Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.916.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) d####.cn:80
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) www.pc####.com.####.cn:80
- TCP(HTTP/1.1) qzones####.g####.cn.####.com:80
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) err.ta####.com:80
- TCP(HTTP/1.1) c####.zhito####.com:807
- TCP(HTTP/1.1) u####.dspliul####.com:99
- TCP(HTTP/1.1) 58.2####.92.50:808
- TCP(HTTP/1.1) s####.al####.com:80
- TCP(HTTP/1.1) a####.caiji####.com:80
- TCP(HTTP/1.1) f####.caiji####.com:80
- TCP(HTTP/1.1) i####.d####.cn:80
- TCP(HTTP/1.1) ipp.zhito####.com:99
- TCP(HTTP/1.1) pco####.ta####.com:80
- TCP(HTTP/1.1) c####.zhito####.com:8881
- TCP(HTTP/1.1) c####.zhito####.com:99
- TCP(HTTP/1.1) k####.caiji####.com.####.com:80
- TCP(HTTP/1.1) c####.baidust####.com.####.com:80
- TCP(HTTP/1.1) ivy.pcon####.com.cn:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) adcha####.bz.m####.com:80
- TCP(HTTP/1.1) tc.c####.com:80
- TCP(HTTP/1.1) c####.zhito####.com:808
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) p####.caiji####.com:80
- TCP(HTTP/1.1) 1####.100.207.230:80
- TCP(HTTP/1.1) 58.2####.198.157:999
- TCP(HTTP/1.1) s2.z####.cn:80
- TCP(HTTP/1.1) d####.wos####.com:80
- TCP(HTTP/1.1) c.c####.com:80
- TCP(HTTP/1.1) ipp.zhito####.com:807
- TCP(HTTP/1.1) w.i####.com:80
- TCP(HTTP/1.1) bbs.c####.com.####.com:80
- TCP(HTTP/1.1) ucst####.c####.com.####.com:80
- TCP(HTTP/1.1) w####.c####.com:80
- TCP(HTTP/1.1) dl.huih####.com.####.com:80
- TCP(HTTP/1.1) s####.caiji####.com:666
- TCP(HTTP/1.1) ia.z####.net:80
- TCP(TLS/1.0) 2####.h####.com.####.cn:443
- TCP(TLS/1.0) i####.pcon####.com.####.cn:443
- TCP(TLS/1.0) c.gridsum####.com:443
- TCP(TLS/1.0) v2.da.m####.com:443
- TCP(TLS/1.0) sb.scoreca####.com.####.net:443
- TCP(TLS/1.0) www.pcon####.com.cn:443
- TCP(TLS/1.0) m.pc####.com.cn:443
- TCP(TLS/1.0) ub####.baidust####.com.####.com:443
- TCP(TLS/1.0) t####.bz.m####.com:443
- TCP(TLS/1.0) res.wx.qq.####.com:443
- TCP(TLS/1.0) web.da.m####.com:443
- TCP(TLS/1.0) mg####.api.max.####.com:443
- TCP(TLS/1.0) c####.pc####.com.cn:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) a####.d####.com:443
- TCP(TLS/1.0) desi####.pch####.com.cn:443
- TCP(TLS/1.0) u.api.m####.com:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) 3####.h####.com.####.com:443
- TCP(TLS/1.0) u.j####.com:443
- TCP(TLS/1.0) err.ta####.com:443
- TCP(TLS/1.0) log.mm####.com:443
- TCP(TLS/1.0) wtc.d####.com:443
- TCP(TLS/1.0) i.m####.com:443
- TCP(TLS/1.0) t.hy####.com.cn:443
- TCP(TLS/1.0) et2.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) w####.da.m####.com:443
- TCP(TLS/1.0) img.pcon####.com.####.cn:443
- TCP(TLS/1.0) wl.jd.com.####.com:443
- TCP(TLS/1.0) wn.pos.b####.com:443
- TCP(TLS/1.0) g.1####.com:443
- TCP(TLS/1.0) ec####.b####.com:443
- TCP(TLS/1.0) g####.api.m####.com:443
- TCP(TLS/1.0) www.m####.com:443
- TCP(TLS/1.0) vc.m####.com:443
- TCP(TLS/1.0) p####.m.jd.com:443
- TCP(TLS/1.0) pc.bz.m####.com:443
- TCP(TLS/1.0) w.i####.com:443
- TCP(TLS/1.0) cr.3con####.com:443
- TCP(TLS/1.0) av####.h####.com.####.com:443
- TCP(TLS/1.0) ucst####.c####.com.####.com:443
- TCP(TLS/1.0) pcwe####.log.m####.com:443
- TCP(TLS/1.0) mg####.pcon####.com.cn:443
- TCP(TLS/1.0) a####.evergr####.com:443
- TCP(TLS/1.0) h####.m####.com:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) bbs.pch####.com.cn:443
- TCP(TLS/1.0) www.pc####.com.####.cn:443
- TCP(TLS/1.0) na61-####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) mobi####.bz.m####.com:443
- TCP(TLS/1.0) st3.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) p####.pc####.com.cn:443
- TCP(TLS/1.0) s3.h####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) l####.bz.m####.com:443
- TCP(TLS/1.0) ivy.pcon####.com.cn:443
- TCP(TLS/1.0) com####.m####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) s####.al####.com:443
- TCP(TLS/1.0) i.gridsum####.com:443
- TCP(TLS/1.0) use####.api.max.####.com:443
- TCP(TLS/1.0) s2.z####.cn:443
- TCP(TLS/1.0) g.cn.miao####.com:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) js.3con####.com.####.cn:443
- TCP(TLS/1.0) p####.api.m####.com:443
- TCP(TLS/1.0) cdn.boo####.com.####.com:443
- TCP(TLS/1.0) pc####.api.m####.com:443
- TCP(TLS/1.0) i####.d####.com:443
- TCP(TLS/1.0) sw4.d####.com:443
- TCP(TLS/1.0) g.al####.com:443
Запросы DNS:
- 0####.h####.com
- 1####.h####.com
- 2####.h####.com
- 3####.h####.com
- 4####.h####.com
- a####.caiji####.com
- a####.caiji####.com
- a####.d####.com
- a####.evergr####.com
- a####.m.sm.cn
- adcha####.bz.m####.com
- ask.c####.com
- at.umt####.com
- av####.h####.com
- bbs.c####.com
- bbs.pch####.com.cn
- c####.baidust####.com
- c####.mm####.com
- c####.pc####.com.cn
- c####.zhito####.com
- c.c####.com
- c.gridsum####.com
- cdn.boo####.com
- cha####.pch####.com.cn
- com####.m####.com
- cr.3con####.com
- cre####.bz.m####.com
- css.m####.com
- d####.cn
- d####.pch####.com.cn
- d####.wos####.com
- desi####.pch####.com.cn
- dl.huih####.com
- dup.baidust####.com
- e####.h####.com
- ec####.b####.com
- err.ta####.com
- f####.c####.com
- f####.caiji####.com
- fou####.ta####.com
- g####.api.m####.com
- g####.c####.com
- g.1####.com
- g.al####.com
- g.cn.miao####.com
- h####.m####.com
- hm.b####.com
- huo####.pch####.com.cn
- i####.d####.cn
- i####.d####.com
- i####.pcon####.com.cn
- i.c####.com
- i.gridsum####.com
- i.m####.com
- i1.h####.com
- i3.h####.com
- i4.h####.com
- i5.h####.com
- ia.z####.net
- id.d####.com
- im####.pc####.com.cn
- im####.pcon####.com.cn
- img.d####.com
- img.m####.com
- img.pcon####.com.cn
- ip.remo####.com
- ipp.zhito####.com
- ivy.pc####.com.cn
- ivy.pch####.com.cn
- ivy.pcon####.com.cn
- jia####.pch####.com.cn
- js.3con####.com
- js.m####.com
- k####.caiji####.com
- l####.bz.m####.com
- l####.m.sm.cn
- log.mm####.com
- m.360bu####.com
- m.pc####.com.cn
- ma####.m.ta####.com
- mg####.api.max.####.com
- mg####.pcon####.com.cn
- mobi####.bz.m####.com
- n####.pch####.com.cn
- o####.sin####.cn
- p####.api.m####.com
- p####.caiji####.com
- p####.m.jd.com
- p####.pc####.com.cn
- pc####.api.m####.com
- pc.bz.m####.com
- pco####.c####.com
- pco####.sm.cn
- pcwe####.log.m####.com
- pos.b####.com
- pv.s####.com
- qzones####.g####.cn
- r####.wx.qq.com
- rc.m####.com
- s####.al####.com
- s####.caiji####.com
- s####.m.sm.cn
- s1.h####.com
- s11.c####.com
- s19.c####.com
- s2.z####.cn
- s20.c####.com
- s23.c####.com
- s3.h####.com
- s4.c####.com
- s5.c####.com
- s9.c####.com
- s95.c####.com
- sb.scoreca####.com
- st####.h####.com
- sto####.360bu####.com
- sw4.d####.com
- t####.bz.m####.com
- t-####.hy####.com.cn
- tb.m####.com
- tc.c####.com
- u####.dspliul####.com
- u.api.m####.com
- u.j####.com
- ub####.baidust####.com
- ucst####.c####.com
- ugc.h####.com
- use####.api.max.####.com
- v.api.hun####.com
- v.t.q####.com
- v1.c####.com
- v2.da.m####.com
- vc.m####.com
- w####.c####.com
- w####.da.m####.com
- w####.jd.com
- w####.pc####.com.cn
- w####.pch####.com.cn
- w####.pcon####.com.cn
- w####.pcon####.com.cn
- w.c####.com
- w.i####.com
- web.da.m####.com
- wn.pos.b####.com
- wtc.d####.com
- www.c####.com
- www.m####.com
- www.pc####.com.cn
- www.pch####.com.cn
- www.pcon####.com.cn
- y####.m.sm.cn
- z11.c####.com
- z12.c####.com
- z3.c####.com
- z5.c####.com
- z6.c####.com
- z9.c####.com
Запросы HTTP GET:
- 58.2####.92.50:808/gh.html
- a####.caiji####.com/a/asdf?cnl=####&vv=####&vv2=####&aid=####&sid=####&d...
- adcha####.bz.m####.com/direct?cc=####
- bbs.c####.com.####.com/banner3.html?d=####
- bbs.c####.com.####.com/css/other.css
- bbs.c####.com.####.com/d/post/18083043.html
- bbs.c####.com.####.com/d/post/18644955.html
- bbs.c####.com.####.com/d/post/18929939.html
- bbs.c####.com.####.com/d/post/19385668.html
- bbs.c####.com.####.com/jscripts/doc.js
- bbs.c####.com.####.com/style/images/bg_header.jpg
- bbs.c####.com.####.com/style/images/icon.gif
- bbs.c####.com.####.com/style/images/icon_num.gif
- bbs.c####.com.####.com/style/images/use_tool.gif
- bbs.c####.com.####.com/style/newPost.css?v=####
- bbs.c####.com.####.com/style/style_board.css
- bbs.c####.com.####.com/style/style_post3.css
- c####.baidust####.com.####.com/cpro/ui/c.js
- c####.zhito####.com:807/528/bu/hd/135.html
- c####.zhito####.com:807/528/bu/hd/165.html
- c####.zhito####.com:807/528/bu/hd/57.html?a####
- c####.zhito####.com:807/528/qing.html
- c####.zhito####.com:808/pctja.html
- c####.zhito####.com:8881/wap/index.html
- c####.zhito####.com:99/fun/index.html
- c.c####.com/core.php?web_id=####&t=####
- c.c####.com/stat.php?id=####
- c.c####.com/stat.php?id=####&web_id=####
- c.c####.com/z_stat.php?id=####&web_id=####
- d####.cn/cdn.html
- d####.cn/fenpei.html?1####
- d####.cn/fenpei.html?2####
- d####.cn/fenpei.html?c####
- d####.cn/ydc.html
- d####.cn/ydm.html
- d####.wos####.com/upload/csaa.jsp?a=####&b=####&c=####&d=####&e=####&f=#...
- dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...
- dup.baidust####.com/js/os.js
- err.ta####.com/error1.html?c=404&u=/hz.aplus.taobao.org/app.gif?&cna=4pE...
- f####.caiji####.com/v1/cc/mobile?brand=####&model=####&andid=####&andv=#...
- gm.mm####.com/9.gif?abc=####&rnd=####
- i####.d####.cn/goldcool.php?id=####
- ipp.zhito####.com:807/1102/0.html
- ipp.zhito####.com:807/1102/0.js
- ipp.zhito####.com:807/1102/index.html
- ipp.zhito####.com:807/1102/qing.html
- ipp.zhito####.com:807/1102/yrc_001mobile.js
- ipp.zhito####.com:99/wap/index.php
- ivy.pcon####.com.cn/click?id=####&adid=####&watch=####
- k####.caiji####.com.####.com/jm1584952315919_utils.ttf
- k####.caiji####.com.####.com/searchss2.min.js
- pco####.ta####.com/app.gif?&cna=####
- pos.b####.com/bfp/snippetcacher.php?dpv=####&di=####
- qzones####.g####.cn.####.com/ac/qzone_v5/app/app_share/qz_logo.png
- s####.al####.com/L1/272/6837/static/wap/img/uc-32.png
- s####.al####.com/L1/272/6837/static/wap/img/uc.png
- s2.z####.cn/ims?kt=####&at=####&key=aHR####&sign=yx####&tv=####&x####
- s2.z####.cn/wikipic/icon/16x16.png
- tc.c####.com/adscache/caches/104.js?n=####
- tc.c####.com/adscache/caches/105.js?n=####
- tc.c####.com/adscache/caches/106.js?n=####
- tc.c####.com/adscache/caches/108.js?n=####
- tc.c####.com/adscache/caches/109.js?n=####
- tc.c####.com/adscache/caches/160.js?n=####
- tc.c####.com/adscache/caches/163.js?n=####
- tc.c####.com/adscache/caches/183.js?n=####
- tc.c####.com/adscache/caches/187.js?n=####
- tc.c####.com/adscache/caches/196.js?n=####
- tc.c####.com/adscache/caches/205.js?n=####
- tc.c####.com/adscache/caches/215.js?n=####
- tc.c####.com/adscache/caches/216.js?n=####
- tc.c####.com/adscache/caches/217.js?n=####
- tc.c####.com/adscache/caches/227.js?n=####
- tc.c####.com/adscache/caches/239.js?n=####
- tc.c####.com/adscache/caches/240.js?n=####
- tc.c####.com/adscache/caches/245.js?n=####
- tc.c####.com/adscache/caches/246.js?n=####
- tc.c####.com/adscache/caches/25.js?n=####
- tc.c####.com/adscache/caches/26.js?n=####
- tc.c####.com/adscache/caches/27.js?n=####
- tc.c####.com/adscache/caches/308.js?n=####
- tc.c####.com/adscache/caches/324.js?n=####
- tc.c####.com/adscache/caches/340.js?n=####
- tc.c####.com/adscache/caches/344.js?n=####
- tc.c####.com/adscache/caches/41.js?n=####
- tc.c####.com/adscache/caches/436.js?n=####
- tc.c####.com/adscache/caches/46.js?n=####
- tc.c####.com/adscache/caches/492.js?n=####
- tc.c####.com/adscache/caches/510.js?n=####
- tc.c####.com/adscache/caches/56.js?n=####
- tc.c####.com/adscache/caches/72.js?n=####
- tc.c####.com/adx.js
- tc.c####.com/iframeads/adsdispatch.php?pid=####
- tc.c####.com/js/tcjs.php
- u####.dspliul####.com:99/IP/Index/geturls
- u####.dspliul####.com:99/Public/Access/js/modules/common.js
- u####.dspliul####.com:99/Public/Access/js/modules/creifr.js
- u####.dspliul####.com:99/ip/index.html
- ucst####.c####.com.####.com/askques/expert/getAll
- ucst####.c####.com.####.com/askques/questions/show/822167
- ucst####.c####.com.####.com/avatar/2415/2415121.png
- ucst####.c####.com.####.com/avatar/3015/3015177.png
- ucst####.c####.com.####.com/avatar/3074/3074980.png
- ucst####.c####.com.####.com/avatar/37261/37261674.png?124963####
- ucst####.c####.com.####.com/cmbbs/jquery.1.3.2.js
- ucst####.c####.com.####.com/cmbbs/main.js
- ucst####.c####.com.####.com/css/layout1.css
- ucst####.c####.com.####.com/d/article.php/10024
- ucst####.c####.com.####.com/globalMsg.js
- ucst####.c####.com.####.com/images/bg_alpha.png
- ucst####.c####.com.####.com/images/ico-25x25.gif
- ucst####.c####.com.####.com/images/icon-cms1.gif
- ucst####.c####.com.####.com/images/icon-cms2.gif
- ucst####.c####.com.####.com/images/user_sig_split.gif
- ucst####.c####.com.####.com/img/new_85_1.gif
- ucst####.c####.com.####.com/js/baobao.js
- ucst####.c####.com.####.com/js/cookie.js?2009101####
- ucst####.c####.com.####.com/js/imagerollover.js
- ucst####.c####.com.####.com/js/iwt1.0.1.js
- ucst####.c####.com.####.com/js/new_sw.js?t=####
- ucst####.c####.com.####.com/js_revsci.html
- ucst####.c####.com.####.com/style/ask.css?v=####
- ucst####.c####.com.####.com/style/frame-inner.css
- ucst####.c####.com.####.com/style/iask.css
- ucst####.c####.com.####.com/style/images/ask-cms-but-88x25.gif
- ucst####.c####.com.####.com/style/images/ask_return.jpg
- ucst####.c####.com.####.com/style/images/ask_tiwen.jpg
- ucst####.c####.com.####.com/style/images/search.gif
- ucst####.c####.com.####.com/style/images/zj_online_bg.gif
- ucst####.c####.com.####.com/style/images/zj_online_t.gif
- ucst####.c####.com.####.com/style/word.css
- ucst####.c####.com.####.com/styles/cms.css
- ucst####.c####.com.####.com/styles/images/bg.gif
- ucst####.c####.com.####.com/styles/images/ci123_logo.gif
- ucst####.c####.com.####.com/styles/images/ci123_logo_ask.gif
- ucst####.c####.com.####.com/styles/images/icon.gif
- ucst####.c####.com.####.com/styles/images/nav_bg.jpg
- ucst####.c####.com.####.com/styles/images/nav_city_bg_160.gif
- ucst####.c####.com.####.com/styles/images/nav_mall_left.gif
- ucst####.c####.com.####.com/styles/images/nav_menu2_bg.gif
- ucst####.c####.com.####.com/styles/images/nav_menu2_block.gif
- ucst####.c####.com.####.com/styles/images/nav_menu2_block2.gif
- ucst####.c####.com.####.com/styles/images/nav_menu2_right.gif
- ucst####.c####.com.####.com/styles/images/nav_menu3_bg.gif
- ucst####.c####.com.####.com/styles/images/nav_menu3_s.gif
- ucst####.c####.com.####.com/styles/images/nav_tool.gif
- ucst####.c####.com.####.com/styles/images/search_sub.gif
- ucst####.c####.com.####.com/styles/images/tabnavi.gif
- ucst####.c####.com.####.com/styles/menu_style.css?v=####
- ucst####.c####.com.####.com/styles/menu_style_v2.css?v=####
- w####.c####.com/abc/xyz/point/index.php
- w####.c####.com/abc/xyz/point/single.php?bid=####
- w.i####.com/iwt/a.gif?url=####&ua=####&uuid=####&sign=####&ts=####
- www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
- z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
- z.c####.com/stat.htm?id=1258256413&r=http://www2.ci123.com/abc/xyz/point...
Запросы HTTP HEAD:
- dl.huih####.com.####.com/iad/specialChannel/9e104c5240272fda937509947beb...
Запросы HTTP POST:
- a####.caiji####.com/v2/load/mobile
- d####.wos####.com/upload/event2.jsp
- d####.wos####.com/upload/event9.jsp
- d####.wos####.com/upload/longheartbeat.jsp
- d####.wos####.com/upload/sdklongheartbeat.jsp
- f####.caiji####.com/v3/task/mobile
- ia.z####.net/ps/getSpecialChannel.do
- p####.caiji####.com/klv2/sdkkl/mobile
- s####.caiji####.com:666/v1/config
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1863722794_app_spf_scli.xml
- /data/data/####/-1863722794_rss_pl_cty.xml
- /data/data/####/-1863722794_rws_sp.xml
- /data/data/####/-1863722794_sp_iconfig.xml
- /data/data/####/2531b1fb2b5948bab3998edc9bd41c18.jar
- /data/data/####/29c32a19-d9c7-3a65-a3ec-7cfc96365780.cpo
- /data/data/####/29c32a19-d9c7-3a65-a3ec-7cfc96365780.dex
- /data/data/####/29c32a19-d9c7-3a65-a3ec-7cfc96365780.inf
- /data/data/####/29c32a19-d9c7-3a65-a3ec-7cfc96365780.jar
- /data/data/####/6e21821c-dd4f-3eac-9de3-b18d6f3e3f6a.cpo
- /data/data/####/6e21821c-dd4f-3eac-9de3-b18d6f3e3f6a.dex
- /data/data/####/6e21821c-dd4f-3eac-9de3-b18d6f3e3f6a.inf
- /data/data/####/6e21821c-dd4f-3eac-9de3-b18d6f3e3f6a.jar
- /data/data/####/85f2b2e940b84bbd8259a839cefba5e9.jar
- /data/data/####/99908132-381a-3031-8c04-03554951552d.cpo
- /data/data/####/99908132-381a-3031-8c04-03554951552d.dex
- /data/data/####/99908132-381a-3031-8c04-03554951552d.inf
- /data/data/####/99908132-381a-3031-8c04-03554951552d.jar
- /data/data/####/A3AEECD8.dex
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/CachedGeoposition.db
- /data/data/####/CachedGeoposition.db-journal
- /data/data/####/app_launcher_icondec.png
- /data/data/####/cache_-1863722794_onsp.xml
- /data/data/####/cache_-1863722794_onsp.xml.bak
- /data/data/####/cache_-1863722794_pl_sp.xml
- /data/data/####/cache_update.xml
- /data/data/####/classes.dex
- /data/data/####/cm_cfgt_spf.xml
- /data/data/####/config
- /data/data/####/d7a8a13837a118786837a7031e3cfa92
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/download_task.dat
- /data/data/####/download_time.dat
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip.inf
- /data/data/####/f19be1329018333420dd43b40e91e24a.zip.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_00006a
- /data/data/####/f_00006b
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/http_58.218.92.50_808.localstorage-journal
- /data/data/####/http_ask.ci123.com_0.localstorage-journal
- /data/data/####/http_bbs.ci123.com_0.localstorage-journal
- /data/data/####/http_ip.remote88.com_807.localstorage-journal
- /data/data/####/http_ipp.zhitoudsp.com_807.localstorage-journal
- /data/data/####/https_pos.baidu.com_0.localstorage-journal
- /data/data/####/https_price.pcauto.com.cn_0.localstorage-journal
- /data/data/####/https_pro.m.jd.com_0.localstorage-journal
- /data/data/####/https_sw4.duoyi.com_0.localstorage-journal
- /data/data/####/https_www.mgtv.com_0.localstorage-journal
- /data/data/####/https_yz.m.sm.cn_0.localstorage-journal
- /data/data/####/img-cache.zip
- /data/data/####/index
- /data/data/####/journal.tmp
- /data/data/####/libA3AEECD8_arm64-v8a.so
- /data/data/####/libA3AEECD8_armeabi.so
- /data/data/####/load_MTAwMF8xMjAxXzIyODAwMTAw;.xml
- /data/data/####/rdata_@apkloader-unique.pkgname@.new
- /data/data/####/spfn_MTAwMF8xMjAxXzIyODAwMTAw;.xml
- /data/data/####/spfp_configl.xml
- /data/data/####/uid.dat
- /data/data/####/update_task.dat
- /data/data/####/update_time.dat
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/.cjlocfile.txt
- /data/media/####/uid.dat
Другие:
Загружает динамические библиотеки:
- libA3AEECD8_arm64-v8a
- libA3AEECD8_armeabi
Использует следующие алгоритмы для расшифровки данных:
- DES-CBC-PKCS5Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
