Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.906.origin
- Android.Triada.4567
- Android.Triada.482.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- UDP(DNS) 1####.114.114.114:53
- TCP(HTTP/1.1) t####.a####.top:80
- TCP(HTTP/1.1) res####.a####.top:80
- TCP(HTTP/1.1) s####.jom####.com:80
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) ip.j####.com:999
- TCP(HTTP/1.1) ip.j####.com:99
- TCP(HTTP/1.1) api.meiju####.net:80
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) pic.s####.cn.####.com:80
- TCP(HTTP/1.1) g.shum####.cn:80
- TCP(HTTP/1.1) a####.d####.com:80
- TCP(HTTP/1.1) u####.a####.top:80
- TCP(HTTP/1.1) j####.g####.vip:80
- TCP(HTTP/1.1) 1####.29.29.29:80
- TCP(HTTP/1.1) s.zhito####.com:808
- TCP(HTTP/1.1) yq####.jn####.ltd:80
- TCP(HTTP/1.1) jx.lyh####.com:80
- TCP(HTTP/1.1) m####.net:80
- TCP(HTTP/1.1) pg####.d2####.com:10273
- TCP(HTTP/1.1) api.yunco####.com:80
- TCP(HTTP/1.1) p####.api.adoc####.com:80
- TCP(HTTP/1.1) api.lubang####.com:80
- TCP(HTTP/1.1) kou####.a####.top:80
- TCP(HTTP/1.1) sz-####.ftn.qq.com:80
- TCP(HTTP/1.1) r####.xqk####.com:80
- TCP(HTTP/1.1) lar####.c####.l####.####.com:80
- TCP(HTTP/1.1) down####.baiyuns####.com:80
- TCP(HTTP/1.1) ny.bul####.cn:666
- TCP(HTTP/1.1) filt####.a####.top:80
- TCP(HTTP/1.1) m.b####.net:80
- TCP(HTTP/1.1) wap.n.sh####.com:80
- TCP(HTTP/1.1) s.zhito####.com:807
- TCP(HTTP/1.1) i####.doub####.com:80
- TCP(HTTP/1.1) ty.downlo####.com:80
- TCP(HTTP/1.1) co####.ssp.adoc####.com:80
- TCP(HTTP/1.1) vvv.focusd####.cn:80
- TCP(HTTP/1.1) 3####.h####.com.####.com:80
- TCP(HTTP/1.1) tt####.vni####.com:20147
- TCP(HTTP/1.1) api.g####.vip:80
- TCP(HTTP/1.1) api.gug####.com:8935
- TCP(HTTP/1.1) m.7####.net:80
- TCP(HTTP/1.1) 47.1####.211.73:80
- TCP(HTTP/1.1) imgnan####.litiant####.com:80
- TCP(HTTP/1.1) e4####.0r####.com:10293
- TCP(TLS/1.0) ae.bdst####.com.####.com:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) cap####.d####.com:8099
- TCP(TLS/1.0) lhyysdk####.oss-cn-####.aliy####.com:443
- TCP(TLS/1.0) imgnan####.litiant####.com:443
- TCP(TLS/1.0) c####.pc####.com.cn:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) s####.we####.com:443
- TCP(TLS/1.0) gd.a.s####.com:443
- TCP(TLS/1.0) wtc.d####.com:443
- TCP(TLS/1.0) img.pcon####.com.####.cn:443
- TCP(TLS/1.0) wl.jd.com.####.com:443
- TCP(TLS/1.0) i####.doub####.com:443
- TCP(TLS/1.0) www.pcon####.com.cn:443
- TCP(TLS/1.0) a####.b####.com:443
- TCP(TLS/1.0) ec####.b####.com:443
- TCP(TLS/1.0) id.d####.com:443
- TCP(TLS/1.0) p####.m.jd.com:443
- TCP(TLS/1.0) img.d####.com:443
- TCP(TLS/1.0) api.g####.vip:443
- TCP(TLS/1.0) w.i####.com:443
- TCP(TLS/1.0) m####.do####.com:443
- TCP(TLS/1.0) mg####.pcon####.com.cn:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) img.kuy####.com:443
- TCP(TLS/1.0) www.pc####.com.####.cn:443
- TCP(TLS/1.0) i####.doub####.com.####.com:443
- TCP(TLS/1.0) p####.pc####.com.cn:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) ivy.pcon####.com.cn:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) wap.n.sh####.com:443
- TCP(TLS/1.0) img1-do####.b0.a####.com:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) js.3con####.com.####.cn:443
- TCP(TLS/1.0) u.j####.com:443
- TCP(TLS/1.0) api.adoc####.com:443
- TCP(TLS/1.0) ssls####.jom####.com:443
- TCP(TLS/1.0) i####.d####.com:443
- TCP(TLS/1.0) sw4.d####.com:443
- TCP(TLS/1.0) lr.3con####.com:443
- TCP(TLS/1.0) cdn.boo####.com.####.com:443
- TCP(TLS/1.0) api.icinep####.com:443
Запросы DNS:
- 0####.h####.com
- 3####.h####.com
- 4s####.8c####.com
- 617.a####.top
- a####.b####.com
- a####.d####.com
- a####.ot####.com
- ae.bdst####.com
- api.adoc####.com
- api.g####.vip
- api.gug####.com
- api.icinep####.com
- api.lubang####.com
- api.meiju####.net
- api.meiju####.net/
- api.s####.b####.com
- api.yunco####.com
- c####.mm####.com
- c####.pc####.com.cn
- c.c####.com
- cap####.d####.com
- cdn.boo####.com
- co####.ssp.adoc####.com
- down####.baiyuns####.com
- dup.baidust####.com
- e4####.0r####.com
- ec####.b####.com
- filt####.a####.top
- g####.bdst####.com
- g####.bdst####.com
- g.shum####.cn
- hm.b####.com
- i####.360bu####.com
- i####.d####.com
- i####.doub####.com
- i####.doub####.com
- i####.doub####.com
- id.d####.com
- img.d####.com
- img.kuy####.com
- img.pcon####.com.cn
- imgnan####.litiant####.com
- ip.j####.com
- ip.remo####.com
- ivy.pcon####.com.cn
- j####.g####.vip
- js.3con####.com
- jx.lyh####.com
- kou####.a####.top
- lhyysdk####.oss-cn-####.aliy####.com
- lr.3con####.com
- m####.b####.com
- m####.do####.com
- m####.net
- m.360bu####.com
- m.7####.net
- m.b####.net
- mg####.pcon####.com.cn
- ny.bul####.cn
- p####.api.adoc####.com
- p####.m.jd.com
- p####.pc####.com.cn
- p####.zhanz####.b####.com
- pg####.d2####.com
- pic.s####.cn
- plb####.u####.com
- pos.b####.com
- pv.s####.com
- qdl.d####.com
- r####.xqk####.com
- res####.a####.top
- s####.kt####.com
- s####.we####.com
- s.zhito####.com
- s4.c####.com
- s5.c####.com
- s96.c####.com
- sto####.360bu####.com
- sw4.d####.com
- sz-####.ftn.qq.com
- t####.a####.top
- tt####.vni####.com
- ty.downlo####.com
- u####.a####.top
- u####.u####.com
- u.j####.com
- v1.c####.com
- vvv.focusd####.cn
- w####.jd.com
- w####.pc####.com.cn
- w####.pcon####.com.cn
- w.i####.com
- wtc.d####.com
- ww1.sin####.cn
- www.me####.com
- www.pc####.com.cn
- www.pcon####.com.cn
- xiongz####.b####.com
- yq####.jn####.ltd
- z3.c####.com
- z6.c####.com
- z9.c####.com
Запросы HTTP GET:
- 3####.h####.com.####.com/preview/internettv/sp_images/ott/2019/12/26/dia...
- 3####.h####.com.####.com/preview/internettv/sp_images/ott/2020/1/3/dians...
- a####.d####.com/rewrite?fromid=####
- api.g####.vip/landing_with_phy.js
- api.meiju####.net/plugins/80s.json
- api.meiju####.net/plugins/kuaikan66.json
- api.meiju####.net/plugins/micaitu.json
- co####.ssp.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=...
- co####.ssp.adoc####.com/api/v2/mgmConfig?channelCode=####&version=####
- co####.ssp.adoc####.com/api/v2/mgmWebviewRatioConfig?channelCode=####&ve...
- down####.baiyuns####.com/cy.js
- down####.baiyuns####.com/jquery.lazyload.min.js
- down####.baiyuns####.com/jquery.min.js
- dup.baidust####.com/js/os.js
- filt####.a####.top/filter_control_617.json
- g.shum####.cn/api/user/file_jx_2.php?secret=####&id=####
- i####.doub####.com/large/683cb5a1gy1g1mbi0xz6bj20go08cdg8.jpg
- imgnan####.litiant####.com/preview/internettv/sp_images/ott/2019/12/23/d...
- imgnan####.litiant####.com/upload/vod/2019-10/p2570105165.jpg
- imgnan####.litiant####.com/upload/vod/2020-01/202001191579429668.jpg
- ip.j####.com:99/cn/5w.php
- ip.j####.com:999/wap/index.php?0####
- j####.g####.vip/by.js
- j####.g####.vip/jwdd.js
- jx.lyh####.com/img/61.jpg
- kou####.a####.top/kouling.json
- lar####.c####.l####.####.com/<Package>-v5.5.4.apk
- m####.net/Public/images/meiju_share.png
- m.7####.net/mbook_images/header-back.gif
- m.7####.net/mbook_images/header-backhome.gif
- m.7####.net/mbook_js/common.js
- m.7####.net/mbook_js/index.js
- m.7####.net/mbook_js/read.js
- m.7####.net/mbook_js/yuedu.js
- m.7####.net/mbook_js/zepto.min.js
- m.7####.net/mbyq/17847/349_1.html
- m.7####.net/mbyq/20867/136_1.html
- m.b####.net/mbook_1135/267_1.html
- m.b####.net/mbook_11696_6/
- m.b####.net/mbook_images/header-back.gif
- m.b####.net/mbook_images/header-backhome.gif
- m.b####.net/mbook_js/common.js
- m.b####.net/mbook_js/index.js
- m.b####.net/mbook_js/read.js
- m.b####.net/mbook_js/stat.js
- m.b####.net/mbook_js/yuedu.js
- m.b####.net/mbook_js/zepto.min.js
- p####.api.adoc####.com/ip
- pic.s####.cn.####.com/img/5d9dab198a9f3.jpg
- pic.s####.cn.####.com/img/5d9dd649aef8f.jpg
- pos.b####.com/ccam?psi=1090495a244201a6ec413a1a92765bf8&di=6611856&dri=0...
- pos.b####.com/icym?psi=93ca9fb20f9d080f0551c902a5189765&di=6611856&dri=0...
- r####.xqk####.com/6932.jpg
- res####.a####.top/LHYY.png
- res####.a####.top/sdk1.png
- res####.a####.top/sdk13_2.png
- res####.a####.top/sdk17.png
- res####.a####.top/sdk18.png
- res####.a####.top/sdk5_2.png
- s####.jom####.com/push.js
- s####.jom####.com/s.gif?r=####&l=####
- s.zhito####.com:807/528/jd0622.html
- s.zhito####.com:807/528/jf0622.html
- s.zhito####.com:808/0622/index.html
- s.zhito####.com:808/0622/yrc_001mobile.js
- sz-####.ftn.qq.com/无耻家庭S10E12cut.mp4?ver=####&rkey=####
- t####.a####.top/channl_adong5.png
- t####.a####.top/channl_haoqi1.png
- t####.a####.top/percent.json
- t####.a####.top/req.json
- ty.downlo####.com/1564129454573594.jpeg
- u####.a####.top/617.html
- vvv.focusd####.cn/ad/v1/log.action?action=v_initial&package=<Package>&ch...
- wap.n.sh####.com/sdk/c.js?appid=####
- yq####.jn####.ltd/sy/fdvdar
- yq####.jn####.ltd/zz/401jkmhjhwy.zip
Запросы HTTP POST:
- api.gug####.com:8935/
- api.lubang####.com/domain.php
- api.lubang####.com/srp.php
- api.meiju####.net/
- api.yunco####.com/service/rest
- e4####.0r####.com:10293/widlth/
- ny.bul####.cn:666/slsdk/settings.aspx
- pg####.d2####.com:10273/dvjnzt/
- pg####.d2####.com:10273/rnggno/
- pg####.d2####.com:10273/tzvntp/
- tt####.vni####.com:20147/dijc1v/
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.__mob_ad_data.xml
- /data/data/####/.imprint
- /data/data/####/00993f511c8b1b878830aa908a599c16c3d7ae512bc2c46....0.tmp
- /data/data/####/029532b611ec002430d4bf7dfb188b7c.0.tmp
- /data/data/####/029532b611ec002430d4bf7dfb188b7c.1.tmp
- /data/data/####/029f3598556c673dec8a8d52ab4d3640.0.tmp
- /data/data/####/029f3598556c673dec8a8d52ab4d3640.1.tmp
- /data/data/####/08ec028ebe00119ee201a93e0580c731.0.tmp
- /data/data/####/08ec028ebe00119ee201a93e0580c731.1.tmp
- /data/data/####/0973677a534786a102bb9078bb0efb61.0.tmp
- /data/data/####/0973677a534786a102bb9078bb0efb61.1.tmp (deleted)
- /data/data/####/0b9813c9386114ece5e1a5e70a81d52126aa7b8256a7a43....0.tmp
- /data/data/####/0d2c4f1ad86b0a0d81047e197df4db9b5b7e191e63e0526....0.tmp
- /data/data/####/0fe5ecc17f3e7e7df8de0a3db4b96dbc.0.tmp
- /data/data/####/0fe5ecc17f3e7e7df8de0a3db4b96dbc.1.tmp
- /data/data/####/1.jar
- /data/data/####/13_2.jar
- /data/data/####/17.jar
- /data/data/####/18.jar
- /data/data/####/18873752c3fbe12ffe85ee4952f33c449532fba942089c4....0.tmp
- /data/data/####/1ab1a36d887a253edd1fe33ff509a07e.0.tmp
- /data/data/####/1ab1a36d887a253edd1fe33ff509a07e.1.tmp
- /data/data/####/27983c2d9131400f0797930ca1affc62c9231d08e63b073....0.tmp
- /data/data/####/27f2dd6b1ceca7b927c695cad6d8d546.0.tmp
- /data/data/####/27f2dd6b1ceca7b927c695cad6d8d546.1.tmp
- /data/data/####/356a1976bc8fac85a99503ba2398606b.0.tmp
- /data/data/####/356a1976bc8fac85a99503ba2398606b.1.tmp
- /data/data/####/3678e28be038593c7250491e010ba6d4.0.tmp
- /data/data/####/3678e28be038593c7250491e010ba6d4.1.tmp
- /data/data/####/36b4421eaeb299b87c92805b665102b6.0.tmp
- /data/data/####/36b4421eaeb299b87c92805b665102b6.1.tmp
- /data/data/####/36bd1ba46f08b1f74e67523b148cad7501751d6bb3c8789....0.tmp
- /data/data/####/381f6d4542bc5878c7ff0159d0f5d816e37c51cbdfe16b7....0.tmp
- /data/data/####/402a3c145e89fe017738b95148df3bc9.0.tmp
- /data/data/####/402a3c145e89fe017738b95148df3bc9.1.tmp
- /data/data/####/42e3379b554d697429c03f7f78da57aa.0.tmp
- /data/data/####/42e3379b554d697429c03f7f78da57aa.1.tmp
- /data/data/####/44367F39739CCD6BBF960E91E7DB78B2.xml
- /data/data/####/46b608f71ea47da724c582b108402fb4780a369ccbb2c4a....0.tmp
- /data/data/####/4B8DB6B83129A65A2EF4DCFC1393C3B0.xml
- /data/data/####/5016ba473a64090954d2bd4c2c238821.db
- /data/data/####/5016ba473a64090954d2bd4c2c238821.jar
- /data/data/####/55e9eb58ad418c5913323c1fc2d1d4e0873268bc5f4d535....0.tmp
- /data/data/####/577c4ce26a4957bf44a4b0fc1bb09f8c80844b492c60abf....0.tmp
- /data/data/####/592meiju_data.xml
- /data/data/####/5_2.jar
- /data/data/####/60452bcf50447b6904770abceceb843ddbb16d8c4582a3a....0.tmp
- /data/data/####/6b0046aa35b4ccb58938330566f1083b.0.tmp
- /data/data/####/6b0046aa35b4ccb58938330566f1083b.1.tmp
- /data/data/####/6cca847935c8af83b5386c466243959d.0.tmp
- /data/data/####/6cca847935c8af83b5386c466243959d.1.tmp
- /data/data/####/7295ece1696c2c3e0ee9a8b27f4b49a3.db
- /data/data/####/73ed9494ddc573a1cf7e8d52b4a5eeb8.0.tmp
- /data/data/####/73ed9494ddc573a1cf7e8d52b4a5eeb8.1.tmp
- /data/data/####/742c6c32bd10459cddb3e894ddfb2fa237da27fd209bfa0....0.tmp
- /data/data/####/7489feb398ed7f4d0971f20935119a3f.0.tmp
- /data/data/####/7489feb398ed7f4d0971f20935119a3f.1.tmp
- /data/data/####/76924073b8c910199fef670575272677.db
- /data/data/####/77e45a4bd2464b65012d12713c208e3498b862f051e3ec5....0.tmp
- /data/data/####/801f8d41dce45d7c73db58ece83e3a26cdf38ec7e3c1bb0....0.tmp
- /data/data/####/829f117fe7612fcbc74fe8a066b47090.db
- /data/data/####/85b8370a53d6eca22da5f3fb5c291ed7.db
- /data/data/####/8EAD111D030291821E19A80E344C340A.xml
- /data/data/####/8b8f906245799e7bc2dc74c44c3e0aab.0.tmp
- /data/data/####/8b8f906245799e7bc2dc74c44c3e0aab.1.tmp
- /data/data/####/91b335cb6bb2050d9f8f2567777ccf3bfdbd29202f921ee....0.tmp
- /data/data/####/9e0596c529d7199d56e458eb71835578.0.tmp
- /data/data/####/9e0596c529d7199d56e458eb71835578.1.tmp
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/HttpDNSConstantsJson.xml
- /data/data/####/MultiDex.lock
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/XkdjsIx132mM356507059351895comm.xml
- /data/data/####/XkdjsIx132mMskey1.xml
- /data/data/####/_p.xml
- /data/data/####/_sh.xml
- /data/data/####/a299d31f8b05ee9c99bf6627dd0c280f1ebde7f416ec21c....0.tmp
- /data/data/####/ae1abf72da15754391348125ec470e4b636c698e5ce3211....0.tmp
- /data/data/####/b44952bfa3897b7dee1f2425051573fb.0.tmp
- /data/data/####/b44952bfa3897b7dee1f2425051573fb.1.tmp
- /data/data/####/b815f27dff32fb74009fff49dbccc5e3ad53316f73c6ccf....0.tmp
- /data/data/####/b857c030746399650bf9894a60b36145d3d9a89d4e341ea....0.tmp
- /data/data/####/bb229b2983b3f087b727ccd257ac3e14.0.tmp
- /data/data/####/bb229b2983b3f087b727ccd257ac3e14.1.tmp
- /data/data/####/bcbb2e071ea5ad908c6fec1c54fe26554277dcf3f6e0001....0.tmp
- /data/data/####/bfd1039133941af072993e4143f4a1d8.0.tmp
- /data/data/####/bfd1039133941af072993e4143f4a1d8.1.tmp
- /data/data/####/bpvqdjmf.jar
- /data/data/####/c97c7c4cbd321569f11cdc8d7a421ad0.0.tmp
- /data/data/####/c97c7c4cbd321569f11cdc8d7a421ad0.1.tmp
- /data/data/####/com.meiju592.app.xml
- /data/data/####/countIp.xml
- /data/data/####/d08aa52c3d305a16b625c5bb3cc0299a.0.tmp
- /data/data/####/d08aa52c3d305a16b625c5bb3cc0299a.1.tmp (deleted)
- /data/data/####/d0ffd11eafff6bd53e8ca8bb6e1fadcb91dffd6b2029a8f....0.tmp
- /data/data/####/d19e9c953d3ee5108f32dc026e00652c.db
- /data/data/####/d19e9c953d3ee5108f32dc026e00652c.jar
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTgwMzIyNTcxMjc1;
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/db64144592e6c02b040383ecdf104e9c1d3c316f1fc6c34....0.tmp
- /data/data/####/dd559430a7c4adf9f1ceb8c42acc6cab.0.tmp
- /data/data/####/dd559430a7c4adf9f1ceb8c42acc6cab.1.tmp (deleted)
- /data/data/####/dns_ip_info.db
- /data/data/####/dns_ip_info.db-journal
- /data/data/####/downUmeng.jar
- /data/data/####/dynamic.dex
- /data/data/####/dynamic.dex (deleted)
- /data/data/####/ef3e3cf75ff31cb0af5d33e45b2eb39d.0.tmp
- /data/data/####/ef3e3cf75ff31cb0af5d33e45b2eb39d.1.tmp
- /data/data/####/efc1874fdede40300b29923444f40cab.0.tmp
- /data/data/####/efc1874fdede40300b29923444f40cab.1.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f0653000cc33baacce3c38eda23c657db2e997661922f7f....0.tmp
- /data/data/####/f517982c4d16bcb8d898ca99814b85b1.0.tmp
- /data/data/####/f517982c4d16bcb8d898ca99814b85b1.1.tmp
- /data/data/####/f91f51b7e9f087a38bedbad97e7217c5.0.tmp
- /data/data/####/f91f51b7e9f087a38bedbad97e7217c5.1.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/fe0dfcec6e195d55d555804df2596854.db
- /data/data/####/gameid
- /data/data/####/gameid.zip
- /data/data/####/i==1.2.0&&5.4.4_1580322571315_envelope.log
- /data/data/####/index
- /data/data/####/info.xml
- /data/data/####/journal.tmp
- /data/data/####/libpuuqlu.so
- /data/data/####/libpuuqlu.so-32
- /data/data/####/libpuuqlu.so-64
- /data/data/####/meijuniaoV2.db-journal
- /data/data/####/mkv.xml
- /data/data/####/multidex.version.xml
- /data/data/####/oqoyet.png
- /data/data/####/t2pr.xml
- /data/data/####/t==8.0.0&&5.4.4_1580322572185_envelope.log
- /data/data/####/tmp-com.meiju592.app-1.apk.classes422898756.zip
- /data/data/####/tools8978.xml
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/yd_config_c.xml
- /data/media/####/.YiAds.log
- /data/media/####/.YiAds_Net.log
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.lju
- /data/media/####/.nomedia
- /data/media/####/.umm.dat
- /data/media/####/.usdis
- /data/media/####/1723D6044EA97DA846C4E3A2E2999116.jar
- /data/media/####/1723D6044EA97DA846C4E3A2E2999116.temp
- /data/media/####/226C6D0262EDF21275151A3830CCD201.temp
- /data/media/####/3a1f12b153590d36c25aee43defe4f93.png
- /data/media/####/6039a5dc726735515b7d4af99a14a028.jpg
- /data/media/####/6067CD2BC58AF269E2045AB73920FC13
- /data/media/####/_pn
- /data/media/####/_shn
- /data/media/####/httpdns.log
- /data/media/####/美剧鸟_5.5.4.apk
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- cat /proc/cpuinfo
- cat /sys/class/net/wlan0/address
- getprop
- ls /
- ls /sys/class/thermal
Загружает динамические библиотеки:
- libpuuqlu
- native-signtools
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- DES-CBC-PKCS5Padding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding
- RSA-None-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
