Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.906.origin
- Android.Triada.4567
- Android.Triada.482.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) 47.1####.222.149:996
- TCP(HTTP/1.1) st####.guantou####.com:80
- TCP(HTTP/1.1) p####.api.adoc####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) d1.clou####.xyz:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) 39.1####.5.68:80
- TCP(HTTP/1.1) ping####.qq.com:80
- TCP(HTTP/1.1) r.ist####.com:8071
- TCP(HTTP/1.1) sf1-ttc####.ps####.com:80
- TCP(HTTP/1.1) 2####.98.35.10:80
- TCP(HTTP/1.1) api.gug####.com:8935
- TCP(HTTP/1.1) f.qia####.com:80
- TCP(HTTP/1.1) p####.byt####.com.####.com:80
- TCP(HTTP/1.1) np.bul####.cn:6087
- TCP(HTTP/1.1) 2####.98.33.230:8888
- TCP(HTTP/1.1) api.lubang####.com:80
- TCP(HTTP/1.1) d.w####.com:80
- TCP(HTTP/1.1) cdn.i.arie####.com:80
- TCP(HTTP/1.1) yq####.jn####.ltd:80
- TCP(HTTP/1.1) v3.bule####.cn:7001
- TCP(HTTP/1.1) sdk.w####.com:80
- TCP(HTTP/1.1) pg####.d2####.com:10273
- TCP(HTTP/1.1) v.h####.com:8071
- TCP(HTTP/1.1) awk.aoxun####.com:8199
- TCP(HTTP/1.1) sj.i36####.com:9000
- TCP(HTTP/1.1) na.bul####.com:9131
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) 4####.98.65.82:997
- TCP(HTTP/1.1) i.ist####.com:8071
- TCP(HTTP/1.1) ott.h####.com:8071
- TCP(HTTP/1.1) 2####.46.147.169:80
- TCP(HTTP/1.1) www.d####.xyz:80
- TCP(HTTP/1.1) p####.api.w5i.top:80
- TCP(HTTP/1.1) so.tou####.com:80
- TCP(HTTP/1.1) app-t####.b0.a####.com:80
- TCP(HTTP/1.1) luna-im####.qq.com.####.com:80
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) php.clou####.xyz:80
- TCP(HTTP/1.1) jds.qf####.com:80
- TCP(HTTP/1.1) d1.sho####.com:80
- TCP(HTTP/1.1) ny.bul####.cn:666
- TCP(HTTP/1.1) csd.someint####.com:80
- TCP(HTTP/1.1) v.sho####.com:80
- TCP(HTTP/1.1) sf6-ttc####.ps####.com.####.com:80
- TCP(HTTP/1.1) nb.i36####.com:9000
- TCP(HTTP/1.1) co####.ssp.adoc####.com:80
- TCP(HTTP/1.1) ad.api.clou####.xyz:80
- TCP(HTTP/1.1) 1####.27.70.235:80
- TCP(HTTP/1.1) ip.ta####.com:80
- TCP(HTTP/1.1) tt####.vni####.com:20147
- TCP(HTTP/1.1) t####.3g.qq.com:80
- TCP(HTTP/1.1) zgx.powerle####.com:80
- TCP(HTTP/1.1) j.i36####.com:9000
- TCP(HTTP/1.1) w####.pcon####.com.cn:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) np.bul####.cn:666
- TCP(HTTP/1.1) e4####.0r####.com:10293
- TCP(HTTP/1.1) h.w####.com:80
- TCP(HTTP/1.1) 6z####.njt####.com:10091
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) mi.s####.qq.com:443
- TCP(TLS/1.0) s####.e.qq.com:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) a####.d####.com:443
- TCP(TLS/1.0) ad####.cp####.cn:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) sf1-ttc####.ps####.com:443
- TCP(TLS/1.0) 1####.177.119.101:443
- TCP(TLS/1.0) z.k####.top.####.com:443
- TCP(TLS/1.0) analy####.map.qq.com:443
- TCP(TLS/1.0) s####.d####.com:443
- TCP(TLS/1.0) so.tou####.com:443
- TCP(TLS/1.0) st3.wagbr####.adverti####.####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) mi.g####.qq.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) x.k####.top:443
- TCP(TLS/1.0) dxp.b####.com:443
- TCP(TLS/1.0) i####.d####.com:443
- TCP(TLS/1.0) sf3-ttc####.ps####.com:443
- TCP(TLS/1.0) ad1.azh####.com:9190
- TCP m####.3g.qq.com:443
Запросы DNS:
- 4s####.8c####.com
- 6z####.njt####.com
- a####.3gu.com
- a####.d####.com
- a####.u####.com
- a2.att.hu####.com
- ad####.cp####.cn
- ad.api.clou####.xyz
- ad1.azh####.com
- ad3.azh####.com
- adv.google####.com.cn
- adv.mali####.com
- adv.patrick####.com.cn
- adv.reading####.com.cn
- analy####.map.qq.com
- and####.b####.qq.com
- and####.cli####.go####.com
- api.adoc####.com
- api.chen####.com
- api.gug####.com
- api.lubang####.com
- api.m2g.adoc####.com
- app-t####.img.3gu.com
- awk.aoxun####.com
- c####.mm####.com
- c.c####.com
- cdn.i.arie####.com
- co####.ssp.adoc####.com
- csd.someint####.com
- d.w####.com
- d1.clou####.xyz
- d1.sho####.com
- dxp.b####.com
- e4####.0r####.com
- f.qia####.com
- h####.b####.com
- h.w####.com
- hm.b####.com
- i####.d####.com
- i.ist####.com
- i.sn####.com
- ima####.x####.com
- imgc####.qq.com
- ip.ta####.com
- is.sn####.com
- j.i36####.com
- jds.qf####.com
- lf1-ttc####.ps####.com
- m####.3g.qq.com
- mi.g####.qq.com
- mi.s####.qq.com
- mt####.go####.com
- na.bul####.com
- nb.i36####.com
- np.bul####.cn
- ny.bul####.cn
- ott.h####.com
- p####.api.adoc####.com
- p####.api.w5i.top
- p####.byt####.com
- p####.byt####.com
- p####.byt####.com
- p9.ps####.com
- pg####.d2####.com
- php.clou####.xyz
- pi####.qq.com
- ping####.qq.com
- pv.s####.com
- r.ist####.com
- s####.d####.com
- s####.d####.com
- s####.e.qq.com
- s####.guantou####.com
- s3.ps####.com
- s3a.ps####.com
- s3b.ps####.com
- s5.c####.com
- s96.c####.com
- sdk.w####.com
- sf1-ttc####.ps####.com
- sf3-ttc####.ps####.com
- sf6-ttc####.ps####.com
- sj.i36####.com
- so.tou####.com
- st####.guantou####.com
- st####.guantou####.com
- t####.3g.qq.com
- tt####.vni####.com
- v.h####.com
- v.sho####.com
- v3.bule####.cn
- w####.pcon####.com.cn
- www.d####.xyz
- www.google-####.com
- x.k####.top
- y####.m.sm.cn
- y.k####.top
- yq####.jn####.ltd
- z.k####.top
- z12.c####.com
- z2.c####.com
- z3.c####.com
- z9.c####.com
- zgx.powerle####.com
Запросы HTTP GET:
- app-t####.b0.a####.com/apps/ad_word.json
- cdn.i.arie####.com/e/i.html
- cdn.i.arie####.com/e/i.js
- co####.ssp.adoc####.com/api/v2/SDKCommonConfig?channelCode=####&version=...
- co####.ssp.adoc####.com/api/v2/fwConfig?channelCode=####&version=####
- co####.ssp.adoc####.com/api/v2/fwWebviewRatioConfig?channelCode=####&ver...
- csd.someint####.com/lkx?x000=####&vf001=####&ibbk002=####&yko003=####&i0...
- csd.someint####.com/skxplus?mq000=####&mq001=####&mq002=####&mq003=####&...
- f.qia####.com/e/20200106161147b_600008_v78.enc
- gd.a.s####.com/cityjson
- ip.ta####.com/service/getIpInfo.php?ip=####
- j.i36####.com:9000/jsonServer/LanMei01vp
- jds.qf####.com/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ4NjQiOmZhbHNlLCJ0...
- luna-im####.qq.com.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/pr...
- na.bul####.com:9131/slsdk/api_lykdrli.aspx?abi=####&key=####
- np.bul####.cn:6087/Dock/getDYToken
- p####.api.adoc####.com/fw/task?task_id=####&ip=####
- p####.api.adoc####.com/ip
- p####.byt####.com.####.com/02/09/50200009239445155494098011152.jpg
- p####.byt####.com.####.com/img/pgc-image/5d744ac3167647ea9bcaefe08206ee1...
- p####.byt####.com.####.com/img/pgc-image/7bca10fec5c1406a93bfd92abf6168e...
- p####.byt####.com.####.com/img/pgc-image/fde0868749044280b7245528d9ba679...
- p####.byt####.com.####.com/large/xigua-lvideo-pic/6583c678e7b684d103a27d...
- p####.byt####.com.####.com/medium/47080003bea520d78924
- p####.byt####.com.####.com/tos-cn-i-0004/039aa5ed57b84b46bc51414995e64ef...
- ping####.qq.com/pingd?dm=####&pvi=####&si=####&url=####&arg=####&ty=####...
- s####.tc.qq.com/h5/stats.js?v2####
- sf1-ttc####.ps####.com/group58/M0B/8B/3B/wKgLc1yy8STCC-rFAADKgJATWWg203....
- sf1-ttc####.ps####.com/img/knowledge-graph/116884f0bb5c3e01816f73a87d5bc...
- sf1-ttc####.ps####.com/img/knowledge-graph/1513cd4b08b67eb60e5e98ddd8840...
- sf1-ttc####.ps####.com/img/knowledge-graph/1bf26852911710f748a7402adf85c...
- sf1-ttc####.ps####.com/img/knowledge-graph/1e95f141f7c8824cf4629184e4a5b...
- sf1-ttc####.ps####.com/img/knowledge-graph/5a6579bf69e5f44bcbd51b2877057...
- sf1-ttc####.ps####.com/img/knowledge-graph/706252f2561d005ff2f1f81f6f7da...
- sf1-ttc####.ps####.com/img/knowledge-graph/7117c41b59411b63c6abb8a25d41a...
- sf1-ttc####.ps####.com/img/knowledge-graph/7410dd8134d4cc3b36006410ee8b3...
- sf1-ttc####.ps####.com/img/knowledge-graph/8cb8b16f5e937b2d37428b799198e...
- sf1-ttc####.ps####.com/img/knowledge-graph/986b0cbef644a9d441e3817521ddb...
- sf1-ttc####.ps####.com/img/knowledge-graph/a873058be701c04719e21ac3dd33b...
- sf1-ttc####.ps####.com/img/knowledge-graph/d07868168e80a4975a25cc5ee5745...
- sf1-ttc####.ps####.com/large/xigua-lvideo-pic/865622e9efaaba696cd892e9ff...
- sf6-ttc####.ps####.com.####.com/img/mosaic-legacy/2e575000e46805ed35e85~...
- sf6-ttc####.ps####.com.####.com/obj/web.business.image/202003265d0d186e2...
- so.tou####.com/img/pgc-image/65a3a9b4cc754e9e98e999c5423b1848~120x256.im...
- so.tou####.com/large/4e460008fb9567251721
- so.tou####.com/large/compass/RthOHfw2KUa1To
- so.tou####.com/large/xigua-lvideo-pic/26de14bcfd8ba4b025bb8073a37d06a0
- so.tou####.com/large/xigua-lvideo-pic/367449e721d6d9a4c1ab66fa58e06d52
- so.tou####.com/obj/web.business.image/202004055d0d914ba7c8b70642f5ac65
- so.tou####.com/tos-cn-i-0000/6da386d0be6b11e9a34e7cd30a545d72~tplv-tt-cs...
- so.tou####.com/tos-cn-i-0004/4f94b05ad5a54e87952b6739fadc71e0~tplv-tt-cs...
- st####.guantou####.com/stat26.html
- st####.guantou####.com/stat30.html
- st####.guantou####.com/stat7.html
- t####.3g.qq.com/cw.html
- yq####.jn####.ltd/sy/hjwuzj
- yq####.jn####.ltd/zz/445gjrjrtwyf.zip
- z.c####.com/stat.htm?id=####&cnzz_eid=####
- zgx.powerle####.com/dnfile/cmm/PWrap499427P132.jar
- zgx.powerle####.com/dnfile/img/viewemp.png
Запросы HTTP POST:
- 6z####.njt####.com:10091/wisdom/marking
- a####.u####.com/app_logs
- ad.api.clou####.xyz/ads
- and####.b####.qq.com/rqd/async?aid=####
- api.gug####.com:8935/
- api.lubang####.com/domain.php
- api.lubang####.com/srp.php
- awk.aoxun####.com:8199/awk
- d.w####.com//api/2io82K
- d.w####.com//api/8VbeIo
- d.w####.com//api/Ddgv3VE
- d.w####.com//api/QTnLukEdO1
- d.w####.com//api/SJoGF44Q
- d.w####.com//api/SVFUp6
- d.w####.com//api/voEYG7
- d1.clou####.xyz/index.php?r=####&uid=####&tm=####&model=####&density=###...
- d1.sho####.com/index.php?r=####
- e4####.0r####.com:10293/widlth/
- e4####.0r####.com:10293/xkeila/
- gd.a.s####.com/cityjson
- h.w####.com/api/Gu5wT0Z
- i.ist####.com:8071/6.1.0/1510864978/1
- j.i36####.com:9000/api/jadReport.do
- j.i36####.com:9000/ip
- nb.i36####.com:9000/api/getAdInfoByDevice.do
- nb.i36####.com:9000/api/getAdInfoById.do
- nb.i36####.com:9000/api/vsp/getVspCore.do
- np.bul####.cn:6087/Sdk/patchPlayReport
- np.bul####.cn:6087/Sdk/reportTask
- np.bul####.cn:6087/Sdk/task
- np.bul####.cn:666/slsdk/api_report.aspx
- ny.bul####.cn:666/slsdk/getdata.aspx
- ott.h####.com:8071/api/10
- p####.api.adoc####.com/ssp/monitor/collect/error
- p####.api.adoc####.com/titan/monitor/device_info
- p####.api.w5i.top/R/SS.ashx
- pg####.d2####.com:10273/dvjnzt/
- pg####.d2####.com:10273/tzvntp/
- php.clou####.xyz/index.php?r=####
- r.ist####.com:8071/6.1.0/163832107/2
- s####.e.qq.com/activate
- sdk.w####.com/rest/pt
- sj.i36####.com:9000/api/getAdInfoByDevice.do
- sj.i36####.com:9000/api/getAdInfoById.do
- tt####.vni####.com:20147/dijc1v/
- v.h####.com:8071/8
- v.sho####.com/index.php?r=####
- v3.bule####.cn:7001/v3/api_request.aspx
- v3.bule####.cn:7001/v3/api_settings.aspx
- w####.pcon####.com.cn/ip.jsp
- www.d####.xyz/Orders/getlive?channel=HX_Q_0306&Slevi=18&anmac=&anosv=4.3...
- www.d####.xyz/Orders/getliveshua?channel=HX_Q_0306&Slevi=18&anid=8525024...
- www.d####.xyz/Orders/pigchannel?channel=####&nochannel=####
- www.d####.xyz/Orders/setpnum?pnum=####&channel=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/-1127729055-1266689676
- /data/data/####/.DEVICES
- /data/data/####/.__id_
- /data/data/####/.__mob_ad_data.xml
- /data/data/####/._sbx.xml
- /data/data/####/.denc
- /data/data/####/.denc.zip
- /data/data/####/.imprint
- /data/data/####/.turing.dat
- /data/data/####/.updateIV.dat
- /data/data/####/.zeg.xml
- /data/data/####/00O000ll111l_0.dex
- /data/data/####/00O000ll111l_1.dex
- /data/data/####/0OO00l111l1l
- /data/data/####/0OO00l111l1l.lock
- /data/data/####/1004
- /data/data/####/1021689741840853517
- /data/data/####/1s.jar
- /data/data/####/2020_04_07readzibao.xml
- /data/data/####/2020_04_07shuareadszibao.xml
- /data/data/####/2020_04_07zibao.xml
- /data/data/####/2174.yaqcookie
- /data/data/####/44367F39739CCD6BBF960E91E7DB78B2.xml
- /data/data/####/4B8DB6B83129A65A2EF4DCFC1393C3B0.xml
- /data/data/####/8285687079f726e81979764e271ed349
- /data/data/####/8EAD111D030291821E19A80E344C340A.xml
- /data/data/####/9618302918.xml
- /data/data/####/9618302918.xml.bak
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/Jasmine_SP.xml
- /data/data/####/Jasmine_SP.xml.bak
- /data/data/####/Jasminesdk.txt
- /data/data/####/MultiDex.lock
- /data/data/####/RSS_PL_COUNTLY_STORE.xml
- /data/data/####/VideoRes.apk
- /data/data/####/WebViewBasePrefs.xml
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/__local_ap_info_cache.json
- /data/data/####/__local_last_session.json
- /data/data/####/__local_stat_cache.json
- /data/data/####/__send_data_1586251516607
- /data/data/####/_p.xml
- /data/data/####/_sh.xml
- /data/data/####/apkseparate.DoubleBackUpDB.db
- /data/data/####/apkseparate.DoubleBackUpDB.db-journal
- /data/data/####/baidu_mtj_sdk_record.xml
- /data/data/####/bugly_db_yaq
- /data/data/####/bugly_db_yaq-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cca.xml
- /data/data/####/clyjkk.png
- /data/data/####/com.mojang.minecraftpetool.xml
- /data/data/####/com.mojang.minecraftpetool_preferences.xml
- /data/data/####/config
- /data/data/####/config.xml
- /data/data/####/crashrecord.xml
- /data/data/####/data_0
- /data/data/####/data_0 (deleted)
- /data/data/####/data_1
- /data/data/####/data_1 (deleted)
- /data/data/####/data_2
- /data/data/####/data_2 (deleted)
- /data/data/####/data_3
- /data/data/####/data_3 (deleted)
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/downloader.db-journal
- /data/data/####/ed5bfe4bdbec3416c956d017ae73c00a
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/fc.xml
- /data/data/####/fde3wdfa.data-journal
- /data/data/####/gameid
- /data/data/####/gameid.zip
- /data/data/####/gdt_config.cfg
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_stat.db
- /data/data/####/gdt_stat.db-journal
- /data/data/####/gdt_suid
- /data/data/####/hxdata.xml
- /data/data/####/i.html
- /data/data/####/i.js
- /data/data/####/id0e9a2c82-da27-4ff0-a88f-da625f37f704.tmp
- /data/data/####/id68f1c7e0-029a-49ba-b9f4-a3649e09a8a7.tmp
- /data/data/####/index
- /data/data/####/kobox.0.sp.xml
- /data/data/####/libMMANDKSignature.2dae176c.so
- /data/data/####/libcuid.so
- /data/data/####/liborhc
- /data/data/####/libshellx-super.2019.so
- /data/data/####/libsvdigk.so
- /data/data/####/libsvdigk.so-32
- /data/data/####/libsvdigk.so-64
- /data/data/####/libturingau.2dae176c.so
- /data/data/####/libyaqbasic.2dae176c.so
- /data/data/####/libyaqpro.2dae176c.so
- /data/data/####/local_crash_lock
- /data/data/####/mtj_autoTracker.js
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/o0oooOO0ooOo.dat
- /data/data/####/phoneuid.xml
- /data/data/####/prdopt.xml
- /data/data/####/readzibao.xml
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/security_info
- /data/data/####/sk.xml
- /data/data/####/sp_iconfig.xml
- /data/data/####/sp_push_time.xml
- /data/data/####/ssde2wsew.xml
- /data/data/####/tdargs.xml
- /data/data/####/tmp-com.mojang.minecraftpetool-1.apk.classes-18...39.zip
- /data/data/####/tmp7.xml
- /data/data/####/tms_base.xml
- /data/data/####/tools8977.xml
- /data/data/####/tools8977New2.xml
- /data/data/####/tosversion
- /data/data/####/trace_circle.data
- /data/data/####/tt_sdk_settings.xml
- /data/data/####/tt_sdk_settings.xml.bak (deleted)
- /data/data/####/ttff.xml
- /data/data/####/ttopenadsdk.xml
- /data/data/####/ttopensdk.db-journal
- /data/data/####/turingfd_conf_105498_28_audienceMini.xml
- /data/data/####/turingfd_protect_105498_28_audienceMini.xml
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/update_lc
- /data/data/####/videokernel.apk
- /data/data/####/videonewyd_db-journal
- /data/data/####/web_status.xml
- /data/data/####/web_status.xml.bak
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/wfr4wsq-journal
- /data/data/####/whptbboj.jar
- /data/data/####/wssa2qdf.xml
- /data/data/####/xconfig.xml
- /data/data/####/yaq.2dae176c.sec
- /data/data/####/yaqsdkcookie
- /data/data/####/yd_config_c.xml
- /data/media/####/.YiAds.log
- /data/media/####/.YiAds_Net.log
- /data/media/####/.confd
- /data/media/####/.confd-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.nid
- /data/media/####/.nomedia
- /data/media/####/.timestamp
- /data/media/####/.turing.dat
- /data/media/####/.usdis
- /data/media/####/.zjl
- /data/media/####/1048b0bd445f849ccda73b4ed2c53f77.tmp
- /data/media/####/1AF278535C486DC18070D7F86A7F22DB.temp
- /data/media/####/2020_04_07zibao
- /data/media/####/235b44b20b1ce02a3f1c8be6bd2ec575.tmp
- /data/media/####/919c9b836f7f842b6ced1f807162a19c.0.tmp
- /data/media/####/9acf8d5f18ea2c2159992283ef4f59cd.xml
- /data/media/####/DBE6A9C2BD7AE80EDFEF46878DB0B843.jar
- /data/media/####/DBE6A9C2BD7AE80EDFEF46878DB0B843.temp
- /data/media/####/E7ACE756EA704D1F1FB4769319831648
- /data/media/####/Videoshell.log
- /data/media/####/_pn
- /data/media/####/_shn
- /data/media/####/date40003000700
- /data/media/####/engc.jar
- /data/media/####/isreadzibao
- /data/media/####/journal.tmp
- /data/media/####/kernel.dat
- /data/media/####/pidfile.txt
- /data/media/####/plug.status
- /data/media/####/session.dat
- /data/media/####/tag4.dat5963a00e-51b8-4069-83f6-69868cf04447.tmp
- /data/media/####/tag4.dat7ec7b41e-3899-45bb-816b-5ac5ac8d719a.tmp
- /data/media/####/temp_pkg_info.json
- /data/media/####/tmpbl.jar
- /data/media/####/webengine.jar
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/df
- /system/bin/getprop
- /system/bin/sh -c getprop
- cat /proc/cpuinfo
- cat /proc/version
- cat /sys/class/net/wlan0/address
- getprop
- getprop ro.baseband
- getprop ro.board.platform
- getprop ro.build.description
- getprop ro.build.display.id
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.letv.release.version
- getprop ro.miui.ui.version.name
- getprop ro.product.cpu.abi
- getprop ro.smartisan.version
- getprop ro.vivo.os.build.display.id
- getprop ro.vivo.os.version
Загружает динамические библиотеки:
- Bugly-yaq
- Tcc-1.0
- crash_analysis
- libMMANDKSignature.2dae176c
- liborhc
- libshellx-super.2019
- libsvdigk
- libturingau.2dae176c
- libyaqbasic.2dae176c
- libyaqpro.2dae176c
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- DES
- DES-CBC-PKCS5Padding
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- ARCFOUR
- DES
- DES-CBC-PKCS5Padding
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-None-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
