Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.906.origin
- Android.Triada.482.origin
- Android.Triada.483.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) t####.a####.top:80
- TCP(HTTP/1.1) de.gtp.xy####.com:8844
- TCP(HTTP/1.1) cdn.info####.me:80
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) res####.a####.top:80
- TCP(HTTP/1.1) d1.sho####.com:80
- TCP(HTTP/1.1) s####.jom####.com:80
- TCP(HTTP/1.1) ff.s####.com:8080
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) www.pc####.com.####.cn:80
- TCP(HTTP/1.1) r.ist####.com:8071
- TCP(HTTP/1.1) d####.c####.l####.####.com:80
- TCP(HTTP/1.1) s####.al####.com:80
- TCP(HTTP/1.1) m.yue####.com:80
- TCP(HTTP/1.1) m.youyi####.com:80
- TCP(HTTP/1.1) a####.d####.com:80
- TCP(HTTP/1.1) u####.a####.top:80
- TCP(HTTP/1.1) ott.h####.com:8071
- TCP(HTTP/1.1) api.liyan####.com:808
- TCP(HTTP/1.1) a####.w####.com:80
- TCP(HTTP/1.1) p.ist####.com:8071
- TCP(HTTP/1.1) j####.g####.vip:80
- TCP(HTTP/1.1) ad.qia####.com:80
- TCP(HTTP/1.1) ad.smudge####.com:8986
- TCP(HTTP/1.1) pco####.ta####.com:80
- TCP(HTTP/1.1) www.78####.cc:80
- TCP(HTTP/1.1) s.zhito####.com:808
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) 614.a####.top:80
- TCP(HTTP/1.1) a####.78####.cc:9595
- TCP(HTTP/1.1) yq####.jn####.ltd:80
- TCP(HTTP/1.1) c####.z####.net:80
- TCP(HTTP/1.1) yun.b####.com:80
- TCP(HTTP/1.1) php.sho####.com:80
- TCP(HTTP/1.1) pg####.d2####.com:10273
- TCP(HTTP/1.1) r1.baiyuns####.com:80
- TCP(HTTP/1.1) api.yunco####.com:80
- TCP(HTTP/1.1) ad.w####.com:80
- TCP(HTTP/1.1) wap.78####.cc:80
- TCP(HTTP/1.1) ip.j####.com:999
- TCP(HTTP/1.1) 1713464####.cn-hang####.fc.####.com:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) api.lubang####.com:80
- TCP(HTTP/1.1) i.ist####.com:8071
- TCP(HTTP/1.1) f.qia####.com:80
- TCP(HTTP/1.1) a.78####.cc:80
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) r####.xqk####.com:80
- TCP(HTTP/1.1) w####.pcon####.com.cn:80
- TCP(HTTP/1.1) cpd.ohyeah####.com:80
- TCP(HTTP/1.1) down####.baiyuns####.com:80
- TCP(HTTP/1.1) ny.bul####.cn:666
- TCP(HTTP/1.1) 78####.cc:80
- TCP(HTTP/1.1) wap.n.sh####.com:80
- TCP(HTTP/1.1) api.s####.xin:80
- TCP(HTTP/1.1) s.zhito####.com:807
- TCP(HTTP/1.1) v.sho####.com:80
- TCP(HTTP/1.1) api.adoc####.com:80
- TCP(HTTP/1.1) 47.1####.185.46:80
- TCP(HTTP/1.1) co####.ssp.adoc####.com:80
- TCP(HTTP/1.1) log.gtp.xy####.com:80
- TCP(HTTP/1.1) vvv.focusd####.cn:80
- TCP(HTTP/1.1) tt####.vni####.com:20147
- TCP(HTTP/1.1) p####.api.adoc####.com:80
- TCP(HTTP/1.1) c.c####.com:80
- TCP(HTTP/1.1) api.g####.vip:80
- TCP(HTTP/1.1) res2####.xqk####.com:80
- TCP(HTTP/1.1) api.gug####.com:8935
- TCP(HTTP/1.1) zgx.powerle####.com:80
- TCP(HTTP/1.1) w####.lt####.com:80
- TCP(HTTP/1.1) m.7####.net:80
- TCP(HTTP/1.1) 47.1####.211.73:80
- TCP(HTTP/1.1) e4####.0r####.com:10293
- TCP(HTTP/1.1) h.w####.com:80
- TCP(HTTP/1.1) 1####.246.20.201:80
- TCP(HTTP/1.1) xn--xhq####.top:12399
- TCP(HTTP/1.1) tin####.c####.l####.####.com:80
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) cap####.d####.com:8099
- TCP(TLS/1.0) sslbdst####.jom####.com:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) vpn.celuez####.com:443
- TCP(TLS/1.0) u.j####.com:443
- TCP(TLS/1.0) l####.b####.com:443
- TCP(TLS/1.0) mo.sd####.xyz:443
- TCP(TLS/1.0) gd.a.s####.com:443
- TCP(TLS/1.0) log.mm####.com:443
- TCP(TLS/1.0) wtc.d####.com:443
- TCP(TLS/1.0) et2.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) xn--xhq####.top:12388
- TCP(TLS/1.0) img.pcon####.com.####.cn:443
- TCP(TLS/1.0) wl.jd.com.####.com:443
- TCP(TLS/1.0) us####.al####.com.####.net:443
- TCP(TLS/1.0) o.fj####.com.####.com:443
- TCP(TLS/1.0) www.pcon####.com.cn:443
- TCP(TLS/1.0) ec####.b####.com:443
- TCP(TLS/1.0) p####.api.adoc####.com:443
- TCP(TLS/1.0) p####.m.jd.com:443
- TCP(TLS/1.0) counter####.pc####.com.cn:443
- TCP(TLS/1.0) api.g####.vip:443
- TCP(TLS/1.0) n.h####.com.####.com:443
- TCP(TLS/1.0) img.pc####.com.cn:443
- TCP(TLS/1.0) ssl.gst####.com:443
- TCP(TLS/1.0) xn--wxt####.top:12443
- TCP(TLS/1.0) mg####.pcon####.com.cn:443
- TCP(TLS/1.0) qdl.d####.com:443
- TCP(TLS/1.0) www.pc####.com.####.cn:443
- TCP(TLS/1.0) na61-####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) id.d####.com:443
- TCP(TLS/1.0) p####.pc####.com.cn:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) ivy.pcon####.com.cn:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) s####.al####.com:443
- TCP(TLS/1.0) i####.b####.com:443
- TCP(TLS/1.0) wap.n.sh####.com:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) js.3con####.com.####.cn:443
- TCP(TLS/1.0) www.go####.com:443
- TCP(TLS/1.0) b.bdst####.com:443
- TCP(TLS/1.0) api.adoc####.com:443
- TCP(TLS/1.0) www.gst####.com:443
- TCP(TLS/1.0) ssls####.jom####.com:443
- TCP(TLS/1.0) i####.d####.com:443
- TCP(TLS/1.0) sw4.d####.com:443
- TCP(TLS/1.0) wx.sifakao####.com.####.com:443
- TCP(TLS/1.0) api.info####.me:443
- TCP(TLS/1.0) st3.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) ad1.azh####.com:9190
- TCP(TLS/1.0) pv.da####.cc:12443
- TCP(TLS/1.0) sslb####.jom####.com:443
- TCP gw.adx####.com:8080
- TCP 39.97.1####.60:9091
Запросы DNS:
- 4s####.8c####.com
- 614.a####.top
- 78####.cc
- a####.78####.cc
- a####.al####.com
- a####.d####.com
- a####.m.sm.cn
- a####.w####.com
- a.78####.cc
- ad.qia####.com
- ad.smudge####.com
- ad.w####.com
- ad1.azh####.com
- ad2.azh####.com
- api.adoc####.com
- api.g####.vip
- api.gug####.com
- api.info####.me
- api.liyan####.com
- api.lubang####.com
- api.m2g.adoc####.com
- api.s####.b####.com
- api.s####.xin
- api.yunco####.com
- b.bdst####.com
- c####.mm####.com
- c####.pc####.com.cn
- c####.z####.net
- c.c####.com
- cap####.d####.com
- cdn####.f####.top
- cdn.info####.me
- co####.ssp.adoc####.com
- counter####.pc####.com.cn
- cpd.ohyeah####.com
- d1.sho####.com
- de.gtp.xy####.com
- down####.baiyuns####.com
- dup.baidust####.com
- e4####.0r####.com
- ec####.b####.com
- f.qia####.com
- ff.s####.com
- fou####.ta####.com
- g####.bdst####.com
- g.al####.com
- gm.mm####.com
- gw.adx####.com
- h####.c####.com
- h.w####.com
- hm.b####.com
- hpd.b####.com
- i####.b####.com
- i####.d####.com
- i####.pc####.com.cn
- i.ist####.com
- id.d####.com
- img.d####.com
- img.pc####.com.cn
- img.pcon####.com.cn
- ip.j####.com
- ip.remo####.com
- ivy.pc####.com.cn
- ivy.pcon####.com.cn
- j####.g####.vip
- js.3con####.com
- l####.b####.com
- l####.m.sm.cn
- lg.ca####.com
- log.gtp.xy####.com
- log.mm####.com
- m.360bu####.com
- m.7####.net
- m.b####.com
- m.youyi####.com
- m.yue####.com
- mg####.pcon####.com.cn
- mo.sd####.xyz
- n.h####.com
- ny.bul####.cn
- o.fj####.com
- ott.h####.com
- p####.api.adoc####.com
- p####.m.jd.com
- p####.pc####.com.cn
- p####.zhanz####.b####.com
- p.ist####.com
- pco####.c####.com
- pg####.d2####.com
- php.sho####.com
- pos.b####.com
- pv.da####.cc
- pv.s####.com
- qdl.d####.com
- r####.xqk####.com
- r####.xqk####.com
- r.ist####.com
- r1.baiyuns####.com
- res####.a####.top
- res2####.xqk####.com
- s####.al####.com
- s####.m.sm.cn
- s.zhito####.com
- s4.c####.com
- s5.c####.com
- s9.c####.com
- ss0.bdst####.com
- ss1.b####.com
- ss2.b####.com
- ssl.gst####.com
- sto####.360bu####.com
- sw4.d####.com
- t####.a####.top
- tt####.vni####.com
- u####.a####.top
- u.j####.com
- v.sho####.com
- v1.c####.com
- vpn.celuez####.com
- vvv.focusd####.cn
- w####.jd.com
- w####.lt####.com
- w####.pc####.com.cn
- w####.pcon####.com.cn
- wap.78####.cc
- wtc.d####.com
- www.78####.cc
- www.78####.cc
- www.78####.cc
- www.go####.com
- www.gst####.com
- www.pc####.com.cn
- www.pcon####.com.cn
- wx.sifakao####.com
- wz.78####.cc
- xn--mts####.online
- xn--wxt####.top
- xn--xhq####.top
- y####.m.sm.cn
- yq####.jn####.ltd
- yun.b####.com
- z12.c####.com
- z3.c####.com
- z6.c####.com
- z9.c####.com
- zgx.powerle####.com
Запросы HTTP GET:
- 1713464####.cn-hang####.fc.####.com/lg/?lg="0E"55si"55"4F"55hsobuXtcl"55...
- 1713464####.cn-hang####.fc.####.com/lg/?lg="0E"55si"55"4F"55khfcbu"55"5D...
- 614.a####.top/controlup614.json
- 78####.cc/index/count/count_shell?shellname=####
- a####.78####.cc:9595/api/resou/search2
- a####.d####.com/rewrite?fromid=####
- a.78####.cc/index/upapp/app_datas?upapp_id=####&imei=####&channel_id=####
- api.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=####
- api.adoc####.com/api/v2/mgmConfig?channelCode=####&version=####
- api.adoc####.com/api/v2/mgmWebviewRatioConfig?channelCode=####&version=#...
- api.adoc####.com/titan/monitor/device_info
- api.g####.vip/landing_with_phy.js
- c####.z####.net/v.js?Lbkhdax42zywuoyFyGUvbN9Rpo5JZ01QbKlkEiE43Ys=####
- c.c####.com/core.php?web_id=####&t=####
- c.c####.com/stat.php?id=####
- c.c####.com/z_stat.php?id=####
- cdn.info####.me/files/ea41d1cfef35fc335f11c1026762070c
- co####.ssp.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=...
- cpd.ohyeah####.com/APKData/GetList?APILevel=18&AndroidId=c159657daa50349...
- d####.c####.l####.####.com/5000040.jar
- d####.c####.l####.####.com/UCweather.jar
- d####.c####.l####.####.com/api.jar
- d####.c####.l####.####.com/lijian.jar
- d####.c####.l####.####.com/liyuan.jar
- d####.c####.l####.####.com/sspkid33.jar
- d####.c####.l####.####.com/web.jar
- down####.baiyuns####.com/cy.js
- down####.baiyuns####.com/jquery.lazyload.min.js
- down####.baiyuns####.com/jquery.min.js
- dup.baidust####.com/js/os.js
- f.qia####.com/e/20200106161510b_600017_v78.enc
- ff.s####.com:8080/ttad/api/jv5/ipkYjXUqPXLbo2wJuiygGA==/c159657daa503498...
- gd.a.s####.com/cityjson
- gd.a.s####.com/cityjson?ie=####
- gm.mm####.com/9.gif?abc=####&rnd=####
- ip.j####.com:999/wap/index.php?0####
- j####.g####.vip/ggx.js
- j####.g####.vip/jwdd.js
- j####.g####.vip/youyisi.js
- j####.g####.vip/yue.js
- m.7####.net/mbook_images/header-back.gif
- m.7####.net/mbook_images/header-backhome.gif
- m.7####.net/mbook_js/common.js
- m.7####.net/mbook_js/index.js
- m.7####.net/mbook_js/read.js
- m.7####.net/mbook_js/yuedu.js
- m.7####.net/mbook_js/zepto.min.js
- m.7####.net/mbyq/17484/3508_1.html
- m.7####.net/mbyq/17511/251.html
- m.youyi####.com/
- m.youyi####.com/mbook_images/defaultimg.png
- m.youyi####.com/mbook_images/header-back.gif
- m.youyi####.com/mbook_images/header-backhome.gif
- m.youyi####.com/mbook_images/icon-search.gif
- m.youyi####.com/mbook_images/logo/myouyisisy.png
- m.youyi####.com/mbook_images/longview.png
- m.youyi####.com/mbook_js/bqg_common.js
- m.youyi####.com/mbook_js/common.js
- m.youyi####.com/mbook_js/index.js
- m.youyi####.com/mbook_js/read.js
- m.youyi####.com/mbook_js/sort.js
- m.youyi####.com/mbook_js/yuedu.js
- m.youyi####.com/mbook_js/zepto.min.js
- m.youyi####.com/mbyys_21174/449.html
- m.youyi####.com/mbyys_21962/241.html
- m.youyi####.com/mcyys_1/
- m.yue####.com/mbook_916/522.html
- m.yue####.com/mbook_9375/1055_1.html
- m.yue####.com/mbook_images/header-back.gif
- m.yue####.com/mbook_images/header-backhome.gif
- m.yue####.com/mbook_js/common.js
- m.yue####.com/mbook_js/index.js
- m.yue####.com/mbook_js/read.js
- m.yue####.com/mbook_js/yuedu.js
- m.yue####.com/mbook_js/zepto.min.js
- p####.api.adoc####.com/ip
- pco####.ta####.com/app.gif?&cna=####
- pos.b####.com/hcdm?psi=80c8d45000256acfc5d6c6636a2f513d&di=6611856&dri=0...
- pos.b####.com/ocym?psi=a54eb0fa6de6b6dee880bc0e3159fc8e&di=6611856&dri=0...
- r####.xqk####.com//24/4/剧透诸天万界/cover.jpg
- r####.xqk####.com//62/2/我有一座冒险屋/cover.jpg
- r####.xqk####.com/8307.jpg
- r####.xqk####.com/9221.jpg
- res####.a####.top/sdk1.png
- res####.a####.top/sdk13_4.png
- res####.a####.top/sdk15.png
- res####.a####.top/sdk18.png
- res####.a####.top/sdk24_1.png
- res####.a####.top/sdk3.png
- res####.a####.top/sdk4_1.png
- res####.a####.top/sdk5_2.png
- res2####.xqk####.com//1/1/天启预报/cover.jpg
- res2####.xqk####.com//20/0/武动乾坤/cover.jpg
- res2####.xqk####.com//21/1/转生眼中的火影世界/cover.jpg
- res2####.xqk####.com//43/3/全职法师/cover.jpg
- res2####.xqk####.com//45/5/武炼巅峰/cover.jpg
- res2####.xqk####.com//55/5/诡秘之主/cover.jpg
- res2####.xqk####.com//57/7/凡人修仙之仙界篇/cover.jpg
- res2####.xqk####.com//59/9/放开那个女巫/cover.jpg
- res2####.xqk####.com//66/6/尘骨/cover.jpg
- res2####.xqk####.com//69/9/帝霸/cover.jpg
- res2####.xqk####.com//71/1/王者时刻/cover.jpg
- res2####.xqk####.com//84/4/完美世界/cover.jpg
- res2####.xqk####.com//88/8/圣墟/cover.jpg
- res2####.xqk####.com//97/7/这个修士很危险/cover.jpg
- s####.al####.com/L1/272/6837/static/wap/img/uc-32.png
- s####.al####.com/L1/272/6837/static/wap/img/uc.png
- s####.jom####.com/push.js
- s####.jom####.com/s.gif?l=####
- s####.jom####.com/s.gif?r=####&l=####
- s####.jom####.com/s.gif?r=https://yz.m.sm.cn/s?q=####&from=####&uc_param...
- s.zhito####.com:807/528/jf0622.html
- s.zhito####.com:808/0622/index.html
- s.zhito####.com:808/0622/yrc_001mobile.js
- t####.a####.top/req.json
- tin####.c####.l####.####.com/TTT021_028.y
- u####.a####.top/614.html
- vvv.focusd####.cn/ad/v1/log.action?action=v_initial&package=<Package>&ch...
- w####.lt####.com/c.php?s=Jnpvb####&p=aj0wJ####&srccpv=####&yd=ZGNj####
- wap.78####.cc/api/cn/1
- wap.n.sh####.com/
- wap.n.sh####.com/?action=####&ms=####&version=####&callback=####&r=####&...
- wap.n.sh####.com/se/static/img/iphone/logo.png
- wap.n.sh####.com/se/static/img/iphone/tab_loading__bg_logo.png
- wap.n.sh####.com/static/index/plus/public/icon_police.png
- wap.n.sh####.com/static/index/plus/white_logo_shadow_web.png
- www.78####.cc/index/backend/pro_count?event_id=####&channel_id=####&proj...
- www.78####.cc/index/limit/getLimit?channel=####&project=####
- www.78####.cc/index/limit/limit_get?channel=####&project=####
- www.78####.cc/index/project/project_status?action=####
- www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
- xn--xhq####.top:12399/jpg/EoNhlD.gif
- yq####.jn####.ltd/sy/jpiohcw
- yq####.jn####.ltd/zz/436sdfbokwyf.zip
- yun.b####.com/pw/666f72627974.jpg
- yun.b####.com/pw/70777777.jpg
- yun.b####.com/pw/765f73646b.jpg
- yun.b####.com/tz/6173.jpg
- yun.b####.com/xtz/1579072131.ico
- z.c####.com/stat.htm?id=####&cnzz_eid=####
- z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
- z.c####.com/stat.htm?id=1275936910&r=https://yz.m.sm.cn/s?q=####&from=##...
- z.c####.com/stat.htm?id=1278568889&r=https://yz.m.sm.cn/s?q=####&from=##...
- zgx.powerle####.com/dnfile/cmm/PWrap191331V94.jar
- zgx.powerle####.com/dnfile/other/v6/plg_86.jpg
Запросы HTTP POST:
- a####.w####.com/rest/pt
- ad.qia####.com//api/2io82K
- ad.qia####.com//api/8VbeIo
- ad.qia####.com//api/Ddgv3VE
- ad.qia####.com//api/Mny1OOW3
- ad.qia####.com//api/QTnLukEdO1
- ad.qia####.com//api/SEEzevU1
- ad.qia####.com//api/SJoGF44Q
- ad.qia####.com//api/SVFUp6
- ad.qia####.com//api/voEYG7
- ad.smudge####.com:8986/api/5/detail?businessId=####&token=####×tamp...
- ad.w####.com/api.htm?pid=####
- api.gug####.com:8935/
- api.liyan####.com:808/get/api
- api.lubang####.com/domain.php
- api.lubang####.com/srp.php
- api.s####.xin/log/if0
- api.s####.xin/log/p02
- api.yunco####.com/service/rest
- d1.sho####.com/index.php?r=####
- d1.sho####.com/index.php?r=####&uid=####&tm=####&model=####&density=####...
- de.gtp.xy####.com:8844/Device/info/
- de.gtp.xy####.com:8844/favicon.ico
- de.gtp.xy####.com:8844/i?ts=####
- e4####.0r####.com:10293/widlth/
- gd.a.s####.com/cityjson
- h.w####.com/api/Gu5wT0Z
- i.ist####.com:8071/6.0.1/1510864978/1
- log.gtp.xy####.com/sdk
- ny.bul####.cn:666/slsdk/api_summary.aspx
- ny.bul####.cn:666/slsdk/getdata.aspx
- ny.bul####.cn:666/slsdk/settings.aspx
- ott.h####.com:8071/api/10
- p.ist####.com:8071/1
- pg####.d2####.com:10273/dvjnzt/
- pg####.d2####.com:10273/rnggno/
- pg####.d2####.com:10273/tzvntp/
- php.sho####.com/index.php?r=####
- r.ist####.com:8071/6.0.1/163832107/2
- r1.baiyuns####.com/service/rest
- tt####.vni####.com:20147/dijc1v/
- v.sho####.com/index.php?r=####
- w####.pcon####.com.cn/ip.jsp
- www.78####.cc/index/backend/pro_data
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.3WN9
- /data/data/####/.5TE4.xml
- /data/data/####/.6173.apk
- /data/data/####/.666f72627974.apk
- /data/data/####/.70777777.apk
- /data/data/####/.765f73646b.apk
- /data/data/####/.J1_v.xml
- /data/data/####/.__mob_ad_data.xml
- /data/data/####/.ef0b4ddacc046d054f437ba0af966623
- /data/data/####/.fKSra
- /data/data/####/.fKSra.zip
- /data/data/####/2a02b077baa09b3b178b64e03536627e.xml
- /data/data/####/44367F39739CCD6BBF960E91E7DB78B2.xml
- /data/data/####/4B8DB6B83129A65A2EF4DCFC1393C3B0.xml
- /data/data/####/5000040.jar
- /data/data/####/6901029832
- /data/data/####/8EAD111D030291821E19A80E344C340A.xml
- /data/data/####/9618302918.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/IM.xml
- /data/data/####/SMF.xml
- /data/data/####/UCweather.jar
- /data/data/####/XkdjsIx132mM356507059351895comm.xml
- /data/data/####/XkdjsIx132mM356507059351895tasks.xml
- /data/data/####/XkdjsIx132mMskey1.xml
- /data/data/####/_p.xml
- /data/data/####/_sh.xml
- /data/data/####/ahq_spu_ti.xml
- /data/data/####/al_lcom.qlz.ulg.xml
- /data/data/####/api.jar
- /data/data/####/app.manager-journal
- /data/data/####/atai.jar
- /data/data/####/bfb0e63a6c4e352158be3df98d18dae5.xml
- /data/data/####/bt.xml
- /data/data/####/cfg.config.service.xml
- /data/data/####/cfg.database.ad-journal
- /data/data/####/com.z.hhwks.xml
- /data/data/####/config.service.xml
- /data/data/####/countIp.xml
- /data/data/####/data.zip
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/download.info
- /data/data/####/download.tmp
- /data/data/####/dqygt556s.xml
- /data/data/####/dswt54etg.data-journal
- /data/data/####/dwssedjb.data-journal
- /data/data/####/dwwsdws.data-journal
- /data/data/####/e4de3tx.xml
- /data/data/####/e4de3tx.xml.bak
- /data/data/####/e4de3tx.xml.bak (deleted)
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/gameid
- /data/data/####/gameid.zip
- /data/data/####/gwu878ds.data-journal
- /data/data/####/hcdml.xml
- /data/data/####/hhq_spu_ti.xml
- /data/data/####/im.database.ad-journal
- /data/data/####/index
- /data/data/####/joeuhu.png
- /data/data/####/liblg9417791
- /data/data/####/libomnwdo.so
- /data/data/####/libomnwdo.so-32
- /data/data/####/libomnwdo.so-64
- /data/data/####/lijian.jar
- /data/data/####/liyuan.jar
- /data/data/####/m2.jar
- /data/data/####/m3.jar
- /data/data/####/m4.jar
- /data/data/####/m5.jar
- /data/data/####/m6.jar
- /data/data/####/mediv.jar
- /data/data/####/ntbupnaj.jar
- /data/data/####/owsddza.xml
- /data/data/####/prdopt.xml
- /data/data/####/qweswws.data-journal
- /data/data/####/qwevwwssww.xml
- /data/data/####/qwevwwssww.xml.bak
- /data/data/####/rq_file.xml
- /data/data/####/smweb.jar
- /data/data/####/spu_ti.xml
- /data/data/####/sunn.jar
- /data/data/####/sunn.tmp (deleted)
- /data/data/####/sunn.x
- /data/data/####/swwkwsghf.data-journal
- /data/data/####/t2pr.xml
- /data/data/####/tmp7.xml
- /data/data/####/tools8977.xml
- /data/data/####/tools8978.xml
- /data/data/####/umengDown5_2.jar
- /data/data/####/umeng_down1.jar
- /data/data/####/umeng_down13_4.jar
- /data/data/####/umeng_down15.jar
- /data/data/####/umeng_down18.jar
- /data/data/####/umeng_down24_1.jar
- /data/data/####/umeng_down4_1.jar
- /data/data/####/umeng_lib3.jar
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/wiwsf.xml
- /data/data/####/wo94ws.xml
- /data/data/####/wo94ws.xml.bak (deleted)
- /data/data/####/wuy6t6f.data-journal
- /data/data/####/wwswswewax.xml
- /data/data/####/yd_config_c.xml
- /data/media/####/.YiAds.log
- /data/media/####/.YiAds_Net.log
- /data/media/####/.ef0b4ddacc046d054f437ba0af966623
- /data/media/####/.nomedia
- /data/media/####/.usdis
- /data/media/####/.wq
- /data/media/####/37CF6BD4BA0A29794B0857B09C00DCE5.jar
- /data/media/####/37CF6BD4BA0A29794B0857B09C00DCE5.temp
- /data/media/####/41B044BC0D9AD6EFABDFCDAA837E677A.temp
- /data/media/####/AC7D79D8E346210837DAD001BF9C25D0
- /data/media/####/_pn
- /data/media/####/_shn
- /data/media/####/date40003000700
- /data/media/####/engc.jar
- /data/media/####/f12a251accb94dd34e2ea9aab9193efe.xml
- /data/media/####/fdpi.jar
- /data/media/####/pidfile.txt
- /data/media/####/plg.dat
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- cat /proc/bus/input/devices
- cat /proc/cpuinfo
- cat /sys/class/net/wlan0/address
- getprop
Загружает динамические библиотеки:
- liblg9417791
- libomnwdo
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- DES-ECB-PKCS5Padding
- Des-ECB-NoPadding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- DES-ECB-PKCS5Padding
- Des-ECB-NoPadding
- RSA-None-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
