Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.RemoteCode.88.origin
- Android.Xiny.116.origin
- Android.Xiny.197
- Android.Xiny.244.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.s####.1####.com:18088
- TCP(HTTP/1.1) 2####.177.13.68:8288
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) d####.9####.com:7080
- TCP(HTTP/1.1) api.s####.1####.com:8088
- TCP(HTTP/1.1) wild####.9appsin####.com.####.net:80
- TCP(HTTP/1.1) www.zfr####.com:80
- TCP(HTTP/1.1) po####.9####.com:80
- TCP(HTTP/1.1) o####.d####.9####.com:80
- TCP(HTTP/1.1) ak2.cdn.9appsdo####.####.net:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) msg.api.9####.com:80
- TCP(HTTP/1.1) www.cu####.com:80
- TCP(HTTP/1.1) p####.u####.com:80
- TCP(HTTP/1.1) www.admobim####.com:80
- TCP(TLS/1.0) 1####.168.103.254:38802
- TCP(TLS/1.0) ot7.wagbr####.non####.####.com:443
- TCP(TLS/1.0) 1####.168.103.254:42919
- TCP(TLS/1.0) 1####.179.9.96:44353
- TCP(TLS/1.0) 1####.168.103.254:39035
- TCP(TLS/1.0) po####.9####.com:443
- TCP(TLS/1.0) 1####.168.103.254:41990
- TCP(TLS/1.0) 1####.168.103.254:40760
- TCP(TLS/1.0) 1####.217.17.78:443
- TCP(TLS/1.0) 1####.168.103.254:40243
- TCP(TLS/1.0) 1####.168.103.254:33419
- TCP(TLS/1.0) api.s####.1####.com:11218
- TCP(TLS/1.0) 1####.168.103.254:37180
- TCP(TLS/1.0) 1####.168.103.254:33123
Запросы DNS:
- a####.u####.com
- ak2.cdn.9appsdo####.com
- api.9####.com
- d####.9####.com
- ea.sno####.1####.com
- en.sno####.1####.com
- g####.u####.com
- hl####.down####.9appsin####.com
- lo####.9####.com
- msg.api.9####.com
- o####.d####.9####.com
- oc.u####.com
- p####.u####.com
- po####.9####.com
- s####.9####.com
- us.y####.al####.com
- www.admobim####.com
- www.cu####.com
- www.mmmmmm####.com
- www.n####.com
- www.zfr####.com
Запросы HTTP GET:
- ak2.cdn.9appsdo####.####.net/group1/M02/A9/28/pYYBAFiAJoWAcgtPAABRUYwleN...
- ak2.cdn.9appsdo####.####.net/group4/M01/F1/70/ghoGAFw1xuqAGmrNAAF4kJAfQK...
- ak2.cdn.9appsdo####.####.net/group4/M02/4C/AA/gRoGAFxHIKqAHu3_AAE7IKwTJH...
- d####.9####.com:7080/group1/M02/A9/28/pYYBAFiAJoWAcgtPAABRUYwleNE270.gif
- d####.9####.com:7080/group4/M01/F1/70/ghoGAFw1xuqAGmrNAAF4kJAfQKE905.png
- d####.9####.com:7080/group4/M02/4C/AA/gRoGAFxHIKqAHu3_AAE7IKwTJH4270.jpg
- msg.api.9####.com/app.bizAlsoLike?sid=####&app=####&packageName=####&bet...
- msg.api.9####.com/app.editRecommend?app=####&packageName=####&versionCod...
- msg.api.9####.com/app.mustHaveColumns?app=####&versionCode=####&versionN...
- msg.api.9####.com/app.personalRecommend?app=####&packageName=####&versio...
- msg.api.9####.com/app/keywordWithTag?app=####&versionCode=####&versionNa...
- msg.api.9####.com/client/check/task?app=####&versionCode=####&versionNam...
- msg.api.9####.com/config.get?app=####&keys=####&versionCode=####&version...
- msg.api.9####.com/config?app=####&versionCode=####&versionName=####&um_c...
- msg.api.9####.com/get/msg?app=####&updateTime=####&versionCode=####&vers...
- msg.api.9####.com/get/msg?app=####&versionCode=####&versionName=####&um_...
- msg.api.9####.com/installer/whitelist?app=####&versionCode=####&versionN...
- msg.api.9####.com/messageUser?app=####&versionCode=####&versioncode=####...
- msg.api.9####.com/price.comprasionSwitch?app=####&versionCode=####&versi...
- msg.api.9####.com/resourceBundle.getResource?app=####&versionCode=####&v...
- msg.api.9####.com/selfTrigger.getMsg?app=####&versionCode=####&versionNa...
- msg.api.9####.com/user/property?app=####&versionCode=####&versionName=##...
- msg.api.9####.com/v3/app/com.uc.vmate.json?sid=####&app=####&versionCode...
- msg.api.9####.com/v3/check-for-update.json?app=####&packageName=####&ver...
- msg.api.9####.com/v3/page/template?sid=####&app=####&versionCode=####&ve...
- o####.d####.9####.com/upload/9appsshare_musthave/2017/11/1/19/3527ceb5-1...
- o####.d####.9####.com/upload/9appsshare_musthave/2017/11/1/19/62d7ee3a-6...
- p####.u####.com/down/u1/ttvy9twuxytzxwttzvtuwtttttttuttuttttvvze/c64d89a...
- po####.9####.com/9apps/share?appSize=####&packageName=####&versionCode=#...
- po####.9####.com/config?app=####&versionCode=####&versionName=####&ver=#...
- po####.9####.com/get/msg?app=####&updateTime=####&versionCode=####&versi...
- po####.9####.com/messageUser?app=####®istrationId=####®Only=####&v...
- wild####.9appsin####.com.####.net/9apps/rs/2017/28bb1dfdcb6ea349e5d7696f...
- wild####.9appsin####.com.####.net/9apps/rs/2017/3d98e84657c67f5019a41473...
- wild####.9appsin####.com.####.net/9apps/rs/2017/44a6ba2e7593290e98b3b96b...
- wild####.9appsin####.com.####.net/9apps/rs/2017/6199c7a9d91a5a758e251dab...
- wild####.9appsin####.com.####.net/9apps/rs/2017/6c4d5d2b93102020cfaf653f...
- wild####.9appsin####.com.####.net/9apps/rs/2017/7d0a8a810a2e1c9016ebca44...
- wild####.9appsin####.com.####.net/9apps/rs/2017/887517837d4716c30704fa7b...
- wild####.9appsin####.com.####.net/9apps/rs/2017/8e4ac78852a9e9b5ec2aedf8...
- wild####.9appsin####.com.####.net/9apps/rs/2017/95313e4f9933eb21a00c8158...
- wild####.9appsin####.com.####.net/9apps/rs/2017/9588e9eb46bf05d48935f57a...
- wild####.9appsin####.com.####.net/9apps/rs/2017/99fb70ca767d3dd62f4c79d9...
- wild####.9appsin####.com.####.net/9apps/rs/2017/b70d14ad25b6a769cdd54d31...
- wild####.9appsin####.com.####.net/9apps/rs/2017/dd4240da919681c01c082952...
- wild####.9appsin####.com.####.net/9apps/rs/2017/f848b90917486a3749a2b682...
- wild####.9appsin####.com.####.net/9apps/rs/2017/fdd0c9a0c0af7e7a2b296792...
- wild####.9appsin####.com.####.net/9apps/rs/2018/00da79bd2bbe00e4fa4c66cd...
- wild####.9appsin####.com.####.net/9apps/rs/2018/07812c43cb29a1119e4d8cd6...
- wild####.9appsin####.com.####.net/9apps/rs/2018/0bb1113cc144e89b3d53c648...
- wild####.9appsin####.com.####.net/9apps/rs/2018/0bc04a07058de9dc07007603...
- wild####.9appsin####.com.####.net/9apps/rs/2018/126312a22e55b83667d8d3d4...
- wild####.9appsin####.com.####.net/9apps/rs/2018/137646dc31591a83b7bc9659...
- wild####.9appsin####.com.####.net/9apps/rs/2018/13d075f307e5ad70dd7a7cd2...
- wild####.9appsin####.com.####.net/9apps/rs/2018/21d28cfb298dd1a83df585b1...
- wild####.9appsin####.com.####.net/9apps/rs/2018/2b9b935694472938f5ddb934...
- wild####.9appsin####.com.####.net/9apps/rs/2018/2cc529fc763cd967433a0020...
- wild####.9appsin####.com.####.net/9apps/rs/2018/3456aabe168a4a95f44f222e...
- wild####.9appsin####.com.####.net/9apps/rs/2018/3471b8fa97df89d02060b296...
- wild####.9appsin####.com.####.net/9apps/rs/2018/37c130ae827a6eb418f888ad...
- wild####.9appsin####.com.####.net/9apps/rs/2018/3f552dfb9fbd5adc75921eae...
- wild####.9appsin####.com.####.net/9apps/rs/2018/414864f69f39eec886c12d6a...
- wild####.9appsin####.com.####.net/9apps/rs/2018/42d030745a5a1bcca03a8737...
- wild####.9appsin####.com.####.net/9apps/rs/2018/54707fca96d84e4dace49d6f...
- wild####.9appsin####.com.####.net/9apps/rs/2018/588c47ffdadb6c93cf9775a3...
- wild####.9appsin####.com.####.net/9apps/rs/2018/60f89a938de340df152b8ce6...
- wild####.9appsin####.com.####.net/9apps/rs/2018/65fc66832e8a6d9f42d5e991...
- wild####.9appsin####.com.####.net/9apps/rs/2018/6fd241ad2f57f0d0c1684c0a...
- wild####.9appsin####.com.####.net/9apps/rs/2018/70c5986d4c681213baad0dfc...
- wild####.9appsin####.com.####.net/9apps/rs/2018/7d65e6ff8765d620247ed449...
- wild####.9appsin####.com.####.net/9apps/rs/2018/7e1d3954a61814d6964d6859...
- wild####.9appsin####.com.####.net/9apps/rs/2018/7ecd049d8e2ed7ab74472e0b...
- wild####.9appsin####.com.####.net/9apps/rs/2018/8ca94810c740b5cfc74bc059...
- wild####.9appsin####.com.####.net/9apps/rs/2018/8fb930a6bc8ba44e6cafc402...
- wild####.9appsin####.com.####.net/9apps/rs/2018/927468c51080526dff52a596...
- wild####.9appsin####.com.####.net/9apps/rs/2018/9304a8a7643714f092561247...
- wild####.9appsin####.com.####.net/9apps/rs/2018/94a776d49adfc881a904ff72...
- wild####.9appsin####.com.####.net/9apps/rs/2018/a0761165a0f54da0b3528e0b...
- wild####.9appsin####.com.####.net/9apps/rs/2018/aa6d39c01a0c13696a543cf8...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ade2e6ad075ec05b4b81a577...
- wild####.9appsin####.com.####.net/9apps/rs/2018/beafff47ceb4681287b36ddf...
- wild####.9appsin####.com.####.net/9apps/rs/2018/c0d67ba22c37a8d448477f50...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ce2fb5862398ce3ef75f6838...
- wild####.9appsin####.com.####.net/9apps/rs/2018/d14acf8d5e6b9cdec22a13b8...
- wild####.9appsin####.com.####.net/9apps/rs/2018/d4030b2030691c6c3128b770...
- wild####.9appsin####.com.####.net/9apps/rs/2018/d4847f81d89ebc36dabda8f7...
- wild####.9appsin####.com.####.net/9apps/rs/2018/d66d5f38699d6f6060e3eca7...
- wild####.9appsin####.com.####.net/9apps/rs/2018/daee3842a394e8d940142bf1...
- wild####.9appsin####.com.####.net/9apps/rs/2018/db6421ad9086fffd08a2fc0e...
- wild####.9appsin####.com.####.net/9apps/rs/2018/dd96b82f2249304bb58edb05...
- wild####.9appsin####.com.####.net/9apps/rs/2018/df4d3d652fc5e1fca012c272...
- wild####.9appsin####.com.####.net/9apps/rs/2018/e47825d7428c3cacf615daf6...
- wild####.9appsin####.com.####.net/9apps/rs/2018/e77e3921a83f764f8770d53c...
- wild####.9appsin####.com.####.net/9apps/rs/2018/ec57865f23682d0ce0d8c249...
- wild####.9appsin####.com.####.net/9apps/rs/2018/f09364abfb2f8ff1f8afdab9...
- wild####.9appsin####.com.####.net/9apps/rs/2018/f1cfb32a7b631f3618a4fd72...
- wild####.9appsin####.com.####.net/9apps/rs/2018/f5e83bc16cbba21318de1bed...
- wild####.9appsin####.com.####.net/9apps/rs/2019/0a540a0f9687d860574f9086...
- wild####.9appsin####.com.####.net/9apps/rs/2019/0c5868e3e2cd8d26e59d50e3...
- wild####.9appsin####.com.####.net/9apps/rs/2019/1a14f2832d6e4bcf15fb9b44...
- wild####.9appsin####.com.####.net/9apps/rs/2019/1bcb94d1479b288e5e059bad...
- wild####.9appsin####.com.####.net/9apps/rs/2019/27256c4a735bcbd058d81a67...
- wild####.9appsin####.com.####.net/9apps/rs/2019/2d24c50885543ded29bbb4b5...
- wild####.9appsin####.com.####.net/9apps/rs/2019/4b947611b930dacd7d9aef37...
- wild####.9appsin####.com.####.net/9apps/rs/2019/506cba82b5a0316ea7618a20...
- wild####.9appsin####.com.####.net/9apps/rs/2019/5328567ed1921ce29c16ec0f...
- wild####.9appsin####.com.####.net/9apps/rs/2019/833b0b7ff23cfdf5016373c9...
- wild####.9appsin####.com.####.net/9apps/rs/2019/b075b0d6b03523fdace241b7...
- wild####.9appsin####.com.####.net/9apps/rs/2019/b9d11aa8e1558f975b7c0d8c...
- wild####.9appsin####.com.####.net/9apps/rs/2019/ba1ca33f550f514099ac3069...
- wild####.9appsin####.com.####.net/9apps/rs/2019/be4428cb81a6cd7bd0cac3c9...
- wild####.9appsin####.com.####.net/9apps/rs/2019/dca2d60ed9e978e5dac74ae8...
- wild####.9appsin####.com.####.net/9apps/rs/2019/f54cb3ba5c5bec05427a9232...
- wild####.9appsin####.com.####.net/9apps/rs/2019/f83109870cd04ccf984375f8...
- wild####.9appsin####.com.####.net/9apps/rs/2019/fbafca09e4299049f96a190f...
- wild####.9appsin####.com.####.net/files/components/libcrash_x86_1.5.0.0/...
- www.cu####.com/20180530155843.BdJar521Dex_05301557.zip
Запросы HTTP POST:
- a####.u####.com/app_logs
- api.s####.1####.com:18088/ping
- api.s####.1####.com:18088/sdk/api/checklib
- api.s####.1####.com:18088/sdk/api/regclient
- api.s####.1####.com:8088/sdk/api/log/record
- msg.api.9####.com/checkPublishStatus?app=####&gzip=####&versionCode=####...
- msg.api.9####.com/user/check-increment-update.json?app=####&gzip=####&ve...
- oc.u####.com/check_config_update
- p####.u####.com/upgrade/index.xhtml?from=####
- www.admobim####.com/surl/api2_reg.action
- www.zfr####.com/up.do
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-14151222
- /data/data/####/.imprint
- /data/data/####/0a231bd8575dcf72.txt
- /data/data/####/0d781e3ac1e8cf2fc4b8f3d16376f1ef.0.tmp
- /data/data/####/0d781e3ac1e8cf2fc4b8f3d16376f1ef.1.tmp
- /data/data/####/12hqtegf_1548235622733002275.wa
- /data/data/####/12hqtegf_1548235673774002275.wa
- /data/data/####/13irufhg_1548235673921002275.wa
- /data/data/####/14jsvgih_1548235629648002275.wa
- /data/data/####/1548235632478
- /data/data/####/1548235640843.wa
- /data/data/####/1548235643374
- /data/data/####/1548235653480
- /data/data/####/1548235663499
- /data/data/####/1548235673315
- /data/data/####/1548235673519
- /data/data/####/1548235683351
- /data/data/####/1548235683633
- /data/data/####/16luxikj_1548235631823002275.wa
- /data/data/####/18nwzkml_1548235654728002275.wa
- /data/data/####/19ox0lnm_1548235667297002275.wa
- /data/data/####/1abf3a165a159c350d71536e2a88e14a.0.tmp
- /data/data/####/1abf3a165a159c350d71536e2a88e14a.1.tmp
- /data/data/####/1d18a99f91257a8b5a6fdc6d92c9bf62.0.tmp
- /data/data/####/1d18a99f91257a8b5a6fdc6d92c9bf62.1.tmp
- /data/data/####/1df3d38199da8ebec3add7107c337938.0.tmp
- /data/data/####/1df3d38199da8ebec3add7107c337938.1.tmp
- /data/data/####/2131b43f873840d331e885fc47d4b704.0.tmp
- /data/data/####/2131b43f873840d331e885fc47d4b704.1.tmp
- /data/data/####/21504506684fb1bf84507ec642656ba1.0.tmp
- /data/data/####/21504506684fb1bf84507ec642656ba1.1.tmp
- /data/data/####/2469972b43338984b2e26f0a2c6c3458.0.tmp
- /data/data/####/2469972b43338984b2e26f0a2c6c3458.1.tmp
- /data/data/####/2ae906b59787012d542a7787a9e62e9f.0.tmp
- /data/data/####/2ae906b59787012d542a7787a9e62e9f.1.tmp
- /data/data/####/2fdc35fb98dd6448077c1db223194c0f.0.tmp
- /data/data/####/2fdc35fb98dd6448077c1db223194c0f.1.tmp
- /data/data/####/3710d74b68e6af8cade5ec187cc0f996dabc7e3c.xml
- /data/data/####/3918d539f994cb5064f0ca6c3d319940.0.tmp
- /data/data/####/3918d539f994cb5064f0ca6c3d319940.1.tmp
- /data/data/####/41tztufn_1548235622732002275.wa
- /data/data/####/41tztufn_1548235673773002275.wa
- /data/data/####/43v1vwhp_1548235629647002275.wa
- /data/data/####/45x3xyjr_1548235631822002275.wa
- /data/data/####/479dc93d59cf8a8e8b55103c7840892d.0.tmp
- /data/data/####/479dc93d59cf8a8e8b55103c7840892d.1.tmp
- /data/data/####/47z5z0lt_1548235654727002275.wa
- /data/data/####/4e0a4ce1dba230848b23bafea13215b1.0.tmp
- /data/data/####/4e0a4ce1dba230848b23bafea13215b1.1.tmp
- /data/data/####/6442f43a39e6f1ad391903e77fc7d275.0.tmp
- /data/data/####/6442f43a39e6f1ad391903e77fc7d275.1.tmp
- /data/data/####/6e35811413b9eeffa19133d1a773c5c9.0.tmp
- /data/data/####/6e35811413b9eeffa19133d1a773c5c9.1.tmp
- /data/data/####/77638fe718014157dc44f7e20a259ed6
- /data/data/####/81ed1c1a595cff6d4e5300d1ca7ccf93.0.tmp
- /data/data/####/81ed1c1a595cff6d4e5300d1ca7ccf93.1.tmp
- /data/data/####/84fb2956f27022bf759b2bdde4c36742.0.tmp
- /data/data/####/84fb2956f27022bf759b2bdde4c36742.1.tmp
- /data/data/####/89072d8598f3d1d87bb8d86197e07ba4.0.tmp
- /data/data/####/89072d8598f3d1d87bb8d86197e07ba4.1.tmp
- /data/data/####/8ded24224e9e7afbbf30ba02f658ab73.0.tmp
- /data/data/####/8ded24224e9e7afbbf30ba02f658ab73.1.tmp
- /data/data/####/936d40be57839d622c1fbe69714c7b7b.0.tmp
- /data/data/####/936d40be57839d622c1fbe69714c7b7b.1.tmp
- /data/data/####/9a5fc2c109b6190b53f0b28a8ce27cc5.0.tmp
- /data/data/####/9a5fc2c109b6190b53f0b28a8ce27cc5.1.tmp
- /data/data/####/9apps.db-journal
- /data/data/####/9apps.xml
- /data/data/####/9apps.xml.bak (deleted)
- /data/data/####/ActivatePreUtil.xml
- /data/data/####/Alvin2.xml
- /data/data/####/ContextData.xml
- /data/data/####/HasStarted
- /data/data/####/LoginPreUtil.xml
- /data/data/####/PPAIDNI0ELIBOM0MOC.bb
- /data/data/####/PPAIDNI0ELIBOM0MOC.ff
- /data/data/####/REKROW1PPAIDNI0ELIBOM0MOC.bb
- /data/data/####/SGMANAGER_DATA2.tmp
- /data/data/####/SYSTEM_CACHE.xml
- /data/data/####/WaValue.db-journal
- /data/data/####/ari.xml
- /data/data/####/b68c738742c29efcc1da457ce64d15ef
- /data/data/####/b81460afa93e202912026f01b8509996.0.tmp
- /data/data/####/b81460afa93e202912026f01b8509996.1.tmp
- /data/data/####/c6224c30d2237c4d14a6db7eff0ff575.0.tmp
- /data/data/####/c6224c30d2237c4d14a6db7eff0ff575.1.tmp
- /data/data/####/check_publish_status.xml
- /data/data/####/cn_rs.xml
- /data/data/####/com.google.android.gms.appid-no-backup
- /data/data/####/com.google.android.gms.appid.xml
- /data/data/####/com.mobile.indiapp_preferences.xml
- /data/data/####/d.zip
- /data/data/####/d0d167e98bb684af2ad2db2fbebd32ab.0.tmp
- /data/data/####/d0d167e98bb684af2ad2db2fbebd32ab.1.tmp
- /data/data/####/d6cb72796725dfba61e281e3e761ece2.0.tmp
- /data/data/####/d6cb72796725dfba61e281e3e761ece2.1.tmp
- /data/data/####/daemon
- /data/data/####/db_snowfox.db
- /data/data/####/db_snowfox.db-journal
- /data/data/####/dc74445b12694c5c94
- /data/data/####/device_info.xml
- /data/data/####/downloader-journal
- /data/data/####/dtemp.apk
- /data/data/####/eb46100ce27a22cbc319f64410f270bf.0.tmp
- /data/data/####/eb46100ce27a22cbc319f64410f270bf.1.tmp
- /data/data/####/f0cd47e3e094502b517bad2052cc272e.0.tmp
- /data/data/####/f0cd47e3e094502b517bad2052cc272e.1.tmp
- /data/data/####/f40cd568057278248a47d87960e8605d
- /data/data/####/f4acd030da61bd739ac44e37218b4567f7dd880f.xml
- /data/data/####/ff3d8289370be6c27adfcd397cfd1389.0.tmp
- /data/data/####/ff3d8289370be6c27adfcd397cfd1389.1.tmp
- /data/data/####/ffc1d42b1ca5e3db2657d00b91997f6a.xml
- /data/data/####/fiwmw
- /data/data/####/home_app_data_nz.json
- /data/data/####/hunter_config.xml
- /data/data/####/install_list_key.xml
- /data/data/####/isupdate.xml
- /data/data/####/journal.tmp
- /data/data/####/lib_v19n.dat
- /data/data/####/libsgmainso-5.3.7011.so.tmp
- /data/data/####/lock.lock
- /data/data/####/m_cfg.xml
- /data/data/####/mesosphere_v19n.jar
- /data/data/####/message-journal
- /data/data/####/mobclick_agent_cached_com.mobile.indiapp126
- /data/data/####/mobclick_agent_online_setting_com.mobile.indiapp.xml
- /data/data/####/my.db
- /data/data/####/my.db-journal
- /data/data/####/nsa.db-journal
- /data/data/####/ob1.zip
- /data/data/####/other_config.xml
- /data/data/####/pgbwaa
- /data/data/####/s_sdk_pro_pref.xml
- /data/data/####/service_config.xml
- /data/data/####/service_config.xml.bak
- /data/data/####/snowfox_v19n.jar
- /data/data/####/snowfoxad_msg.db
- /data/data/####/snowfoxad_msg.db-journal
- /data/data/####/snowfoxprf.xml
- /data/data/####/sp.lock
- /data/data/####/sp_cache.xml
- /data/data/####/sp_click_cf.xml
- /data/data/####/sp_config.xml
- /data/data/####/t_ini.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/unique
- /data/data/####/upgrade_config.xml
- /data/data/####/webview.db-journal
- /data/data/####/worker_preferences.xml
- /data/media/####/.nomedia
- /data/media/####/.snowfoxmsgshow_ad_blacklist.txt
- /data/media/####/003ad8f01ef2d14dda987ba4eed9a22bc68e4b72db653a....0.tmp
- /data/media/####/00863fbb09ba4981aab1707b9331222373217a70ae73e7....0.tmp
- /data/media/####/0248329c1559a97b3a1a575bfabc3e829752cf1436dc5e....0.png
- /data/media/####/0248329c1559a97b3a1a575bfabc3e829752cf1436dc5e....0.tmp
- /data/media/####/0aac6e79921f14b332e7b5022c9365be9efe050f3b85ff....0.tmp
- /data/media/####/0b659b68c237d9b22a9468cdd71743cf58c47fb81ff1ef....0.tmp
- /data/media/####/0b8692201dac37b8f57c5ca13cae71c34bcac9a0a6c2d5....0.tmp
- /data/media/####/0d6d999c2554f5ad6ff3c665bc23e9c4fe7be0ecf8b5d5....0.tmp
- /data/media/####/0d9c536f6aaf070a69ac7a83eeab1674b27e55b90d65fe....0.tmp
- /data/media/####/0f6fd974404d76d6e419114d0af4a43939f40e2376a39a....0.tmp
- /data/media/####/13b749917479035a2a008d309f2402c879a871e4547f67....0.tmp
- /data/media/####/13e48dbef957288d438b5bf918f32385d7d3f1bde78fa5....0.tmp
- /data/media/####/1503bf762c6d17f1d51289bdf94e4bdcf48e8c329a8cb5....0.tmp
- /data/media/####/1b9796cec8412327dfbd20aea3dcafd3e60dd4cfc1ae35....0.tmp
- /data/media/####/1bd612370f2052ea7922930dac8d8e64260963870101a3....0.tmp
- /data/media/####/1ce5ef4185b427ac8453017dd7dad34b4b833d04ff38d9....0.tmp
- /data/media/####/1ff7f36cc06a6980c0e8ebd4d8610b955379a6802224e4....0.tmp
- /data/media/####/25704110b648552b3dc0fcd6c3cdeed37f8388d6f0d13e....0.tmp
- /data/media/####/2679dc8059a477759b096d2d8da8760d51bb4db1bd8bfc....0.tmp
- /data/media/####/26c64d248c0693aaf21a22b7faed24823aee582db92340....0.tmp
- /data/media/####/3d858ba7c2989ebb979551f831098acdf8ab5a2c0c1a84....0.tmp
- /data/media/####/40e31726c2101568d3a107288737ae7645cb6a8b40476e....0.tmp
- /data/media/####/4152ae5ebd7f6482f43b0c7aa1d3ff272f4621483a782e....0.tmp
- /data/media/####/42b4ad05fd531ce94ef54334d2d25cb1b8beb8bf5663f8....0.tmp
- /data/media/####/42c0beeab813c0a506cde0af6672e45371077038f62ff6....0.tmp
- /data/media/####/4386ce9745d7e24842a9fbf119569f7215d6f2aaf9aa48....0.tmp
- /data/media/####/4429fe8d6e22f8dc7ce4646a6aba517bd48c5f0dde1aa3....0.tmp
- /data/media/####/4c5a15d697246d2a44820ad13409e34a12a1a209c07cdb....0.tmp
- /data/media/####/4e907627180059df8d3d439018b72bf0139d91046189ce....0.tmp
- /data/media/####/508d42637d44f8c2463a62d4dc1d78c734aeb130ff7fe4....0.tmp
- /data/media/####/5b083dda988a28ee10142239aec65bf830efc25530df83....0.tmp
- /data/media/####/5b9afb76b66c687d53e236f08cb60a51d82f38ffa1e757....0.tmp
- /data/media/####/60490e1dbb8a618c049723626716b18c897f403cc72aa1....0.tmp
- /data/media/####/61110e3cce284e5e818d3e3c83bca8fb163a8769528e9b....0.tmp
- /data/media/####/61fb09655fceb06c1d7faea9fa44fbc311150ffdbb023a....0.tmp
- /data/media/####/64d4cc736586e36729e7938a3ccaeac286a9afdd47d0e2....0.tmp
- /data/media/####/68cab73ffdd34c33577a3ac44d72c307cf984a50d4c85d....0.tmp
- /data/media/####/6ab9b3ec816e2efa1fc5ed491136b3df4442df8b46ffcb....0.tmp
- /data/media/####/6f27ffa589b567b60605298531c3722d5ffc34684abfd5....0.tmp
- /data/media/####/6fc547509d7dacadce12525a3880b002edc7c47cf8db8b....0.tmp
- /data/media/####/72427c1a5ae08d037ba4cc6319de6d74ce033c626ae0b4....0.tmp
- /data/media/####/7274df640192e9ce0a3a68d70d5a65ce1f79908e3ed868....0.tmp
- /data/media/####/738714a4cfcb573219f5b7a987c13934b61631764b1b55....0.tmp
- /data/media/####/7a091a5280e3f510614a02eb68aecb2cd25a4a8e31cb96....0.tmp
- /data/media/####/863ee60fac0efe3fadb97d253465d64d5d9fecd1d2bff2....0.tmp
- /data/media/####/8685fa838774b168e03d2344a068c8b1f32cfb5c9cf353....0.tmp
- /data/media/####/87f9b60329f42153a75378bfcbb9062d2c4245977dfb22....0.tmp
- /data/media/####/8a4a48b875aa3bdcd33d1ed048bbd73357e04ec345f7c5....0.tmp
- /data/media/####/8f520986da73b755f054da735ffaf5504ec2305c1da3e0....0.tmp
- /data/media/####/8ff12ec959827f95d9f59e773f862ffe5ffe6be7999ae1....0.tmp
- /data/media/####/95a862d6c9028c75d72496efae2ace6f1852a9369e00bf....0.tmp
- /data/media/####/9cee7914eb38b4ad1892dd7c6e13525ec01572eb728c8d....0.tmp
- /data/media/####/9faafd0ed5220517ff8a998e28711b939c767b779b91ce....0.tmp
- /data/media/####/9fb659bef310b4a0e66dd7ba5f5a57cd03df9d1582c122....0.tmp
- /data/media/####/9fb864e30126c8ddb05bc125565cbbea8cb9d1c99584a2....0.tmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/a29f6275734e86c13ef63de3edeeacfc5cef2be8b1c53c....0.tmp
- /data/media/####/a2aceb8b1bf406dcbcc26547888e3cda0332bd74e5a5d2....0.tmp
- /data/media/####/a2cfb63bac8fe631b8eaa483924ad3468b064e4d18bbe5....0.tmp
- /data/media/####/a3d6faebea100255bd9f045cf8f2050e82325bc5b4f64e....0.tmp
- /data/media/####/a7f0e46119b827e971a83c2b1f4c840d048061a0f74b14....0.tmp
- /data/media/####/aaf820ca2ecac82bb0906e52b6bfd75fad1893672b75b0....0.tmp
- /data/media/####/b0d0f3c672e4018b240107ad4bff7f20acf904be18cea3....0.tmp
- /data/media/####/b1dfd2fae72ae273320da58bb74de7626cb212249f9a1b....0.tmp
- /data/media/####/b8e2a4b52dc50dc58c11c687d56c3964045c9526fdcc18....0.tmp
- /data/media/####/bc1a27ccac8009c84bd70ff2dddd1d210709aa84ce4b43....0.tmp
- /data/media/####/bd262d8d777cb96350c3ab5e678037bb53830a41d48999....0.tmp
- /data/media/####/bd61bf78d477fff196dd39461b315344ce8640521dd880....0.tmp
- /data/media/####/bf8361fe74c810e785bd9bbc77f0e103a618ebafe694c4....0.tmp
- /data/media/####/c1512359f6a55ae5c6787b69380f1db02431b6d9a662d1....0.tmp
- /data/media/####/c47919a70a055b4088501bbc2d8218d8e49b9812bfcd36....0.tmp
- /data/media/####/c4ecc5814c83e99ec09830b5754e1935e9979b14e4feb1....0.tmp
- /data/media/####/c7ebf2a451cc474e75c65ec96d163e2350b89879d6f545....0.tmp
- /data/media/####/d1fef3897fd954726e3aa750ebe93f619ab6758d7bfd9d....0.tmp
- /data/media/####/d6d091e7b14dd971de68c8da5708394b4c7d91dbc2cb45....0.tmp
- /data/media/####/d8014af03e77f637a7b3d713e814d3056acffca175d55b....0.tmp
- /data/media/####/d801d241f8609bbcc57a5b11d4048391fc8b3707929d8f....0.tmp
- /data/media/####/dd7893586a493dc3
- /data/media/####/de02783db9901324bc38f4c4ab709a3f52df6b8b12b575....0.tmp
- /data/media/####/dev_3cd4e63c.txt
- /data/media/####/e0c626252f663aa8ae628de5efecff5bbebfecace7e0a3....0.png
- /data/media/####/e0c626252f663aa8ae628de5efecff5bbebfecace7e0a3....0.tmp
- /data/media/####/e61e2de7519c1fa6b985da9223dff74c45a774d0a25a4b....0.tmp
- /data/media/####/e760921ffcd55e5f6c06e9392ac059b893ae1e9e7d1a96....0.tmp
- /data/media/####/e8de5020deb5ec13b5e404e438e81cc15fab8f0e631e8d....0.tmp
- /data/media/####/e9dbad4ad78ee2de51c3524bde2f22e1a686622d322e9f....0.tmp
- /data/media/####/eb2ed0130fa86578edec534ecd156ad7fb176d388b1045....0.tmp
- /data/media/####/f1e79571929637246986e915959cbe0c40c1d9c71e6f35....0.tmp
- /data/media/####/f6ef1275700f6dee1d782f46b396a242b5059960f87ce7....0.tmp
- /data/media/####/f8a4578cf16566768a2606568542a09e9e9cb1f256f0ef....0.tmp
- /data/media/####/fa8d23b9bd476b54776a4d3f78b63a0d77672c94173ff7....0.tmp
- /data/media/####/fd3e0fa4a0b137022eb9c9e4b6a2a29df6df7348cbd536....0.tmp
- /data/media/####/ff1b4376007adeae71613f7e7d24b6002bc260fdeb5647....0.tmp
- /data/media/####/hid.dat
- /data/media/####/imei.txt
- /data/media/####/ins.dat
- /data/media/####/journal.tmp
- /data/media/####/libcrash_1.5.0.0.so.tmp
- /data/media/####/sp
- /data/media/####/ua.dat
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- <Package Folder>/files/dc74445b12694c5c94
- cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- chmod 777 <Package Folder>/files/daemon
- sh
Загружает динамические библиотеки:
- IncrementalUpdate
- fiwmw
- ppapkpatchso
- sgmainso-5.3
- uninstall
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- DES
- desede-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- desede-ECB-PKCS5Padding
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Проверяет наличие популярных антивирусных приложений.
