Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Backdoor.682.origin
- Android.Backdoor.719.origin
- Android.DownLoader.909.origin
- Android.Mobifun.11.origin
- Android.RemoteCode.238.origin
- Android.Triada.467.origin
- Android.Triada.477.origin
- Android.Triada.481.origin
- Android.Triada.496.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Backdoor.719.origin
- Android.DownLoader.909.origin
- Android.Triada.467.origin
Скрывает свою иконку с экрана.
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) x####.g####.com:8808
- TCP(HTTP/1.1) casual####.cn:80
- TCP(HTTP/1.1) w0####.iw####.com:12038
- TCP(HTTP/1.1) ana.c####.xyz:80
- TCP(HTTP/1.1) res.wildpet####.info:80
- TCP(HTTP/1.1) h####.s####.com.####.com:80
- TCP(HTTP/1.1) fff.abcdse####.com:8666
- TCP(HTTP/1.1) cdn.hw####.com:8080
- TCP(HTTP/1.1) 4####.ur####.xyz:80
- TCP(HTTP/1.1) h####.b####.com:80
- TCP(HTTP/1.1) pro.qazws####.xyz:80
- TCP(HTTP/1.1) jz####.mc####.com:12029
- TCP(HTTP/1.1) g####.bestv####.cc:80
- TCP(HTTP/1.1) re####.ur####.xyz:80
- TCP(HTTP/1.1) 1####.43.191.231:8080
- TCP(HTTP/1.1) api.f####.com:80
- TCP(HTTP/1.1) sdk.5g####.net:80
- TCP(HTTP/1.1) wu####.4h####.com:10218
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) cdn.cc####.com:8080
- TCP(HTTP/1.1) cdn.rg####.com:8080
- TCP(HTTP/1.1) sty.zk####.com:80
- TCP(HTTP/1.1) api.bi####.com:80
- TCP(HTTP/1.1) cdn.lk####.com:80
- TCP(HTTP/1.1) l.faceboo####.com:80
- TCP(HTTP/1.1) kj.bec####.top:80
- TCP(HTTP/1.1) ks####.3q####.com:12038
- TCP(HTTP/1.1) new.faceboo####.com:80
- TCP(HTTP/1.1) y####.k8####.com:80
- TCP(HTTP/1.1) beca####.com:80
- TCP(HTTP/1.1) cdn.dailyre####.com:80
- TCP(HTTP/1.1) pag####.googles####.com:80
- TCP(HTTP/1.1) dy.kr.wildpet####.info:80
- TCP(HTTP/1.1) ba####.juicyt####.com:80
- TCP(HTTP/1.1) mxqf####.top:80
- TCP(HTTP/1.1) at.al####.com:80
- TCP(HTTP/1.1) d####.dd7####.com:80
- TCP(HTTP/1.1) 1142864####.cn-hong####.fc.####.com:80
- TCP(HTTP/1.1) cdn.lk####.com:8080
- TCP(TLS/1.0) st####.doublec####.net:443
- TCP(TLS/1.0) news####.oss-ap-####.aliy####.com:443
- TCP(TLS/1.0) n####.592one####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) lp.cooktra####.com:443
- TCP(TLS/1.0) www.hunt####.top:443
- TCP(TLS/1.0) www.92one####.com:443
- TCP(TLS/1.0) con####.face####.net:443
- TCP(TLS/1.0) c####.cloudf####.com:443
- TCP(TLS/1.0) tpc.googles####.com:443
- TCP(TLS/1.0) abc.lk####.com:443
- TCP(TLS/1.0) ra####.yourfav####.site:443
- TCP(TLS/1.0) c####.pay####.com:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) im####.quick####.top:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) www.you####.com:443
- TCP(TLS/1.0) d31qbv1####.cloudf####.net:443
- TCP(TLS/1.0) log.lk####.com:443
- TCP(TLS/1.0) prom####.com:443
- TCP(TLS/1.0) googl####.g.doublec####.net:443
- TCP(TLS/1.0) stat####.face####.com:443
- TCP(TLS/1.0) gamefro####.oss-ap-####.aliy####.com:443
- TCP(TLS/1.0) adser####.go####.nl:443
- TCP(TLS/1.0) s.t####.com:7777
- TCP(TLS/1.0) i.bcr####.com:443
- TCP(TLS/1.0) mc.ya####.ru:443
- TCP(TLS/1.0) bcd.lk####.com:443
- TCP(TLS/1.0) pag####.googles####.com:443
- TCP(TLS/1.0) s####.g.doublec####.net:443
- TCP(TLS/1.0) n####.v####.com:443
- TCP(TLS/1.0) www.google-####.com:443
- TCP(TLS/1.0) www.face####.com:443
- TCP(TLS/1.0) bongac####.com:443
- TCP(TLS/1.0) bonga####.com:443
- TCP(TLS/1.0) jsde####.a7####.flexbal####.net:443
- TCP(TLS/1.0) st####.xx.f####.net:443
- TCP(TLS/1.0) www.go####.nl:443
- TCP(TLS/1.0) i.y####.com:443
- TCP(TLS/1.0) im####.google####.com:443
- TCP(TLS/1.0) nl.bonga####.com:443
- TCP(TLS/1.0) j####.ofc####.com:443
- TCP(TLS/1.0) www.googlet####.com:443
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) s.m####.com:7777
Запросы DNS:
- 138.254.86.####.arpa
- 4####.ur####.xyz
- abc.lk####.com
- adser####.go####.com
- adser####.go####.nl
- ana.c####.xyz
- api.bi####.com
- api.f####.com
- at.al####.com
- ba####.juicyt####.com
- bcd.lk####.com
- beca####.com
- bonga####.com
- bongac####.com
- c####.cloudf####.com
- c####.pay####.com
- casual####.cn
- cdn.cc####.com
- cdn.dailyre####.com
- cdn.hw####.com
- cdn.jsde####.net
- cdn.lk####.com
- cdn.rg####.com
- con####.face####.net
- d####.dd7####.com
- d.faceboo####.com
- d31qbv1####.cloudf####.net
- dy.kr.wildpet####.info
- f####.gst####.com
- fasl####.lk####.com
- fff.abcdse####.com
- g####.bestv####.cc
- gamefro####.oss-ap-####.aliy####.com
- googl####.g.doublec####.net
- h####.b####.com
- h####.c####.com
- h####.s####.com
- hw.b####.com
- i.bcr####.com
- i.y####.com
- im####.google####.com
- im####.quick####.top
- j####.ofc####.com
- jz####.mc####.com
- kj.bec####.top
- ks####.3q####.com
- l.faceboo####.com
- log.lk####.com
- log.wildpet####.xyz
- lp.cooktra####.com
- mc.ya####.ru
- mxqf####.top
- n####.592one####.com
- n####.v####.com
- new.faceboo####.com
- news####.oss-ap-####.aliy####.com
- nl.bonga####.com
- pag####.googles####.com
- pro.qazws####.xyz
- prom####.com
- r.faceboo####.com
- ra####.yourfav####.site
- re####.ur####.xyz
- res.wildpet####.info
- s####.g.doublec####.net
- s.m####.com
- s.t####.com
- s.y####.com
- sdk.5g####.net
- securep####.g.doublec####.net
- st####.doublec####.net
- st####.xx.f####.net
- stat####.face####.com
- sty.zk####.com
- t####.fung####.com
- tpc.googles####.com
- v####.com
- v####.faceboo####.com
- w0####.iw####.com
- wu####.4h####.com
- www.92one####.com
- www.am####.com
- www.face####.com
- www.go####.com
- www.go####.nl
- www.google-####.com
- www.googlet####.com
- www.googlet####.com
- www.gst####.com
- www.hunt####.top
- www.you####.com
- x####.g####.com
- x####.g####.com
- y####.k8####.com
- z12.c####.com
- z2.c####.com
- z6.c####.com
Запросы HTTP GET:
- 1142864####.cn-hong####.fc.####.com/lg/?lg="0E"55si"55"4F"55khfcbu"55"5D...
- 1142864####.cn-hong####.fc.####.com/lg/?lg="0E"55si"55"4F"55wl"55"5D"55h...
- 1142864####.cn-hong####.fc.####.com/qs/?pa=####
- 4####.ur####.xyz/api/getConfig?iso=SwX####&sch=VzU####&ch=7lFn####
- ana.c####.xyz/advertisement.js
- ana.c####.xyz/detail?id=####
- ana.c####.xyz/favicon.ico
- ana.c####.xyz/static/dist/css/basis.min.css
- ana.c####.xyz/static/dist/css/detail.min.css
- ana.c####.xyz/static/dist/js/quick.min.js
- ana.c####.xyz/static/dist/js/router.min.js
- api.f####.com/co?u=####&s=####&gaid=####&imei=####&androidId=####&at=###...
- at.al####.com/t/font_633469_vsn760jskh.css
- at.al####.com/t/font_633469_vsn760jskh.ttf?t=####
- beca####.com/portent/netbios/acl/1-2351-cc18e50f052ae07c1e7ae338a0d5c8db...
- beca####.com/portent/netbios/acl/1-2361-894e58dca4b3fe40d5d7768f435c3d42...
- casual####.cn/template1/detail.html?id=####&cat=####&channel_id=####
- cdn.cc####.com:8080/group1/M01/00/06/ChmjBl2LgJeATt2MAAH1hYM6zp0.plugin
- cdn.dailyre####.com/app/t2/images/2018102410582037185.jpg
- cdn.dailyre####.com/app/t2/images/2018111605584553118.jpg
- cdn.dailyre####.com/app/t2/images/logo-wx.png
- cdn.dailyre####.com/app/t2/jquery-2.1.1.min.js
- cdn.dailyre####.com/app/t2/static/dist/css/basis.min.css
- cdn.dailyre####.com/app/t2/static/dist/css/detail-v2.min.css
- cdn.dailyre####.com/app/t2/static/dist/css/font_633469_vsn760jskh.css
- cdn.dailyre####.com/app/t2/static/dist/js/flexible.min.js
- cdn.dailyre####.com/app/t2/static/dist/js/fun.min.js
- cdn.hw####.com:8080/blank.html
- cdn.lk####.com/ads/248hwkwffddsd/0912bbhbmdxzoiutrr_encode.js?v=####
- cdn.lk####.com:8080/nicro/dfd1e46d805cf81ed5e11de1d65564f4
- cdn.rg####.com:8080/group1/M01/00/04/ChmjBl0sityAQ2BgAAKgUc1pAPI.plugin
- d####.dd7####.com/upload/hw/D10049dex20190529.jar
- d####.dd7####.com/upload/hw/batdex20191010.jar
- d####.dd7####.com/upload/hw/c1005dex20190527.jar
- d####.dd7####.com/upload/hw/infodex20190814.jar
- d####.dd7####.com/upload/hw/qbum001dex20190926.jar
- d####.dd7####.com/upload/hw/qbzi001dex20190925.jar
- d####.dd7####.com/upload/hw1/CJAR20190515.jar
- d####.dd7####.com/upload/hw1/kkdex20191025.jar
- d####.dd7####.com/upload/hw1/nextdex201903261.jar
- d####.dd7####.com/upload/plog/shz0904.jar
- g####.bestv####.cc/api/v1/gamelist
- g####.bestv####.cc/api/v1/gamelist?gid=####
- g####.bestv####.cc/api/v1/gamelist?gtype=####
- g####.bestv####.cc/api/v1/getconf?domain=####&obj=####&template_id=####&...
- g####.bestv####.cc/favicon.ico
- h####.b####.com/hw/stc/3313051515
- h####.b####.com/hw/stc/3313051515.ico
- h####.s####.com.####.com/hw15-2.y
- mxqf####.top/
- mxqf####.top/templets/marry001/skin/css/bootstrap.min.css
- mxqf####.top/templets/marry001/skin/css/wap_v5.css
- mxqf####.top/templets/marry001/skin/images/go_top.gif
- mxqf####.top/templets/marry001/skin/js/jquery-1.8.3.js
- mxqf####.top/templets/marry001/skin/js/swipe.js
- mxqf####.top/uploads/allimg/c190929/15EJ5T145S0-1ZN_lit.jpg
- mxqf####.top/uploads/allimg/c190929/15EJ5T45530-134Z_lit.jpg
- mxqf####.top/uploads/allimg/c190929/15EJ5T6464P-11606_lit.jpg
- mxqf####.top/uploads/allimg/c190929/15EJ5U015F-15T4_lit.jpg
- mxqf####.top/uploads/allimg/c190929/15EJ5UA0S0-14556_lit.png
- mxqf####.top/uploads/allimg/c190929/15EJF30910P-1ES_lit.jpg
- mxqf####.top/uploads/allimg/c190929/15EJF35A410-11414_lit.jpg
- mxqf####.top/uploads/allimg/c190929/15EJG414CP-151a_lit.jpg
- mxqf####.top/uploads/allimg/c191011/15FKO3b020-1J39_lit.jpg
- mxqf####.top/uploads/allimg/c191011/15FKODO150-14556_lit.jpg
- mxqf####.top/uploads/allimg/c191015/15G10412201910-1S18_lit.png
- mxqf####.top/uploads/allimg/c191018/15G361K64O20-11A0_lit.jpg
- mxqf####.top/uploads/allimg/c191028/15H20T221EF-1c15_lit.jpg
- mxqf####.top/uploads/allimg/c191028/15H20T2323J0-1XP_lit.jpg
- mxqf####.top/uploads/allimg/c191101/15H5H54PG40-1D94.jpg
- pag####.googles####.com/pagead/js/adsbygoogle.js
- res.wildpet####.info/modules/lssdk_hfumobi22.zip
- res.wildpet####.info/modules/proxy-8.zip
- res.wildpet####.info/modules/sdkout_qlj_um022.zip
- x####.g####.com:8808/a/e?a=####
- y####.k8####.com/anzb/kqos567g8
- z.c####.com/stat.htm?id=####&cnzz_eid=####
Запросы HTTP HEAD:
- cdn.hw####.com:8080/blank.html
- cdn.lk####.com/ads/248hwkwffddsd/0912bbhbmdxzoiutrr_encode.js?v=####
- kj.bec####.top/
Запросы HTTP POST:
- api.bi####.com/un
- ba####.juicyt####.com/sdk/v2/ofr/g_o_d_s5z2de3z5d6e9m1np?a=####
- dy.kr.wildpet####.info/dykr/sync
- dy.kr.wildpet####.info/dykr/update
- fff.abcdse####.com:8666/bd/getIp
- jz####.mc####.com:12029/iw0nnw/
- jz####.mc####.com:12029/lfkdnr/
- ks####.3q####.com:12038/neisdop/
- l.faceboo####.com/index.php?r=####
- new.faceboo####.com/index.php?r=####
- pro.qazws####.xyz/proxy/get?e=####
- re####.ur####.xyz/searchReport
- sdk.5g####.net/sdk/v2/ofr/g_o_d_s5z2de3z5d6e9m1np?a=####
- sdk.5g####.net/sdk/v2/p/u_n_b2t6z5i2j56xa3zq1qf?a=####
- sdk.5g####.net/sdk/v2/r_z_c_w2z5dw2aa3m5ll7u31?a=####
- sty.zk####.com/cc/v1/api?sid=####
- w0####.iw####.com:12038/iowncjk/
- w0####.iw####.com:12038/pwjdaae/
- wu####.4h####.com:10218/neisdop/
- x####.g####.com:8808/a/f
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/0-c
- /data/data/####/0-e
- /data/data/####/0-f
- /data/data/####/0-g
- /data/data/####/04B69214746C416CA629FE15C2A7FC4A.xml
- /data/data/####/0AA9DD63C44C1459A74B2A73934457BD.xml
- /data/data/####/0e5a96f9bb70
- /data/data/####/1-d
- /data/data/####/1.jar
- /data/data/####/1391c60595f1c4977b2e6c01dbccad20.d
- /data/data/####/2-d
- /data/data/####/2078793401
- /data/data/####/3081662.jar (deleted)
- /data/data/####/3313051515
- /data/data/####/4d3159c34ea1482dacf08a34a3f010cf
- /data/data/####/5315679c62fd41e996dbe90addd57662
- /data/data/####/577399435.dex (deleted)
- /data/data/####/577399435.jar
- /data/data/####/5F43183FAF558A51AE8E42F9CCF52854.xml
- /data/data/####/65D01155FE444F4EA2F8949B14E5555A.xml
- /data/data/####/6E541267B916CC9DFF04E552F3988C07.xml
- /data/data/####/73646b5f.apk
- /data/data/####/747261646572.apk
- /data/data/####/9ed921b0a692f468ffd6861eb46bfbb6.jar
- /data/data/####/AndroidManifest.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/Cju0OGxGE-2p8PgJ2pw17s.0
- /data/data/####/CommonConfig.xml
- /data/data/####/DeviceConfig.xml
- /data/data/####/FBE8EAA155EBF69A221EC40557B7648E.xml
- /data/data/####/GuuSDK.xml
- /data/data/####/Ka3D0B2oYALWjEsC6ikcR7.0
- /data/data/####/_p.xml
- /data/data/####/_sh.xml
- /data/data/####/as_aa.xml
- /data/data/####/assets.zip
- /data/data/####/baa5a99f464eb64dae88ac8f4647aa77.d
- /data/data/####/base.apk
- /data/data/####/classes.dex
- /data/data/####/cmtbmx
- /data/data/####/com.example.tchdbbs_preferences.xml
- /data/data/####/com.uutils.prefs.xml
- /data/data/####/d6b42e0185ae.xml
- /data/data/####/da05ac770f7a5760bfa4ea582b4c3457.jar
- /data/data/####/data_0
- /data/data/####/data_0 (deleted)
- /data/data/####/data_1
- /data/data/####/data_1 (deleted)
- /data/data/####/data_2
- /data/data/####/data_2 (deleted)
- /data/data/####/data_3
- /data/data/####/data_3 (deleted)
- /data/data/####/db61e876.xml
- /data/data/####/deer
- /data/data/####/dojrya
- /data/data/####/dy_live.xml
- /data/data/####/f87f8be5
- /data/data/####/f9660920.jar
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/flavour
- /data/data/####/ftp_19230601.log
- /data/data/####/hi.xml
- /data/data/####/https_nl.bongacams.com_0.localstorage-journal
- /data/data/####/ihdfhb.jar
- /data/data/####/index
- /data/data/####/index (deleted)
- /data/data/####/iwseweddsw.xml
- /data/data/####/j
- /data/data/####/libnav-3wx9zw.so
- /data/data/####/lssdk_hfumobi22.zip
- /data/data/####/lyr.xml
- /data/data/####/oniow
- /data/data/####/pl_config.xml
- /data/data/####/proxy-8.dex
- /data/data/####/proxy-8.zip
- /data/data/####/qjuwel
- /data/data/####/resources.arsc
- /data/data/####/rq_file.xml
- /data/data/####/rq_p.xml
- /data/data/####/sdkout_qlj_um022.zip
- /data/data/####/simple-main-msg.dat
- /data/data/####/simple-main-req.dat
- /data/data/####/sunn.jar
- /data/data/####/sunn.tmp (deleted)
- /data/data/####/sunn.x
- /data/data/####/susvq.jar
- /data/data/####/uuid_data.xml
- /data/data/####/wdc_data.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/wetygreds.data-journal
- /data/data/####/work_sp.xml
- /data/data/####/wpd.db
- /data/data/####/wpd.db-journal
- /data/data/####/wwkhgew.xml
- /data/data/####/wwkhgew.xml.bak (deleted)
- /data/data/####/wwswsrwas.data-journal
- /data/data/####/xx_c_s_t_20081331.xml
- /data/media/####/.gx
- /data/media/####/.jd
- /data/media/####/.nomedia
- /data/media/####/1674fac749d0e524452e7f9b851dbce9.cache
- /data/media/####/1DEF04DE709E7EB24B0C5385939BF968
- /data/media/####/2019-11-01 11.txt
- /data/media/####/397f0f93190168b647cbc6d304c02993_76.39
- /data/media/####/3efe160fbaadec45deea7183e05ecab9.temp
- /data/media/####/4acd3f3c1da2ddf4f0513901737d6d03.cache
- /data/media/####/592BDF65_1E86BDB4.txt
- /data/media/####/69477a4c0ba7c6e2d7e4da2d7a1693c5
- /data/media/####/73d0622855ccd08e772a7cbe7e3960c2_70.73
- /data/media/####/7fc7330d604c9fe3daa0821e332f66b8.chche
- /data/media/####/97104bff8cb2ef72419dc6b0fa078cbd.temp
- /data/media/####/9f61dcf0259df24338160a348728e62c.xml
- /data/media/####/CJAR20190515.jar
- /data/media/####/Config.txt
- /data/media/####/D10049dex20190529.jar
- /data/media/####/E60E53ABF1EE96369E55F9A1CC12B293.jar
- /data/media/####/E60E53ABF1EE96369E55F9A1CC12B293.temp
- /data/media/####/EE46838F_2BDB3C8F.txt
- /data/media/####/_pn
- /data/media/####/_shn
- /data/media/####/batdex20191010.jar
- /data/media/####/c1005dex20190527.jar
- /data/media/####/d322fd6cfd0adebd39d6b17421f31bd1.chche
- /data/media/####/e653c20c0175a77f45a3a6bccbe50136.temp
- /data/media/####/f8ab699c2907c2eb4bf4c6ebb9f9e6a8.temp
- /data/media/####/global.xml
- /data/media/####/infodex20190814.jar
- /data/media/####/j
- /data/media/####/kkdex20191025.jar
- /data/media/####/nextdex201903261.jar
- /data/media/####/pfg.xml
- /data/media/####/qbum001dex20190926.jar
- /data/media/####/qbzi001dex20190925.jar
- /data/media/####/selfrun.apk
- /data/media/####/shz0904.jar
- /data/media/####/web.apk
- /data/media/####/webadlist_1.cache
- /data/media/####/webadlist_1.xml
- /data/media/####/webadlist_1_last.cache
- /data/media/####/webinfo.xml
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- cat /proc/cpuinfo
- cat /proc/version
- cat /sys/class/net/wlan0/address
- getprop
- getprop net.dns1
- getprop persist.sys.timezone
- ping -c 3 -w 6 www.amazon.com
- ps
- sh
- sh -c getprop net.dns1
- sh -c getprop persist.sys.timezone
Загружает динамические библиотеки:
- cmtbmx
- libnav-3wx9zw
- oniow
Использует следующие алгоритмы для шифрования данных:
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- DES-ECB-NoPadding
- DESede
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CFB-NoPadding
- AES-ECB-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- DES-ECB-NoPadding
- DESede
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-None-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
Получает информацию об отправленых/принятых SMS.
