Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Spy.127.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) d####.g####.p####.com:80
- TCP(HTTP/1.1) recom####.p####.com:80
- TCP(HTTP/1.1) t####.p####.com:80
- TCP(HTTP/1.1) i####.com:80
- TCP(HTTP/1.1) webcdn-####.g####.p####.com:80
- TCP(HTTP/1.1) ws####.su####.com:80
- TCP(HTTP/1.1) s####.p####.com:80
- TCP(HTTP/1.1) htt####.su####.com:80
- TCP(HTTP/1.1) res####.a####.com:80
- TCP(HTTP/1.1) api.usergr####.p####.com:80
- TCP(HTTP/1.1) web-st####.g####.p####.com:80
- TCP(TLS/1.0) recom####.p####.com:443
- TCP(TLS/1.0) 2####.58.208.110:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) api.usergr####.p####.com:443
- TCP(TLS/1.0) s####.su####.com:443
- TCP(TLS/1.0) r####.wx.qq.####.com:443
Запросы DNS:
- a####.api.p####.com
- a####.u####.co
- a####.u####.com
- ac####.d####.pp####.com
- api####.a####.com
- api.ddp.vip.####.com
- api.pass####.p####.com
- api.usergr####.p####.com
- app.a####.p####.com
- c1.p####.com
- cld####.mo####.p####.com
- com####.p####.com
- gro####.p####.com
- hm.b####.com
- i####.com
- i####.pp####.cn
- i####.pp####.cn
- i####.su####.cn
- ios.syna####.com
- m####.api.p####.com
- ppi.api.p####.com
- r####.wx.qq.com
- recom####.p####.com
- res.su####.cn
- s####.p####.com
- s####.su####.com
- s1.pp####.cn
- sa.su####.cn
- sp####.mo####.p####.com
- sr1.pp####.cn
- sr1.pp####.com
- sr2.pp####.cn
- sr2.pp####.com
- sr3.pp####.cn
- sr3.pp####.com
- sr4.pp####.cn
- sr4.pp####.com
- sta####.pp####.cn
- t####.p####.com
- way.p####.com
- we####.pp####.cn
- web.d####.pp####.com
- zt.p####.com
Запросы HTTP GET:
- api.usergr####.p####.com/get/aphone?index=####&appplt=####&ustr=gu####&d...
- api.usergr####.p####.com/getUserCreditDoublePolicy?appid=####&from=####&...
- api.usergr####.p####.com/pcardInfo/getMonthPcard?username=####&from=####...
- api.usergr####.p####.com/ticket/total?appid=####&username=####&format=##...
- api.usergr####.p####.com/v3/query/usermessage.do?username=####&appplt=##...
- api.usergr####.p####.com/v6/流风清音/Favorites?version=####&from=####
- api.usergr####.p####.com/v6/流风清音/Recent?version=####&from=####
- api.usergr####.p####.com/wx/getWxShareInfo?url=http://zt.pptv.com/tv/201...
- d####.g####.p####.com/1.html?sdPg0uX####
- d####.g####.p####.com/pc/1.html?plt=mobile&title=五月专题_PP视频&t=4360&pt=cms...
- d####.g####.p####.com/pe/1.html?et=js&adr=http://zt.pptv.com/tv/2019zt/M...
- d####.g####.p####.com/pv/1.html?plt=mobile&title=五月专题_PP视频&adr=/zt.pptv....
- htt####.su####.com/cc.js
- htt####.su####.com/js.gif?id=155818143100379659&t=1&i=dc6f10c6&v=SSAJS-1...
- htt####.su####.com/js.gif?id=155818143106867642&t=13&i=dc6f10c6&v=SSAJS-...
- i####.com/irt?_iwt_UA=####&jsonp=####
- recom####.p####.com/puid/get?cb=####&format=####&_=####
- recom####.p####.com/stg/get?&cb=####&format=####&key=####&max_len=####&e...
- s####.p####.com/public/ppi?appid=####&appplt=####&tk=####&cc=####&appver...
- s####.p####.com/v7/流风清音/Barrage/all?from=####&version=####&tk=####
- t####.p####.com/
- web-st####.g####.p####.com/analytics/iwt-min.js?v=####
- web-st####.g####.p####.com/cms/10/09/04c2ad675702522ae2ba87fc2889fbf7.jpg
- web-st####.g####.p####.com/cms/11/05/88b043f06328e438f903e238dd163ba5.jpg
- web-st####.g####.p####.com/cms/11/56/fc55ac3c11781aa49f4d2094e68a5161.jpg
- web-st####.g####.p####.com/cms/11/58/06de8b64a3406c83edb952cbf8efcd09.jpg
- web-st####.g####.p####.com/cms/11/65/baa2655e0cb10e55c4fd1631f192abbd.jpg
- web-st####.g####.p####.com/cms/12/33/e645ceffce9243d361c16ea9a81bb6c2.jpg
- web-st####.g####.p####.com/cms/12/77/83e9094c59a92859dddb3b8bd8b9a683.jpg
- web-st####.g####.p####.com/cms/13/44/9257cd98ef9c34cb02790a6ed53646bd.jpg
- web-st####.g####.p####.com/cms/13/73/c0a4bea8cfd59562b65f3448f6c5691f.jpg
- web-st####.g####.p####.com/cms/14/24/5c9669e7ad1657879ff752e651ac9876.jpg
- web-st####.g####.p####.com/cms/14/24/d2b37f1e306938e9e0bf1ade235e24f3.png
- web-st####.g####.p####.com/cms/14/71/05448b100e89bfc28063e4939179d9d7.jpg
- web-st####.g####.p####.com/cms/15/13/0e25a632146f3204a6c17e2bac091659.jpg
- web-st####.g####.p####.com/cms/16/27/711f531d4fdd9fca04e94405bd9d6676.jpg
- web-st####.g####.p####.com/cms/16/35/c66c61fda8eb103aaf86bdf565afa2bc.png
- web-st####.g####.p####.com/cms/17/12/3b81b2cc451e0a5eb7423eb09bd087ee.jp...
- web-st####.g####.p####.com/cms/17/48/b959734de2afa07d8b93e75a83c79946.jpg
- web-st####.g####.p####.com/cms/19/10/e42c1f9c501fafe5eae51be8724225b1.jpg
- web-st####.g####.p####.com/cms/19/13/de5f123f0eea25fd412227ae7e36c196.png
- web-st####.g####.p####.com/cms/19/60/23408313bc4576c457903d42797102db.jpg
- web-st####.g####.p####.com/cms/19/92/742cf6fc10870591fc628c72fc47ead5.jpg
- web-st####.g####.p####.com/cms/20/48/3ca7889db8b07c62dc914a2201694f8e.png
- web-st####.g####.p####.com/cms/21/25/531474103412500ea53291b45f831efc.jpg
- web-st####.g####.p####.com/cms/22/22/e56c7e4a51e1717696248e36830d0f59.jpg
- web-st####.g####.p####.com/cms/22/51/7b6ef9e6a594d9915e36bfe8539cb704.jpg
- web-st####.g####.p####.com/cms/23/75/f8b8200f43fcaad5eda0afae66fb31e6.jpg
- web-st####.g####.p####.com/cms/24/68/da4d0a1a503b296131941dda5ea71f9f.jpg
- web-st####.g####.p####.com/cms/24/88/35a27c7a0568bf2ee674f7b36b9751e9.jpg
- web-st####.g####.p####.com/cms/25/38/d242a0889945a9ade099d2c939863583.jpg
- web-st####.g####.p####.com/cms/25/62/f6f7a0f2ab53b5d8c5f1967e379cbaa0.jpg
- web-st####.g####.p####.com/cms/25/91/84e50943057e2f89c912629c2197edb1.jpg
- web-st####.g####.p####.com/cms/26/75/207855ec7b873e10e448d4418968011e.jpg
- web-st####.g####.p####.com/cms/26/90/7625d5b656d1a648c9690425f2e67217.jpg
- web-st####.g####.p####.com/cms/27/08/6a98a60935024c94fde108d88384065f.jpg
- web-st####.g####.p####.com/cms/29/62/aeff533f5f2fad0a6a21d67c984668ce.jpg
- web-st####.g####.p####.com/cms/30/30/0a86b496dcf7848096c092bb27c95bfc.jpg
- web-st####.g####.p####.com/cms/31/18/9c29e7ace8225eb03439747765157bff.jpg
- web-st####.g####.p####.com/cms/31/42/00d5af9df32c9d77ba79563cc417cbbc.jpg
- web-st####.g####.p####.com/cms/32/60/c7f13455c1b3e8c55c8c4eda04e5ff41.jpg
- web-st####.g####.p####.com/cms/34/21/4a6362dc2579005cb449f7f7c5188279.jpg
- web-st####.g####.p####.com/cms/34/44/2848a0e0217f8ba1b068d786bb41a45e.jpg
- web-st####.g####.p####.com/cms/34/55/1a81614448698f8e48eae379c963a7f7.jpg
- web-st####.g####.p####.com/cms/35/29/1d283e369258bc6b9fc55798ac5b5202.jpg
- web-st####.g####.p####.com/cms/35/53/5cbec9231bc112f376028069ebd2fb0b.gif
- web-st####.g####.p####.com/cms/35/60/f804d6486b8c0a048d16d2e50c0f3861.jpg
- web-st####.g####.p####.com/cms/36/99/3edbf2600f71324867f5d9f5249ab76d.jpg
- web-st####.g####.p####.com/cms/37/98/84d1c30bdfff59469f44da706b8383d0.jpg
- web-st####.g####.p####.com/cms/38/38/1f98b08d491fe243cf37e9e3a9958793.png
- web-st####.g####.p####.com/cms/39/35/f5e255e4cbf8c6ace832ba82d318d983.png
- web-st####.g####.p####.com/cms/40/05/a6d4f0ed8070a78d31ce018d3cedce4d.jpg
- web-st####.g####.p####.com/cms/40/08/420462a279acbe7b942cfe917564f7bb.png
- web-st####.g####.p####.com/cms/40/09/efc3028787400f6f6ded4b79cc6328ea.jpg
- web-st####.g####.p####.com/cms/41/17/3f62c83403d2abdba054b0a04a69c396.png
- web-st####.g####.p####.com/cms/41/46/ae9dc76632409e0815c42d5655d5c4fa.png
- web-st####.g####.p####.com/cms/41/58/53175de1be991fe2dceb28ebde8b00ca.jpg
- web-st####.g####.p####.com/cms/42/43/f355ff2123b529d65034f9feaa983699.jpg
- web-st####.g####.p####.com/cms/42/44/6275b2cd05b5554c9a8ce81839003de7.png
- web-st####.g####.p####.com/cms/44/61/bdff0d54bb8d2a9038d69ff950b6a3d3.jpg
- web-st####.g####.p####.com/cms/51/72/632ebc273424907f8277a69114373183.jpg
- web-st####.g####.p####.com/cms/53/88/652cc9ab8aaaf7091a02fa0c7983c276.jpg
- web-st####.g####.p####.com/cms/63/33/e624ab92ecebabc6c87263e5d315de5e.gif
- web-st####.g####.p####.com/cms/76/14/484b85dd63a236fdc74e7b451865dbc2.jpg
- web-st####.g####.p####.com/cms/98/06/dfcfafcd02d7482f34c8774da0a4b933.jpg
- web-st####.g####.p####.com/cms/macrocms/pub/css/v_20150813141548/images/...
- web-st####.g####.p####.com/cms/macrocms/pub/js/commonModules/v_201902191...
- web-st####.g####.p####.com/cms/macrocms/pub/js/lib/v_20180912155555/lib.js
- web-st####.g####.p####.com/corporate/player/v_20170304165032/css/go.png
- web-st####.g####.p####.com/head/back_top/images/1537252143304.png
- web-st####.g####.p####.com/head/download/1502789192508.js
- web-st####.g####.p####.com/images/2017/07/17/12040797364.gif
- web-st####.g####.p####.com/lpic/03d/3c7/555/319b537694d90ec9e19bdd79ce4e...
- web-st####.g####.p####.com/lpic/14e/e16/4fa/67bbbb3286c4e055890edfee6cd4...
- web-st####.g####.p####.com/lpic/1c9/347/a5f/5e8b55a762683018720355aaa50c...
- web-st####.g####.p####.com/lpic/2a2/471/b28/f7c3fda294ab97cbf185735ea93f...
- web-st####.g####.p####.com/lpic/34e/8d4/055/697d9911c7de6d1d31edcbe4b7f8...
- web-st####.g####.p####.com/lpic/34f/c9c/038/bd2c61f50606c9791897ed5f37db...
- web-st####.g####.p####.com/lpic/3b0/72d/a26/b9e831e1ecee0a1c40229b1f1e02...
- web-st####.g####.p####.com/lpic/3fd/d0c/b40/1226c621b1885e1f022c84db043d...
- web-st####.g####.p####.com/lpic/4aa/79e/3c6/0cd1f90527dff999f06e606a10ea...
- web-st####.g####.p####.com/lpic/627/a8b/893/025ef89c5b866b3bf9c8a720462c...
- web-st####.g####.p####.com/lpic/665/7c3/26f/212da4d69887801eb643ae08e70f...
- web-st####.g####.p####.com/lpic/6a3/050/974/340d82145c90c38aa24ba1f20504...
- web-st####.g####.p####.com/lpic/711/11c/502/d6c778947ae18f27233fc9acc126...
- web-st####.g####.p####.com/lpic/8f3/6f9/319/5ac4ba9f78bb97b7b85a69197c2c...
- web-st####.g####.p####.com/lpic/9c8/a62/fde/549c02c84aaa7f9d313f81d39cf8...
- web-st####.g####.p####.com/lpic/a1b/e75/24a/123fb2cf66cb6dc5689b194229b2...
- web-st####.g####.p####.com/lpic/bb5/7f2/662/4a5283bfd743f3e9e9c25c826253...
- web-st####.g####.p####.com/lpic/bdc/c29/d05/d8a327ea7275ea9dd6bcd3c77bc6...
- web-st####.g####.p####.com/lpic/be7/e55/6e7/5d999810b19c221c8ebd147a53c9...
- web-st####.g####.p####.com/lpic/beb/ddd/6e9/acbd2ce6346bae749d76fe1ec0ad...
- web-st####.g####.p####.com/lpic/ce3/929/4c3/73c4a0ddb077e5d4a87fb979a56d...
- web-st####.g####.p####.com/lpic/eb0/cd3/81e/5783c5e91b063c01e738ac8ae56d...
- web-st####.g####.p####.com/lpic/ec4/c42/6f2/63862f99377cf076907cb63c4a42...
- web-st####.g####.p####.com/lpic/f2b/82c/c6e/9cd0be6d82d7d86627dca7d79a80...
- web-st####.g####.p####.com/mcms/nav/images/1508236788126.svg
- web-st####.g####.p####.com/mobile/kbm_demo/download/1423539588463.png
- web-st####.g####.p####.com/mobile/kbm_demo/km_t0064/download/15469417117...
- web-st####.g####.p####.com/mobile/msite/v_20171207165622_0e0bed3b/dist/a...
- web-st####.g####.p####.com/oth/2012/10/jssdk/v_20150408155209/jsbridge.js
- web-st####.g####.p####.com/oth/2012/11/comment/images/v_20121204174418/f...
- web-st####.g####.p####.com/pc_client/v_20181115152723_e5c5d5/clt.js
- web-st####.g####.p####.com/pptv/main/v_20150527154446/dist/util/webp.js
- web-st####.g####.p####.com/pub/adaptation-size/v_20141113164552/daptatio...
- web-st####.g####.p####.com/pub/cookie/v_20121102122826/cookie.js
- web-st####.g####.p####.com/pub/delayload/v_20150527154559/delayload.js
- web-st####.g####.p####.com/pub/history/v_20140429111808/history.js
- web-st####.g####.p####.com/pub/jquery/v_20130812110929/jquery.js
- web-st####.g####.p####.com/pub/json/v_20120830104551/json.js
- web-st####.g####.p####.com/pub/log/v_20140508173915/log.js
- web-st####.g####.p####.com/pub/mobile/v_20140724165225/css/mobile_base.css
- web-st####.g####.p####.com/pub/mobile/v_20140815183512/mobile.js
- web-st####.g####.p####.com/pub/p/v_20120817152541/css/app_popbox.css
- web-st####.g####.p####.com/pub/pctx/v_20120919172616/pctx.js
- web-st####.g####.p####.com/pub/popbox/v_20180927181313_13f8e7/popbox.js
- web-st####.g####.p####.com/pub/puid/v_20120813152810/puid.js
- web-st####.g####.p####.com/pub/sctx/v_20130807180208/sctx.js
- web-st####.g####.p####.com/pub/seajs/v_20140508120050/sea.js
- web-st####.g####.p####.com/pub/suggest/v_20140520165925/suggest.js
- web-st####.g####.p####.com/pub/user/v_20181017101718/user.js
- web-st####.g####.p####.com/sp120/2018/09/28/11203118046.jpg
- web-st####.g####.p####.com/sp120/2018/10/26/15153471979.jpg
- web-st####.g####.p####.com/sp120/2019/04/09/11233195469.jpg
- web-st####.g####.p####.com/sp120/2019/04/22/21302637055.jpg
- web-st####.g####.p####.com/sp120/2019/04/23/19430344872.jpg
- web-st####.g####.p####.com/sta.js?debug=####
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300140/images/1556434670...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300140/images/1556434689...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556434769...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556434818...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556434845...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556434876...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556434921...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556434995...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556435060...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300141/images/1556435114...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300142/images/1556435260...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300142/images/1556435312...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300142/images/1556436038...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300142/images/1556436061...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300143/images/1556436355...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300143/images/1556436361...
- web-st####.g####.p####.com/tv/2019zt/MAY/column_300346/images/1556434739...
- web-st####.g####.p####.com/tv/2019zt/MAY/images/1556608856246.jpg
- web-st####.g####.p####.com/website/web/common/v_20181018105443_3b340e/di...
- web-st####.g####.p####.com/website/web/vendor/v_20181022100606_e5222a/di...
- webcdn-####.g####.p####.com/api/v1/show.json/?ids=####&pg=####&ps=####&t...
- webcdn-####.g####.p####.com/check_update?platform=####&appplt=####&osv=#...
- webcdn-####.g####.p####.com/competition/v1/list
- webcdn-####.g####.p####.com/competitionschedule/v1/list?competitionid=####
- webcdn-####.g####.p####.com/control?ver=####&userLevel=####&platform=###...
- webcdn-####.g####.p####.com/dy/
- webcdn-####.g####.p####.com/generalConfig?platform=####&appplt=####&conf...
- webcdn-####.g####.p####.com/generalConfig?platform=####&configkey=####&a...
- webcdn-####.g####.p####.com/getConfig?ZGV2aWNlaWQ9MzU2NTA3MDU5MzUxODk1Jm...
- webcdn-####.g####.p####.com/globalConfig?platform=####&appplt=####&osv=#...
- webcdn-####.g####.p####.com/manual_update?platform=####&appplt=####&osv=...
- webcdn-####.g####.p####.com/recommend_pop/
- webcdn-####.g####.p####.com/tv/2019zt/MAY/index.html?plt=####
- webcdn-####.g####.p####.com/v4/module?lang=####&platform=####&appid=####...
- ws####.su####.com/project/ssa/script/dc6f10c6/ssa.js
Запросы HTTP POST:
- a####.u####.com/app_logs
- d####.g####.p####.com/event/1.html
- recom####.p####.com/usertag?uid=####&num=####&vipUser=####&appplt=####&a...
- res####.a####.com/v3/log/init
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/MATSharedPreferences.xml
- /data/data/####/USER_BILLING.xml
- /data/data/####/_ire-journal
- /data/data/####/applog.log
- /data/data/####/cn.com.mma.mobile.tracking.other.xml
- /data/data/####/com.pplive.androidphone_preferences.xml
- /data/data/####/config.xml
- /data/data/####/configcenter.txt
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/download.xml
- /data/data/####/exitadinfo
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/globalConfig.txt
- /data/data/####/http_zt.pptv.com_0.localstorage-journal
- /data/data/####/index
- /data/data/####/last_know_location.xml
- /data/data/####/libjiagu.so
- /data/data/####/mobclick_agent_cached_com.pplive.androidphone999999999
- /data/data/####/mobclick_agent_sealed_com.pplive.androidphone
- /data/data/####/multidex.version.xml
- /data/data/####/pptv.db-journal
- /data/data/####/pptv.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/unicom.xml
- /data/data/####/view_from.xml
- /data/data/####/webp.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/-100064318
- /data/media/####/-1024065665.tmp
- /data/media/####/-1036967398.tmp
- /data/media/####/-1279857832.tmp
- /data/media/####/-1288710204.tmp
- /data/media/####/-1320019859
- /data/media/####/-1441862793.tmp
- /data/media/####/-1442950262
- /data/media/####/-1478463377.tmp
- /data/media/####/-1491906198.tmp
- /data/media/####/-1523223674.tmp
- /data/media/####/-154234153.tmp
- /data/media/####/-1575724041.tmp
- /data/media/####/-1624000149
- /data/media/####/-1693854143.tmp
- /data/media/####/-1717685947.tmp
- /data/media/####/-1734359368.tmp
- /data/media/####/-1836083016.tmp
- /data/media/####/-1841093421
- /data/media/####/-1848455471
- /data/media/####/-1876824646.tmp
- /data/media/####/-1887876222
- /data/media/####/-1917343618
- /data/media/####/-1917343619
- /data/media/####/-1920326167.tmp
- /data/media/####/-1936410676.tmp
- /data/media/####/-1941661970
- /data/media/####/-1971985970.tmp
- /data/media/####/-1998943599
- /data/media/####/-2020577616.tmp
- /data/media/####/-203299418.tmp
- /data/media/####/-2046700463.tmp
- /data/media/####/-206868815
- /data/media/####/-26748261.tmp
- /data/media/####/-311146098.tmp
- /data/media/####/-359398314.tmp
- /data/media/####/-434886813.tmp
- /data/media/####/-465549933.tmp
- /data/media/####/-487254223
- /data/media/####/-50650037.tmp
- /data/media/####/-577683169.tmp
- /data/media/####/-605536553
- /data/media/####/-612880496.tmp
- /data/media/####/-621467826.tmp
- /data/media/####/-622514476.tmp
- /data/media/####/-645134678.tmp
- /data/media/####/-647761569.tmp
- /data/media/####/-663443242.tmp
- /data/media/####/-672488929.tmp
- /data/media/####/-682647585.tmp
- /data/media/####/-694572465.tmp
- /data/media/####/-696249173.tmp
- /data/media/####/-736216026.tmp
- /data/media/####/-751572452.tmp
- /data/media/####/-753178294.tmp
- /data/media/####/-764849759.tmp
- /data/media/####/-768025786.tmp
- /data/media/####/-79694181.tmp
- /data/media/####/-800147016.tmp
- /data/media/####/-811975551.tmp
- /data/media/####/-822407259.tmp
- /data/media/####/-885465767.tmp
- /data/media/####/-886208790.tmp
- /data/media/####/-937436752.tmp
- /data/media/####/-951372358.tmp
- /data/media/####/-999596901.tmp
- /data/media/####/.nomedia
- /data/media/####/1071670298.tmp
- /data/media/####/1073965773.tmp
- /data/media/####/1075035474.tmp
- /data/media/####/1078420239
- /data/media/####/1103848694.tmp
- /data/media/####/1122221299.tmp
- /data/media/####/1192346657
- /data/media/####/1200474192
- /data/media/####/1228872519.tmp
- /data/media/####/1314591821.tmp
- /data/media/####/1331393913
- /data/media/####/1366902041.tmp
- /data/media/####/146036717.tmp
- /data/media/####/1466418890
- /data/media/####/1553521954.tmp
- /data/media/####/1583631258.tmp
- /data/media/####/1604805770
- /data/media/####/1604967962
- /data/media/####/165328327.tmp
- /data/media/####/1667839436
- /data/media/####/1675936960.tmp
- /data/media/####/171980557.tmp
- /data/media/####/1793774694
- /data/media/####/1794291945.tmp
- /data/media/####/191419125.tmp
- /data/media/####/1953121240.tmp
- /data/media/####/2040116041.tmp
- /data/media/####/2044286226.tmp
- /data/media/####/22100272.tmp
- /data/media/####/273639796.tmp
- /data/media/####/280983358.tmp
- /data/media/####/318641848.tmp
- /data/media/####/338371436.tmp
- /data/media/####/364547140.tmp
- /data/media/####/380285392.tmp
- /data/media/####/460567684.tmp
- /data/media/####/466896091
- /data/media/####/528370503.tmp
- /data/media/####/538573347
- /data/media/####/54939787.tmp
- /data/media/####/570770374
- /data/media/####/596620795.tmp
- /data/media/####/832049422.tmp
- /data/media/####/837965045.tmp
- /data/media/####/848256716.tmp
- /data/media/####/91651615
- /data/media/####/917906215.tmp
- /data/media/####/941180652
- /data/media/####/965397903.tmp
- /data/media/####/_livetab1
- /data/media/####/_livetab2
- /data/media/####/_livetabtab
- /data/media/####/crash_20190518_121034.cr
- /data/media/####/journal
- /data/media/####/journal.tmp
Другие:
Запускает следующие shell-скрипты:
- chmod 755 <Package Folder>/files/libjiagu.so
Загружает динамические библиотеки:
- libjiagu
- meet
- mresearch
- subtitle-jni
Использует следующие алгоритмы для шифрования данных:
- AES-ECB-PKCS5Padding
- DES-CBC-PKCS5Padding
- DESede-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- DES-CBC-PKCS5Padding
- DESede-CBC-PKCS5Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию о настроках APN.
Отрисовывает собственные окна поверх других приложений.
