Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.665.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) nativ####.dftou####.com:80
- TCP(HTTP/1.1) g####.dftou####.com:80
- TCP(HTTP/1.1) up####.app.2####.com:80
- TCP(HTTP/1.1) sh####.y####.com:80
- TCP(HTTP/1.1) lian####.dftou####.com:80
- TCP(HTTP/1.1) sdknati####.dftou####.com:80
- TCP(HTTP/1.1) 05img####.eas####.com.####.com:80
- TCP(HTTP/1.1) m.tt.vip-dns####.com:80
- TCP(HTTP/1.1) 0####.s####.com:80
- TCP(HTTP/1.1) t####.dftou####.com:80
- TCP(HTTP/1.1) 04img####.eas####.com.####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) si####.jom####.com:80
- TCP(HTTP/1.1) sdk-col####.dftou####.com:80
- TCP(HTTP/1.1) sdk-pi####.dftou####.com:80
- TCP(HTTP/1.1) sh####.2####.com:80
- TCP(HTTP/1.1) sh####.2####.cn:80
- TCP(HTTP/1.1) sdk-new####.dftou####.com:80
- TCP(HTTP/1.1) 08img####.eas####.com.####.com:80
- TCP(HTTP/1.1) b####.km.com:80
- TCP(HTTP/1.1) down####.app.2####.com:80
- TCP(HTTP/1.1) sdk-ac####.dftou####.com:80
- TCP(HTTP/1.1) sdk-ser####.dftou####.com:80
- TCP(HTTP/1.1) app.50####.org:80
- TCP(HTTP/1.1) i####.sogo####.com.####.com:80
- TCP(TLS/1.0) 03img####.eas####.com.####.com:443
- TCP(TLS/1.0) wapif####.dftou####.com:443
- TCP(TLS/1.0) gl####.w.kunl####.####.com:443
- TCP(TLS/1.0) ci####.s####.com:443
- TCP(TLS/1.0) m.tt.vip-dns####.com:443
- TCP(TLS/1.0) 0####.s####.com:443
- TCP(TLS/1.0) c####.baidust####.com:443
- TCP(TLS/1.0) i####.sogo####.com.####.com:443
- TCP(TLS/1.0) wn.pos.b####.com:443
- TCP(TLS/1.0) em.b####.com:443
- TCP(TLS/1.0) g####.dftou####.com:443
- TCP(TLS/1.0) dfttde####.dftou####.com:443
- TCP(TLS/1.0) m####.eas####.com:443
- TCP(TLS/1.0) ec####.b####.com:443
- TCP(TLS/1.0) app.50####.org:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) pcunion####.s####.com:443
- TCP(TLS/1.0) 08img####.eas####.com.####.com:443
- TCP(TLS/1.0) si####.jom####.com:443
- TCP(TLS/1.0) wapac####.dftou####.com:443
- TCP(TLS/1.0) yu####.3g.qq.com:443
- TCP(TLS/1.0) repor####.dftou####.com:443
- TCP(TLS/1.0) c####.b####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) softwor####.dftou####.com:443
- TCP(TLS/1.0) mor####.dftou####.com:443
- TCP(TLS/1.0) s####.dftou####.com:443
- TCP(TLS/1.0) posi####.dftou####.com:443
- TCP(TLS/1.0) ser####.e####.s####.com:443
Запросы DNS:
- 0####.s####.com
- 00.min####.eas####.com
- 00img####.eas####.com
- 01.min####.eas####.com
- 01img####.eas####.com
- 02img####.eas####.com
- 03img####.eas####.com
- 04img####.eas####.com
- 05img####.eas####.com
- 06img####.eas####.com
- 07img####.eas####.com
- 08img####.eas####.com
- 09img####.eas####.com
- a####.u####.com
- app.50####.org
- b####.km.com
- c####.b####.com
- c####.baidust####.com
- ci####.s####.com
- dfttde####.dftou####.com
- down####.app.2####.com
- ec####.b####.com
- em.b####.com
- f10.b####.com
- f11.b####.com
- f12.b####.com
- g####.dftou####.com
- hm.b####.com
- i####.sogo####.com
- i####.sogo####.com
- i####.sogo####.com
- i####.sogo####.com
- lian####.dftou####.com
- m####.eas####.com
- m.t####.cn
- mor####.dftou####.com
- nativ####.dftou####.com
- pcunion####.s####.com
- pos.b####.com
- posi####.dftou####.com
- repor####.dftou####.com
- s####.dftou####.com
- sdk-ac####.dftou####.com
- sdk-col####.dftou####.com
- sdk-new####.dftou####.com
- sdk-pi####.dftou####.com
- sdk-ser####.dftou####.com
- sdknati####.dftou####.com
- ser####.e####.s####.com
- sh####.2####.cn
- sh####.2####.com
- sh####.y####.com
- softwor####.dftou####.com
- sta####.rea####.com
- t####.dftou####.com
- t10.b####.com
- t11.b####.com
- t12.b####.com
- up####.app.2####.com
- wapac####.dftou####.com
- wapif####.dftou####.com
- wn.pos.b####.com
- yu####.3g.qq.com
Запросы HTTP GET:
- 0####.s####.com/20190405/20190405154604_4c032361f141387906a81fef71551fce...
- 0####.s####.com/20190407/20190407114957_4d6cbb18f362f9255bfb666d428f05e5...
- 0####.s####.com/20190407/20190407163800_4768e719a28baccab42a8e0111a037b3...
- 0####.s####.com/20190407/20190407165000_a4f8cbe3824d117972b07fe953dd9671...
- 0####.s####.com/mobile/20190405/2019040515_b3d63285ac534dd49ec839600662c...
- 0####.s####.com/mobile/20190406/2019040615_92be8e3d213c4ad4b0ad943e7b998...
- 0####.s####.com/mobile/20190406/2019040616_eb539aa0676945e4860d55037ce2e...
- 0####.s####.com/mobile/20190406/2019040616_f5e3953766e5436e86dafd52ce69d...
- 0####.s####.com/mobile/20190407/2019040711_7b21f2badc1b4861a32a48d3ffcda...
- 0####.s####.com/mobile/20190407/2019040713_0d55e350345049c78c1b2d81a45c4...
- 0####.s####.com/mobile/20190407/2019040715_49dfc31816914d5d9e60f2b4cb2b2...
- 0####.s####.com/mobile/20190407/2019040721_2ec3884b1a6e4fa0ae19db301d9ca...
- 0####.s####.com/pictures/20190406/190406160714062768227.html?ttaccid=###...
- 0####.s####.com/toutiaoh5/channeljs/h5toutiao/2345yzhbd/ttpic_details/23...
- 0####.s####.com/toutiaoh5/channeljs/h5toutiao/h5toutiaocookie.js
- 04img####.eas####.com.####.com/mobile/20190115/20190115095846_aeb2838c43...
- 04img####.eas####.com.####.com/mobile/20190407/2019040713_3e6d1ea59fd141...
- 04img####.eas####.com.####.com/mobile/20190407/2019040713_6a1fd222ff8340...
- 04img####.eas####.com.####.com/mobile/20190407/2019040713_9d37522a9a164a...
- 04img####.eas####.com.####.com/mobile/20190407/20190407171401_82a9d0615a...
- 04img####.eas####.com.####.com/mobile/20190407/20190407233538_c24bde7616...
- 04img####.eas####.com.####.com/mobile/20190408/20190408035352_a5d24839bf...
- 04img####.eas####.com.####.com/mobile/20190408/20190408051343_ade481c839...
- 04img####.eas####.com.####.com/video/vvideo/20190407/2019040708240238213...
- 04img####.eas####.com.####.com/video/vzixun/20190407/2019040707272303796...
- 05img####.eas####.com.####.com/mobile/20190405/2019040519_6ceb7718c33f41...
- 05img####.eas####.com.####.com/mobile/20190405/2019040519_bc9fc7b77a7d48...
- 05img####.eas####.com.####.com/mobile/20190405/2019040519_dfe0accff9e440...
- 05img####.eas####.com.####.com/mobile/20190405/2019040520_02de5a478f8b4d...
- 05img####.eas####.com.####.com/mobile/20190405/2019040520_19e206fbf1a248...
- 05img####.eas####.com.####.com/mobile/20190405/2019040520_46e64f8737e542...
- 05img####.eas####.com.####.com/mobile/20190407/2019040710_6d8b6a32593847...
- 05img####.eas####.com.####.com/mobile/20190407/2019040710_6ffc0adf25f14b...
- 05img####.eas####.com.####.com/mobile/20190407/2019040710_9ca5d6403c934a...
- 05img####.eas####.com.####.com/mobile/20190407/20190407185035_c76b7610b5...
- 05img####.eas####.com.####.com/mobile/20190408/20190408035307_510156c2ce...
- 05img####.eas####.com.####.com/mobile/20190408/20190408043724_f9514b1bda...
- 05img####.eas####.com.####.com/mobile/20190408/20190408050906_2fcd3feac8...
- 08img####.eas####.com.####.com/mobile/20190102/20190102092307_a10fe9ac76...
- 08img####.eas####.com.####.com/mobile/20190115/2019011519_36f986956a9d4c...
- 08img####.eas####.com.####.com/mobile/20190115/2019011519_3b76ce33c04249...
- 08img####.eas####.com.####.com/mobile/20190115/2019011519_ea834eb8f14d45...
- 08img####.eas####.com.####.com/mobile/20190407/20190407082020_e7df7e162c...
- 08img####.eas####.com.####.com/mobile/20190407/20190407121136_dc97cc9a92...
- 08img####.eas####.com.####.com/mobile/20190407/20190407172605_c675fa5e1b...
- 08img####.eas####.com.####.com/mobile/20190407/2019040717_9ac1008823274a...
- 08img####.eas####.com.####.com/mobile/20190407/2019040717_e702cf69f4f74b...
- 08img####.eas####.com.####.com/mobile/20190408/20190408010350_f57fe29c63...
- 08img####.eas####.com.####.com/mobile/20190408/20190408033038_e29299e71e...
- 08img####.eas####.com.####.com/mobile/20190408/20190408035636_dc22c5f05d...
- 08img####.eas####.com.####.com/mobile/20190408/20190408041104_ba8807d1ff...
- 08img####.eas####.com.####.com/mobile/20190408/20190408041523_2717eaf784...
- 08img####.eas####.com.####.com/mobile/20190408/20190408042455_2c80e52bb1...
- 08img####.eas####.com.####.com/mobile/20190408/20190408043637_ded5449458...
- 08img####.eas####.com.####.com/mobile/20190408/20190408051355_d0a8202df9...
- 08img####.eas####.com.####.com/mobile/20190408/20190408051516_9827c30ce7...
- 08img####.eas####.com.####.com/video/vgaoxiao/20190405/20190405071558000...
- app.50####.org/?action=####
- app.50####.org/index.php?action=####
- app.50####.org/wangpai/index.php?_c=####&action=####
- b####.km.com/favicon.ico
- b####.km.com/manhua/
- down####.app.2####.com/lord/jrom/450000/usbhelperJar-CryptLordHeart_jrom...
- g####.dftou####.com/lkwusv/ckt?c=####
- i####.sogo####.com.####.com/app/a/200630/09111dadc725fa95a11174f810f97084
- i####.sogo####.com.####.com/app/a/200630/0fabba6fe5a1e37d82f1caf17d4238ef
- i####.sogo####.com.####.com/app/a/200630/2b54f8018f581b55068ef90a882cb75d
- i####.sogo####.com.####.com/app/a/200630/2d5a7f8ed2bc450dcc3db455711c01d2
- i####.sogo####.com.####.com/app/a/200630/3099300fe0e6a43aa517900d38ac11d0
- i####.sogo####.com.####.com/app/a/200630/3f2231edadb374bc5634d538da33e92c
- i####.sogo####.com.####.com/app/a/200630/451eaa27bd0f5084a365109f75f98227
- i####.sogo####.com.####.com/app/a/200630/4c6e40fca7fa3a4042ada6d12e246f7f
- i####.sogo####.com.####.com/app/a/200630/566ba022036131a2fbc256905f28bfde
- i####.sogo####.com.####.com/app/a/200630/8349ef74df5c10e0b60b36061f673929
- i####.sogo####.com.####.com/app/a/200630/954b62d3c8a22b44259ec4dca1881e1b
- i####.sogo####.com.####.com/app/a/200630/97207652922c68b38736ff2f1c53c6a9
- m.tt.vip-dns####.com/setuid.html?u=####
- sh####.2####.cn/api/getProductInfo.php?act=####
- sh####.2####.com/api/getStatisticListNew.php?promotion_method=####
- sh####.y####.com/api/desktop/getStations?projectName=####
- si####.jom####.com/it/u=1010402029,2989949053&fm=76
- si####.jom####.com/it/u=2120275436,3064391646&fm=76
- si####.jom####.com/it/u=2509002850,25259607&fm=76
- si####.jom####.com/it/u=2730652522,4081584567&fm=76
- si####.jom####.com/it/u=274860873,3239077579&fm=76
- si####.jom####.com/it/u=312738262,2182616062&fm=76
Запросы HTTP POST:
- a####.u####.com/app_logs
- app.50####.org/?action=####
- app.50####.org/index.php?action=####
- app.50####.org/wangpai/index.php?_c=####&action=####
- lian####.dftou####.com/union/api
- lian####.dftou####.com/union/com.union.internalinterface.allianceadverti...
- nativ####.dftou####.com/admethod/com.nodsp.allianceadvertising.sougougua...
- sdk-ac####.dftou####.com/actlog_sdk/data
- sdk-ac####.dftou####.com/actlog_sdk/install
- sdk-ac####.dftou####.com/actlog_sdk/open
- sdk-col####.dftou####.com/columns_sdk/news
- sdk-col####.dftou####.com/columns_sdk/pic
- sdk-new####.dftou####.com/newsapi_sdk/newspool
- sdk-pi####.dftou####.com/picapi_sdk/picnewspool
- sdk-ser####.dftou####.com/cloudcontrol/cloudcontrol
- sdk-ser####.dftou####.com/serverts/getserverts
- sdknati####.dftou####.com/admethod/appad
- sh####.2####.com/api/api_get_ad.php?action=####
- sh####.y####.com/api/desktop/searchlink
- t####.dftou####.com/getkey/key
- up####.app.2####.com/index.php
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/CryptLordHeart.jar
- /data/data/####/HalleyServicePreferences_100.xml
- /data/data/####/HalleyServicePreferences_100_.xml
- /data/data/####/SYSTEM_SETTING.xml
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cc_c_t_m_l_txsdk.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dfttsdk-db-journal
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_00006a
- /data/data/####/f_00006b
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/f_00006f
- /data/data/####/f_000070
- /data/data/####/gxcoreframework_app_setting.xml
- /data/data/####/gxcoreframework_cache_data_news_gallery_list.xml
- /data/data/####/gxcoreframework_cache_data_news_list.xml
- /data/data/####/gxcoreframework_cache_read_news_gallery_list.xml
- /data/data/####/gxcoreframework_cache_read_news_list.xml
- /data/data/####/halley_schedule_100__HttpSchedulerClient.db-journal
- /data/data/####/halley_schedule_100__HttpSchedulerHandler.db-journal
- /data/data/####/index
- /data/data/####/multidex.version.xml
- /data/data/####/okhttputils_cache.db
- /data/data/####/okhttputils_cache.db-journal
- /data/data/####/sdk_app_used_data.xml
- /data/data/####/sdk_config_data.xml
- /data/data/####/sdk_crc32_data.xml
- /data/data/####/sdk_data.xml
- /data/data/####/sdk_device_data.xml
- /data/data/####/sdk_error_list.xml
- /data/data/####/sdk_event_list.xml
- /data/data/####/sdk_new_event.xml
- /data/data/####/sdk_quantity_event.xml
- /data/data/####/sdk_sdk_data.xml
- /data/data/####/sdk_server_path_list.xml
- /data/data/####/sdk_server_watch_list.xml
- /data/data/####/sdk_today_event.xml
- /data/data/####/sdk_upgrade_data.xml
- /data/data/####/sdk_usbhelper.db
- /data/data/####/sdk_usbhelper.db-journal
- /data/data/####/search_url.xml
- /data/data/####/tj2345.db
- /data/data/####/tj2345.db-journal
- /data/data/####/tj2345_error.xml
- /data/data/####/tj2345_event.xml
- /data/data/####/tj2345_other.xml
- /data/data/####/tongji2345.xml
- /data/data/####/tongji2345_app_use.xml
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/-1025362762.tmp
- /data/media/####/-1071980407.tmp
- /data/media/####/-1089026347.tmp
- /data/media/####/-1099086144.tmp
- /data/media/####/-1149859935.tmp
- /data/media/####/-1224764016.tmp
- /data/media/####/-1252430002.tmp
- /data/media/####/-1294745861.tmp
- /data/media/####/-1496309563.tmp
- /data/media/####/-1546705817.tmp
- /data/media/####/-1590439109.tmp
- /data/media/####/-1594989395.tmp
- /data/media/####/-16325825.tmp
- /data/media/####/-1674921068.tmp
- /data/media/####/-1675829437.tmp
- /data/media/####/-1766601625.tmp
- /data/media/####/-1869708587.tmp
- /data/media/####/-1933498218.tmp
- /data/media/####/-2113148405.tmp
- /data/media/####/-244554476.tmp
- /data/media/####/-248570369.tmp
- /data/media/####/-318327362.tmp
- /data/media/####/-333597998.tmp
- /data/media/####/-388205381.tmp
- /data/media/####/-404117768.tmp
- /data/media/####/-407958131.tmp
- /data/media/####/-447071537.tmp
- /data/media/####/-457903471.tmp
- /data/media/####/-507528251.tmp
- /data/media/####/-526635404.tmp
- /data/media/####/-529882473.tmp
- /data/media/####/-607493975.tmp
- /data/media/####/-685736005.tmp
- /data/media/####/-699851386.tmp
- /data/media/####/-707199868.tmp
- /data/media/####/-720485021.tmp
- /data/media/####/-771541742.tmp
- /data/media/####/-859882165.tmp
- /data/media/####/-860797696.tmp
- /data/media/####/.nomedia
- /data/media/####/.system_uuid
- /data/media/####/1082739856.tmp
- /data/media/####/1094370041.tmp
- /data/media/####/1181415491.tmp
- /data/media/####/1219567438.tmp
- /data/media/####/1234916279.tmp
- /data/media/####/123986850.tmp
- /data/media/####/127110157.tmp
- /data/media/####/1314480146.tmp
- /data/media/####/1336432891.tmp
- /data/media/####/135796122.tmp
- /data/media/####/1369193957.tmp
- /data/media/####/1409954961.tmp
- /data/media/####/1476714308.tmp
- /data/media/####/1502374641.tmp
- /data/media/####/1520717412.tmp
- /data/media/####/1524260459.tmp
- /data/media/####/1597381147.tmp
- /data/media/####/1638220728.tmp
- /data/media/####/1655324258.tmp
- /data/media/####/1673533448.tmp
- /data/media/####/1691870134.tmp
- /data/media/####/1753802232.tmp
- /data/media/####/1766481174.tmp
- /data/media/####/1782898089.tmp
- /data/media/####/1839089115.tmp
- /data/media/####/1880234355.tmp
- /data/media/####/188394540.tmp
- /data/media/####/1927211727.tmp
- /data/media/####/2079388150.tmp
- /data/media/####/2098495303.tmp
- /data/media/####/2131814933.tmp
- /data/media/####/238267985.tmp
- /data/media/####/255684943.tmp
- /data/media/####/373257192.tmp
- /data/media/####/382885764.tmp
- /data/media/####/386568400.tmp
- /data/media/####/436513740.tmp
- /data/media/####/450644577.tmp
- /data/media/####/470008275.tmp
- /data/media/####/515172686.tmp
- /data/media/####/565483090.tmp
- /data/media/####/590967404.tmp
- /data/media/####/655800597.tmp
- /data/media/####/694460618.tmp
- /data/media/####/726671523.tmp
- /data/media/####/760994038.tmp
- /data/media/####/828146046.tmp
- /data/media/####/829061577.tmp
- /data/media/####/922009303.tmp
- /data/media/####/938426218.tmp
- /data/media/####/CryptLordHeart.jar
- /data/media/####/sdk_app_used_data.xml
- /data/media/####/sdk_config_data.xml
- /data/media/####/sdk_crc32_data.xml
- /data/media/####/sdk_device_data.xml
- /data/media/####/sdk_error_list.xml
- /data/media/####/sdk_event_list.xml
- /data/media/####/sdk_sdk_data.xml
- /data/media/####/sdk_server_path_list.xml
- /data/media/####/sdk_server_watch_list.xml
- /data/media/####/sdk_today_event.xml
- /data/media/####/sdk_upgrade_data.xml
- /data/media/####/sdk_usbhelper.db
- /data/media/####/sdk_usbhelper.db-journal
- /data/media/####/usbhelperJar-CryptLordHeart_jrom-release.jar (deleted)
Другие:
Запускает следующие shell-скрипты:
- app_process /system/bin com.android.commands.pm.Pm list packages
- getprop gsm.denqin.meid
- pm list packages
- ps
Загружает динамические библиотеки:
- tencentloc
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS7Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
