Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Adware.Gexin.2.origin
Осуществляет доступ к приватному интерфейсу ITelephony.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) qin####.com.www.####.com:80
- TCP(HTTP/1.1) l####.tbs.qq.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) xs.dom####.com:80
- TCP(HTTP/1.1) ws####.qq.com:80
- TCP(HTTP/1.1) c####.cutet####.cn:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) s1.adsc####.com:8001
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5224
Запросы DNS:
- 7j####.c####.z0.####.com
- c####.cutet####.cn
- c####.g####.ig####.com
- c####.z####.com
- c-h####.g####.com
- imgc####.qq.com
- l####.tbs.qq.com
- mi.g####.qq.com
- plb####.u####.com
- pub-####.qin####.com
- qzones####.g####.cn
- s####.e.qq.com
- s1.adsc####.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- u####.u####.com
- ws####.qq.com
- xs.dom####.com
Запросы HTTP GET:
- c####.cutet####.cn/xiaoshuo/img/0274491dd62975379cb376102a8fe35f.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/052f6cd7c66f5fc3d1dd40522dd1fa18.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/06487d1364a0dafb6f8ac902c1f38be0.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/08fc9e90463531057bfd8c012afda26c.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/0e48c58ce5a88f3383a502f1be8b2a55.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/0ec160aba60996430e21dc86470f9776.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/11af2c4c0d7bbe4c0cb5e5ea48d32502.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/122d2ee4f465e4d3fc6fcf9ecc298b57.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/138348c53554de682556d642951d8bb2.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/13ba8caee6a1d3db6536656cbd436056.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/1eba688d154da85dc87a07a5358febee.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/2247a4dcda87092ac51bf3e21e138a92.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/22e4e9a17886f1531689234701977c09.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/285228a26febc72bd1a42c8ef7eaf9ff.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/2e9c8b1f3badb3514a173e382533cdb6.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/31cea8bb25d9e49e3aa6aaa660f426ba.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/3416244fa545ce1d2694e58499c6e191.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/3b0efae32cfff53d1621b40485012600.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/3e81f420a29207ad29cb99a94bd06e6f.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/402eb37dafe7a3e3491b0ed9e43eddff.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/4494d6fc8153043cac536211589ecaf4.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/49a953bab543240f00f6fe07e9eae709.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/4d1c0163bf9b62e8bd71f2d5fd8893f0.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/4ee6e083e35913e1b728aab778eeb12c.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/537225d03d89499cb7370d5ccdb5d787.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/537c7b30a1acdcdbada7d0755cad10ec.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/57c30a300ba97a2f7dffc180ca1764d9.png
- c####.cutet####.cn/xiaoshuo/img/59b248202dd16bf9b2c63d95cb53c483.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/5f6ff4b80f1a4a7a51e56433da485ce6.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/5fb8cf66bc4a1c0ab384dfe35ee73ec8.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/6015e4bcae065655acbacfb7425c874f.png
- c####.cutet####.cn/xiaoshuo/img/610fb8044fb2b807e70d5d3397c5b04e.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/628df186e7fbeab302f5f4876c61bc2d.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/66589608e8992e255ef786f17efb822c.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/6c7d0048e71809af96c4c2eeebdfee13.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/6ef5ddaf9a5be1907ce235a5e7173f35.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/7025659ed23424cb0a6dc3c42203c267.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/7dc5bf39b84d12a9c092c893fc743c32.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/7f2dfc7b41779ba6db63601f1c77aa3e.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/7f76dd19f12eb71b1b8cb807e0b6871f.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/855fd0f16df6cb763064eb6b83770e2e.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/85c02f46d54d66dfb7d889418a5caab2.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/85cf738122d8743f923d2a8529cba040.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/893efb485f24c67b44e4176ac7c5f83d.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/8c854b26073ed5cd95841ea786bd3b2d.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/8d8b8e664f33f0d087567a4c3eff6284.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/8de385db391b1f69d831c9e9f50c161c.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/8f787d1627231de747f5720aed250367.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/9143acbd5e585d0ed6a88c8dfe79cba4.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/9565f9c0c6d7eea0d37f2998f058110d.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/95b0d282fa0e0c8a8470c714bc9631d4.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/a1464b2a808c476669e6da68795c157b.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/a300423869d6d0f8d9fad658e91444d5.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/a486dc4f260409f6a8d8ef5bea52243f.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/aa70b40df72b619ee660519eb6bdce01.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/ab4735fd6fc4571bab1c71a96ed1c341.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/b99366cb4e40fdf4cc5c07bf4e78e0fc.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/c07cd154d5161af56b0eea68a65e8802.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/c5aa206fb26a23c557ae52b5937a6145.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/c858e4703c341ce67b150d63214df5b6.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/d0eef416df8f7727c805da6c1293793d.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/d25f527c43a4d230fba4ca3cd22ce88c.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/d59abb799517f8fda47aa4fd7c796feb.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/d7c0c234d7ada2f35919d9c2b236e3ca.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/d8bce07ba1becf46c66a338e83cd14e3.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/db303ab552dca2dc6e931c4092397b11.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/db778cd396463fed05acb93de1a2522c.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/dca51c682076eda89ebb79efd4d33353.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/e16df66be29fe02458cafa4aab136576.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/e5fc9f4ef7bf89f681b246a8b88e9846.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/e9a06fc07f01fd123f8638cc6cc66b15.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/eb8fa1ff36b5021c1128d41ba3ac7976.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/eb9176b73d289956d2bce6151d12c616.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/ec7922cca267b68873a0dba07671f73f.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/ef5faf265d6ecb41c344bde8c177df87.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/f255dd8448e2251545f3f25d3fc6ff39.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/f5681201d51818760b2b145108abe961.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/f5dff9f36c5e5731d2c17c5f54b4de01.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/f677e1410f8dc53bd01624bca8cb16bd.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/f6cb410d8e7f17578842b1c47c61940b.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/f7127b5156acb2f545ab68fb16c03b2e.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/f7fd429216f3eb921a4ebf6e6d49ff7b.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/fc21491b45c1739bbf7a4864e0171964.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/ff9f2bae09fdcb039919bea9965c7d0f.jpg?x-o...
- c####.cutet####.cn/xiaoshuo/img/ffd2a0eedeb9fb3b6c0cdc8f08d1827a.jpg?x-o...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.appcache
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.html
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/banner_close_b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg03.jpg
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg07.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close03.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon....
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon_...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/gdt_logo_black...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/icon-ad.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/sdk_bg.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tc-gdt-sdk-ope...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js-release/20170821/b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js/lib/require.js
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- qin####.com.www.####.com/tdata_EDT369
- s1.adsc####.com:8001/u1/log?ts=####&odin=####&aid=####&imei=####&imsi=##...
- s1.adsc####.com:8001/u1?ts=####&odin=####&aid=####&imei=####&imsi=####&m...
- t####.c####.q####.####.com/tdata_Rnl693
- t####.c####.q####.####.com/tdata_Soq141
- t####.c####.q####.####.com/tdata_fEV688
- t####.c####.q####.####.com/tdata_ntt510
- ti####.c####.l####.####.com/config/hz-hzv3.conf
- ws####.qq.com/w.cgi?releaseversion=####&commandid=####&serverip=####&app...
- xs.dom####.com/app2/books/cate/?channel=####&version_code=####
- xs.dom####.com/app2/books/rank/?channel=####&version_code=####
- xs.dom####.com/static/h5b/assets/css/app2.css?3####
- xs.dom####.com/static/h5b/assets/images/bg_rank_num.png
- xs.dom####.com/static/h5b/assets/images/ic_author.png
- xs.dom####.com/static/h5b/assets/images/ic_dot_o.png
- xs.dom####.com/static/h5b/assets/js/app.js?3534534####
- xs.dom####.com/static/h5b/assets/js/flexible.js?42####
- xs.dom####.com/static/h5b/assets/js/jquery-1.11.1.min.js
- xs.dom####.com/static/h5b/assets/js/public.js?242####
- xs.dom####.com/static/h5b/assets/js/webview.js
- xs.dom####.com/static/swiper/swiper3.06.jquery.min.js
- xs.dom####.com/static/swiper/swiper3.06.min.css
Запросы HTTP POST:
- c-h####.g####.com/api.php?format=####&t=####
- l####.tbs.qq.com/ajax?c=####&v=####&k=####
- s####.e.qq.com/activate
- sdk.o####.p####.####.com/api.php?format=####&t=####
- xs.dom####.com/api/data/getBooksInfoList
- xs.dom####.com/api/data/getHomePage
- xs.dom####.com/api/data/getOpenId
- xs.dom####.com/api/data/getVersion
- xs.dom####.com/app2/index/webview
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/125460c2a93d4ebf51c572b0fd3c5d87728562a1483a4a0....0.tmp
- /data/data/####/226395096f9806674866f388ab1dfc1665a39b02783394b....0.tmp
- /data/data/####/35008cb1192165c70e14a9efab7c7eb486b30084ec4bbc8....0.tmp
- /data/data/####/39cd1c05837d3b8594f55ba8bc38d6a8d43fe34771d5fcf....0.tmp
- /data/data/####/3b88a5209f3abf877c7c43e85c244ca5b01e0d353433297....0.tmp
- /data/data/####/4a19252e50ec4d58a6a2aa806c3de72c6af3fbc07060b3f....0.tmp
- /data/data/####/4c57f8900f4dd6d085c8ba030d1d9adef0d2683fe485f4d....0.tmp
- /data/data/####/50a437b5f7e5f2a4c4fd76522660196b7f64dccaba1d246....0.tmp
- /data/data/####/5a2da66623835d9b7608a6ba02ddcbbe38144c5004a4e6b....0.tmp
- /data/data/####/5a5f8c8bb33f918822d5b741fe28c9eb87b8e73d4180bef....0.tmp
- /data/data/####/716a828fed15ee91a2e1a5cfe3f934e1d7abcc0802bdf46....0.tmp
- /data/data/####/7849269160e556fd938c82dd9e9fcc85a86c21190ba9f91....0.tmp
- /data/data/####/7ff5fd6ae05794b7d4240c6c5e22f519cfd6e9fca421be8....0.tmp
- /data/data/####/82b5008835523e3f02ede28ce6142251ad20307ddf63444....0.tmp
- /data/data/####/8bb7edf81c7b833d65b740f12dbf9f790fc54c86ec316a9....0.tmp
- /data/data/####/9a47c048aa8d5ec29ad3f7b42a9da7a89f5c19173f47198....0.tmp
- /data/data/####/Alvin2.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/ContextData.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/MultiDex.lock
- /data/data/####/a25f9bf1491c49d455fb8967d0e914b68e0f8f4a0afeac5....0.tmp
- /data/data/####/a346f05ea0c1e16d5c23f1b314895714ef43db8bfaca032....0.tmp
- /data/data/####/a43585a3a059ed5a814af1a6789fc502e03bd5bda34e6dc....0.tmp
- /data/data/####/a905d1b9d44aac7c2b78fb5d74f23fc0036dac92a062017....0.tmp
- /data/data/####/aef1d50b6c1e435aadab1ee02cd4b04f44c4f78c7057cf5....0.tmp
- /data/data/####/b299aceb2c78c93d2ee318a2326f74f3fa117f2946ee007....0.tmp
- /data/data/####/b6c018e6f7b8fddbcde696ebc5db2858f7c2b7aa9a0daf5....0.tmp
- /data/data/####/b91070d78e2a99810c262021cef48269168848905a077b3....0.tmp
- /data/data/####/c7efc257009a25b9e6943a955d2ddad262c0f85f4130f6b....0.tmp
- /data/data/####/cb59a62c4a2236adea94f37c0b10905333ea71e644c40bd....0.tmp
- /data/data/####/cf05aa5da0c893f90a4d00b17b223bd165e985cb6971eb6....0.tmp
- /data/data/####/core_info
- /data/data/####/d35bbe1d549967a08aa87be6dcace00ea094ac6a4ab96cf....0.tmp
- /data/data/####/d6f9c9360cc143e6f8325643874baf9c8b698a28efb6ebe....0.tmp
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTUwODU5MDc1NjEw;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTUwODU5MTE5ODI0;
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dcc0e58b50946f194b0c988b762e417b31299a5e8c78cd6....0.tmp
- /data/data/####/de503661ef15d13afb5986045aff2df2a774ee1e017f415....0.tmp
- /data/data/####/debug.conf
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/e4fa6ddd1229cb997a0611c22b9d7d205121a5aa5392b11....0.tmp
- /data/data/####/ea23c30be1c4f254ae55452724f8930bab3da7c01049c37....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f1cc361be17be6dfdf63045cd8a2fdfa3a97d2925e7b5c7....0.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/fc23d3614358d3743607ca10e1ea2355d411ecdfee817f3....0.tmp
- /data/data/####/gdaemon_20161017
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_suid
- /data/data/####/getui_sp.xml
- /data/data/####/gkt-journal
- /data/data/####/gosing_book_db-journal
- /data/data/####/gosing_data_1111.xml
- /data/data/####/gosing_news.xml
- /data/data/####/gx_sp.xml
- /data/data/####/i==1.2.0&&1.8_1550859075754_envelope.log
- /data/data/####/i==1.2.0&&1.8_1550859120031_envelope.log
- /data/data/####/index
- /data/data/####/info.xml
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/journal.tmp
- /data/data/####/libjiagu-633032245.so
- /data/data/####/multidex.version.xml
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushk.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/tbs_download_config.xml
- /data/data/####/tbscoreinstall.txt
- /data/data/####/tbslock.txt
- /data/data/####/tdata_Rnl693
- /data/data/####/tdata_Rnl693.jar
- /data/data/####/tdata_Soq141
- /data/data/####/tdata_Soq141.jar
- /data/data/####/tdata_fEV688
- /data/data/####/tdata_fEV688.jar
- /data/data/####/tdata_ntt510
- /data/data/####/tdata_ntt510.jar
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/update_lc
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/zt_shareprence.xml
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.nomedia
- /data/media/####/.umm.dat
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.lt.bc.mb.qddyd.bin
- /data/media/####/com.lt.bc.mb.qddyd.db
- /data/media/####/gkt-journal
- /data/media/####/gktper
- /data/media/####/sysid.dat
- /data/media/####/tbslog.txt
- /data/media/####/tdata_Rnl693
- /data/media/####/tdata_Soq141
- /data/media/####/tdata_fEV688
- /data/media/####/tdata_ntt510
- /data/media/####/test.log
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.gosing.ch.book.service.PushInitializeService 24665 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu-633032245.so
- getprop ro.product.cpu.abi
- ls /sys/class/thermal
- mount
Загружает динамические библиотеки:
- getuiext2
- libjiagu-633032245
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- DESede-ECB-PKCS5Padding
- RSA-ECB-NoPadding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- RSA-ECB-PKCS1Padding
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
