Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.860.origin
- Android.Triada.440.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) v2.g####.qq.com:80
- TCP(HTTP/1.1) a####.b####.qq.com:8011
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) dc.l####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) sc.g####.qq.com:80
- TCP(HTTP/1.1) sf3-ttc####.ps####.com:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
- TCP(HTTP/1.1) f####.mom####.cn:80
- TCP(HTTP/1.1) sf1-ttc####.ps####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) src.r####.com.####.com:80
- TCP(HTTP/1.1) res.ka####.com.####.com:80
- TCP(HTTP/1.1) sdk.c####.com:80
- TCP(HTTP/1.1) sf6-ttc####.ps####.com.####.com:80
- TCP(HTTP/1.1) to####.sn####.com:80
- TCP(TLS/1.0) an####.l####.com:443
- TCP(TLS/1.0) res.k####.com.####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) to####.sn####.com:443
- TCP(TLS/1.0) o####.k####.com:443
- TCP(TLS/1.0) s####.j####.cn:443
- TCP(TLS/1.0) log.k####.com:443
- TCP 1####.230.236.45:7010
- UDP s.j####.cn:19000
Запросы DNS:
- a####.b####.qq.com
- aexcep####.b####.qq.com
- an####.l####.com
- and####.b####.qq.com
- and####.cli####.go####.com
- dc.l####.com
- f####.mom####.cn
- icha####.sn####.com
- imgc####.qq.com
- is.sn####.com
- log.k####.com
- mi.g####.qq.com
- o####.k####.com
- p####.byt####.cn
- p####.ugd####.com
- qzones####.g####.cn
- res.k####.com
- res.ka####.com
- s####.e.qq.com
- s####.j####.cn
- s.j####.cn
- sc.g####.qq.com
- sdk.c####.com
- sf1-ttc####.ps####.com
- sf3-ttc####.ps####.com
- sf6-ttc####.ps####.com
- src.r####.com
- tj.a####.cn
- to####.sn####.com
- up####.sdk.jig####.cn
- v2.g####.qq.com
Запросы HTTP GET:
- f####.mom####.cn/upload/tmp/2019-01/18749fad54c01ec539f0030ac97a538e.jpg
- f####.mom####.cn/upload/tmp/2019-01/1af800279a6b9acf707e01b4eb8bb860.png
- f####.mom####.cn/upload/tmp/2019-01/1ccc08435628dfb7659395e241d1c0db.png
- f####.mom####.cn/upload/tmp/2019-01/299c95a6b59fc4b93f60645f890c390a.png
- f####.mom####.cn/upload/tmp/2019-01/2ddb706d222430c677b54ffa2400db6d.png
- f####.mom####.cn/upload/tmp/2019-01/4e0afb2edf0ea1c1eb00f6b9618a1d61.jpg
- f####.mom####.cn/upload/tmp/2019-01/4fb0c9579f3ecf60d390d1414ca38fe3.png
- f####.mom####.cn/upload/tmp/2019-01/58fc6e6a4b7c61ca4741061faa5fa320.jpg
- f####.mom####.cn/upload/tmp/2019-01/7731fa72a13d06091fd2a673ff76e9ae.jpg
- f####.mom####.cn/upload/tmp/2019-01/778ae4e0a1c73bff70ca1572617a41ca.jpg
- f####.mom####.cn/upload/tmp/2019-01/788956e74837866d23f5c93e4ddfa3b8.png
- f####.mom####.cn/upload/tmp/2019-01/85cf2092a90ca2cab74a1af03dd6770e.png
- f####.mom####.cn/upload/tmp/2019-01/c453c7039bc3fbda745a2cec5d87a3e2.png
- f####.mom####.cn/upload/tmp/2019-01/cfc235c5601847ff5faacc6c2c60bddd.png
- f####.mom####.cn/upload/tmp/2019-01/d85984984c76ff07e2dd0ab41a883288.jpg
- f####.mom####.cn/upload/tmp/2019-01/e19babd10420b2b8373d5f91c695de13.jpg
- f####.mom####.cn/upload/tmp/2019-01/e778702090140394dd8283e0b4315a8c.png
- f####.mom####.cn/upload/tmp/2019-01/eff2dd7c8851ce4624e4fe3a80df6e0e.jpg
- f####.mom####.cn/upload/tmp/2019-01/f9a29f2dc4836c7ad62090f9d8b7f81d.jpg
- f####.mom####.cn/upload/tmp/2019-03/2fcd0a68eb2c5507693fb95b329a8ee1.jpg
- f####.mom####.cn/upload/tmp/2019-03/c8c37632973eba40a3de3dae3d49b1b3.png
- f####.mom####.cn/upload/tmp/2019-04/872a1224b0342ce0fed2d1639651d635.jpg
- f####.mom####.cn/upload/tmp/2019-04/9bdb5ea50c16c7aab679338352baa370.jpg
- mi.g####.qq.com/gdt_mview.fcg?actual_width=####&count=####&r=####&templa...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android03/js-release/1.1.0/nati...
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- res.ka####.com.####.com/upload/article/2064063/2064063s.jpg
- s####.tc.qq.com/gdt/0/DAAK5gkAUAALQABGBcnyK1AJO8hk8Y.jpg/0?ck=####
- sc.g####.qq.com/gdt_mclick.fcg?viewid=####&jtype=####&i=####&os=####&asi...
- sf1-ttc####.ps####.com/img/mosaic-legacy/1225d0004ab099a79487d~cs_300x30...
- sf1-ttc####.ps####.com/img/mosaic-legacy/1225d0004ab099a79487d~cs_690x38...
- sf1-ttc####.ps####.com/img/mosaic-legacy/1ee3c0005bad8fb03df98~cs_300x30...
- sf1-ttc####.ps####.com/img/mosaic-legacy/1f56b00028cfd6421e85c~cs_300x30...
- sf1-ttc####.ps####.com/img/mosaic-legacy/1f6ca0003314616a602cc~cs_690x38...
- sf3-ttc####.ps####.com/img/mosaic-legacy/1ee3c0005bad8fb03df98~noop.jpg
- sf3-ttc####.ps####.com/img/web.business.image/201903045d0d9ab139af749a4a...
- sf6-ttc####.ps####.com.####.com/img/mosaic-legacy/1f56b00028cfd6421e85c~...
- src.r####.com.####.com/kubo/dex/luomi_9.1.24.dex
- to####.sn####.com/service/2/app_alert_check/?build_serial=####&timezone=...
- v2.g####.qq.com/gdt_stats.fcg?viewid=####&i=####&os=####&xp=####
Запросы HTTP POST:
- a####.b####.qq.com:8011/rqd/async
- aexcep####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- and####.b####.qq.com/rqd/async?aid=####
- dc.l####.com/adLogs/adLog
- dc.l####.com/hLogs/saveHeartbeatLog
- dc.l####.com/startLog/startLog
- dc.l####.com/wLog/wLog
- s####.e.qq.com/activate
- s####.e.qq.com/click
- sdk.c####.com/versiontapi.php?v=####&type=####
- to####.sn####.com/service/2/ab_test_config/?tt_data=####
- to####.sn####.com/service/2/device_register/?tt_data=####
- to####.sn####.com/service/2/log_settings/?tt_data=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/1004
- /data/data/####/173ec3ee-5fe3-4a6b-a14e-5f9de9057538
- /data/data/####/1btt5tvjqhmfyv6bf9qkmdlpd
- /data/data/####/1btt5tvjqhmfyv6bf9qkmdlpd.tmp
- /data/data/####/1wab1h5lnp7nezyhf9zhgsveo
- /data/data/####/1wab1h5lnp7nezyhf9zhgsveo.tmp
- /data/data/####/2305.yaqcookie
- /data/data/####/257ee40f-abbc-46bb-860d-110ffea6e918
- /data/data/####/3065a512-0434-4ae8-bfb6-e405b5c13419
- /data/data/####/4ht0it5w2d9ln7zz626qkhab4
- /data/data/####/4ht0it5w2d9ln7zz626qkhab4.tmp
- /data/data/####/4ht0it5w2d9ln7zz626qkhab4.tmp (deleted)
- /data/data/####/6e928fqpul14lkhnmg148wpu4
- /data/data/####/6e928fqpul14lkhnmg148wpu4.tmp
- /data/data/####/8d235986-da98-457f-a90d-556131070cd3
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/JPushSA_Config.xml
- /data/data/####/MultiDex.lock
- /data/data/####/ac814bfe-69ec-4654-a69a-dbddd10e7efc
- /data/data/####/appPackageNames_v2
- /data/data/####/app_crash_copy.xml
- /data/data/####/app_log_encrypt_switch_count.xml
- /data/data/####/applog_stats.xml
- /data/data/####/ax_c.xml
- /data/data/####/bugly_db_-journal
- /data/data/####/bugly_db_legu-journal
- /data/data/####/cbd875a6-b226-4ae2-92dd-c3f337f7503b
- /data/data/####/cn.jpush.android.user.profile.xml
- /data/data/####/cn.jpush.preferences.v2.rid.xml
- /data/data/####/cn.jpush.preferences.v2.xml
- /data/data/####/config_read_progress.xml
- /data/data/####/crashrecord.xml
- /data/data/####/custom_channels.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/dexMethod.82894129.dat
- /data/data/####/downloader.db-journal
- /data/data/####/f_000001
- /data/data/####/gdt_config.cfg
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_suid
- /data/data/####/gg.dex
- /data/data/####/header_custom.xml
- /data/data/####/index
- /data/data/####/jpush_device_info.xml
- /data/data/####/jpush_local_notification.db
- /data/data/####/jpush_local_notification.db-journal
- /data/data/####/jpush_local_notification.db-wal
- /data/data/####/jpush_stat_cache.json
- /data/data/####/jpush_stat_cache_history.json
- /data/data/####/jpush_statistics.db
- /data/data/####/jpush_statistics.db-journal
- /data/data/####/jpush_statistics.db-shm (deleted)
- /data/data/####/jpush_statistics.db-wal
- /data/data/####/last_sp_session.xml
- /data/data/####/libshella-2.9.0.5.so
- /data/data/####/libufix.so
- /data/data/####/libyaqbasic.82894129.so
- /data/data/####/libyaqpro.82894129.so
- /data/data/####/local_crash_lock
- /data/data/####/mc177.dex
- /data/data/####/mc_cache.xml
- /data/data/####/mix.dex
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/security_info
- /data/data/####/snssdk_openudid.xml
- /data/data/####/ss_app_log.db-journal
- /data/data/####/tt_sdk_settings.xml
- /data/data/####/ttopenadsdk.xml
- /data/data/####/ttopensdk.db-journal
- /data/data/####/update_lc
- /data/data/####/version_config_.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/yaqsdkcookie
- /data/media/####/.nomedia
- /data/media/####/.push_deviceid
- /data/media/####/01db25680578c003a3d04a04c1c90208a460ff67c3a5ee....0.tmp
- /data/media/####/025db16c602b9281ed454d28e628e63cebbe9675266d0e....0.tmp
- /data/media/####/055bbb0367e59baf6e268331185c97ca36e2be48fb0fd5....0.tmp
- /data/media/####/072f13fd87b9c6b801cac6215898f16ebffaeab3135c70....0.tmp
- /data/media/####/08ec8e31ac4aa1223f0f563897545690469f38c29ed5a5....0.tmp
- /data/media/####/0d2f8863f2b54361d237f05c0d9d9ee2ffeace05fc3d76....0.tmp
- /data/media/####/0f3adadd092c0f7053cc0d8d78930d39988b3152528c02....0.tmp
- /data/media/####/11b32875617981293141a6e3f4e96818cbea7581777ad1....0.tmp
- /data/media/####/1614481d1f248fc8fe965a0fb6afb61e09ce3bd2e752d6....0.tmp
- /data/media/####/18a879c47fab36553a5f6680845c96a45c2f5830576a07....0.tmp
- /data/media/####/23f02e688e7a579f9baab6c0ff15992116b247a2da4093....0.tmp
- /data/media/####/23f50c8ffe21f5f994d5fada22165d528441339684feae....0.tmp
- /data/media/####/25d18d1436dfde8b7a49a7bfe46ef80a18ae8b6fe51fcb....0.tmp
- /data/media/####/27fe9660e2cb6a9d297611924265390ac51f344697f918....0.tmp
- /data/media/####/28c995c21e03b5c51f394fbe50887df2bfdf795a66e4a2....0.tmp
- /data/media/####/2bbd1d1a5791c40efeb7b5a2e41fbd4b862f75bf482d7c....0.tmp
- /data/media/####/312a18b44b6ddf6d9a2b06db05b23ffb.0
- /data/media/####/32802c11bcd6592dc95d05a398c10f66d023bf48ff0443....0.tmp
- /data/media/####/36bafde4f38889485fee453005f4fc4bb2211792741a18....0.tmp
- /data/media/####/36e775bac40e5bb50bebf8dfa3542d473dd2eae2e2254c....0.tmp
- /data/media/####/37920bac4944c25d4e9d9021da055675dd64d59ee29f9d....0.tmp
- /data/media/####/3b9e4792f78950569d31e59da6d2b1b99d23aabee42344....0.tmp
- /data/media/####/3c6d860208aa5ef284e03efa5d4cea126cf4e5f681aad3....0.tmp
- /data/media/####/407db19942ecdfa328b0c14ccdc2278d631bee84d81911....0.tmp
- /data/media/####/427cbc4109afe2dfdfe976c66d4e424b5df531b11d53df....0.tmp
- /data/media/####/432b14bec40cede00b7b3c9c28ed8d227e94eb39cab596....0.tmp
- /data/media/####/462c157a3df2590cf121cbed7710bfe814b87aafa4a332....0.tmp
- /data/media/####/4acce4190e0cd820927317bd76126315c42ee7a7eb4e37....0.tmp
- /data/media/####/4cf28628946b08ca90a1963937fafa5ecfb62475aa23b1....0.tmp
- /data/media/####/4d30485645a5633c6d1ee2eaf7622b6b143ac8b43013c0....0.tmp
- /data/media/####/4dafe167defb8b1657bfd235ba69116fe8cd9a1caf48c2....0.tmp
- /data/media/####/4de51102aa23ea2e0fe0cbe4bf2f51a51a7d38ae5402cb....0.tmp
- /data/media/####/513735e1c6d14a66597f9cf33ca34f482bffff744f5dc6....0.tmp
- /data/media/####/51fbb3f3b1d6c4cc5f56f4e9b010835e7bb5dfe6f66519....0.tmp
- /data/media/####/53978332848a9783c67de37981addb385fe6827c3207eb....0.tmp
- /data/media/####/56533e85fee93caa7990dbedfc367350308573505b9630....0.tmp
- /data/media/####/5896e73a115e7c55c05c10d8ed3f864721bd911700f363....0.tmp
- /data/media/####/594a8584e06145b951a3e28ef53977eb195fbd1909ce11....0.tmp
- /data/media/####/5b219d304260e7793d9be4201fb6a99dbb5876d8bf53ae....0.tmp
- /data/media/####/5bef9ae97c25fa286bbdd4de2e256cb34348f596ad7f2e....0.tmp
- /data/media/####/5c885ad60cdb30401157a7d4e5239f6c7a779a0cf59a54....0.tmp
- /data/media/####/5d363e47af46793bd601a88ff0890c36f6848fca9fdb1c....0.tmp
- /data/media/####/5f9cf84be8308782472e3b7a9d0a98c71a1a63a362bcf6....0.tmp
- /data/media/####/646c45ae750581c2b82b2148e5775522e67ec72e7e85de....0.tmp
- /data/media/####/695c74fd2cd4e8ea43016d213c9533293be2b62e6fe369....0.tmp
- /data/media/####/69f646dabc2efbe5f85aadd7b0c623a637b99681668825....0.tmp
- /data/media/####/6d2b8c9b2033986d635f2ba3d75521f02cc8aa769eded8....0.tmp
- /data/media/####/6e68f5ebcfa75e60be6cc6f9a4c4d4e2200297f05d44d7....0.tmp
- /data/media/####/6e817e7b1f2d994cc8214452826f4106b9f1f3fe9275ad....0.tmp
- /data/media/####/6fc6fefc488713f1aa56e0eed9e1abfda6f422dee4a5a5....0.tmp
- /data/media/####/72feaef551dbe6d1cc427e8c7f7c2c505e920dee817889....0.tmp
- /data/media/####/730fa980e2843cc008bf170de20480e48282576789161e....0.tmp
- /data/media/####/7773e0a72b14cc8f04305203a801706d2c36a1a031f9bb....0.tmp
- /data/media/####/7ed26a934c620fce1d6df4600aaf3afe5dd2c1908d1ba1....0.tmp
- /data/media/####/879914b872df352803cc9c05c0af07afca9f603842833b....0.tmp
- /data/media/####/8cca0813e1cdcbd484da2056579237fa14ef8a95a9b140....0.tmp
- /data/media/####/8d120908ebe8a9b815d6db4a5406955db5a345fa24fe14....0.tmp
- /data/media/####/9531cfc9bb14e7a69762543b0de4abfa48911ee8a00fd6....0.tmp
- /data/media/####/9e963730d280d75a3a029375b7717d24e7ccb249cc24f3....0.tmp
- /data/media/####/a4acef2ed6138560dd08c7b8fb6d18975a6dfaee7f003c....0.tmp
- /data/media/####/a746905df354a7418f73d6bb6fbf0ee0553ce88fbfec28....0.tmp
- /data/media/####/aae7fa1ba1251c5d4c33289ef95dded75f4337d1e0bd17....0.tmp
- /data/media/####/ad8971365f5845941c73b79f735b8640ffb4ff51c68bf4....0.tmp
- /data/media/####/aff100b2de2132641b40080bc55c315135d0d2a47394d6....0.tmp
- /data/media/####/b5c50160f64358fe79f194adb3130694684bda46d58e28...9e52.0
- /data/media/####/c041cb6e31364bebe753141912477277c29b1678eb04bf....0.tmp
- /data/media/####/c0ca99bdd274cfa11693fb7a5f8526cc1fb9b4455b600a....0.tmp
- /data/media/####/c1bd6b07479ebe95ce20387acc31d430e9fc5873fc4fd6....0.tmp
- /data/media/####/c2d5913ce3de7c94dd657dc98ef0f5eee98b862097ebba....0.tmp
- /data/media/####/c7c8d9076302d48f560ec318a3fef9d913d548f0e39bf8....0.tmp
- /data/media/####/c84b2294148a07e5af88cbcb95590f56419a338274a7e2....0.tmp
- /data/media/####/c8ce1f96b86a96ea1980b961b726337ba5a43e2c8d7122....0.tmp
- /data/media/####/cb36c33f38830d98d02dd245dc64fb013b69b80052a686....0.tmp
- /data/media/####/cc4de6557fd42a7477857227fbee6e0365be9ec1a8cd6f....0.tmp
- /data/media/####/clientudid.dat
- /data/media/####/d18a8d6a5cc3079d5512179219bd1fdd44ca6266efb777....0.tmp
- /data/media/####/d3f4b4e0513524c639dfa8c89e46f07b0ca0905807358d....0.tmp
- /data/media/####/d797157d1c8eaa5e29d3096ce899f0e0c069f78aee05dc....0.tmp
- /data/media/####/d7f5aca837ee8d240e29c30fe6230ccb55ef6b1a5f7d1c....0.tmp
- /data/media/####/d8aba12209d0a57802d6b27a64fe22ea06f7b73281ee11....0.tmp
- /data/media/####/d904e9c4ff3d5795a02b01efbb678dcea74647763cba46....0.tmp
- /data/media/####/dbda8ee76bed2a768c2dadd95d1c7751a1f4782b10b10d....0.tmp
- /data/media/####/dc82803536ebc596fbf51adeca2d6e25930f28bcbfe1e0....0.tmp
- /data/media/####/e03db43249a1f572511e2cd0ae9078d6153870b8b10c69....0.tmp
- /data/media/####/e2a673a81fcb3b8f3351e70d12d892b8700d834e719752....0.tmp
- /data/media/####/ea8bdbab77d0095084df288c326a364c70c36b96977795....0.tmp
- /data/media/####/journal.tmp
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.5.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.letv.release.version
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.smartisan.version
- getprop ro.vivo.os.build.display.id
- getprop ro.vivo.os.version
- getprop ro.yunos.version
- logcat -d -v threadtime
Загружает динамические библиотеки:
- Bugly
- c++_shared
- jcore120
- libnfix
- libshella-2.9.0.5
- libufix
- libyaqbasic.82894129
- libyaqpro.82894129
- mmkv
- nfix
- pl_droidsonroids_gif
- teaEncrypt
- ufix
Использует следующие алгоритмы для шифрования данных:
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-ECB-NoPadding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о привязанных к устройству аккаунтах (Google, Facebook и т. д.).
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
