Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Triada.4276
- Android.Triada.477.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.b####.lie####.cn:80
- TCP(HTTP/1.1) api.sdk.f####.cn:80
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) ly-xiao####.oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) me####.t####.com.####.cn:80
- TCP(HTTP/1.1) api.v2.sdk.####.cn:80
- TCP(HTTP/1.1) oss-cn-####.aliy####.com:80
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) av1.x####.com:443
- TCP(TLS/1.0) 1####.217.17.78:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) 2####.119.244.125:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) c####.x####.com:443
- TCP(TLS/1.0) loc.map.b####.com:443
- TCP(TLS/1.0) p####.ou####.com:4433
- TCP(TLS/1.0) i####.j####.com:443
- TCP(TLS/1.0) abc.abcdse####.com:8888
Запросы DNS:
- abc.abcdse####.com
- api.b####.lie####.cn
- api.map.b####.com
- api.sdk.f####.cn
- api.v2.sdk.####.cn
- av1.x####.com
- c####.x####.com
- c####.x####.com
- h####.b####.com
- i####.j####.com
- j####.lie####.cn
- loc.map.b####.com
- ly-xiao####.oss-cn-####.aliy####.com
- me####.t####.com
- mt####.go####.com
- oss-cn-####.aliy####.com
- p####.ou####.com
- plb####.u####.com
- pv.s####.com
- u####.u####.com
Запросы HTTP GET:
- api.b####.lie####.cn/Api/start_pic/startpiclist
- api.b####.lie####.cn/Book/autoComplete?query=####
- api.b####.lie####.cn/Book/getListByIds?bookIds=####
- api.b####.lie####.cn/Book/homeBookNew?gender=####
- api.b####.lie####.cn/Book/homeFindNew
- api.b####.lie####.cn/Book/hotKeywords
- api.b####.lie####.cn/Book/search?query=####&start=####&limit=####&device...
- api.b####.lie####.cn/Home/Book/getFindNewBookCircle?limit=####&page=####
- api.b####.lie####.cn/Service/getAppVersion?channelId=####&packageName=##...
- api.b####.lie####.cn/Service/reportDevice?factor=####&imei=####&imsi=###...
- api.b####.lie####.cn/User/getAdFreeConfig?token=####
- api.b####.lie####.cn/User/getInfo?token=####
- api.b####.lie####.cn/service/getAdConfig?channelId=####&device_type=####...
- api.b####.lie####.cn/user/syncUserBooksByAdmin?gender=####&token=####
- api.sdk.f####.cn/v2/initUrl?appId=####
- gd.a.s####.com/cityjson?ie=####
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/15082.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/15134.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/153712.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/16988.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17742.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17812.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/20527.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23685.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23742.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23752.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23862.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/25135.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/25150.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/152983.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153317.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153352.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153688.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/changdu/117344.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112281.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112282.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112389.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112390.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/113449.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114017.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114206.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114222.jpg
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-07-29/2f...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-08-23/1c...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/27...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/4d...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/66...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/82...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/8b...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/cd...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/eb...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-23/df...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_avatar/2019_07_27/5d3...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_avatar/2019_08_19/5d5...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_avatar/2019_09_02/5d6...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/f85e5443122e...
- me####.t####.com.####.cn/2/e/4/4/2e442def9c29f03dfbf9ef7afe803cde.jpg
- me####.t####.com.####.cn/2014/07/07/b/0/3/3/b0334d488a4844ab94bf329b4c76...
- me####.t####.com.####.cn/2014/12/31/4/0/5/e/405eb22214fc4feda18e9194836b...
- me####.t####.com.####.cn/2015/11/24/5/c/c/a/5cca3221f606410bae1ec32ba7b4...
- me####.t####.com.####.cn/2016/01/06/4/7/6/1/4761e84d80be404787ad94297d72...
- me####.t####.com.####.cn/2016/01/19/6/e/2/b/6e2b3c51909b4b16aff541175cf5...
- me####.t####.com.####.cn/2016/11/10/c/e/8/d/ce8d4e14b702490db1deb6f4dcd9...
- me####.t####.com.####.cn/2017/05/02/b/6/5/d/b65ddedbf5ce41d98e43d1557f69...
- me####.t####.com.####.cn/2017/09/22/b/b/9/8/bb9872f15d434d90827434fccf5d...
- me####.t####.com.####.cn/2018/06/14/0/2/0/9/0209c5d66428479a93fe89b0c03e...
- me####.t####.com.####.cn/2019/03/29/12/22/f7bc863ba7794b81baecc76d84587a...
- me####.t####.com.####.cn/3/b/5/5/3b558167588a61914c0071b31cf4421b.jpg
- me####.t####.com.####.cn/7/b/0/d/7b0d4fe572f5eff8b32ee26fe14037e9.jpg
- me####.t####.com.####.cn/e/b/a/0/eba03e7edba8fcc61383edff40547151.jpg
- me####.t####.com.####.cn/f/3/1/2/f312e6e63fc64633b2ffa9452ea0b246.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c876060c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c98d25d3.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14ca254c4b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14de068502.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14df6a02d9.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14e1990357.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1523901ccd.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15252e7fce.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1526a11e7f.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1552937362.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1553e7308c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15574d6bcf.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e11d8e55.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e229f177.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f677d226.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f7a544c8.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-15/5d2c3935b51d3.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d33ef61ed6.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d34375560f.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d353b01914.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-30/5d4047ef5cd27.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-30/5d404d1f35f30.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c0fd3a13.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c3a36bfb.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c7a81e8f.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-12/5d50df4380901.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-13/5d5269d2891f2.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3c7cf3952.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3c8da6c76.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-26/5d6350b18b8a8.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-06/5d7220b467b34.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7630fa2c67b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7631085aaa4.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d76311722db1.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d763125b14ff.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-16/5d7efe1f8203c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-20/5d843e7e17175.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-15/5da5297e20207.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-15/5da529d0e9442.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5dafefdad7623.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5daff2ce5afcd.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db007fc40c10.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db00885e02e6.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db00b71f3a05.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db00bc202738.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-10-23/5db02b0110052.png
Запросы HTTP POST:
- api.b####.lie####.cn/ReportStaticts/startUp
- api.b####.lie####.cn/event/track
- api.v2.sdk.####.cn/v2/aiList
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/020f5e394f13b48c7aa7f667310d3da12e8e9c82f45b165....0.tmp
- /data/data/####/0b9f746fa54c195d222880938cfed10e4b3737c97d3d048....0.tmp
- /data/data/####/110753.jar
- /data/data/####/110907.jar
- /data/data/####/115cbae01d40fcf36f4d54dfcacfdfbf426482734ce1d92....0.tmp
- /data/data/####/1332d62e947695ce6764203c990e6af7e2d170713338905....0.tmp
- /data/data/####/1571888186057_2277
- /data/data/####/1571888186198_2277
- /data/data/####/1571888186694_2277
- /data/data/####/1571888186813_2277
- /data/data/####/1571888187474_2277
- /data/data/####/1571888189802_2277
- /data/data/####/1571888190147_2277
- /data/data/####/1571888190383_2277
- /data/data/####/1571888190533_2277
- /data/data/####/1571888191130_2277
- /data/data/####/1571888191230_2277
- /data/data/####/1571888191314_2277
- /data/data/####/1571888191622_2277
- /data/data/####/1571888194272_2431
- /data/data/####/1571888194516_2277
- /data/data/####/1571888194580_2431
- /data/data/####/1571888195103_2431
- /data/data/####/1571888195361_2431
- /data/data/####/1571888213903_2277
- /data/data/####/1571888214070_2277
- /data/data/####/1571888214157_2277
- /data/data/####/1571888214345_2277
- /data/data/####/1571888214397_2277
- /data/data/####/1571888214467_2277
- /data/data/####/1571888214527_2277
- /data/data/####/1571888214575_2277
- /data/data/####/1571888214650_2277
- /data/data/####/1571888214688_2277
- /data/data/####/1571888217352_2277
- /data/data/####/1571888222479_2277
- /data/data/####/1571888251291_2277
- /data/data/####/179b1e46920359283634234526d259035a04e60fa0d3a1d....0.tmp
- /data/data/####/17ca34a96c9382fe8b6b04fca8927473b0f8a8b85e1abda....0.tmp
- /data/data/####/1d8c6d63f28990dabdc1b5f8d24e3d4c771ea1f1fcfce13....0.tmp
- /data/data/####/2235e3e532d75a099baec8f004baa26acc8c4146b3da233....0.tmp
- /data/data/####/22c4d56706005b2071a4da49c3c8a194a872306a9245545....0.tmp
- /data/data/####/22c4d56706005b2071a4da49c3c8a194a872306a9245545...843f.0
- /data/data/####/22c6a5654ec0b6d780514a16ecc39396af7ed359cb72a1b....0.tmp
- /data/data/####/27d22f2138b2ca0272830794a3b1e6189057fd287cc1c1e....0.tmp
- /data/data/####/28d8d859c648f61f65a6447e79f53e33ebfd4d68aaf68e0....0.tmp
- /data/data/####/29e4fb94932189909efc8163d7001619d3ab233f2679201....0.tmp
- /data/data/####/2dcaa711587b15ef5f1421767138ea7a12dcb695ffb08f3....0.tmp
- /data/data/####/2f0dae7555d9298929967842615822c1747a8add4185c17....0.tmp
- /data/data/####/2f6b12156e0cbd1219191d1e82e97e7faecef7b01b28e68....0.tmp
- /data/data/####/302c926ea71f9abb1e8dad69a7acc70a7ff447e482db78d....0.tmp
- /data/data/####/3093843cad7e9b99e757b0e9d67d921749f7766001419c1....0.tmp
- /data/data/####/34c6ee411feaeb9a291df9351feda62ae2b91400ff3e4c8....0.tmp
- /data/data/####/401e498822d1d2b68c37e489662b86790eb891f1fbdda35....0.tmp
- /data/data/####/42263c31592a78b550310758c5e8fa384ad6f8b10a90c5f....0.tmp
- /data/data/####/433c03790ebffbdb90a63fba466a07413bde9badbb973fb....0.tmp
- /data/data/####/433c03790ebffbdb90a63fba466a07413bde9badbb973fb...d995.0
- /data/data/####/4e2a8cfd91af729ee0cceea62041176e975db9ccc02d9ca....0.tmp
- /data/data/####/4e93b3835f9ea50cda979b97302c3892c4f3fe1e6acf947....0.tmp
- /data/data/####/4ed4ccae9605fbd9a8ccd6a98c8770031a3d5d093512607....0.tmp
- /data/data/####/506347788653b0e54ddf479b2f41a73393c72a47ee20591....0.tmp
- /data/data/####/52e13671d4d7c01a1a9e117160864fb8d38b471c7912c4b....0.tmp
- /data/data/####/59dbce7a32f95789c0df93b14c13e418abc9e1e7fb53a24....0.tmp
- /data/data/####/5f6e1855de6e20230cb52a49d210423102bf23e9e7edf32....0.tmp
- /data/data/####/63655da962f028aea865919689dc9ac4d5c66ac47ff30f8....0.tmp
- /data/data/####/63ef14702dc53f2be0d9767bd23ce03cd462ac6c2326fad....0.tmp
- /data/data/####/6ff8873224b942897666d5e90f3cdb2d2cbbdbff834eb03....0.tmp
- /data/data/####/724910d593c80f813e2ba169ea713e0ceb899a024853a9d....0.tmp
- /data/data/####/74e61abb2f903a0671e31eb6e101f0b96dc805c513e1239....0.tmp
- /data/data/####/7756f075bccf9af2755f7eee46e0308ccce7f0bbc852fe8....0.tmp
- /data/data/####/7820bccc3713b88f74212e15daaf0a49e4e844557f42aa7....0.tmp
- /data/data/####/7aca373b4f993e765ea14d6efc7b623ad4bc14800a76b5f....0.tmp
- /data/data/####/7dc8f7c6fd0337e91215ecb3905e68c45f7c37aa6690f1a....0.tmp
- /data/data/####/7f24a5fdf5083775e1aae18fcb483a71dc3a4f6c4f172fe....0.tmp
- /data/data/####/7fc78691da6760b9161dd7a7927d39b35a2f6d95f5d553a....0.tmp
- /data/data/####/7fd6d5b68a9e8b855f52904769a31876214910b66ef55c5....0.tmp
- /data/data/####/80339d7269d54aa9569c72742ab0017df5b2992e530c395....0.tmp
- /data/data/####/80f4ef7746975e88cb755cc4041f10e657820b7d02331e4....0.tmp
- /data/data/####/82a48ca495af91eb3be1963f0a240a9c3d23fb00934c881....0.tmp
- /data/data/####/83241712b516160f3530ff064bca353716559877b6627dc....0.tmp
- /data/data/####/85eef175644a880c97c93b218a0cdcad811ac42876a8682....0.tmp
- /data/data/####/87992c3acd196c8c9e016b00c5c4e07408d8536f623198a....0.tmp
- /data/data/####/87f003832ba66814267db7acb187b127d42d2b7dd83f7a0....0.tmp
- /data/data/####/8894df72e5a7afaeba28c77c470ea9518f107ee435dca61....0.tmp
- /data/data/####/88b208f8e9dab6a1d924a772de3491f5c721121e08bdcb1....0.tmp
- /data/data/####/8a1058ac62bc7dea60da53a54e93321a6f668dd90d21cae....0.tmp
- /data/data/####/8c8a2e2bb43d80ac05772a996c102f9bcdd45111f838575....0.tmp
- /data/data/####/92d9085f96103a60f077ccd74051a083728597a64ba2ccd....0.tmp
- /data/data/####/93959543abe5f89683980c2567419b890a796c4883df437....0.tmp
- /data/data/####/9617e3b293ec5be432f4d73fa89555f32aab2c6878bb331....0.tmp
- /data/data/####/992682cfcf001dab4eeefd63d9a4df2672aaf0577472143....0.tmp
- /data/data/####/9c1b411495ebcaf25fb5f99b8bfd56b25c31f76fa507402....0.tmp
- /data/data/####/9ca401fd0e56dc65b6d7ec85728995357635da514eda2a0....0.tmp
- /data/data/####/9ea32dcd033d424087e012f8e2cbb840e4e6d72cc0e4327....0.tmp
- /data/data/####/Archimedes_p1
- /data/data/####/Archimedes_p2
- /data/data/####/Archimedes_p3
- /data/data/####/Archimedes_p4
- /data/data/####/Archimedes_p5
- /data/data/####/LY_AD_KEY.xml
- /data/data/####/PreferanceUtil.xml
- /data/data/####/TDCloudSettingsConfig8B95F6FFB5124FA2A9AA840736F3E611.xml
- /data/data/####/TD_app_pefercen_profile.xml
- /data/data/####/TDpref_cloudcontrol1.xml
- /data/data/####/TDpref_longtime.xml
- /data/data/####/TDpref_longtime0.xml
- /data/data/####/TDpref_shorttime.xml
- /data/data/####/TDpref_shorttime0.xml
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/__local_ap_info_cache.json
- /data/data/####/__local_last_session.json
- /data/data/####/__local_stat_cache.json
- /data/data/####/__send_data_1571888186985
- /data/data/####/__send_data_1571888197244
- /data/data/####/a0b561931bf19bcc7b61b16b9c5c4e9459971ee449d05ee....0.tmp
- /data/data/####/a1bde279f1d5975ea846abe9bb0ef7845eadb36aaaeccce....0.tmp
- /data/data/####/a347b91c26fe9595032664269792238d91b0112aa419233....0.tmp
- /data/data/####/a47b2a05b28b108254113629b5f3feb2c5b0bc0ba1f1f5b....0.tmp
- /data/data/####/a4c61bab6bfee7974359784798e95bde2889152488e5663....0.tmp
- /data/data/####/a51d55d6ff4ba587f816d3624b5b8f45a3bec0349a73220....0.tmp
- /data/data/####/a7ee31705c6987e27da08e448ec9584b1074dd267e61bba....0.tmp
- /data/data/####/acd29d94d7d2978797f812b77d1caf8a033678515f5ee02....0.tmp
- /data/data/####/authStatus_cn.lieying.app.readbook;remote.xml
- /data/data/####/b4a17bf12c5bc6238c440f4c1b487c4d908a7539ee48463....0.tmp
- /data/data/####/b712b3330ac37157f9f4dab2abd57a21f4941d141f5747d....0.tmp
- /data/data/####/baidu_mtj_sdk_record.xml
- /data/data/####/bb2c192d136eab3fe55d80178f26cf4eaec51c83eaf5bcb....0.tmp
- /data/data/####/c0923f0e69bca2afd9c9fa70ee95a321277c43445c9f1f5....0.tmp
- /data/data/####/c22f00343745d23a5d9b7a04cf0c9820813f20bb52a3a7b....0.tmp
- /data/data/####/c39e65eb0bd0121c75bdbf9e15e3411c0fae6752bc58e86....0.tmp
- /data/data/####/c7298e9364eb35b7d9ee7412c0f8c1df56f724dfddba627....0.tmp
- /data/data/####/c739c52db622c2bf629844ef6fece26efa19435686b197c....0.tmp
- /data/data/####/c7d83d70b13377b0eee0719d5ab4badff2bcbf8679bd6f7....0.tmp
- /data/data/####/c8b268943eaf544ae23b9258ce43b2964d00ed0cfcb948b....0.tmp
- /data/data/####/cb0ba5a64057238fd427d75d206a86061f2727927109667....0.tmp
- /data/data/####/cce9308e9ba98e553d8f9443ba621dc1b830ffb18b84864....0.tmp
- /data/data/####/cn.lieying.app.readbook_preference.xml
- /data/data/####/com.aikesi.app.DEFAULT_PREF.xml
- /data/data/####/d2534214aaf31f039f331befdccefa2e649f422d6eb4e17....0.tmp
- /data/data/####/d320662ff712169c0a2a2ee497b069af1ebf55894b2a709....0.tmp
- /data/data/####/d8c52453ae1831c02b89bd5c86677b366c7cbda0d24b0a9....0.tmp
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTcxODg4MTg1NDQ1;
- /data/data/####/dW1weF9zaGFyZV8xNTcxODg4MTg2OTI5;
- /data/data/####/dW1weF9zaGFyZV8xNTcxODg4MTg2OTk4;
- /data/data/####/db3c024e9720ba04ceaa73a0387bc277e6226c5ac2fa1d5....0.tmp
- /data/data/####/db8b9d7afec3f2fbefb2e562916a9914a6ffe3b2a4d256c....0.tmp
- /data/data/####/dbaf15877beec7a5f108301906d91637046cd880d918286....0.tmp
- /data/data/####/dd2d82e6f428d70a46cef24b8af456de7cf6df0f0420017....0.tmp
- /data/data/####/e53fd7b1e7d3031687832c9cc0670d66273e9902a198e99....0.tmp
- /data/data/####/ea4e851f3785cb16ef310368114467fc5a1c60151791584....0.tmp
- /data/data/####/eac3da21ff36e3396e3cf51a955397102c72e2dbcaae45b....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f7b83acdde9f4bacf7593cc7289b0f902174403a188fcc4....0.tmp
- /data/data/####/f928ff1903b4e30d31e2f96c1c3216c1de490eb74731885....0.tmp
- /data/data/####/ff022ed54d76e09fd303e7ace7c13f8b0ac2595a9345e9e....0.tmp
- /data/data/####/ff3c2e1a8075de7f239e006034362f7f9fc7d533fc633e6....0.tmp
- /data/data/####/firll.dat
- /data/data/####/hst.db
- /data/data/####/hst.db-journal
- /data/data/####/i==1.2.0&&1.2.0_1571888185520_envelope.log
- /data/data/####/info.xml
- /data/data/####/init_urls.xml
- /data/data/####/iv
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libcuid_v3.so
- /data/data/####/libjiagu133023732.so
- /data/data/####/multidex.version.xml
- /data/data/####/remote__local_last_session.json
- /data/data/####/remote__local_stat_cache.json
- /data/data/####/remote_umeng_common_config.xml
- /data/data/####/salt
- /data/data/####/share.db-journal
- /data/data/####/tdid.xml
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_socialize.xml
- /data/data/####/xiaoshuo.db-journal
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.confd
- /data/media/####/.confd-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.nomedia
- /data/media/####/.timestamp
- /data/media/####/.umm.dat
- /data/media/####/1f8b5f544ecbd7768735c7c53ed211db.xml
- /data/media/####/a3bf975476a58dadcfc06da2dbed3da8.xml
- /data/media/####/channel-ly.txt
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- getprop
- getprop ro.build.display.id
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.miui.ui.version.name
- getprop ro.smartisan.version
- getprop ro.vivo.os.version
- ls /
- ls /sys/class/thermal
Загружает динамические библиотеки:
- crash_analysis
- libjiagu133023732
- locSDK7d
Использует следующие алгоритмы для шифрования данных:
- AES
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-PKCS5PADDING
- AES-CBC-PKCS5Padding
- Des-ECB-NoPadding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
