfae1f...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.69d98c0d4e2d0d4fb9af3361dbe9...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.ba128a8b54c77998187ea9ec2a9a...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.d6fe72234e66b205789eef55ff0a...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.df784ed38b2abda57a53df0f56f3...
- z11.tua####.com.####.com/imagev2/wxyy/50x50.fbe63bfe8783ba6f6da3c9d11861...
- z11.tua####.com.####.com/imagev2/wxyy/50x51.47a396dea2c5d4a8ec4cc78644b9...
- z11.tua####.com.####.com/imagev2/wxyy/750x206.eb8a934044a85dcaca5d0d4ea0...
- z11.tua####.com.####.com/imagev2/wxyy/750x220.a053a58cdf00e0073ddf178b79...
- z11.tua####.com.####.com/imagev2/wxyy/750x286.54e8b6da4edd1543e288e291a7...
- z11.tua####.com.####.com/imagev2/wxyy/750x286.5a22ed8f42f6b92a896beecf62...
- z11.tua####.com.####.com/imagev2/wxyy/750x286.6209428217ca07c7e7b97d5f25...
- z11.tua####.com.####.com/imagev2/wxyy/750x286.dee405334021cde184e48d72c5...
- z11.tua####.com.####.com/imagev2/wxyy/750x286.ec98da97c02b9b3f4e0d3d6be4...
- z12.tua####.com.####.com/imagev2/cpc/750x750.b783670cc5787c4e91ba886b106...
- z12.tua####.com.####.com/imagev2/cpc/800x800.481513b3be78e67cdc39c7a69e7...
- z12.tua####.com.####.com/imagev2/cpc/800x800.71d4aa8526ca55ec7bcc89d0d2e...
- z12.tua####.com.####.com/imagev2/cpc/800x800.8988d8b2b4d382aad70b5e25f71...
- z12.tua####.com.####.com/imagev2/cpc/800x800.ce7fae7f0972b1db1aafd4c7402...
- z12.tua####.com.####.com/imagev2/cpc/800x800.fa3ade7a250c83c2380dca3ad27...
- z12.tua####.com.####.com/imagev2/trade/600x600.e840ced8f52cfdabb947a9b4d...
- z12.tua####.com.####.com/imagev2/trade/750x750.8b9cbc5192abeb79b3453b555...
- z12.tua####.com.####.com/imagev2/trade/800x800.a4ef0de37978903ed61b7a1a2...
- z12.tua####.com.####.com/imagev2/wxyy/750x750.02cf7b4f6fa60a17d83d8b3ab6...
- z12.tua####.com.####.com/imagev2/zhaoshang/600x600.86d972c9b0503be5b1911...
- z12.tua####.com.####.com/imagev2/zhaoshang/600x600.9493c731dce308a707507...
- z12.tua####.com.####.com/imagev2/zhaoshang/600x600.b917464297462184076c9...
- z12.tua####.com.####.com/imagev2/zhaoshang/600x600.e9191221c22b6073b334a...
Запросы HTTP POST:
- ada####.m.ta####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=###...
- aexcep####.b####.qq.com:8011/rqd/async
- aexcep####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- hk.wagbr####.non####.####.com/saveWb.json
- na61-####.wagbr####.ali####.####.com/api/update.do
- pi####.qq.com/mstat/report/?index=####
- res####.a####.com/v3/log/init
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1120630569-225863295
- /data/data/####/-1375849657-1138424799
- /data/data/####/-1460420160
- /data/data/####/-5605657971044170427
- /data/data/####/-lcGop2GYiIqljjmF2QDyAhTero.-1031845369.tmp
- /data/data/####/.tpns.service.xml.xml
- /data/data/####/.tpns.settings.xml.xml
- /data/data/####/.tpush_mta.xml
- /data/data/####/0VV6JIsGwfKzaV6XOYk27vdWUzQ.-1250974337.tmp
- /data/data/####/0WlnIbocw--A35j_K2Z7UbutBkM.-2061085197.tmp
- /data/data/####/0a231bd8575dcf72.txt
- /data/data/####/0zefTeOB2rdJ5T_ZnoJj2WssIlA.-1735773182.tmp
- /data/data/####/1634632487-1683221978
- /data/data/####/1924619549-1966086770
- /data/data/####/1d77ea041509fe06.lock
- /data/data/####/20342923261293446306
- /data/data/####/21c22f492aba3de8.lock
- /data/data/####/230448042-526842374
- /data/data/####/25-7c24eKiWPsd_SK7yEoVaYB1Q.-1805278366.tmp
- /data/data/####/4601248761631842734
- /data/data/####/535338623311466192
- /data/data/####/5cwxlspkHwtPPjsdlF12AQ6PUPg.1028046264.tmp
- /data/data/####/5iFhtAk4_3ud6HYtRUmQgdUOhb8.-2057703373.tmp
- /data/data/####/6fP-boLCVXNJ1CeNLeGwgu2tsmA.623552049.tmp
- /data/data/####/6ksmaWz5EFPye2NKKYyIQILTo7A.2092100158.tmp
- /data/data/####/7448088071624061633
- /data/data/####/7V_Se9cNN_Es9-JDiG7B5Xo-pF0.151706168.tmp
- /data/data/####/7Z4v3hjU0fW8pBJQ41CfztoEEr8.-1227833156.tmp
- /data/data/####/7x-DVyvjSXva_BHGbhRmX2WWEEI.1808908468.tmp
- /data/data/####/852403011-276523678
- /data/data/####/8524030112083742310
- /data/data/####/85dDu1ZpU5qSa8x9rFHo5HglaVg.-348454476.tmp
- /data/data/####/8ef9c457b3bbb403.lock
- /data/data/####/930a31b34bd52c08.lock
- /data/data/####/975872557
- /data/data/####/AabZManJaEVdTixJ3jezYkUvLY8.1188269430.tmp
- /data/data/####/AlibcLinkPartner.xml
- /data/data/####/Alvin2.xml
- /data/data/####/AzCG31BmN73FIQD4XMQEA5wvAQA.-17090920.tmp
- /data/data/####/C48b043EG-MUvKRpTpVphQK43EU.834634060.tmp
- /data/data/####/ContextData.xml
- /data/data/####/EF2f5zdV3tVJdOIXWycrkIFNUcI.-1901287967.tmp
- /data/data/####/EWwgEuEaDOS0WiiSjU91o9mccSE.-976693962.tmp
- /data/data/####/HsJj_pjo_t6y5GxnZUd6Iq9DTjE.-1831035926.tmp
- /data/data/####/Hv9FtSXjTw4XxfckI62qilAh1xQ.-319653282.tmp
- /data/data/####/I6E7boDKXF-YAOPN5g0vipf3zpw.-1780340399.tmp
- /data/data/####/K7DGL6zRnijxDshN_d1ecleTzds.1243309742.tmp
- /data/data/####/KVIN-Z-KJPzRu0BG0UDuI7jWuCQ.-1180949221.tmp
- /data/data/####/Kdl64QjnXK_v5mf6Q0C-vvn4SmI.617879408.tmp
- /data/data/####/L1jHRUpn0Fwhyhl8N_ztGcsJemI.397853873.tmp
- /data/data/####/LYx5lHRSlJWQF2-BEw8cFpphMG0.-201892641.tmp
- /data/data/####/LhEBACuvAYlfBLtKPQ3mmiGzAo4.2146686693.tmp
- /data/data/####/MYc1gQSv6CZh1Zx3Nrg1sS8LiKE.-491609097.tmp
- /data/data/####/MultiDex.lock
- /data/data/####/N9y9MLtKu02GHNuWRyVD02jGZ_w.-1144514611.tmp
- /data/data/####/ND4nlOmT8ynHjc19aQGxNaSZj7w.429055908.tmp
- /data/data/####/PJp8vccAwkPasb073vezFv1tKX4.-751993718.tmp
- /data/data/####/QppROp3H0QBmi9Ct-8nLtCIPRNg.123206188.tmp
- /data/data/####/R0IUMIc3XAQkp91Qy66jQxUVUtM.-1077350301.tmp
- /data/data/####/S8_99Cvpl-nT7VrxlBP_vshmjqU.2075930167.tmp
- /data/data/####/S9U2FLxWNdqdvISzQu3ALKjGgIs.-1401256991.tmp
- /data/data/####/SGMANAGER_DATA2.tmp
- /data/data/####/TExm-1Bi0G7eCn6UGEzxFFJnFyY.102052399.tmp
- /data/data/####/UTCommon.xml
- /data/data/####/V8t6d-2xnQeU7S5B1uOVn_BXP4E.1315621942.tmp
- /data/data/####/VfQzJsy8T5K92Q9C8vLLA2Xtcd8.-220705052.tmp
- /data/data/####/WrXoRl-91lk_RDY8eM6lq6S1arI.-1959201312.tmp
- /data/data/####/XMPushServiceConfig.xml
- /data/data/####/YlUF_xQ_oALzrn6MCp7wtPcJnCE.619481289.tmp
- /data/data/####/YzdlvzSx5Nle0wwxymKJ6k11VBY.1720653901.tmp
- /data/data/####/Z75tGJP059D-mHlfXPiLhkJDq0w.1088046069.tmp
- /data/data/####/_PLqFW7Dhl1BdiU5_kq_SMbWFDQ.-1043660475.tmp
- /data/data/####/aliTradeConfigSP.xml
- /data/data/####/ap.Lock
- /data/data/####/auth_sdk_device.xml
- /data/data/####/bQ0ARa749YBpzCYppvAJvgrcrN4.1730786827.tmp
- /data/data/####/bugly_db_legu
- /data/data/####/bugly_db_legu-journal
- /data/data/####/cSSNBpeYhz3d-7fmhIFxn5iLwg0.1279163365.tmp
- /data/data/####/cTRoApB_Ylu0tKIDICa5DghMJIw.-1004353283.tmp
- /data/data/####/com.tuan800.tao800.userCenter.xml
- /data/data/####/com.tuan800.tao800;pushservice
- /data/data/####/com.tuan800.tao800SWITCH_SP.xml
- /data/data/####/com.tuan800.tao800_homeheader.xml
- /data/data/####/com.tuan800.tao800_jump_to_h5_url.xml
- /data/data/####/com.tuan800.tao800_npi.xml
- /data/data/####/com.tuan800.tao800_order.xml
- /data/data/####/com.tuan800.tao800_preferences.xml
- /data/data/####/com.tuan800.tao800_sign.xml
- /data/data/####/com.tuan800.tao800_taoheader.xml
- /data/data/####/com.tuan800.tao800_user_center.xml
- /data/data/####/com.tuan800.tao800collected_brand.xml
- /data/data/####/com.tuan800.tao800static_file_click_model.xml
- /data/data/####/com.tuan800.tao800static_file_exp.xml
- /data/data/####/com.tuan800.tao800static_file_mobilelog.xml
- /data/data/####/com.tuan800.tao800static_file_model.xml
- /data/data/####/com.tuan800.tao800static_file_outclick.xml
- /data/data/####/com.tuan800.tao800static_file_page.xml
- /data/data/####/com.tuan800.tao800static_file_pageclick.xml
- /data/data/####/com.tuan800.tao800static_file_setkey_value.xml
- /data/data/####/com.tuan800.tao800static_file_share.xml
- /data/data/####/com.tuan800.tao800static_file_static.xml
- /data/data/####/device_id.xml
- /data/data/####/dsmiYQbRbNh3PYHKb1m5RdzdZao.-616500260.tmp
- /data/data/####/dso_deps
- /data/data/####/dso_lock
- /data/data/####/dso_manifest
- /data/data/####/dso_state
- /data/data/####/dynamicamapfile.db
- /data/data/####/dynamicamapfile.db-journal
- /data/data/####/eSYAvmYgI0CCPxzUFdcxtgjiqO4.1157521279.tmp
- /data/data/####/event_com.tuan800.tao800.log
- /data/data/####/g4uIavnFhXYWVjUp5UMGIepgL8g.1840530176.tmp
- /data/data/####/geofencing.db
- /data/data/####/geofencing.db-journal
- /data/data/####/h8snu7xz9WnxLBH2Q5wuZ3hiazA.-956717855.tmp
- /data/data/####/hWuJQCLXb_H_I3C654bDvJM5xwo.-828230574.tmp
- /data/data/####/hmdb
- /data/data/####/hmdb-journal
- /data/data/####/kKNkd5tJFoexeKveFAHa_xkl-7Q.-205460991.tmp
- /data/data/####/ki3UCvR77R9pTPenwycERFEBQ6w.512525483.tmp
- /data/data/####/ks6RbqmvdcjmKBHEKpvtdf_d-7I.996193733.tmp
- /data/data/####/libnfix.so
- /data/data/####/libsgmainso-5.1.81.so.tmp
- /data/data/####/libsgsecuritybodyso-5.1.25.so.tmp
- /data/data/####/libshella-2.9.1.1.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/lock.lock
- /data/data/####/lock.tmp
- /data/data/####/loctemp.so
- /data/data/####/m3vL8c-BuNjR8SALwI3gx43JmBw.-1491836027.tmp
- /data/data/####/matosdk_preference.xml
- /data/data/####/mipush.xml
- /data/data/####/mipush.xml (deleted)
- /data/data/####/mipush_account.xml
- /data/data/####/mipush_extra.xml
- /data/data/####/mipush_region
- /data/data/####/mipush_region.lock
- /data/data/####/mix.dex
- /data/data/####/mix.so
- /data/data/####/multidex.version.xml
- /data/data/####/nL1MgUzEM2RM-LnCMtd-NuRW-t4.-837219673.tmp
- /data/data/####/native_record_lock
- /data/data/####/pQuwvQJxyD4b4Ev4aTJWCzvaauQ.1477341232.tmp
- /data/data/####/pZ6Vr365Wrprpy4C4YsdqGrRhC0.-743088825.tmp
- /data/data/####/ppa4JT3jZB1eZ52dd4E9tw7ziLA.-187555290.tmp
- /data/data/####/pref.xml
- /data/data/####/q79PYNBPJjQb8lxgLihsnA4Jmq8.-572262667.tmp
- /data/data/####/rDYuIjsaTPsvWXe7whC-DGu5eII.-967896762.tmp
- /data/data/####/rxrtG9ZSkfI-awFK0_JxE9v_ndA.-1896909976.tmp
- /data/data/####/sXDGJxnMdxJ_Z-wzjB4eWs79M8c.-1309872697.tmp
- /data/data/####/security_info
- /data/data/####/sp.lock
- /data/data/####/sp_sophix.xml
- /data/data/####/tG_iJt-0jtxrZWa6HQxDD9ug15k.-1418122761.tmp
- /data/data/####/tao800.db-journal
- /data/data/####/timestamp
- /data/data/####/tiny_data.data
- /data/data/####/tiny_data.lock
- /data/data/####/tpush.shareprefs.xml
- /data/data/####/uAHbPhKilg8zK3FE2tWwkKvbJOo.1485565898.tmp
- /data/data/####/ut.db
- /data/data/####/ut.db-journal
- /data/data/####/uzojjomrabCdqsKS0Hg1SY8klSQ.1993193801.tmp
- /data/data/####/vjYxSQN-FqwxhxLDS4t57X6mBBk.-1030091412.tmp
- /data/data/####/vv1LVERvcfNhVbyKnGYFfqdWfqo.-2031938062.tmp
- /data/data/####/wT2JihHUNZYfIbSALJI5A-XywJM.741147106.tmp
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/wspx
- /data/data/####/x9LmkU7nKtmddE5SVLF1kt5m3ec.-1528067900.tmp
- /data/data/####/xjJhFXwgGnmdg6d77niWC833W8I.-1490838853.tmp
- /data/data/####/yLW3CqMWQmEfAM9K_flqUtsXUak.1768632856.tmp
- /data/data/####/zHTOOH9kmfHg2GdUeAsorGiMSOw.633044629.tmp
- /data/data/####/zed-t_AqblIV5tdy-XzXC1L9rjA.-1462687640.tmp
- /data/media/####/.nomedia
- /data/media/####/1jr65m4qb6xv4redv1bmluj2c
- /data/media/####/1t6n8aaxesr0s494jniu1s8oi
- /data/media/####/1x4v67b3y2gs4501m0yawk0ul
- /data/media/####/42b3goe37jr22dz5cnjxlphhg
- /data/media/####/44sue9aleeoulk4i4uwm3rg3z
- /data/media/####/5gzmjcoqdnedwc3o1pyax1dky
- /data/media/####/636nz9dcje0zuytvdq16puq2n
- /data/media/####/6c709c11d2d46a7b
- /data/media/####/6rdvkzlpmeyl0zxyn39n8je0o
- /data/media/####/7i0ltkqanvjja7tqtrhbycndy
- /data/media/####/9e8a1b1049b4ad4f835cdd423a461b0a
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/d6bzkjyt771vpmlpeoh94xk6
- /data/media/####/dd7893586a493dc3
- /data/media/####/hid.dat
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.9.1.1.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
- sh <Package Folder>/lib/libxguardian.so <Package>,2100252513; 55656 203.205.128.130 [{ idx :0, ts :%d, et :2000, si :0, ui : <IMEI> , ky : Axg%lu , mid : 0 , ev :{ ov : 18 , sr : 600*752 , md : <System Property> , lg : en , sv : 3.12 , mf : unknown , apn : %s }}] 0 18
Загружает динамические библиотеки:
- Bugly
- com.maa
- libgifimage
- libimagepipeline
- libnfix
- libshella-2.9.1.1
- libufix
- nfix
- pl_droidsonroids_gif
- sgmainso-5.1
- sgsecuritybodyso-5.1
- sqlcipher
- tpnsSecurity
- ufix
- ut_c_api
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CFB8-NoPadding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1PADDING
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-GCM-NoPadding
- DES-ECB-PKCS5Padding
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию о настроках APN.
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Управляет Wi-Fi-подключением.
