Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Adware.Gexin.3.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) o####.map.b####.com:80
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) tinyq####.ove####.b0.####.com:80
- TCP(HTTP/1.1) ser####.dc####.net.cn:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) www.wf####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(HTTP/1.1) qin####.com.www.####.com:80
- TCP(HTTP/1.1) www.wf####.com:3000
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) ser####.dc####.net.cn:443
- TCP(TLS/1.0) tinyq####.ove####.b0.####.com:443
- TCP(TLS/1.0) 1####.217.168.238:443
- TCP sdk.o####.t####.####.com:5224
- TCP c####.g####.ig####.com:5224
Запросы DNS:
- 7####.5917####.com
- api.map.b####.com
- c####.g####.ig####.com
- c-h####.g####.com
- loc.map.b####.com
- o####.map.b####.com
- pub-####.qin####.com
- sdk-ope####.g####.com
- sdk.c####.ig####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- ser####.dc####.net.cn
- st####.dc####.net.cn
- www.wf####.com
Запросы HTTP GET:
- qin####.com.www.####.com/tdata_EDT356
- t####.c####.q####.####.com/config/hz-hzv6.conf
- tinyq####.ove####.b0.####.com/?imageVi####
- tinyq####.ove####.b0.####.com/Fg6zJgqzzHyZyBb8DdTYnB_ynruR?imageVi####
- tinyq####.ove####.b0.####.com/Fgde11oUzObNKlpyX37wrXPNnQwu?imageVi####
- tinyq####.ove####.b0.####.com/Fh302r9ghH_2IhLSsENWiHcwrpzp?imageVi####
- tinyq####.ove####.b0.####.com/FhmNquajnpS15uqHz2zI9e69TF-a?imageVi####
- tinyq####.ove####.b0.####.com/FiIO3f0gHYDaqiYGgxUn2ranfpUD?imageVi####
- tinyq####.ove####.b0.####.com/FigmUaaZcNHkCaX1zO8MSvwS6NMB?imageVi####
- tinyq####.ove####.b0.####.com/FlMXp7HYBpVbYkvP-zjCBfIWbf7d
- tinyq####.ove####.b0.####.com/FmEXJY8wBXrHGhMKoAOPSbGtGk-e
- tinyq####.ove####.b0.####.com/FmTZTg5mICa3ir7KRhW9ECwQvy_K
- tinyq####.ove####.b0.####.com/FnRKVKDs3hPd-SsR4LWDDZIZ2Erk
- tinyq####.ove####.b0.####.com/Fn_SPp8x7xxR7STnznY5ysS9W9l8?imageVi####
- tinyq####.ove####.b0.####.com/FoJsF0b1aXpofwz6G1FDj4bBEH3m
- tinyq####.ove####.b0.####.com/FqD_MAZIwoe916_bDT3lAujuxdl1
- tinyq####.ove####.b0.####.com/FqZOi_jdYWXyLqNozKtLBCtwKmBa?imageVi####
- tinyq####.ove####.b0.####.com/Fqan38xyw4_PpuII3WdyiRqK8uCI?imageVi####
- tinyq####.ove####.b0.####.com/FqgC2aNB2D4GQhsul3GOcExW8_Ws
- tinyq####.ove####.b0.####.com/FrBi3VuMPOWkhA8M3RJUM877GNas
- tinyq####.ove####.b0.####.com/FrBi3VuMPOWkhA8M3RJUM877GNas?imageVi####
- tinyq####.ove####.b0.####.com/Frf9pN0qy7cjvNZAW7w25n7G_122?imageVi####
- tinyq####.ove####.b0.####.com/Fs9EIoLKgrjTJXF0pneK-v_ph8QM?imageVi####
- tinyq####.ove####.b0.####.com/Fsv8TnncfOY7LFrUZtMA2ySOYeTL
- tinyq####.ove####.b0.####.com/FtwNH4IXLpP5jm13W1I4uOnhmiCk
- tinyq####.ove####.b0.####.com/FvN7IVZU_t55nKmAaGVD40wBAKzO
- tinyq####.ove####.b0.####.com/Logo/1.jpg
- tinyq####.ove####.b0.####.com/Logo/10.jpg
- tinyq####.ove####.b0.####.com/Logo/100.jpg
- tinyq####.ove####.b0.####.com/Logo/101.jpg
- tinyq####.ove####.b0.####.com/Logo/102.jpg
- tinyq####.ove####.b0.####.com/Logo/103.jpg
- tinyq####.ove####.b0.####.com/Logo/108.jpg
- tinyq####.ove####.b0.####.com/Logo/11.jpg
- tinyq####.ove####.b0.####.com/Logo/110.jpg
- tinyq####.ove####.b0.####.com/Logo/111.jpg
- tinyq####.ove####.b0.####.com/Logo/112.jpg
- tinyq####.ove####.b0.####.com/Logo/113.jpg
- tinyq####.ove####.b0.####.com/Logo/114.jpg
- tinyq####.ove####.b0.####.com/Logo/116.jpg
- tinyq####.ove####.b0.####.com/Logo/119.jpg
- tinyq####.ove####.b0.####.com/Logo/12.jpg
- tinyq####.ove####.b0.####.com/Logo/120.jpg
- tinyq####.ove####.b0.####.com/Logo/122.jpg
- tinyq####.ove####.b0.####.com/Logo/124.jpg
- tinyq####.ove####.b0.####.com/Logo/129.jpg
- tinyq####.ove####.b0.####.com/Logo/13.jpg
- tinyq####.ove####.b0.####.com/Logo/130.jpg
- tinyq####.ove####.b0.####.com/Logo/133.jpg
- tinyq####.ove####.b0.####.com/Logo/14.jpg
- tinyq####.ove####.b0.####.com/Logo/140.jpg
- tinyq####.ove####.b0.####.com/Logo/141.jpg
- tinyq####.ove####.b0.####.com/Logo/142.jpg
- tinyq####.ove####.b0.####.com/Logo/143.jpg
- tinyq####.ove####.b0.####.com/Logo/144.jpg
- tinyq####.ove####.b0.####.com/Logo/145.jpg
- tinyq####.ove####.b0.####.com/Logo/146.jpg
- tinyq####.ove####.b0.####.com/Logo/15.jpg
- tinyq####.ove####.b0.####.com/Logo/150.jpg
- tinyq####.ove####.b0.####.com/Logo/151.jpg
- tinyq####.ove####.b0.####.com/Logo/152.jpg
- tinyq####.ove####.b0.####.com/Logo/154.jpg
- tinyq####.ove####.b0.####.com/Logo/155.jpg
- tinyq####.ove####.b0.####.com/Logo/156.jpg
- tinyq####.ove####.b0.####.com/Logo/161.jpg
- tinyq####.ove####.b0.####.com/Logo/162.jpg
- tinyq####.ove####.b0.####.com/Logo/163.jpg
- tinyq####.ove####.b0.####.com/Logo/164.jpg
- tinyq####.ove####.b0.####.com/Logo/165.jpg
- tinyq####.ove####.b0.####.com/Logo/167.jpg
- tinyq####.ove####.b0.####.com/Logo/169.jpg
- tinyq####.ove####.b0.####.com/Logo/173.jpg
- tinyq####.ove####.b0.####.com/Logo/175.jpg
- tinyq####.ove####.b0.####.com/Logo/181.jpg
- tinyq####.ove####.b0.####.com/Logo/182.jpg
- tinyq####.ove####.b0.####.com/Logo/184.jpg
- tinyq####.ove####.b0.####.com/Logo/185.jpg
- tinyq####.ove####.b0.####.com/Logo/187.jpg
- tinyq####.ove####.b0.####.com/Logo/19.jpg
- tinyq####.ove####.b0.####.com/Logo/191.jpg
- tinyq####.ove####.b0.####.com/Logo/192.jpg
- tinyq####.ove####.b0.####.com/Logo/196.jpg
- tinyq####.ove####.b0.####.com/Logo/197.jpg
- tinyq####.ove####.b0.####.com/Logo/198.jpg
- tinyq####.ove####.b0.####.com/Logo/199.jpg
- tinyq####.ove####.b0.####.com/Logo/20.jpg
- tinyq####.ove####.b0.####.com/Logo/200.jpg
- tinyq####.ove####.b0.####.com/Logo/203.jpg
- tinyq####.ove####.b0.####.com/Logo/204.jpg
- tinyq####.ove####.b0.####.com/Logo/206.jpg
- tinyq####.ove####.b0.####.com/Logo/213.jpg
- tinyq####.ove####.b0.####.com/Logo/214.jpg
- tinyq####.ove####.b0.####.com/Logo/219.jpg
- tinyq####.ove####.b0.####.com/Logo/22.jpg
- tinyq####.ove####.b0.####.com/Logo/220.jpg
- tinyq####.ove####.b0.####.com/Logo/222.jpg
- tinyq####.ove####.b0.####.com/Logo/226.jpg
- tinyq####.ove####.b0.####.com/Logo/230.jpg
- tinyq####.ove####.b0.####.com/Logo/231.jpg
- tinyq####.ove####.b0.####.com/Logo/232.jpg
- tinyq####.ove####.b0.####.com/Logo/237.jpg
- tinyq####.ove####.b0.####.com/Logo/24.jpg
- tinyq####.ove####.b0.####.com/Logo/245.jpg
- tinyq####.ove####.b0.####.com/Logo/25.jpg
- tinyq####.ove####.b0.####.com/Logo/259.jpg
- tinyq####.ove####.b0.####.com/Logo/26.jpg
- tinyq####.ove####.b0.####.com/Logo/261.jpg
- tinyq####.ove####.b0.####.com/Logo/263.jpg
- tinyq####.ove####.b0.####.com/Logo/267.jpg
- tinyq####.ove####.b0.####.com/Logo/269.jpg
- tinyq####.ove####.b0.####.com/Logo/27.jpg
- tinyq####.ove####.b0.####.com/Logo/271.jpg
- tinyq####.ove####.b0.####.com/Logo/272.jpg
- tinyq####.ove####.b0.####.com/Logo/279.jpg
- tinyq####.ove####.b0.####.com/Logo/280.jpg
- tinyq####.ove####.b0.####.com/Logo/282.jpg
- tinyq####.ove####.b0.####.com/Logo/283.jpg
- tinyq####.ove####.b0.####.com/Logo/284.jpg
- tinyq####.ove####.b0.####.com/Logo/286.jpg
- tinyq####.ove####.b0.####.com/Logo/289.jpg
- tinyq####.ove####.b0.####.com/Logo/291.jpg
- tinyq####.ove####.b0.####.com/Logo/294.jpg
- tinyq####.ove####.b0.####.com/Logo/297.jpg
- tinyq####.ove####.b0.####.com/Logo/299.jpg
- tinyq####.ove####.b0.####.com/Logo/3.jpg
- tinyq####.ove####.b0.####.com/Logo/304.jpg
- tinyq####.ove####.b0.####.com/Logo/307.jpg
- tinyq####.ove####.b0.####.com/Logo/312.jpg
- tinyq####.ove####.b0.####.com/Logo/317.jpg
- tinyq####.ove####.b0.####.com/Logo/32.jpg
- tinyq####.ove####.b0.####.com/Logo/33.jpg
- tinyq####.ove####.b0.####.com/Logo/34.jpg
- tinyq####.ove####.b0.####.com/Logo/35.jpg
- tinyq####.ove####.b0.####.com/Logo/36.jpg
- tinyq####.ove####.b0.####.com/Logo/37.jpg
- tinyq####.ove####.b0.####.com/Logo/38.jpg
- tinyq####.ove####.b0.####.com/Logo/39.jpg
- tinyq####.ove####.b0.####.com/Logo/40.jpg
- tinyq####.ove####.b0.####.com/Logo/41.jpg
- tinyq####.ove####.b0.####.com/Logo/42.jpg
- tinyq####.ove####.b0.####.com/Logo/43.jpg
- tinyq####.ove####.b0.####.com/Logo/44.jpg
- tinyq####.ove####.b0.####.com/Logo/45.jpg
- tinyq####.ove####.b0.####.com/Logo/46.jpg
- tinyq####.ove####.b0.####.com/Logo/47.jpg
- tinyq####.ove####.b0.####.com/Logo/48.jpg
- tinyq####.ove####.b0.####.com/Logo/49.jpg
- tinyq####.ove####.b0.####.com/Logo/50.jpg
- tinyq####.ove####.b0.####.com/Logo/51.jpg
- tinyq####.ove####.b0.####.com/Logo/52.jpg
- tinyq####.ove####.b0.####.com/Logo/53.jpg
- tinyq####.ove####.b0.####.com/Logo/54.jpg
- tinyq####.ove####.b0.####.com/Logo/55.jpg
- tinyq####.ove####.b0.####.com/Logo/56.jpg
- tinyq####.ove####.b0.####.com/Logo/57.jpg
- tinyq####.ove####.b0.####.com/Logo/58.jpg
- tinyq####.ove####.b0.####.com/Logo/59.jpg
- tinyq####.ove####.b0.####.com/Logo/60.jpg
- tinyq####.ove####.b0.####.com/Logo/61.jpg
- tinyq####.ove####.b0.####.com/Logo/62.jpg
- tinyq####.ove####.b0.####.com/Logo/63.jpg
- tinyq####.ove####.b0.####.com/Logo/64.jpg
- tinyq####.ove####.b0.####.com/Logo/65.jpg
- tinyq####.ove####.b0.####.com/Logo/66.jpg
- tinyq####.ove####.b0.####.com/Logo/67.jpg
- tinyq####.ove####.b0.####.com/Logo/68.jpg
- tinyq####.ove####.b0.####.com/Logo/69.jpg
- tinyq####.ove####.b0.####.com/Logo/70.jpg
- tinyq####.ove####.b0.####.com/Logo/71.jpg
- tinyq####.ove####.b0.####.com/Logo/72.jpg
- tinyq####.ove####.b0.####.com/Logo/73.jpg
- tinyq####.ove####.b0.####.com/Logo/74.jpg
- tinyq####.ove####.b0.####.com/Logo/75.jpg
- tinyq####.ove####.b0.####.com/Logo/76.jpg
- tinyq####.ove####.b0.####.com/Logo/77.jpg
- tinyq####.ove####.b0.####.com/Logo/78.jpg
- tinyq####.ove####.b0.####.com/Logo/79.jpg
- tinyq####.ove####.b0.####.com/Logo/8.jpg
- tinyq####.ove####.b0.####.com/Logo/80.jpg
- tinyq####.ove####.b0.####.com/Logo/81.jpg
- tinyq####.ove####.b0.####.com/Logo/82.jpg
- tinyq####.ove####.b0.####.com/Logo/83.jpg
- tinyq####.ove####.b0.####.com/Logo/84.jpg
- tinyq####.ove####.b0.####.com/Logo/85.jpg
- tinyq####.ove####.b0.####.com/Logo/86.jpg
- tinyq####.ove####.b0.####.com/Logo/87.jpg
- tinyq####.ove####.b0.####.com/Logo/88.jpg
- tinyq####.ove####.b0.####.com/Logo/89.jpg
- tinyq####.ove####.b0.####.com/Logo/9.jpg
- tinyq####.ove####.b0.####.com/Logo/90.jpg
- tinyq####.ove####.b0.####.com/Logo/91.jpg
- tinyq####.ove####.b0.####.com/Logo/92.jpg
- tinyq####.ove####.b0.####.com/Logo/93.jpg
- tinyq####.ove####.b0.####.com/Logo/94.jpg
- tinyq####.ove####.b0.####.com/Logo/95.jpg
- tinyq####.ove####.b0.####.com/Logo/96.jpg
- tinyq####.ove####.b0.####.com/Logo/97.jpg
- tinyq####.ove####.b0.####.com/Logo/98.jpg
- tinyq####.ove####.b0.####.com/Logo/99.jpg
- tinyq####.ove####.b0.####.com/undefined
- tinyq####.ove####.b0.####.com/undefined?imageVi####
- tinyq####.ove####.b0.####.com/uploads/0521/1558403245000b05c.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/154571143354447843.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711437127985135.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711441201241519.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711444209838031.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711449106797027.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/154571145393407739.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711458140776877.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711465202357961.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711470200151111.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711474161029265.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711476154100066.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/1545711480170054484.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/154571148455773578.jpg
- tinyq####.ove####.b0.####.com/uploads/1225/154571148854571991.jpg
- www.wf####.com/default/Demo/APPitem/upload/Public/Img/other_img/jf5w40.png
- www.wf####.com/default/Demo/APPitem/upload/Public/Img/other_img/jmf.png
- www.wf####.com/default/Demo/APPitem/upload/Public/Img/other_img/kepai.png
- www.wf####.com/default/Demo/APPitem/upload/Public/Img/other_img/limo.png
- www.wf####.com/default/Demo/APPitem/upload/Public/Img/other_img/nl450.jpg
- www.wf####.com/default/Demo/APPitem/upload/Public/Img/other_img/ymf.png
- www.wf####.com/default/wfqp_app/index.php/App/collect?item_id=####&phone...
- www.wf####.com/default/wfqp_app/index.php/App/get_banner?t=####&package_...
- www.wf####.com/default/wfqp_app/index.php/App/get_detail?iID=####&phone=...
- www.wf####.com/default/wfqp_app/index.php/App/get_evaluate?item_id=####&...
- www.wf####.com/default/wfqp_app/index.php/App/get_item_show?page=####&t=...
- www.wf####.com/default/wfqp_app/index.php/App/get_nearby?t=####&package_...
- www.wf####.com/default/wfqp_app/index.php/App/get_recommend?t=####&packa...
- www.wf####.com/default/wfqp_app/index.php/App/get_share?t=####&package_n...
- www.wf####.com/default/wfqp_app/index.php/App/get_shop_order?phone=####&...
- www.wf####.com/default/wfqp_app/index.php/App/get_shoping_cart?phone=###...
- www.wf####.com/default/wfqp_app/index.php/App/get_user?phone_data=####&t...
- www.wf####.com/default/wfqp_app/index.php/App/getbrand?t=####&package_na...
- www.wf####.com/default/wfqp_app/index.php/App/set_Position?phone=####&ln...
- www.wf####.com/default/wfqp_app/index.php/App/version?version=####&t=###...
- www.wf####.com:3000/getws?username=####&callWho=####&t=####&package_name...
- www.wf####.com:3000/socket.io/socket.io.js
Запросы HTTP POST:
- c-h####.g####.com/api.php?format=####&t=####
- loc.map.b####.com/sdk.php
- o####.map.b####.com/offline_loc
- sdk-ope####.g####.com/api.php?format=####&t=####
- ser####.dc####.net.cn/device/location
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imei.txt
- /data/data/####/.jg.ic
- /data/data/####/1024.png
- /data/data/####/1024x10241.png
- /data/data/####/1st.html
- /data/data/####/221.png
- /data/data/####/256x256.png
- /data/data/####/App.js
- /data/data/####/H574F39B1.xml
- /data/data/####/Query_Records.html
- /data/data/####/_adio.dcloud.feature.ad.a.a.xml
- /data/data/####/about.html
- /data/data/####/add.png
- /data/data/####/address.html
- /data/data/####/ae3c939e5522
- /data/data/####/agency_purchase.html
- /data/data/####/agency_purchase.png
- /data/data/####/alipay.png
- /data/data/####/app.css
- /data/data/####/authStatus_com.wfqp.yykj.xml
- /data/data/####/authStatus_com.wfqp.yykj;remote.xml
- /data/data/####/background.jpg
- /data/data/####/banner_url.html
- /data/data/####/banner_xq.html
- /data/data/####/baoyang.png
- /data/data/####/bsxy.png
- /data/data/####/camera.svg
- /data/data/####/castapp.js
- /data/data/####/chat.html
- /data/data/####/city.data-3.js
- /data/data/####/city.data.js
- /data/data/####/class_banner.html
- /data/data/####/class_item.html
- /data/data/####/clientid_igexin.xml
- /data/data/####/collect.html
- /data/data/####/comment.html
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dc_ad_type_key.xml
- /data/data/####/default.html
- /data/data/####/dfh.png
- /data/data/####/dfk.png
- /data/data/####/dingdan.png
- /data/data/####/dingdan2.png
- /data/data/####/dizhi.png
- /data/data/####/dlbj.png
- /data/data/####/dongyi_nav.css
- /data/data/####/eje3cnc
- /data/data/####/emi.png
- /data/data/####/exprees.html
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/fankui.png
- /data/data/####/feedback.html
- /data/data/####/file__0.localstorage-journal
- /data/data/####/firll.dat
- /data/data/####/frist.html
- /data/data/####/gal.db
- /data/data/####/gal.db-journal
- /data/data/####/gd1.png
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/giftcard.html
- /data/data/####/gps1.png
- /data/data/####/gps2.png
- /data/data/####/guide.html
- /data/data/####/gx_sp.xml
- /data/data/####/gzyy.js
- /data/data/####/head.png
- /data/data/####/hhs.png
- /data/data/####/home.html
- /data/data/####/hst.db
- /data/data/####/hst.db-journal
- /data/data/####/html5Geo.xml
- /data/data/####/ic_adreess.png
- /data/data/####/icon_ese.png
- /data/data/####/iconfont.css
- /data/data/####/iconfont.ttf
- /data/data/####/image.viewer.css
- /data/data/####/index
- /data/data/####/index.html
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/item_details.html
- /data/data/####/jia.png
- /data/data/####/jian.png
- /data/data/####/jly.png
- /data/data/####/jy.png
- /data/data/####/jytc.png
- /data/data/####/kf.png
- /data/data/####/libcuid.so
- /data/data/####/libjiagu-631050578.so
- /data/data/####/lishi.png
- /data/data/####/loding.gif
- /data/data/####/login-bg.png
- /data/data/####/login.html
- /data/data/####/lqj.png
- /data/data/####/lqy.png
- /data/data/####/lt.png
- /data/data/####/maintenance.html
- /data/data/####/manifest.json
- /data/data/####/map.html
- /data/data/####/message.html
- /data/data/####/message_detail.html
- /data/data/####/more.html
- /data/data/####/mr.png
- /data/data/####/mui-icons-extra.ttf
- /data/data/####/mui.css
- /data/data/####/mui.indexedlist.css
- /data/data/####/mui.indexedlist.js
- /data/data/####/mui.js
- /data/data/####/mui.min.css
- /data/data/####/mui.min.js
- /data/data/####/mui.previewimage.js
- /data/data/####/mui.pullToRefresh.js
- /data/data/####/mui.pullToRefresh.material.js
- /data/data/####/mui.ttf
- /data/data/####/mui.zoom.js
- /data/data/####/multidex.version.xml
- /data/data/####/my_order.html
- /data/data/####/my_position.html
- /data/data/####/mzth424.png
- /data/data/####/new_Address.html
- /data/data/####/no_order.png
- /data/data/####/none.png
- /data/data/####/none1.png
- /data/data/####/ofl.config
- /data/data/####/ofl_location.db
- /data/data/####/ofl_location.db-journal
- /data/data/####/ofl_statistics.db
- /data/data/####/ofl_statistics.db-journal
- /data/data/####/oil.png
- /data/data/####/order.html
- /data/data/####/order_arr.html
- /data/data/####/pdr.xml
- /data/data/####/phon1.png
- /data/data/####/picker.css
- /data/data/####/picker.js
- /data/data/####/poppicker.css
- /data/data/####/poppicker.js
- /data/data/####/ps.png
- /data/data/####/pull_arrow.png
- /data/data/####/pull_fresh.png
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/qcmr.png
- /data/data/####/qcpp.png
- /data/data/####/qianbao.png
- /data/data/####/qichemeirong.png
- /data/data/####/qicheyongpin.png
- /data/data/####/qiniuup.js
- /data/data/####/quan.png
- /data/data/####/receipt.html
- /data/data/####/refund.html
- /data/data/####/reg_back.html
- /data/data/####/register.html
- /data/data/####/run.pid
- /data/data/####/runhuayou.png
- /data/data/####/scp.png
- /data/data/####/search.html
- /data/data/####/search_result.html
- /data/data/####/shijian.png
- /data/data/####/shop.html
- /data/data/####/shop_evaluate.html
- /data/data/####/shop_myorder_xq.html
- /data/data/####/shop_order.html
- /data/data/####/shop_xq.html
- /data/data/####/shoping_cart.html
- /data/data/####/shoppicture.png
- /data/data/####/shoucang.png
- /data/data/####/sorry.gif
- /data/data/####/startMove.js
- /data/data/####/start_statistics_data.xml
- /data/data/####/stl.png
- /data/data/####/stream_permission.xml
- /data/data/####/style.css
- /data/data/####/test_app
- /data/data/####/tongji.png
- /data/data/####/top.png
- /data/data/####/top2.png
- /data/data/####/updata.html
- /data/data/####/updata.png
- /data/data/####/user_menu.html
- /data/data/####/vin.png
- /data/data/####/vip.png
- /data/data/####/vipcard.html
- /data/data/####/vue.js
- /data/data/####/waiting_evaluate.html
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/weixin.png
- /data/data/####/wfyp2.png
- /data/data/####/wfyp224.png
- /data/data/####/who.jpg
- /data/data/####/wuxing.png
- /data/data/####/wuxing2.png
- /data/data/####/wx.png
- /data/data/####/xdc.png
- /data/data/####/xiaoxi.png
- /data/data/####/yb.png
- /data/data/####/yfh.png
- /data/data/####/ygq1.png
- /data/data/####/ykznApp.js
- /data/data/####/ysf.png
- /data/data/####/ywc.png
- /data/data/####/ywc1.png
- /data/data/####/ywc2.png
- /data/data/####/ywc3.png
- /data/data/####/ywc4.png
- /data/data/####/ywc5.png
- /data/data/####/zcxy.html
- /data/data/####/zfb.png
- /data/data/####/zhuyi.png
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.imei.txt
- /data/media/####/AdEnable.dat
- /data/media/####/app.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.wfqp.yykj.bin
- /data/media/####/com.wfqp.yykj.db
- /data/media/####/conlts.dat
- /data/media/####/ls.db
- /data/media/####/ls.db-journal
- /data/media/####/test.log
- /data/media/####/yoh.dat
- /data/media/####/yol.dat
- /data/media/####/yom.dat
Другие:
Запускает следующие shell-скрипты:
- <Package Folder>/files/gdaemon_20161017 0 <Package>/io.dcloud.feature.apsGt.GTNormalPushService 24312 300 0
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/files/gdaemon_20161017
- mount
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/io.dcloud.feature.apsGt.GTNormalPushService 24312 300 0
Загружает динамические библиотеки:
- BaiduMapSDK_base_v4_3_1
- getuiext2
- libjiagu-631050578
- locSDK7a
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
