Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Adware.Gexin.2.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) m.baby####.com:80
- TCP(HTTP/1.1) p####.babytre####.com.####.com:80
- TCP(HTTP/1.1) m.me####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) i####.meitu####.com:80
- TCP(HTTP/1.1) 2####.107.1.1:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) trac####.me####.com:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) qin####.com.www.####.com:80
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) oc.u####.com:80
- TCP(HTTP/1.1) i####.meitu####.com.####.com:80
- TCP(SSL/3.0) 2####.107.1.97:443
- TCP(SSL/3.0) 2####.107.1.100:443
- TCP(TLS/1.0) m.baby####.com:443
- TCP(TLS/1.0) p####.babytre####.com.####.com:443
- TCP(TLS/1.0) m.me####.com:443
- TCP(TLS/1.0) 1####.217.20.78:443
- TCP(TLS/1.0) res####.a####.com:443
- TCP(TLS/1.0) i####.meitu####.com.####.com:443
- TCP(TLS/1.0) 2####.107.1.97:443
- TCP(TLS/1.0) i####.meitu####.com:443
- TCP(TLS/1.0) 2####.107.1.100:443
- TCP c####.g####.ig####.com:5227
- TCP sdk.o####.t####.####.com:5224
Запросы DNS:
- 1.171.8.####.arpa
- 12.253.159.####.arpa
- 145.206.89.####.arpa
- 176.140.171.####.arpa
- 40.46.235.####.arpa
- 7j####.c####.z0.####.com
- a####.man.aliy####.com
- a####.u####.com
- amap####.cn-hang####.oss####.####.com
- api.baby####.com
- c####.g####.ig####.com
- c####.g####.ig####.com
- c-h####.g####.com
- cu.me####.com
- fp.baby####.com
- g.kexi####.com
- h5.meitu####.com
- i####.meitu####.com
- i####.meitu####.com
- i####.meitu####.com
- i####.meitu####.com
- i####.meitu####.com
- m.me####.com
- mt####.go####.com
- oc.u####.com
- p####.babytre####.com
- p####.babytre####.com
- p####.babytre####.com
- pub-####.qin####.com
- pv.s####.com
- res####.a####.com
- sdk-ope####.g####.com
- sdk.c####.ig####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- trac####.baby####.com
- trac####.me####.com
- www.b####.com
Запросы HTTP GET:
- gd.a.s####.com/cityjson?ie=####
- i####.meitu####.com.####.com/foto3/thumbs/2017/1218/95/1/6010e77b1b2acdc...
- i####.meitu####.com.####.com/foto3/thumbs/2017/1224/39/7/874369230735ddc...
- i####.meitu####.com.####.com/group1/M00/8D/10/wKgyOlbr1B6AXSvgAAD0sh1252...
- i####.meitu####.com.####.com/group1/M00/A6/E2/272bb2be68aa4ac2a6bffd3e26...
- i####.meitu####.com.####.com/group1/M00/B2/D6/dd658c44abd14ff5aab2ae09d9...
- i####.meitu####.com.####.com/group1/M00/E4/2E/fc85f72e48be49cc83d729e75b...
- i####.meitu####.com.####.com/group1/M00/E7/3F/3f71d03b954f491f8f3abe0832...
- i####.meitu####.com/group1/M00/05/68/a550506887b340f09f021841736bf9eb.jp...
- i####.meitu####.com/group1/M00/11/C6/c6d39bda8f8e497eb77741141b54b9f2.png
- i####.meitu####.com/group1/M00/13/10/wKgyOlW65wGAKjjlAAHSb-H543U730.jpg?...
- i####.meitu####.com/group1/M00/13/11/wKgyOlW654mAC9hiAAJacl7ENME774.jpg?...
- i####.meitu####.com/group1/M00/24/7F/67d272b86524491097193c8315b907fa.png
- i####.meitu####.com/group1/M00/33/01/34001566b25a46f5b62121633a61423e.jp...
- i####.meitu####.com/group1/M00/49/81/41d9df63813e449a99dd01832b1dcc30.jp...
- i####.meitu####.com/group1/M00/4D/46/224ec524889a4d3e88cb8571c2d946e9.jp...
- i####.meitu####.com/group1/M00/57/81/57f8a1dcbe3245788ab557e81920e8c0.jp...
- i####.meitu####.com/group1/M00/8E/19/0f919d9cf8e34be7877fa2c7a86fff37.jpg
- i####.meitu####.com/group1/M00/A9/E2/abfda10ce26e478e9a2e2a9a2f58f0db.jp...
- i####.meitu####.com/group1/M00/B5/46/a947f539cdbe46ba95d8a1bb516e2954.jpg
- i####.meitu####.com/group1/M00/E3/12/81ee4db504c94a94a012ca12d8e34c5e.png
- m.baby####.com/conf.do?version=####&releaseDateTime=####
- m.baby####.com/monitor_sdk_intf/hotfix/patch/get?ai=####&app_id=####&app...
- m.baby####.com/monitor_sdk_intf/hotfix/switch/get_status?ai=####&app_id=...
- m.me####.com/mobile/app/upgrade.htm?apptype=####&appversion=####&cityid=...
- m.me####.com/mobile/fightgroup/moregroup.htm?apptype=####&appversion=###...
- m.me####.com/mobile/system/getRequestBaseInfo.htm?apptype=####&appversio...
- m.me####.com/mobile/system/getcurrenttime.htm?apptype=####&appversion=##...
- m.me####.com/newapi/cms/findHomeModuleList?agekeyids=####&ageweek=####&c...
- m.me####.com/newapi/cms/findHomeWordNavigator?cityid=####&protocol=####&...
- m.me####.com/newapi/cms/findModuleInfoList?cityid=####&curpage=####&page...
- m.me####.com/newapi/cms/findUserAgeData?birthday=####&cityid=####&protoc...
- m.me####.com/newapi/comment/itemComment?cityid=####&mt=####&promotiontyp...
- m.me####.com/newapi/item/getPriceStock?cityid=####&mt=####&promotionid=#...
- m.me####.com/newapi/item/getPriceStock?cityid=####&mt=####&protocol=####...
- m.me####.com/newapi/item/getProdBasicInfo?cityid=####&mt=####&promotioni...
- m.me####.com/newapi/item/getProdBasicInfo?cityid=####&mt=####&protocol=#...
- m.me####.com/newapi/item/itemCollectService?cityid=####&mt=####&promotio...
- m.me####.com/newapi/item/itemCollectService?cityid=####&mt=####&protocol...
- m.me####.com/newapi/mobile/common/close_site_notice?cityid=####&protocol...
- m.me####.com/newapi/mobile/common/querySwitch?cityid=####&protocol=####&...
- m.me####.com/newapi/tptf/tptfproductService?birthday=####&cityid=####&cu...
- p####.babytre####.com.####.com/baf_hotfix/20181127/FsCEuAA6uVwXQtmaXf1Iw...
- p####.babytre####.com.####.com/foto3/thumbs/2017/1224/39/7/874369230735d...
- p####.babytre####.com.####.com/group1/M00/00/71/wKgyOlUbul2AQibZAAAJFz3p...
- p####.babytre####.com.####.com/group1/M00/0A/A1/ba1b06ebcd7f479f9b168be6...
- p####.babytre####.com.####.com/group1/M00/0C/73/c78b0ad773ee4ba895f6b0cf...
- p####.babytre####.com.####.com/group1/M00/10/AE/dccf139845b1405a9a58ae14...
- p####.babytre####.com.####.com/group1/M00/13/11/wKgyOlW651eAM1wfAAH9g0Ai...
- p####.babytre####.com.####.com/group1/M00/22/2F/9a3213d6d8a447a790c92258...
- p####.babytre####.com.####.com/group1/M00/26/87/28cbe47d370a486287d89462...
- p####.babytre####.com.####.com/group1/M00/2A/1B/e03b308d31bc43d9a499adfa...
- p####.babytre####.com.####.com/group1/M00/3F/F9/88d9993a7f08459fb79d3f97...
- p####.babytre####.com.####.com/group1/M00/49/54/73083d4de495486488166f69...
- p####.babytre####.com.####.com/group1/M00/4C/C4/4cdab6237aec46418ad85ca0...
- p####.babytre####.com.####.com/group1/M00/53/65/b562ab9ae2f8409381453ac6...
- p####.babytre####.com.####.com/group1/M00/55/33/0877cbc1143343ef950721a6...
- p####.babytre####.com.####.com/group1/M00/5B/98/7d9e2b5b79334e59842a2c2e...
- p####.babytre####.com.####.com/group1/M00/61/A1/bb102ea982c84486954d51a1...
- p####.babytre####.com.####.com/group1/M00/69/9F/21f7578465664f699fd84ab0...
- p####.babytre####.com.####.com/group1/M00/82/46/26efb6d3cfbe4b838270c310...
- p####.babytre####.com.####.com/group1/M00/8B/68/46868b63cf9f41b692f8b992...
- p####.babytre####.com.####.com/group1/M00/90/9B/37ac996153e644909b4fd0a8...
- p####.babytre####.com.####.com/group1/M00/92/41/e0ce392a823141d2b9a695f8...
- p####.babytre####.com.####.com/group1/M00/94/75/851f17b38759462c805afa7d...
- p####.babytre####.com.####.com/group1/M00/96/87/2b2488d80999468796282278...
- p####.babytre####.com.####.com/group1/M00/A0/16/2f06b264b4944136a0ca468e...
- p####.babytre####.com.####.com/group1/M00/A8/32/917061e31a3c4288a8e5b632...
- p####.babytre####.com.####.com/group1/M00/B3/4D/8b430ac36e274d32bb04fb82...
- p####.babytre####.com.####.com/group1/M00/BC/2B/120a932bfebc473188503eab...
- p####.babytre####.com.####.com/group1/M00/C4/3C/9e1454b3c26c43229359a3ec...
- p####.babytre####.com.####.com/group1/M00/C4/AE/aefa6a5e3c5a43c4ac9fec8f...
- p####.babytre####.com.####.com/group1/M00/CD/0A/f8d0afea99fb4ee9a49a5f76...
- p####.babytre####.com.####.com/group1/M00/CD/84/457ecdce392a46b5bee38459...
- p####.babytre####.com.####.com/group1/M00/CF/B3/cf31f5a4ffb34babb426a873...
- p####.babytre####.com.####.com/group1/M00/D8/92/a3248b009f9a40bd892ccead...
- p####.babytre####.com.####.com/group1/M00/DE/89/617d55d1786d489db9fdeade...
- p####.babytre####.com.####.com/group1/M00/E8/53/c9c49c54538d4e8bb2ea525f...
- p####.babytre####.com.####.com/group1/M00/ED/13/3b734fb8113a444f95a6edbb...
- qin####.com.www.####.com/tdata_EDT369
- t####.c####.q####.####.com/config/hz-hzv6.conf
- t####.c####.q####.####.com/tdata_Soq141
- t####.c####.q####.####.com/tdata_fEV688
- t####.c####.q####.####.com/tdata_ilz707
- t####.c####.q####.####.com/tdata_zbA366
Запросы HTTP POST:
- a####.u####.com/app_logs
- c-h####.g####.com/api.php?format=####&t=####
- m.baby####.com/api/adv1/get_config
- m.baby####.com/api/api_monitor/getMonitorUrl
- m.baby####.com/api/api_monitor/sendInfo
- m.baby####.com/warlock-collector/service/T0002
- m.baby####.com/warlock-collector/service/T0003
- m.me####.com/mobile/appbase/newestPatch.htm
- m.me####.com/mobile/community/getAppInitAdvertiseInfo.htm
- m.me####.com/newapi/price/query/byspuandsku
- oc.u####.com/v2/check_config_update
- oc.u####.com/v2/get_update_time
- sdk-ope####.g####.com/api.php?format=####&t=####
- sdk-ope####.g####.com/api.php?format=####&t=####&d=####&k=####
- sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
- trac####.me####.com/service/T0001
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-3157421091129340108
- /data/data/####/-nN261mCSuZCKdKC7FuPTX7Qh5U.-533330602.tmp
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/094WOp7LVGfo1Kp8ltpGDhaoLfw.-2037846673.tmp
- /data/data/####/0da1cb11adae
- /data/data/####/0gD3uoL-CU5M6zw91FkbaUR-vNY.-55462471.tmp
- /data/data/####/0hY2wg5jjQiVll17v8QHwO69zy4.2068720764.tmp
- /data/data/####/1d2b904cbeadfb72ed9546111a231c85.0
- /data/data/####/2Izc0NY2PnLPmo6I_VyDZSpRjUg.-21420216.tmp
- /data/data/####/2xIuNXDjhmapi6sgyOtKHoHrCwU.-1845326124.tmp
- /data/data/####/3HsYRqwzqDSsQNpqGbl4GsX22XQ.855487649.tmp
- /data/data/####/4VuJuRtOcAy1pBWiqIaZ-F-3al8.-415005469.tmp
- /data/data/####/509959423263454013
- /data/data/####/5mMBkKF44T-AI6uOOw1bJwcyunI.138780955.tmp
- /data/data/####/7-Hml_EWS-IxBOaF16Wl0Q22syg.1696633663.tmp
- /data/data/####/9-JU69R52WtWlGhH02Em-0fhLWA.387773833.tmp
- /data/data/####/96h2IhVPIGQfIFJ3MkHz5LAxnLQ.583807166.tmp
- /data/data/####/9ODn3rH8r2XpPCcD9J6_bNkcdSc.-410884373.tmp
- /data/data/####/9TaTi9rFeAvFf3ffxPUW_kIBByQ.-838356753.tmp
- /data/data/####/A0tLePDcJMp5FlSdevIvL9zpNLw.1735250514.tmp
- /data/data/####/Alvin2.xml
- /data/data/####/BAF-Dns-sp.xml
- /data/data/####/BYJcpsoN_Lu6npOdThWl_7I4UfE.-1759961398.tmp
- /data/data/####/BYYocRrHJ0NcY1ol3TdV7vr-N-s.1956272099.tmp
- /data/data/####/Beo6-sIRwDrgYUKoPG22vfNSHeE.-1980097667.tmp
- /data/data/####/Bha_RYKzzNTE0FQf_mnBo1GfFgA.-563355286.tmp
- /data/data/####/BuWGIEXhtvZhvygfiy_g1WCjp_s.2141409057.tmp
- /data/data/####/Constant.xml
- /data/data/####/ContextData.xml
- /data/data/####/DwLltM4CdRVUv4GUZpKvEnI-sOo.889338564.tmp
- /data/data/####/EatAqq_9S6p6t4J5Ta918GbQKPg.1556771916.tmp
- /data/data/####/EyICJ6O0_tl6kBdwbuhaoJ7YYU0.-1608019249.tmp
- /data/data/####/G34NaVFN4hnrXqu2iJsMEGCQh7Y.1007115583.tmp
- /data/data/####/KZx_QawrwOhMEzcp7cHQRgfVo-M.1595137174.tmp
- /data/data/####/KbmS2kYjEUe4IeQJzNEJUVKps5o.827900712.tmp
- /data/data/####/L1ufSNLJYE22_mrKPMWQlLUuEog.-1459143224.tmp
- /data/data/####/LbdE8sW9TWk5-pgENqylDlziI6M.4607022.tmp
- /data/data/####/Q81VP9c_D1nUlP85xU3WJcBFs4A.101867569.tmp
- /data/data/####/RbKxnyLUq4PYz2B8ftRWDYYniFU.-468657620.tmp
- /data/data/####/TUuKJYyXzPmTU5gw3k_b0LP0cvk.2022653129.tmp
- /data/data/####/XNSDKStore1.0.xml
- /data/data/####/XNclientid.xml
- /data/data/####/XNmachineid.xml
- /data/data/####/XVhTMOwYxO_7iEd91UxTLdB8xPg.662652597.tmp
- /data/data/####/ZRYR5B58HcYXVxgHikcC4EQk8Ak.-1467979606.tmp
- /data/data/####/ZceBUpEEz-orM1bIFS7fsPt9wv0.266753281.tmp
- /data/data/####/_andfix_.xml
- /data/data/####/aliclound_httpdns.db
- /data/data/####/aliclound_httpdns.db-journal
- /data/data/####/analytic.db-journal
- /data/data/####/bGLAI9mO1Ah22q18Eka3KhZp9D8.603829919.tmp
- /data/data/####/b_monitor.db-journal
- /data/data/####/babytree-baf-hotfix-sp.xml
- /data/data/####/babytree-baf-hotfix.db-journal
- /data/data/####/baf-ad-new.xml
- /data/data/####/baf-new-ad.db-journal
- /data/data/####/bb-ad.db-journal
- /data/data/####/bb_adsdk_prefer.xml.xml
- /data/data/####/bb_analytic_prefer.xml.xml
- /data/data/####/bb_monitor_prefer.xml.xml
- /data/data/####/cd-1sShZgyFyIomiH0iePKv-F2M.-1701145397.tmp
- /data/data/####/com.meitun.mama_preferences.xml
- /data/data/####/dDMIjg6_uAvfWGAxnwYPlXSkN0M.113642134.tmp
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/ghX199RzIE5fBMYZV_rPZfNLJa0.522269627.tmp
- /data/data/####/gkt-journal
- /data/data/####/gx_sp.xml
- /data/data/####/hYpe_E4I8D_PVRONOOZG2JQhe8U.-1058385943.tmp
- /data/data/####/hmdb
- /data/data/####/hmdb-journal
- /data/data/####/hpz3pqG9pfZdiSuHSzhbJyS3TX8.-657012416.tmp
- /data/data/####/httpdns_config_cache.xml
- /data/data/####/iO_6XOy1fWvX5_5IBlJJuWC4h_Y.-1256724714.tmp
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/jNYT7qPE_HoZKqkz-3IYDQToz6s.-983804307.tmp
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/k_mDFZo6YuTN9ASYcH_vF3sL06Q.-1227697597.tmp
- /data/data/####/l8HOm7p4LBA62R9VdpYdSW_wMe0.-1324483686.tmp
- /data/data/####/lPxDdfnrUV1vOq0_6AXVptLOnLk.1429719366.tmp
- /data/data/####/libjiagu-434152877.so
- /data/data/####/lich_udid_prefs_2017_#@#.xml
- /data/data/####/logdb.db
- /data/data/####/logdb.db-journal
- /data/data/####/meitun_statistics.db-journal
- /data/data/####/mobclick_agent_online_setting_com.meitun.mama.xml
- /data/data/####/mpJLMHK7YmagSP9hkE9l6EEsuR0.1336999074.tmp
- /data/data/####/mt_1000_ISME9754_guest6401003813311605809090751...ournal
- /data/data/####/multidex.version.xml
- /data/data/####/nIOYYHZYzQFAhWGvRniA-poToPQ.1941416135.tmp
- /data/data/####/nWXPGs2bNEDXbSulJAIjUvIrGGs.98225339.tmp
- /data/data/####/ogIJb4OngZXxsRIoRnbsKjD56qc.-98200682.tmp
- /data/data/####/oukTZgwh1g8EwACw58VUAyuUYJQ.-2077351894.tmp
- /data/data/####/patch-crypto.patch
- /data/data/####/patch.dex
- /data/data/####/patch.patch
- /data/data/####/patch.properties
- /data/data/####/pref.xml
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushk.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/rhFWlVDEmABC6TQ485rTs8gg4w0.-915971936.tmp
- /data/data/####/rov7fKbRMtZEAwjyPLUYKvRDB_Y.1177342448.tmp
- /data/data/####/run.pid
- /data/data/####/sJk_nGGirQBHm_HiCOCbRPph1cU.-1081545116.tmp
- /data/data/####/setting.db-journal
- /data/data/####/suI_dV02tfmK4k5-0ppjEoFxzYM.-1467703315.tmp
- /data/data/####/t5Y0CJor5lMDmhr3k6jghlKnsgo.-1961150019.tmp
- /data/data/####/tB5cHx5OKGWy8eROTj04Qwn0uqs.912670337.tmp
- /data/data/####/tdata_Soq141
- /data/data/####/tdata_Soq141.jar
- /data/data/####/tdata_fEV688
- /data/data/####/tdata_fEV688.jar
- /data/data/####/tdata_ilz707
- /data/data/####/tdata_ilz707.jar
- /data/data/####/tdata_zbA366
- /data/data/####/tdata_zbA366.jar
- /data/data/####/tempfile
- /data/data/####/ujdwxOqkgXojCscWKvK56UzTt7k.294535253.tmp
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/xeWTQeSMGRV2dVF8jNWdo6m1o0I.1795794814.tmp
- /data/data/####/xnsdkconfig.xml
- /data/data/####/y5shyinls6GJ0iQ_sr45wS8lyvQ.-1292722814.tmp
- /data/data/####/z1ItflLCZM4zXLVYhHWB0Pc77tg.-900247787.tmp
- /data/data/####/zLb0WRNfZeK7mwgUnCE-7txBycs.-123541489.tmp
- /data/data/####/zqwbIHqRkeEoEP2f30i-UQn6maw.-1565592396.tmp
- /data/media/####/.lich_udid_prefs_2017_#@#
- /data/media/####/.nomedia
- /data/media/####/1558174687392.db
- /data/media/####/1558174690174.db
- /data/media/####/1558174692314.db
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/alsn.db
- /data/media/####/alsn.db-journal
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.meitun.mama.bin
- /data/media/####/com.meitun.mama.db
- /data/media/####/gkt-journal
- /data/media/####/gktper
- /data/media/####/journal.tmp
- /data/media/####/tdata_Soq141
- /data/media/####/tdata_fEV688
- /data/media/####/tdata_ilz707
- /data/media/####/tdata_zbA366
- /data/media/####/test.log
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.getui.GetuiPushService 24481 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- getprop net.dns1
- getprop wifi.interface
- mount
- ping -c 10 -W 2 cu.meitun.com
- ping -c 10 -W 2 img01.meituncdn.com
- ping -c 10 -W 2 img04.meituncdn.com
- ping -c 10 -W 2 m.meitun.com
- ping -c 10 -W 2 tracking.meitun.com
- ping -c 10 -W 2 www.baidu.com
- sh
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.push.getui.GetuiPushService 24481 300 0
Загружает динамические библиотеки:
- andfix
- api_encrypt
- bitmaps
- getuiext2
- libjiagu-434152877
- memchunk
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CFB-NoPadding
- AES-ECB-PKCS5Padding
- DESede
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
