Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Triada.477.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.b####.lie####.cn:80
- TCP(HTTP/1.1) api.sdk.f####.cn:80
- TCP(HTTP/1.1) ly-xiao####.oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) me####.t####.com.####.cn:80
- TCP(HTTP/1.1) api.v2.sdk.####.cn:80
- TCP(HTTP/1.1) oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) s####.y####.cn:80
- TCP(HTTP/1.1) thi####.q####.cn:80
- TCP(TLS/1.0) av1.x####.com:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) c####.x####.com:443
- TCP(TLS/1.0) p####.ou####.com:4433
- TCP(TLS/1.0) i####.j####.com:443
- TCP(TLS/1.0) abc.abcdse####.com:8888
Запросы DNS:
- abc.abcdse####.com
- api.b####.lie####.cn
- api.sdk.f####.cn
- api.v2.sdk.####.cn
- av1.x####.com
- c####.x####.com
- c####.x####.com
- h####.b####.com
- i####.j####.com
- j####.lie####.cn
- log.u####.com
- ly-xiao####.oss-cn-####.aliy####.com
- m.b####.lie####.cn
- me####.t####.com
- oss-cn-####.aliy####.com
- p####.ou####.com
- plb####.u####.com
- s####.y####.cn
- thi####.q####.cn
- u####.u####.com
Запросы HTTP GET:
- api.b####.lie####.cn/Api/Topic/getHotTopicAndComment?book_id=####
- api.b####.lie####.cn/Api/start_pic/startpiclist
- api.b####.lie####.cn/Book/detail?bookId=####
- api.b####.lie####.cn/Book/getListByAuthor?author=####&start=####&limit=#...
- api.b####.lie####.cn/Book/getListByCatId?cat=####&start=####&limit=####&...
- api.b####.lie####.cn/Book/getListByIds?bookIds=####
- api.b####.lie####.cn/Book/homeBookNew?gender=####
- api.b####.lie####.cn/Book/homeFindNew
- api.b####.lie####.cn/Home/Book/getFindNewBookCircle?limit=####&page=####
- api.b####.lie####.cn/Service/getAppVersion?channelId=####&packageName=##...
- api.b####.lie####.cn/Service/reportDevice?factor=####&imei=####&imsi=###...
- api.b####.lie####.cn/User/getAdFreeConfig?token=####
- api.b####.lie####.cn/User/getInfo?token=####
- api.b####.lie####.cn/advert/getListByBookId?book_id=####
- api.b####.lie####.cn/privacy_protocol.html
- api.b####.lie####.cn/service/getAdConfig?channelId=####&device_type=####...
- api.b####.lie####.cn/user/syncUserBooksByAdmin?gender=####&token=####
- api.sdk.f####.cn/v2/initUrl?appId=####
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/14669.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/15134.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/16988.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17330.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17720.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17812.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23742.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23749.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23986.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/152984.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153317.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153352.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153688.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112138.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112281.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112282.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112389.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112390.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/113417.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/113809.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114017.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114098.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114138.jpg
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-07-15/c8...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-07-29/2f...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/20...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/27...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/4d...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/66...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/82...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/8b...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/cd...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_avatar/2019_08_02/5d4...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/007c31858d6a...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/2c586f18baa5...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/65a6afd5849c...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/b225733c17f0...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/f9861e564ca1...
- me####.t####.com.####.cn/2/6/f/8/26f868428d03a23b45e795ab08f2e5db.jpg
- me####.t####.com.####.cn/2/e/4/4/2e442def9c29f03dfbf9ef7afe803cde.jpg
- me####.t####.com.####.cn/2014/05/07/4/5/4/b/454b5d13af9c4a55a169d660eb34...
- me####.t####.com.####.cn/2014/05/07/b/c/5/0/bc5010c334eb4c3cb3356cacee2f...
- me####.t####.com.####.cn/2014/07/07/b/0/3/3/b0334d488a4844ab94bf329b4c76...
- me####.t####.com.####.cn/2015/03/04/7/c/5/b/7c5b5f8e48894671835ad6f14360...
- me####.t####.com.####.cn/2015/03/17/3/f/b/f/3fbf13f5419544c980f730831dea...
- me####.t####.com.####.cn/2015/06/25/a/0/3/c/a03c12a9f8884320afc1a964c919...
- me####.t####.com.####.cn/2015/11/24/a/b/4/b/ab4bebd0498141e295a753f3d508...
- me####.t####.com.####.cn/2016/01/06/4/7/6/1/4761e84d80be404787ad94297d72...
- me####.t####.com.####.cn/2016/02/25/0/0/d/1/00d1ee000fdb40c89424837438af...
- me####.t####.com.####.cn/2016/11/10/c/e/8/d/ce8d4e14b702490db1deb6f4dcd9...
- me####.t####.com.####.cn/2016/11/16/8/c/6/e/8c6e7319f1154c6b8d5d8edc9abe...
- me####.t####.com.####.cn/2017/04/13/d/2/8/3/d283f7a9da9148318209a0e81465...
- me####.t####.com.####.cn/2017/07/19/4/2/3/7/42371c26f8a7449b979be0a9e675...
- me####.t####.com.####.cn/2018/01/05/2/d/3/8/2d383ad0d1f249dc8c0b16f934d5...
- me####.t####.com.####.cn/2018/02/05/c/c/a/5/cca56efeb8ed4737ad26b6e0375c...
- me####.t####.com.####.cn/2018/06/14/0/2/0/9/0209c5d66428479a93fe89b0c03e...
- me####.t####.com.####.cn/2019/03/29/12/22/f7bc863ba7794b81baecc76d84587a...
- me####.t####.com.####.cn/7/7/2/6/7726e3ed586131df6e06ffc1ff6b016b.jpg
- me####.t####.com.####.cn/8/9/d/2/89d2c35e0a4dc208d7d575353d94c1c8.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c876060c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c98d25d3.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14ca254c4b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14de068502.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14df6a02d9.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1523901ccd.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15252e7fce.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1526a11e7f.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1552937362.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1553251a46.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1553e7308c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15574d6bcf.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e11d8e55.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e229f177.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f677d226.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f7a544c8.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-15/5d2c38fb81b7b.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-15/5d2c3935b51d3.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d33ef61ed6.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d353b01914.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-30/5d4047ef5cd27.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-30/5d404d1f35f30.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c0fd3a13.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c3a36bfb.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c7a81e8f.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c98f112b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-12/5d50df4380901.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-13/5d52677f5542e.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-13/5d5269d2891f2.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3984d9186.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3c8da6c76.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-30/5d693f303ab95.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-30/5d693f5dbea51.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-05/5d710921630c5.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-05/5d7128dccebf9.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-06/5d7220a6e802a.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-06/5d7220b467b34.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d75b24ece929.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d75b309db0cf.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d75b3d7a65d5.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7630fa2c67b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7631085aaa4.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d76311722db1.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d763125b14ff.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-11/5d789e8ea6787.j...
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-16/5d7efe1f8203c.png
- s####.y####.cn/Upload/cover/da/201501040202141443.jpg
- s####.y####.cn/Upload/cover/da/20160617164501.jpg
- s####.y####.cn/Upload/cover/da/20160617164710.jpg
- s####.y####.cn/Upload/cover/da/20180125153204-107965.jpg
- thi####.q####.cn/mmopen/vi_32/ajNVdqHZLLDiaEybaLNCicS5nWtT8GniaWSPL28fWi...
Запросы HTTP POST:
- api.b####.lie####.cn/Event/homeReport
- api.b####.lie####.cn/ReportStaticts/startUp
- api.b####.lie####.cn/event/advertisement
- api.b####.lie####.cn/event/page
- api.v2.sdk.####.cn/v2/aiList
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/02c76bf407b5ef4eef62d2f8b86b0cb538a79550ad943aa....0.tmp
- /data/data/####/0aa368a2cfc98a98d310b14391d356fc9378146612ff91b....0.tmp
- /data/data/####/0dad081952e0469aced84a203dcbc5eb59985b9aff3ad97....0.tmp
- /data/data/####/0e1cb0ca451a489ddc34f89a9f419d72aafa477f6e75f3b....0.tmp
- /data/data/####/110689.jar
- /data/data/####/115cbae01d40fcf36f4d54dfcacfdfbf426482734ce1d92....0.tmp
- /data/data/####/1332d62e947695ce6764203c990e6af7e2d170713338905....0.tmp
- /data/data/####/13cd15bebbe125e0e2e9fb34590e1c2003d037b00e04fcc....0.tmp
- /data/data/####/143346465a522ecf84c6b0869b117edf88c808992bc3c9a....0.tmp
- /data/data/####/1568618570520_2213
- /data/data/####/1568618570757_2213
- /data/data/####/1568618571201_2213
- /data/data/####/1568618571647_2213
- /data/data/####/1568618572545_2213
- /data/data/####/1568618572635_2213
- /data/data/####/1568618574024_2213
- /data/data/####/1568618574665_2213
- /data/data/####/1568618575096_2213
- /data/data/####/1568618575894_2213
- /data/data/####/1568618587266_2213
- /data/data/####/1568618588110_2213
- /data/data/####/1568618588311_2213
- /data/data/####/1568618588402_2213
- /data/data/####/1568618590331_2213
- /data/data/####/1568618590695_2213
- /data/data/####/1568618590984_2213
- /data/data/####/1568618591076_2213
- /data/data/####/1568618611847_2213
- /data/data/####/1568618611970_2213
- /data/data/####/1568618617768_2213
- /data/data/####/1568618617838_2213
- /data/data/####/1568618619640_2213
- /data/data/####/1568618619867_2213
- /data/data/####/1568618620024_2213
- /data/data/####/1568618620591_2213
- /data/data/####/1568618635447_2213
- /data/data/####/156ad60a747d9601395f98d35c650a90d56878ec27ce0d0....0.tmp
- /data/data/####/164c79a7b627a7b44c29822d78bb7a9d0b96393c5855069....0.tmp
- /data/data/####/179b1e46920359283634234526d259035a04e60fa0d3a1d....0.tmp
- /data/data/####/1abad8c80238f76917c6e26609c8ce06011d9e6e3509bf0....0.tmp
- /data/data/####/1d1e79b5785c5eb7404d301284413785dc5d9e77639709e....0.tmp
- /data/data/####/1d8c6d63f28990dabdc1b5f8d24e3d4c771ea1f1fcfce13....0.tmp
- /data/data/####/204957323960bfdc6e77373bc8d376ad901a2c7a065c5c9....0.tmp
- /data/data/####/2235e3e532d75a099baec8f004baa26acc8c4146b3da233....0.tmp
- /data/data/####/2254b24d1b6ace7e9bfe440e34817c89bd7d45e003e0776....0.tmp
- /data/data/####/29e4fb94932189909efc8163d7001619d3ab233f2679201....0.tmp
- /data/data/####/2a0b6652b793cf7ee5cd6618ee3c62862e7a1cb081e2e47....0.tmp
- /data/data/####/2c321714731eed36ea4d09966a79eb7124982d901b9d52e....0.tmp
- /data/data/####/2f0dae7555d9298929967842615822c1747a8add4185c17....0.tmp
- /data/data/####/2f6b12156e0cbd1219191d1e82e97e7faecef7b01b28e68....0.tmp
- /data/data/####/2fe7bb6b4db4860c0068763bcdc76d030539056b7e11ef7....0.tmp
- /data/data/####/302c926ea71f9abb1e8dad69a7acc70a7ff447e482db78d....0.tmp
- /data/data/####/34fb9350cc2cc918156bec7385f9377d759d41dce2a5b36....0.tmp
- /data/data/####/3aab7548e1e4a54c14ca1cbd8d8b6d0a9126919ec3964eb....0.tmp
- /data/data/####/42263c31592a78b550310758c5e8fa384ad6f8b10a90c5f....0.tmp
- /data/data/####/45ade48d321f024c6ade6cff23958bced533040e002b30d....0.tmp
- /data/data/####/4ce1a8f129e2c4a8be5f875313c0c433810b9a356bd3e66....0.tmp
- /data/data/####/4db4492c4f22b25090d62019d8336e1cd2b01a2bb48bd4a....0.tmp
- /data/data/####/4e93b3835f9ea50cda979b97302c3892c4f3fe1e6acf947....0.tmp
- /data/data/####/4ed4ccae9605fbd9a8ccd6a98c8770031a3d5d093512607....0.tmp
- /data/data/####/52bbf918a99744e97168f494d1a3d061294ea8fec2757cb....0.tmp
- /data/data/####/52e13671d4d7c01a1a9e117160864fb8d38b471c7912c4b....0.tmp
- /data/data/####/57c293ea6af8858a208c2f93402a516da70100da1df6a91....0.tmp
- /data/data/####/582a7fae937446b53780f3451b022f92c10909270a9592a....0.tmp
- /data/data/####/59dbce7a32f95789c0df93b14c13e418abc9e1e7fb53a24....0.tmp
- /data/data/####/5cdc13365417eb7d178b84a51fe798a757120ede1db24e0....0.tmp
- /data/data/####/5d863a0b9ccadd5369ff55d89c058300a27902ef92973e7....0.tmp
- /data/data/####/5f6e1855de6e20230cb52a49d210423102bf23e9e7edf32....0.tmp
- /data/data/####/63ef14702dc53f2be0d9767bd23ce03cd462ac6c2326fad....0.tmp
- /data/data/####/6a1406bd7f88dc7c18c9556a0524dbba7d283abec697816....0.tmp
- /data/data/####/6a4e246e5e798e4586a846777c6de7887d7de0401925419....0.tmp
- /data/data/####/710fdcab5b29ff9507e000bd008db5c50951d8f4e1963cb....0.tmp
- /data/data/####/73aaf4008c3a5d54d54cc7d0b42391e155cef3b09df51ce....0.tmp
- /data/data/####/74e61abb2f903a0671e31eb6e101f0b96dc805c513e1239....0.tmp
- /data/data/####/750444f4d81262abd2fc1c918ebad5b6d228070ab41c973....0.tmp
- /data/data/####/76f5769fd931f61e421894c0af100190c42e7ac5a937309....0.tmp
- /data/data/####/7820bccc3713b88f74212e15daaf0a49e4e844557f42aa7....0.tmp
- /data/data/####/7a614c814dc5a4889180b18ab76d739c84249c4c144b143....0.tmp
- /data/data/####/7aca373b4f993e765ea14d6efc7b623ad4bc14800a76b5f....0.tmp
- /data/data/####/7b8f6244f1be849fb893876f4fcc5860305481800931a81....0.tmp
- /data/data/####/7f24a5fdf5083775e1aae18fcb483a71dc3a4f6c4f172fe....0.tmp
- /data/data/####/7fc78691da6760b9161dd7a7927d39b35a2f6d95f5d553a....0.tmp
- /data/data/####/7fd6d5b68a9e8b855f52904769a31876214910b66ef55c5....0.tmp
- /data/data/####/80339d7269d54aa9569c72742ab0017df5b2992e530c395....0.tmp
- /data/data/####/810c8d44302d426436d43807150b370fd33762cac3b716d....0.tmp
- /data/data/####/85eef175644a880c97c93b218a0cdcad811ac42876a8682....0.tmp
- /data/data/####/87992c3acd196c8c9e016b00c5c4e07408d8536f623198a....0.tmp
- /data/data/####/88b208f8e9dab6a1d924a772de3491f5c721121e08bdcb1....0.tmp
- /data/data/####/8c8a2e2bb43d80ac05772a996c102f9bcdd45111f838575....0.tmp
- /data/data/####/8ddf0d98cad9c0916620fef5e908e113af4544a84178b2a....0.tmp
- /data/data/####/92d9085f96103a60f077ccd74051a083728597a64ba2ccd....0.tmp
- /data/data/####/93959543abe5f89683980c2567419b890a796c4883df437....0.tmp
- /data/data/####/93a080925aad1d5eb49605b7e2910e984e7b2934dfe0365....0.tmp
- /data/data/####/941bf36d9313f42649e9b8cd15dffe12dabab3043a3597f....0.tmp
- /data/data/####/9617e3b293ec5be432f4d73fa89555f32aab2c6878bb331....0.tmp
- /data/data/####/99a44ecf1141097fb41bcc34d92b52a25c12276a0549dda....0.tmp
- /data/data/####/9b127838293d7aa92640a3db365efe4c37397d32f134bf0....0.tmp
- /data/data/####/9bbc2c79b00f32dd6ad483ef57b7ca52b09633848445499....0.tmp
- /data/data/####/9c1b411495ebcaf25fb5f99b8bfd56b25c31f76fa507402....0.tmp
- /data/data/####/9c34df82eaaa28e72e3d1528ff6ef265ff48ad01d33c982....0.tmp
- /data/data/####/9ca401fd0e56dc65b6d7ec85728995357635da514eda2a0....0.tmp
- /data/data/####/9e91eae95717a42c6597ed82f6d6d3956ecb0967c87b118....0.tmp
- /data/data/####/Archimedes_p1
- /data/data/####/Archimedes_p2
- /data/data/####/Archimedes_p3
- /data/data/####/Archimedes_p4
- /data/data/####/Archimedes_p5
- /data/data/####/LY_AD_KEY.xml
- /data/data/####/PreferanceUtil.xml
- /data/data/####/TDCloudSettingsConfig8B95F6FFB5124FA2A9AA840736F3E611.xml
- /data/data/####/TD_app_pefercen_profile.xml
- /data/data/####/TDpref_cloudcontrol1.xml
- /data/data/####/TDpref_longtime.xml
- /data/data/####/TDpref_longtime0.xml
- /data/data/####/TDpref_shorttime.xml
- /data/data/####/TDpref_shorttime0.xml
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/__local_ap_info_cache.json
- /data/data/####/__local_last_session.json
- /data/data/####/__local_stat_cache.json
- /data/data/####/__send_data_1568618571757
- /data/data/####/a049cbe8e32d49a3e90aa6d913726092345e4078de0f11e....0.tmp
- /data/data/####/a06ac53f7179ac196407810378ea691f8ca78f783fce042....0.tmp
- /data/data/####/a0b561931bf19bcc7b61b16b9c5c4e9459971ee449d05ee....0.tmp
- /data/data/####/a1bde279f1d5975ea846abe9bb0ef7845eadb36aaaeccce....0.tmp
- /data/data/####/a347b91c26fe9595032664269792238d91b0112aa419233....0.tmp
- /data/data/####/a47b2a05b28b108254113629b5f3feb2c5b0bc0ba1f1f5b....0.tmp
- /data/data/####/a4c61bab6bfee7974359784798e95bde2889152488e5663....0.tmp
- /data/data/####/a9d143a1788932653e263a7b11f11971b9a6bd7c905fb9e....0.tmp
- /data/data/####/ab8660f21f8f077f3659e61e42210ff894c88b2b8961269....0.tmp
- /data/data/####/acd29d94d7d2978797f812b77d1caf8a033678515f5ee02....0.tmp
- /data/data/####/af5455188d1e91855a89fa158082cfacaaff34607aff0a7....0.tmp
- /data/data/####/b20401b7d89d474f36a5091a222e9eff8adadf13bc31549....0.tmp
- /data/data/####/b4a17bf12c5bc6238c440f4c1b487c4d908a7539ee48463....0.tmp
- /data/data/####/b712b3330ac37157f9f4dab2abd57a21f4941d141f5747d....0.tmp
- /data/data/####/baidu_mtj_sdk_record.xml
- /data/data/####/bb2c192d136eab3fe55d80178f26cf4eaec51c83eaf5bcb....0.tmp
- /data/data/####/c0923f0e69bca2afd9c9fa70ee95a321277c43445c9f1f5....0.tmp
- /data/data/####/c22f00343745d23a5d9b7a04cf0c9820813f20bb52a3a7b....0.tmp
- /data/data/####/c739c52db622c2bf629844ef6fece26efa19435686b197c....0.tmp
- /data/data/####/c8b268943eaf544ae23b9258ce43b2964d00ed0cfcb948b....0.tmp
- /data/data/####/cb0ba5a64057238fd427d75d206a86061f2727927109667....0.tmp
- /data/data/####/ce62ec408bf42e892ea3cc522a488080abb2896db441354....0.tmp
- /data/data/####/com.aikesi.app.DEFAULT_PREF.xml
- /data/data/####/com.qiyu.wang.readbook_preference.xml
- /data/data/####/d0404171581757597149a71770e28aaa261c057f567374e....0.tmp
- /data/data/####/d2534214aaf31f039f331befdccefa2e649f422d6eb4e17....0.tmp
- /data/data/####/d543a7ef3b66f36db2607c6108abed8c36084e832bb5a27....0.tmp
- /data/data/####/d6a7498de9034e40c7a11a5bfb453cb48a0813955e5a785....0.tmp
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTY4NjE4NTY5NTY2;
- /data/data/####/dW1weF9zaGFyZV8xNTY4NjE4NTczNzE3;
- /data/data/####/dW1weF9zaGFyZV8xNTY4NjE4NTczNzg5;
- /data/data/####/da5a8b197274628bc4d85aea97341f03396dbd87fffd9a8....0.tmp
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/db3c024e9720ba04ceaa73a0387bc277e6226c5ac2fa1d5....0.tmp
- /data/data/####/db8b9d7afec3f2fbefb2e562916a9914a6ffe3b2a4d256c....0.tmp
- /data/data/####/e0842450b8cd693dc39787e50c49152a99af3cc7e98ede0....0.tmp
- /data/data/####/e0fd22c5318a0da664795c03ffb1ee49492a1fb6e65f7e5....0.tmp
- /data/data/####/e220e0136e896bfedbb5c551d0454fb48c6d55b02424d85....0.tmp
- /data/data/####/e53fd7b1e7d3031687832c9cc0670d66273e9902a198e99....0.tmp
- /data/data/####/ea4e851f3785cb16ef310368114467fc5a1c60151791584....0.tmp
- /data/data/####/eac3da21ff36e3396e3cf51a955397102c72e2dbcaae45b....0.tmp
- /data/data/####/eedd4a1bfb44b213836503987d7935926ed767767fd1083....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f7b83acdde9f4bacf7593cc7289b0f902174403a188fcc4....0.tmp
- /data/data/####/f928ff1903b4e30d31e2f96c1c3216c1de490eb74731885....0.tmp
- /data/data/####/fdb190c102a8f34aa5840031763965fb770b9359765f0d9....0.tmp
- /data/data/####/ff3c2e1a8075de7f239e006034362f7f9fc7d533fc633e6....0.tmp
- /data/data/####/i==1.2.0&&1.2.2_1568618569618_envelope.log
- /data/data/####/index
- /data/data/####/info.xml
- /data/data/####/init_urls.xml
- /data/data/####/iv
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libjiagu1782438597.so
- /data/data/####/multidex.version.xml
- /data/data/####/novel_page.db
- /data/data/####/novel_page.db-journal
- /data/data/####/salt
- /data/data/####/share.db-journal
- /data/data/####/tdid.xml
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_socialize.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/xiaoshuo.db-journal
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.confd
- /data/media/####/.confd-journal
- /data/media/####/.cuid2
- /data/media/####/.nomedia
- /data/media/####/.timestamp
- /data/media/####/.umm.dat
- /data/media/####/9cbf377cce9beb4e2573602286191266.xml
- /data/media/####/channel-ly.txt
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- getprop
- getprop ro.build.display.id
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.miui.ui.version.name
- getprop ro.smartisan.version
- getprop ro.vivo.os.version
- ls /
- ls /sys/class/thermal
Загружает динамические библиотеки:
- crash_analysis
- libjiagu1782438597
Использует следующие алгоритмы для шифрования данных:
- AES
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- Des-ECB-NoPadding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
