Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Adware.Gexin.2.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) qin####.com.www.####.com:80
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) 1####.197.235.73:80
- TCP(HTTP/1.1) cdnp####.f####.mma####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) p####.mma####.com:80
- TCP(HTTP/1.1) p####.mma####.com:8081
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(TLS/1.0) wap.cmpass####.com:8443
- TCP(TLS/1.0) www.cmpass####.com:443
- TCP(TLS/1.0) 1####.217.17.78:443
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5226
Запросы DNS:
- 7j####.c####.z0.####.com
- aexcep####.b####.qq.com
- and####.b####.qq.com
- c####.g####.ig####.com
- c-h####.g####.com
- cdnp####.f####.mma####.com
- p####.mma####.com
- p####.mma####.com
- pub-####.qin####.com
- sdk-ope####.g####.com
- sdk.c####.ig####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- wap.cmpass####.com
- www.cmpass####.com
Запросы HTTP GET:
- cdnp####.f####.mma####.com//MMPIC/0/300009814300/logo140x1406508704708_s...
- cdnp####.f####.mma####.com//MMPIC/0/300011869300/logo140x1407193210166_s...
- cdnp####.f####.mma####.com//MMPIC/1/300008074001/logo140x1406504311595_s...
- cdnp####.f####.mma####.com//MMPIC/10/300011857910/logo140x1406259300042_...
- cdnp####.f####.mma####.com//MMPIC/12/300009274212/logo140x1403247964636_...
- cdnp####.f####.mma####.com//MMPIC/13/300011852613/logo140x1406072939813_...
- cdnp####.f####.mma####.com//MMPIC/15/300011852615/logo140x1403744974785_...
- cdnp####.f####.mma####.com//MMPIC/15/300011880315/logo140x1407108234628_...
- cdnp####.f####.mma####.com//MMPIC/16/300011008316/logo140x1407124113698_...
- cdnp####.f####.mma####.com//MMPIC/17/300011008317/logo140x1403070739353_...
- cdnp####.f####.mma####.com//MMPIC/18/300011858318/logo140x1405916065369_...
- cdnp####.f####.mma####.com//MMPIC/18/300011859418/logo140x1406421782470_...
- cdnp####.f####.mma####.com//MMPIC/18/300011885718/logo140x1407042983445_...
- cdnp####.f####.mma####.com//MMPIC/19/300002868019/logo140x1406009970410_...
- cdnp####.f####.mma####.com//MMPIC/19/300009688219/logo140x1404125661019_...
- cdnp####.f####.mma####.com//MMPIC/2/300007996602/logo140x1406537958076_s...
- cdnp####.f####.mma####.com//MMPIC/2/300011878302/logo140x1405127089910_s...
- cdnp####.f####.mma####.com//MMPIC/21/300011006621/logo140x1403765180276_...
- cdnp####.f####.mma####.com//MMPIC/22/300009642222/logo140x1404284020656_...
- cdnp####.f####.mma####.com//MMPIC/23/300011853723/logo140x1407192384235_...
- cdnp####.f####.mma####.com//MMPIC/24/300008366824/logo140x1407112162922_...
- cdnp####.f####.mma####.com//MMPIC/24/300011870724/logo140x1406413950166_...
- cdnp####.f####.mma####.com//MMPIC/25/300008957825/logo140x1407216253523_...
- cdnp####.f####.mma####.com//MMPIC/25/300011869725/logo140x1407488757908_...
- cdnp####.f####.mma####.com//MMPIC/27/300011007627/logo140x1406604697711_...
- cdnp####.f####.mma####.com//MMPIC/28/300011885128/logo140x1407481099657_...
- cdnp####.f####.mma####.com//MMPIC/29/300009810529/logo140x1407142088317_...
- cdnp####.f####.mma####.com//MMPIC/29/300011883429/logo140x1405560664471_...
- cdnp####.f####.mma####.com//MMPIC/3/300011852603/logo140x1401824687677_s...
- cdnp####.f####.mma####.com//MMPIC/30/300009240030/logo140x1406245490565_...
- cdnp####.f####.mma####.com//MMPIC/31/300011853831/logo140x1403826879472_...
- cdnp####.f####.mma####.com//MMPIC/31/300011857931/logo140x1405640538975_...
- cdnp####.f####.mma####.com//MMPIC/32/300009880232/logo140x1406166804281_...
- cdnp####.f####.mma####.com//MMPIC/35/300000863435/logo140x1405662147231_...
- cdnp####.f####.mma####.com//MMPIC/35/300009197635/logo140x1407384572014_...
- cdnp####.f####.mma####.com//MMPIC/35/300011860335/logo140x1406444881674_...
- cdnp####.f####.mma####.com//MMPIC/36/300011857236/logo140x1407385030715_...
- cdnp####.f####.mma####.com//MMPIC/37/300010936337/logo140x1406425550130_...
- cdnp####.f####.mma####.com//MMPIC/4/300009968304/logo140x1403763399726_s...
- cdnp####.f####.mma####.com//MMPIC/43/300010986643/logo140x1407015343880_...
- cdnp####.f####.mma####.com//MMPIC/44/300011014744/logo140x1407434519537_...
- cdnp####.f####.mma####.com//MMPIC/44/300011857044/logo140x1404972687837_...
- cdnp####.f####.mma####.com//MMPIC/47/300011882447/logo140x1404775702249_...
- cdnp####.f####.mma####.com//MMPIC/48/300011856948/logo140x1407303164862_...
- cdnp####.f####.mma####.com//MMPIC/48/300011870648/logo140x1403839716861_...
- cdnp####.f####.mma####.com//MMPIC/48/300011880248/logo140x1403857127371_...
- cdnp####.f####.mma####.com//MMPIC/5/300009670205/logo140x1405570045846_s...
- cdnp####.f####.mma####.com//MMPIC/50/300011882750/logo140x1400626672500_...
- cdnp####.f####.mma####.com//MMPIC/50/300011884150/logo140x1405500405815_...
- cdnp####.f####.mma####.com//MMPIC/51/300011877651/logo140x1404177397780_...
- cdnp####.f####.mma####.com//MMPIC/52/300011014652/logo140x1407039386802_...
- cdnp####.f####.mma####.com//MMPIC/52/300011880352/logo140x1403069673971_...
- cdnp####.f####.mma####.com//MMPIC/53/300011852553/logo140x1402533391148_...
- cdnp####.f####.mma####.com//MMPIC/53/300011884153/logo140x1405325474830_...
- cdnp####.f####.mma####.com//MMPIC/53/300011885353/logo140x1404797742773_...
- cdnp####.f####.mma####.com//MMPIC/55/300002470355/logo5_src.jpg
- cdnp####.f####.mma####.com//MMPIC/55/300011884155/logo140x1407129345587_...
- cdnp####.f####.mma####.com//MMPIC/56/300011000456/logo140x1407631485884_...
- cdnp####.f####.mma####.com//MMPIC/57/300010060457/logo140x1407023380368_...
- cdnp####.f####.mma####.com//MMPIC/58/300010994458/logo140x1403069021879_...
- cdnp####.f####.mma####.com//MMPIC/58/300011002558/logo140x1406594183040_...
- cdnp####.f####.mma####.com//MMPIC/58/300011872858/logo140x1407133461816_...
- cdnp####.f####.mma####.com//MMPIC/59/300011882459/logo140x1406007150282_...
- cdnp####.f####.mma####.com//MMPIC/59/300011884159/logo140x1407303918218_...
- cdnp####.f####.mma####.com//MMPIC/6/300011008206/logo140x1402536821785_s...
- cdnp####.f####.mma####.com//MMPIC/6/300011884206/logo140x1407489285079_s...
- cdnp####.f####.mma####.com//MMPIC/60/300011868760/logo140x1406439263534_...
- cdnp####.f####.mma####.com//MMPIC/61/300011862661/logo140x1407210067478_...
- cdnp####.f####.mma####.com//MMPIC/62/300010040362/logo140x1406604584130_...
- cdnp####.f####.mma####.com//MMPIC/62/300011857662/logo140x1405573717391_...
- cdnp####.f####.mma####.com//MMPIC/63/300010990363/logo140x1407124914459_...
- cdnp####.f####.mma####.com//MMPIC/63/300011857763/logo140x1407607228732_...
- cdnp####.f####.mma####.com//MMPIC/63/300011868863/logo140x1407301648496_...
- cdnp####.f####.mma####.com//MMPIC/65/300011857765/logo140x1402532764914_...
- cdnp####.f####.mma####.com//MMPIC/65/300011884065/logo140x1406441231382_...
- cdnp####.f####.mma####.com//MMPIC/66/300010214366/logo140x1406596250651_...
- cdnp####.f####.mma####.com//MMPIC/67/300011002567/logo140x1407142587786_...
- cdnp####.f####.mma####.com//MMPIC/67/300011854067/logo140x1407286175726_...
- cdnp####.f####.mma####.com//MMPIC/67/300011884067/logo140x1407398492341_...
- cdnp####.f####.mma####.com//MMPIC/68/300010990368/logo140x1406095468134_...
- cdnp####.f####.mma####.com//MMPIC/68/300011877268/logo140x1406505375461_...
- cdnp####.f####.mma####.com//MMPIC/7/300009486307/logo140x1403758763813_s...
- cdnp####.f####.mma####.com//MMPIC/70/300011014670/logo140x1406101541542_...
- cdnp####.f####.mma####.com//MMPIC/71/300011846571/logo140x1406192506180_...
- cdnp####.f####.mma####.com//MMPIC/71/300011885371/logo140x1407214223048_...
- cdnp####.f####.mma####.com//MMPIC/72/300008705372/logo140x1407982694031_...
- cdnp####.f####.mma####.com//MMPIC/72/300010176372/logo140x1401573513041_...
- cdnp####.f####.mma####.com//MMPIC/72/300011012572/logo140x1404693885127_...
- cdnp####.f####.mma####.com//MMPIC/73/300011002573/logo140x1405575969863_...
- cdnp####.f####.mma####.com//MMPIC/74/300010334374/logo140x1402114702286_...
- cdnp####.f####.mma####.com//MMPIC/74/300011870174/logo140x1407309083985_...
- cdnp####.f####.mma####.com//MMPIC/75/300011884075/logo140x1407398955685_...
- cdnp####.f####.mma####.com//MMPIC/78/300011886578/logo140x1406177714345_...
- cdnp####.f####.mma####.com//MMPIC/79/300002827079/logo140x1405658531582_...
- cdnp####.f####.mma####.com//MMPIC/79/300011862779/logo140x1403807672315_...
- cdnp####.f####.mma####.com//MMPIC/8/300011002508/logo140x1403588848111_s...
- cdnp####.f####.mma####.com//MMPIC/8/300011885308/logo140x1404718693526_s...
- cdnp####.f####.mma####.com//MMPIC/80/300002704380/logo140x1407369647347_...
- cdnp####.f####.mma####.com//MMPIC/80/300011857980/logo140x1407192236982_...
- cdnp####.f####.mma####.com//MMPIC/81/300011858881/logo140x1406178772965_...
- cdnp####.f####.mma####.com//MMPIC/81/300011883881/logo140x1407365060166_...
- cdnp####.f####.mma####.com//MMPIC/83/300009838183/logo140x1406182186866_...
- cdnp####.f####.mma####.com//MMPIC/83/300011859083/logo140x1406437935239_...
- cdnp####.f####.mma####.com//MMPIC/85/300009598185/logo140x1407105171165_...
- cdnp####.f####.mma####.com//MMPIC/85/300011860085/logo140x1407031174028_...
- cdnp####.f####.mma####.com//MMPIC/85/300011883885/logo140x1406602909936_...
- cdnp####.f####.mma####.com//MMPIC/88/300009328288/logo140x1403763741680_...
- cdnp####.f####.mma####.com//MMPIC/90/300011853790/logo140x1406609658830_...
- cdnp####.f####.mma####.com//MMPIC/91/300011742391/logo140x1407288866980_...
- cdnp####.f####.mma####.com//MMPIC/92/300011524392/logo140x1407373867821_...
- cdnp####.f####.mma####.com//MMPIC/95/300009508195/logo140x1405569474259_...
- cdnp####.f####.mma####.com//MMPIC/95/300011160395/logo140x1401751434899_...
- cdnp####.f####.mma####.com//MMPIC/95/300011859195/logo140x1405581896124_...
- cdnp####.f####.mma####.com//MMPIC/95/300011864295/logo140x1407212693406_...
- cdnp####.f####.mma####.com//MMPIC/96/300009630196/logo140x1402013258721_...
- cdnp####.f####.mma####.com//MMPIC/96/300011106396/logo5_src.jpg
- cdnp####.f####.mma####.com//MMPIC/96/300011340396/logo140x1405925333056_...
- cdnp####.f####.mma####.com//MMPIC/97/300008353297/logo140x1406010177379_...
- cdnp####.f####.mma####.com//MMPIC/97/300011885497/logo140x1404967377153_...
- cdnp####.f####.mma####.com//MMPIC/98/300011884998/logo140x1405899006724_...
- cdnp####.f####.mma####.com//MMPIC/99/300002877799/logo140x1406270389176_...
- cdnp####.f####.mma####.com//MMPIC/99/300008219099/logo140x1402301608652_...
- cdnp####.f####.mma####.com//MMPIC/99/300011853099/logo140x1406264147813_...
- p####.mma####.com/AssPage/common/common.js?v=####
- p####.mma####.com/AssPage/resources/jquery/jquery-3.3.1.min.js
- p####.mma####.com/AssPage/resources/js/base64.js
- p####.mma####.com/AssPage/scanindex/css/base.css
- p####.mma####.com/AssPage/scanindex/css/index.css
- p####.mma####.com/AssPage/scanindex/css/indexty.css
- p####.mma####.com/AssPage/scanindex/css/mescroll.min.css
- p####.mma####.com/AssPage/scanindex/css/mui.min.css
- p####.mma####.com/AssPage/scanindex/images/adz_i.png
- p####.mma####.com/AssPage/scanindex/images/bg_yj.jpg
- p####.mma####.com/AssPage/scanindex/images/chf.png
- p####.mma####.com/AssPage/scanindex/images/cll.png
- p####.mma####.com/AssPage/scanindex/images/gif.gif
- p####.mma####.com/AssPage/scanindex/images/jian_ko.png
- p####.mma####.com/AssPage/scanindex/images/lan_s.jpg
- p####.mma####.com/AssPage/scanindex/images/mlblv4.png
- p####.mma####.com/AssPage/scanindex/images/t_op.png
- p####.mma####.com/AssPage/scanindex/images/xz_img.png
- p####.mma####.com/AssPage/scanindex/images/yhbl.png
- p####.mma####.com/AssPage/scanindex/images/yu_j.png
- p####.mma####.com/AssPage/scanindex/js/banner_new.js?v=####
- p####.mma####.com/AssPage/scanindex/js/indexty.js?v=####
- p####.mma####.com/AssPage/scanindex/js/mescroll.min.js?v=####
- p####.mma####.com/AssPage/scanindex/js/mui.min.js?v=####
- p####.mma####.com/AssPage/scanindex/js/resize.js
- p####.mma####.com/AssPage/scanindex/js/resize.js?v=####
- p####.mma####.com/AssPage/scanindex/js/scanner.js?v=####
- p####.mma####.com/AssPage/scanner/areadetail.html?packid=####&ma=####
- p####.mma####.com/AssPage/scanner/index.html?ma=####
- p####.mma####.com/MobileAss/resources/upload/adpic/160b0a98-5006-446c-8f...
- p####.mma####.com/MobileAss/resources/upload/adpic/23539917-be2b-47cc-96...
- p####.mma####.com/MobileAss/resources/upload/adpic/236258a1-0cc8-4511-a3...
- p####.mma####.com/MobileAss/resources/upload/adpic/3146efee-0c2f-4873-bb...
- p####.mma####.com/MobileAss/resources/upload/adpic/5c06f989-a919-4416-be...
- p####.mma####.com/MobileAss/resources/upload/adpic/a059b1e4-5ee6-41cf-a0...
- p####.mma####.com/MobileAss/resources/upload/adpic/a9365053-558e-42f8-a9...
- p####.mma####.com/MobileAss/resources/upload/adpic/b968474c-beea-4fb4-a6...
- p####.mma####.com/MobileAss/resources/upload/adpic/ddcf3512-a1f8-489d-b5...
- p####.mma####.com/MobileAss/resources/upload/adpic/fae6ce72-3765-4b0d-9b...
- p####.mma####.com/download/android/066df74b-221e-4867-9f7b-fba5dd30dffd....
- p####.mma####.com/download/android/0fd2d45b-f233-4709-9a6e-4c8e5402c282....
- p####.mma####.com/download/android/2bd6b4d8-fb42-4a35-8df8-0a91cad4267c....
- p####.mma####.com/download/android/3f1c64ba-c6fd-4fde-a3c7-871c9403d21e....
- p####.mma####.com/download/android/6068cb7d-cec5-4778-98db-995658d729a5....
- p####.mma####.com/download/android/79966a80-edf3-4d45-a297-0e45cb374e81....
- p####.mma####.com/download/android/7f43f31e-8010-470b-b3a8-3cd29df7e03c....
- p####.mma####.com/download/android/c83f5b27-f2cc-42c2-a49b-4e2138f3ebfd....
- qin####.com.www.####.com/tdata_EDT369
- t####.c####.q####.####.com/config/hz-hzv6.conf
- t####.c####.q####.####.com/tdata_LsR975
- t####.c####.q####.####.com/tdata_RyW085
- t####.c####.q####.####.com/tdata_YYn966
- t####.c####.q####.####.com/tdata_lOE499
Запросы HTTP POST:
- aexcep####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- c-h####.g####.com/api.php?format=####&t=####
- p####.mma####.com/AssPage/commonjson.html
- p####.mma####.com/MobileAss/getTime.html
- p####.mma####.com/Webservice/httpjson
- p####.mma####.com/Webservice/interfaces
- p####.mma####.com/si/keepalive.do
- p####.mma####.com:8081/currentTime.do
- p####.mma####.com:8081/fusionUpPhone.do
- sdk-ope####.g####.com/api.php?format=####&t=####
- sdk-ope####.g####.com/api.php?format=####&t=####&d=####&k=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/1fba3c238bedeadf59ac15da90e449be8e89f2936893043....0.tmp
- /data/data/####/24a4f90a1f9c2cc79c7a9d653f1910e70b1c1f5f99738a5....0.tmp
- /data/data/####/25628d221eaa2f67756fe98446ce3f9592ad8a2a71eb69c....0.tmp
- /data/data/####/2a14cf31f4aecc20162c2de4f001aea3e59ca796b9ed944....0.tmp
- /data/data/####/37d69c206f4d
- /data/data/####/45c2b2d67cf3e7a4d6aec5fe254ab06778cd5eef4dccf6e....0.tmp
- /data/data/####/6901bdb2b53f80dd21d96bfbc6e49b22a35444a496e3241....0.tmp
- /data/data/####/78e8fc527a51d0ace1272f5060329f373d6327f1885e2ea....0.tmp
- /data/data/####/935ba968e18f3408ee9d73fb3403fcbf4f2ab66c972d984....0.tmp
- /data/data/####/AUTO_MAIL_SDK.xml
- /data/data/####/a8ed10c740c216e8c93683d6f4e6b59ccd9a38bf3d0b523....0.tmp
- /data/data/####/ace057b8f98ab4964b588df5957c1dbce3bc22cf2e895a2....0.tmp
- /data/data/####/b0d5426742f05631a4c796cfde6b80814e4e97c13ca7cd0....0.tmp
- /data/data/####/bugly_db_legu-journal
- /data/data/####/com.cmic.mmassistant.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/db4b3fa426798dac311e0b77568f5b093f068416268a7b5....0.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/fdcf8211c16598cc7557beb415d776c085283f7b0fa9654....0.tmp
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gkt-journal
- /data/data/####/gx_sp.xml
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/journal.tmp
- /data/data/####/libkh_x86_5.4.2.3.soo
- /data/data/####/libnfix.so
- /data/data/####/libshella-3.0.0.0.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/mix.dex
- /data/data/####/mm_db-journal
- /data/data/####/native_record_lock
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushk.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/quick_login_android_5.4.2.3.180707.jar
- /data/data/####/run.pid
- /data/data/####/scan_assist-journal
- /data/data/####/sdk.db-journal
- /data/data/####/security_info
- /data/data/####/ssoconfigs.xml
- /data/data/####/tdata_LsR975
- /data/data/####/tdata_LsR975.jar
- /data/data/####/tdata_RyW085
- /data/data/####/tdata_RyW085.jar
- /data/data/####/tdata_YYn966
- /data/data/####/tdata_YYn966.jar
- /data/data/####/tdata_lOE499
- /data/data/####/tdata_lOE499.jar
- /data/data/####/triffi_stat3-journal
- /data/data/####/updateconfig.xml
- /data/data/####/updateconfig.xml.bak (deleted)
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/app.db
- /data/media/####/applog
- /data/media/####/com.cmic.mmassistant.bin
- /data/media/####/com.cmic.mmassistant.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/gkt-journal
- /data/media/####/gktper
- /data/media/####/tdata_LsR975
- /data/media/####/tdata_RyW085
- /data/media/####/tdata_YYn966
- /data/media/####/tdata_lOE499
- /data/media/####/test.log
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/cn.richinfo.scanassist.push.PushServiceEx 25027 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-3.0.0.0.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- chmod 777 <Package Folder>/chkproc
- dd if=<Package Folder>/lib/libchkproc.so of=<Package Folder>/chkproc
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
- mount
- ps
- sh
Загружает динамические библиотеки:
- Bugly
- FieldAssistant
- MMKey
- getuiext2
- libkh_x86_5.4.2.3
- libnfix
- libshella-3.0.0.0
- libufix
- mmtraffic
- nfix
- ufix
Использует следующие алгоритмы для шифрования данных:
- AES-CFB-NoPadding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
