Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.DownLoader.906.origin
Сетевая активность:
Подключается к:
- UDP(DNS) 1####.114.114.114:53
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) ln####.jqshe####.com:80
- TCP(HTTP/1.1) img2new####.b0.a####.com:80
- TCP(HTTP/1.1) gd.a.s####.com:80
- TCP(HTTP/1.1) res####.a####.top:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) daliu####.c####.qini####.com:80
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) www.pc####.com.####.cn:80
- TCP(HTTP/1.1) pco####.ta####.com:80
- TCP(HTTP/1.1) ass####.xca####.com.####.com:80
- TCP(HTTP/1.1) api.meiju####.net:80
- TCP(HTTP/1.1) s####.x####.com.cn:80
- TCP(HTTP/1.1) d0.x####.com.cn:80
- TCP(HTTP/1.1) m####.new####.com:80
- TCP(HTTP/1.1) pic.s####.cn.####.com:80
- TCP(HTTP/1.1) 58.2####.92.50:808
- TCP(HTTP/1.1) ad.smudge####.com:8986
- TCP(HTTP/1.1) a####.d####.com:80
- TCP(HTTP/1.1) u####.a####.top:80
- TCP(HTTP/1.1) api.liyan####.com:808
- TCP(HTTP/1.1) 1####.29.29.29:80
- TCP(HTTP/1.1) www.78####.cc:80
- TCP(HTTP/1.1) s.zhito####.com:808
- TCP(HTTP/1.1) img.kuy####.com:80
- TCP(HTTP/1.1) yq####.jn####.ltd:80
- TCP(HTTP/1.1) ne####.x####.com.cn:80
- TCP(HTTP/1.1) cc.zbe####.org:80
- TCP(HTTP/1.1) pg####.d2####.com:10273
- TCP(HTTP/1.1) s.zhito####.com:999
- TCP(HTTP/1.1) wap.78####.cc:80
- TCP(HTTP/1.1) ivy.pcon####.com.cn:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) adcha####.bz.m####.com:80
- TCP(HTTP/1.1) kou####.a####.top:80
- TCP(HTTP/1.1) a.78####.cc:80
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) w####.pcon####.com.cn:80
- TCP(HTTP/1.1) t####.a####.top:80
- TCP(HTTP/1.1) c####.jumen####.com:80
- TCP(HTTP/1.1) ny.bul####.cn:666
- TCP(HTTP/1.1) filt####.a####.top:80
- TCP(HTTP/1.1) 78####.cc:80
- TCP(HTTP/1.1) s.zhito####.com:807
- TCP(HTTP/1.1) i####.xca####.com.####.com:80
- TCP(HTTP/1.1) www.new####.com:80
- TCP(HTTP/1.1) tt####.vni####.com:20147
- TCP(HTTP/1.1) c.c####.com:80
- TCP(HTTP/1.1) y####.q####.cn:80
- TCP(HTTP/1.1) zgx.powerle####.com:80
- TCP(HTTP/1.1) img1-do####.b0.a####.com:80
- TCP(HTTP/1.1) weib####.g####.sina####.com:80
- TCP(HTTP/1.1) u####.v.bs####.cn:80
- TCP(HTTP/1.1) s.zhito####.com:99
- TCP(HTTP/1.1) ssp.k####.com:80
- TCP(HTTP/1.1) wap.tuca####.com:80
- TCP(TLS/1.0) p####.pc####.com.cn:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) www.pcon####.com.cn:443
- TCP(TLS/1.0) lhyysdk####.oss-cn-####.aliy####.com:443
- TCP(TLS/1.0) cn2.3####.cc.####.com:443
- TCP(TLS/1.0) web.da.m####.com:443
- TCP(TLS/1.0) c####.pc####.com.cn:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) s####.we####.com:443
- TCP(TLS/1.0) www.google####.com:443
- TCP(TLS/1.0) wtc.d####.com:443
- TCP(TLS/1.0) connect####.gst####.com:443
- TCP(TLS/1.0) img.pcon####.com.####.cn:443
- TCP(TLS/1.0) i####.doub####.com:443
- TCP(TLS/1.0) g####.api.m####.com:443
- TCP(TLS/1.0) www.m####.com:443
- TCP(TLS/1.0) h####.m####.com:443
- TCP(TLS/1.0) w.i####.com:443
- TCP(TLS/1.0) cr.3con####.com:443
- TCP(TLS/1.0) ti####.c####.l####.####.com:443
- TCP(TLS/1.0) pcwe####.log.m####.com:443
- TCP(TLS/1.0) mg####.pcon####.com.cn:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) www.pc####.com.####.cn:443
- TCP(TLS/1.0) i####.doub####.com.####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) ivy.pcon####.com.cn:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) pic.ha####.com:443
- TCP(TLS/1.0) img1-do####.b0.a####.com:443
- TCP(TLS/1.0) js.3con####.com.####.cn:443
- TCP(TLS/1.0) p####.api.m####.com:443
- TCP(TLS/1.0) us####.al####.com.####.net:443
- TCP(TLS/1.0) ssls####.jom####.com:443
- TCP(TLS/1.0) i####.d####.com:443
- TCP(TLS/1.0) sw4.d####.com:443
- TCP(TLS/1.0) api.icinep####.com:443
- TCP(TLS/1.0) s####.shidux####.com:443
- TCP(TLS/1.2) 1####.217.20.110:443
Запросы DNS:
- 4s####.8c####.com
- 617.a####.top
- 617.a####.top.####.8
- 78####.cc
- a####.al####.com
- a####.d####.com
- a####.xapr####.com
- a.78####.cc
- ad.7d####.com
- ad.smudge####.com
- adcha####.bz.m####.com
- and####.google####.com
- api.icinep####.com
- api.liyan####.com
- api.meiju####.n####.####.8
- api.meiju####.net
- api.meiju####.net/
- ass####.xca####.com
- c####.jumen####.com
- c####.mm####.com
- c####.pc####.com.cn
- c####.zhito####.com
- c.c####.com
- cc.zbe####.org
- cn2.3####.cc
- connect####.gst####.com
- cr.3con####.com
- d0.x####.com.cn
- dup.baidust####.com
- filt####.a####.top
- g####.api.m####.com
- g####.bdst####.com
- h####.m####.com
- hm.b####.com
- i####.c####.me
- i####.c####.me.####.8
- i####.d####.com
- i####.doub####.com
- i####.doub####.com
- i####.doub####.com
- i####.new####.com
- i####.new####.com
- i####.new####.com
- i####.new####.com
- i####.x####.com.cn
- i####.xca####.com
- i####.xca####.com
- img.kuy####.com
- img.new####.com
- img.pcon####.com.cn
- ip.remo####.com
- ivy.pcon####.com.cn
- js.3con####.com
- js.x####.com.cn
- kou####.a####.top
- lhyysdk####.oss-cn-####.aliy####.com
- ln####.jqshe####.com
- m####.go####.com
- m####.new####.com
- mg####.pcon####.com.cn
- mx.d####.com
- ne####.x####.com.cn
- ny.bul####.cn
- p####.api.m####.com
- p####.pc####.com.cn
- pco####.c####.com
- pcwe####.log.m####.com
- pg####.d2####.com
- pic.ha####.com
- pic.s####.cn
- pic.xca####.com
- plb####.u####.com
- pos.b####.com
- pv.s####.com
- res####.a####.top
- s####.kt####.com
- s####.kt####.com.####.8
- s####.shidux####.com
- s####.we####.com
- s####.x####.com.cn
- s.zhito####.com
- s4.c####.com
- s5.c####.com
- s9.c####.com
- s95.c####.com
- s96.c####.com
- ssp.k####.com
- sw4.d####.com
- t####.a####.top
- tt####.vni####.com
- u####.a####.top
- u####.u####.com
- v1.c####.com
- vn.x####.com.cn
- w####.pc####.com.cn
- w####.pcon####.com.cn
- w.i####.com
- wap.78####.cc
- wap.tuca####.com
- web.da.m####.com
- wtc.d####.com
- ww1.sin####.cn
- www.78####.cc
- www.78####.cc
- www.78####.cc
- www.google####.com
- www.m####.com
- www.new####.com
- www.pc####.com.cn
- www.pcon####.com.cn
- wz.78####.cc
- y####.q####.cn
- yq####.jn####.ltd
- z12.c####.com
- z2.c####.com
- z3.c####.com
- z4.c####.com
- z6.c####.com
- z9.c####.com
- zgx.powerle####.com
Запросы HTTP GET:
- 78####.cc/index/count/count_shell?shellname=####
- a####.d####.com/rewrite?fromid=####
- a.78####.cc/index/upapp/app_datas?upapp_id=####&imei=####&channel_id=####
- adcha####.bz.m####.com/direct?cc=####
- api.meiju####.net/plugins/80s.json
- api.meiju####.net/plugins/kuaikan66.json
- api.meiju####.net/plugins/micaitu.json
- ass####.xca####.com.####.com/resource/common/statistic/iwt-min.js
- ass####.xca####.com.####.com/resource/newcar/ps/nav.js?v=####
- c####.jumen####.com/init.php
- c.c####.com/core.php?web_id=####&t=####
- c.c####.com/stat.php?id=####
- c.c####.com/z_stat.php?id=####
- cc.zbe####.org/PClick.aspx?AID=####&KEY=####
- d0.x####.com.cn/adpush/push/ad.php?pid=####&pushtype=####&cid=####&style...
- daliu####.c####.qini####.com/api.jar
- daliu####.c####.qini####.com/lijian.jar
- daliu####.c####.qini####.com/share_img.png
- daliu####.c####.qini####.com/web.jar
- dup.baidust####.com/js/os.js
- filt####.a####.top/filter_control_617.json
- gd.a.s####.com/cityjson?ie=####
- gm.mm####.com/9.gif?abc=####&rnd=####
- i####.xca####.com.####.com/PicLib/s/s10468_420.jpg
- i####.xca####.com.####.com/PicLib/s/s10571_420.jpg
- i####.xca####.com.####.com/PicLib/s/s10656_420.jpg
- i####.xca####.com.####.com/PicLib/s/s11942_420.jpg
- i####.xca####.com.####.com/PicLib/s/s7778_120.jpg
- i####.xca####.com.####.com/PicLib/s/s9397_420.jpg
- i####.xca####.com.####.com/b25/s9498/m_20180321145908550959507959528.jpg
- i####.xca####.com.####.com/b25/s9498/s_20180321145858434046067344153.jpg
- i####.xca####.com.####.com/b25/s9498/s_20180321145907896895977902365.jpg
- i####.xca####.com.####.com/b25/s9498/s_20180321145908550959507959528.jpg
- i####.xca####.com.####.com/b25/s9498/s_20180321145909570967277118507.jpg
- i####.xca####.com.####.com/b5/s9402/m_20170907154720613469154280127.jpg
- i####.xca####.com.####.com/b5/s9402/s_20170906115404220798780985284.jpg
- i####.xca####.com.####.com/b5/s9402/s_20170907154720613469154280127.jpg
- i####.xca####.com.####.com/b5/s9402/s_20170907154721328188172396465.jpg
- i####.xca####.com.####.com/b5/s9402/s_20171219152759776677897394266.jpg
- i####.xca####.com.####.com/b59/s9419/20180316233245718211693282797.jpg-2...
- i####.xca####.com.####.com/b59/s9419/20180316233914588745959918692.jpg-1...
- img.kuy####.com/pic/uploadimg/2020-3/p2587143346.jpg
- img1-do####.b0.a####.com/view/photo/s_ratio_poster/public/p2580304539.jpg
- img2new####.b0.a####.com/admin_seller/js/laydate.js
- img2new####.b0.a####.com/admin_seller/js/theme/default/laydate.css?v=####
- img2new####.b0.a####.com/auto/201711/image/loading.png
- img2new####.b0.a####.com/auto/201711/image/loading_614_307.png
- img2new####.b0.a####.com/auto/201711/image/loading_70_70.png
- img2new####.b0.a####.com/auto/201812/js/brand.js
- img2new####.b0.a####.com/auto/202002/css/index_red.css
- img2new####.b0.a####.com/auto/202002/image/new.png
- img2new####.b0.a####.com/auto/202002/image/toutiao.png
- img2new####.b0.a####.com/auto/202002/js/public.js
- img2new####.b0.a####.com/image/ad_ina/adm_ina_15837335251938353784.jpg
- img2new####.b0.a####.com/image/ad_ina/adm_ina_15864159683433195547.jpg
- img2new####.b0.a####.com/image/ad_ina/adm_ina_15867599696415456368.jpg
- img2new####.b0.a####.com/js/CommonUtil.mini.js?v=####
- img2new####.b0.a####.com/js/city_substation_data.js
- img2new####.b0.a####.com/js/index_bseries_data_cache.js
- img2new####.b0.a####.com/js/index_sign_data_cache.js
- img2new####.b0.a####.com/js/jquery-1.7.2.min.js
- img2new####.b0.a####.com/top/201812/image/logo.png
- img2new####.b0.a####.com/top/202002/css/index_red.css
- img2new####.b0.a####.com/top/202002/image/icon.png
- img2new####.b0.a####.com/top/image/ewm_top.png
- ivy.pcon####.com.cn/click?id=####&adid=####&watch=####
- kou####.a####.top/kouling.json
- ln####.jqshe####.com/zz/401jkmhjhwy.zip
- m####.new####.com/js/ina_ad_init.js
- ne####.x####.com.cn/images/np_ps_bj.jpg
- ne####.x####.com.cn/images/r_map.gif
- ne####.x####.com.cn/images/rl_bj.gif
- ne####.x####.com.cn/jsinclude/jquery.js
- ne####.x####.com.cn/new_ol_1371.html
- ne####.x####.com.cn/new_ol_config33.html
- ne####.x####.com.cn/new_ol_config35.html
- ne####.x####.com.cn/new_ol_news2356.html
- ne####.x####.com.cn/new_ol_news35.html
- ne####.x####.com.cn/new_ol_news98.html
- ne####.x####.com.cn/new_ol_photo1.html
- ne####.x####.com.cn/new_ol_photo12.html
- ne####.x####.com.cn/new_ol_photo7.html
- ne####.x####.com.cn/xcarjump/new_jump_other.php?type=####
- pco####.ta####.com/app.gif?&cna=####
- pic.s####.cn.####.com/img/5d77643f13f17.jpg
- pic.s####.cn.####.com/img/p2555991375.jpg
- res####.a####.top/LHYY.png
- res####.a####.top/sdk1.png
- res####.a####.top/sdk17.png
- res####.a####.top/sdk3.png
- res####.a####.top/sdk6.png
- s####.x####.com.cn/flow/flow.php?m=####
- s.zhito####.com:807/newss.html
- s.zhito####.com:808/0322/index.html
- s.zhito####.com:808/pctja.html
- s.zhito####.com:99/funt/index.html
- s.zhito####.com:99/newcar/index.html
- s.zhito####.com:99/tat/index.html
- s.zhito####.com:999/c/index.php
- t####.a####.top/channl_haoqi1.png
- t####.a####.top/percent.json
- t####.a####.top/req.json
- ti####.c####.l####.####.com/2011newcar/images/calculate.gif
- ti####.c####.l####.####.com/2011newcar/images/wb_btn1.jpg
- ti####.c####.l####.####.com/2015/nav/css/channel_nav.css?v=####
- ti####.c####.l####.####.com/2015/nav/images/Header_bg.gif?v=####
- ti####.c####.l####.####.com/2015/nav/images/xcar_logov@2x.png?v=####
- ti####.c####.l####.####.com/2016/DemioModel/css/common.css?version=####
- ti####.c####.l####.####.com/2016/DemioModel/css/demion_v1.css?v=####
- ti####.c####.l####.####.com/2016/DemioModel/css/demion_v1.css?version=####
- ti####.c####.l####.####.com/2016/DemioModel/images/DemioModel.png?v####
- ti####.c####.l####.####.com/2016/DemioModel/images/jq.png
- ti####.c####.l####.####.com/2016/DemioModel/images/ky.png
- ti####.c####.l####.####.com/2016/DemioModel/images/sz.png
- ti####.c####.l####.####.com/PicLib/logo/bl59_40.jpg
- ti####.c####.l####.####.com/PicLib/logo/pl3_40.jpg
- ti####.c####.l####.####.com/PicLib/logo/pl54_40.jpg
- ti####.c####.l####.####.com/common/1.7.2.min.js
- ti####.c####.l####.####.com/min/?f=####&v=####
- ti####.c####.l####.####.com/min/?f=####&version=####
- ti####.c####.l####.####.com/review/js/city_arr_2008.js
- ti####.c####.l####.####.com/ss/newsearch/css/search.css
- ti####.c####.l####.####.com/tools/requirejs/2.3.js?v=####
- u####.a####.top/617.html
- u####.v.bs####.cn/xtv/qiniu/image/thumb/2017/11/07/o_b72bb9cc35771b38bc8...
- wap.78####.cc/api/cn/1
- wap.tuca####.com/index3.html
- weib####.g####.sina####.com/large/683cb5a1gy1g1mbi0xz6bj20go08cdg8.jpg
- www.78####.cc/api/index1.html
- www.78####.cc/index/backend/pro_count?event_id=####&imei=####&channel_id...
- www.78####.cc/index/limit/getLimit?channel=####&project=####
- www.78####.cc/index/limit/limit_get?channel=####&project=####
- www.78####.cc/index/project/project_status?action=####
- www.new####.com/
- www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
- y####.q####.cn/Home/AdLink?key=9Gb####
- yq####.jn####.ltd/sy/fdvdar
- z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
- zgx.powerle####.com/dnfile/cmm/PWrap299227P4.jar
- zgx.powerle####.com/dnfile/other/v6/plg_864.jpg
Запросы HTTP POST:
- ad.smudge####.com:8986/api/5/detail?businessId=####&token=####×tamp...
- api.liyan####.com:808/get/api
- api.meiju####.net/
- gd.a.s####.com/cityjson
- ny.bul####.cn:666/slsdk/api_summary.aspx
- ny.bul####.cn:666/slsdk/getdata.aspx
- ny.bul####.cn:666/slsdk/settings.aspx
- pg####.d2####.com:10273/rnggno/
- pg####.d2####.com:10273/tzvntp/
- ssp.k####.com/api/useful
- tt####.vni####.com:20147/dijc1v/
- w####.pcon####.com.cn/ip.jsp
- www.78####.cc/index/backend/pro_data
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/.jgck
- /data/data/####/005bb92749461c36_0
- /data/data/####/00993f511c8b1b878830aa908a599c16c3d7ae512bc2c46....0.tmp
- /data/data/####/00b10beabfe3a5d3_0
- /data/data/####/029f3598556c673dec8a8d52ab4d3640.0.tmp
- /data/data/####/029f3598556c673dec8a8d52ab4d3640.1.tmp
- /data/data/####/0389ab9faa3d953a_0
- /data/data/####/05386d0addb350f1_0
- /data/data/####/098a9d044c46c6949228f6cad8d5abbef6fb817cbc8bf35....0.tmp
- /data/data/####/0bd21a090939d60564c6707627d563cc4c4e5d04e31895f....0.tmp
- /data/data/####/0da44c773781dd48_0
- /data/data/####/0ef21cfc6c5d8846_0
- /data/data/####/1.dex
- /data/data/####/1.dex.flock (deleted)
- /data/data/####/1.jar
- /data/data/####/103d748686b6840d059035a930ec92205fa373c04662465....0.tmp
- /data/data/####/10a1d1deb4cdf7f0_0
- /data/data/####/10a1d1deb4cdf7f0_1
- /data/data/####/11d27e7d357615d2_0
- /data/data/####/14d58073befe3d09140d7361cb635673.0.tmp
- /data/data/####/14d58073befe3d09140d7361cb635673.1.tmp
- /data/data/####/17.dex
- /data/data/####/17.dex.flock (deleted)
- /data/data/####/17.jar
- /data/data/####/17cb03079709712e_0
- /data/data/####/184bf7b50fdd806a_0
- /data/data/####/184bf7b50fdd806a_1
- /data/data/####/18873752c3fbe12ffe85ee4952f33c449532fba942089c4....0.tmp
- /data/data/####/1ab1a36d887a253edd1fe33ff509a07e.0.tmp
- /data/data/####/1ab1a36d887a253edd1fe33ff509a07e.1.tmp
- /data/data/####/1bf51c4695d9c42c_0
- /data/data/####/1d026c55377b99e5_0
- /data/data/####/1df5d2d3c925371c_0
- /data/data/####/1e95ea4720a6c51f1b1bcf0687ecc6f4ce244a6e816bd33....0.tmp
- /data/data/####/207d3856593310eb_0
- /data/data/####/22d0980bf1f29dbe_0
- /data/data/####/2316011ca8f27975_0
- /data/data/####/237121b39dd94f84_0
- /data/data/####/2399ecaba37334f3_0
- /data/data/####/249eee7dc09d3c62_0
- /data/data/####/267d778e2ab8659263fd9fd49f3b76795a38a2dac099769....0.tmp
- /data/data/####/269499ded6b0ff93_0
- /data/data/####/2704aaeef4eeb65c_0
- /data/data/####/27dac8705e581c47_0
- /data/data/####/27dac8705e581c47_1
- /data/data/####/27f2dd6b1ceca7b927c695cad6d8d546.0.tmp
- /data/data/####/27f2dd6b1ceca7b927c695cad6d8d546.1.tmp
- /data/data/####/28780868a7f56aeb_0
- /data/data/####/2bd1f3c5cfbb3bc3_0
- /data/data/####/2bd7b1137d87b40e02e0a16adc021871f6e8c235b075cfc....0.tmp
- /data/data/####/2c9b55d856a5ac2d29a871f5d9305caf.0.tmp
- /data/data/####/2c9b55d856a5ac2d29a871f5d9305caf.1
- /data/data/####/2ed3eac51318b802_0
- /data/data/####/2ed3eac51318b802_1
- /data/data/####/2fc33fe21cdd6ca5_0
- /data/data/####/3.dex (deleted)
- /data/data/####/3.dex.flock (deleted)
- /data/data/####/3.jar
- /data/data/####/30ca2f0448723375e066b77f3c2871adff202d3160593a8....0.tmp
- /data/data/####/3138ac780be453ebabe060a688773be9.0.tmp
- /data/data/####/3138ac780be453ebabe060a688773be9.1.tmp
- /data/data/####/31dcb2bad217be99_0
- /data/data/####/32251395ea07a245_0
- /data/data/####/32251395ea07a245_1
- /data/data/####/35d2be89bf916676_0
- /data/data/####/35d2be89bf916676_0 (deleted)
- /data/data/####/36bd1ba46f08b1f74e67523b148cad7501751d6bb3c8789....0.tmp
- /data/data/####/37d2690d38e7f61d_0
- /data/data/####/3b292fdb599cde70_0
- /data/data/####/3bab93f50ff25665_0
- /data/data/####/3de01e4f40637562_0
- /data/data/####/402a3c145e89fe017738b95148df3bc9.0.tmp
- /data/data/####/402a3c145e89fe017738b95148df3bc9.1.tmp
- /data/data/####/42023da0c562366d_0
- /data/data/####/42e3379b554d697429c03f7f78da57aa.0.tmp
- /data/data/####/42e3379b554d697429c03f7f78da57aa.1.tmp
- /data/data/####/42e5e248972b0535_0
- /data/data/####/441681f9d08bfcf0_0
- /data/data/####/441681f9d08bfcf0_1
- /data/data/####/44468a39f9762390_0
- /data/data/####/44f1ec00ed710311_0
- /data/data/####/4a4cddb06ef5762d987fe01ec16c7033.0.tmp
- /data/data/####/4a4cddb06ef5762d987fe01ec16c7033.1
- /data/data/####/4c9b7be93a565669_0
- /data/data/####/4d5ba4c4cc7c1235_0
- /data/data/####/4e067d48326dd1fa_0
- /data/data/####/4e067d48326dd1fa_1
- /data/data/####/4f118e10919f4aceba83a27652ccc452.0.tmp
- /data/data/####/4f118e10919f4aceba83a27652ccc452.1.tmp
- /data/data/####/5016ba473a64090954d2bd4c2c238821.db
- /data/data/####/5016ba473a64090954d2bd4c2c238821.dex
- /data/data/####/5016ba473a64090954d2bd4c2c238821.dex.flock (deleted)
- /data/data/####/5016ba473a64090954d2bd4c2c238821.jar
- /data/data/####/5037aadc023de6e2_0
- /data/data/####/50543cee91a6d6b9_0
- /data/data/####/5078557bb9723cda_0
- /data/data/####/5226a22772e13417_0
- /data/data/####/529622c0f0f43b36_0
- /data/data/####/529622c0f0f43b36_1
- /data/data/####/592meiju_data.xml
- /data/data/####/59715f698361b64c_0
- /data/data/####/59c260ccde420c96_0
- /data/data/####/6.dex
- /data/data/####/6.dex.flock (deleted)
- /data/data/####/6.jar
- /data/data/####/60a415328ff4ec0a9eada8801439d665.0.tmp
- /data/data/####/60a415328ff4ec0a9eada8801439d665.1.tmp
- /data/data/####/64aa7723a6043510_0
- /data/data/####/67d72a1294ee8c9c_0
- /data/data/####/67d72a1294ee8c9c_1
- /data/data/####/68427cdc0a4f8e59_0
- /data/data/####/68ae3e4235283b9d3681230c45bca863c3be47583f0cf3f....0.tmp
- /data/data/####/6b0046aa35b4ccb58938330566f1083b.0
- /data/data/####/6b0046aa35b4ccb58938330566f1083b.1
- /data/data/####/6cca847935c8af83b5386c466243959d.0.tmp
- /data/data/####/6cca847935c8af83b5386c466243959d.1.tmp
- /data/data/####/6d1d0ffa082e4971_0
- /data/data/####/6dc2ca39fce28e3c_0
- /data/data/####/6dc2ca39fce28e3c_1
- /data/data/####/6e8078c13b375a62_0
- /data/data/####/6e8078c13b375a62_1
- /data/data/####/6f0c2857e7ba9301_0
- /data/data/####/6f182f23ff9d74e8bc48ee4f8ad28391238807a2c249e7d....0.tmp
- /data/data/####/6ff2b477cd922f4caad200d33a006a48fd2c951553f0f3d....0.tmp
- /data/data/####/71ee74a1b2b1491f_0
- /data/data/####/7295ece1696c2c3e0ee9a8b27f4b49a3.db
- /data/data/####/72d7b31be37e51ad_0
- /data/data/####/72e5f6a7283a9e465b414e0192c071c9.0.tmp
- /data/data/####/72e5f6a7283a9e465b414e0192c071c9.1.tmp
- /data/data/####/74d334e92f1698cc_0
- /data/data/####/755715fb35cfcd94_0
- /data/data/####/766259483ecc4dfa_0
- /data/data/####/7700a0b72f008c1a_0
- /data/data/####/77b8cafd27f11a5c_0
- /data/data/####/77b8cafd27f11a5c_1
- /data/data/####/787d1dfbc7722570e5d030a43cb86f1e.0.tmp
- /data/data/####/787d1dfbc7722570e5d030a43cb86f1e.1.tmp
- /data/data/####/79bbf9e7fb99fdd1_0
- /data/data/####/7cc31e50ce00c7ad_0
- /data/data/####/7e35b70b3d24e99e7285b6ce565505d9.0.tmp
- /data/data/####/7e35b70b3d24e99e7285b6ce565505d9.1.tmp
- /data/data/####/7e5dcef02ffe64d8_0
- /data/data/####/803aefccf3676b8c73423dc0e6805f47.db
- /data/data/####/81e0d9e00ae13343511851a0318b6b82d4f51103eac8155....0.tmp
- /data/data/####/829f117fe7612fcbc74fe8a066b47090.db
- /data/data/####/863004a433e04030_0
- /data/data/####/889be47d49b7250a_0
- /data/data/####/8be546bf03ddce82_0
- /data/data/####/8c49157687ba504950c01044e880ec2327d35bb54ebeca3....0.tmp
- /data/data/####/8e647bba99abe3c5_0
- /data/data/####/8f76c1ef3c9bee03d3161292ed2ffa28.0.tmp
- /data/data/####/8f76c1ef3c9bee03d3161292ed2ffa28.1.tmp
- /data/data/####/8fa9af18a7558062_0
- /data/data/####/8fd202430b8f7da6_0
- /data/data/####/8fd202430b8f7da6_1
- /data/data/####/91974753c5670ef0_0
- /data/data/####/91d2f7dfc686bb24_0
- /data/data/####/91d2f7dfc686bb24_1
- /data/data/####/933fde3306f860c3_0
- /data/data/####/93a34fe8d0bdbc1425e88dd745161a17.db
- /data/data/####/95d1fe9b3767ca68_0
- /data/data/####/9726a40ffe88d2ef9aa366692145184b.0.tmp
- /data/data/####/9726a40ffe88d2ef9aa366692145184b.1
- /data/data/####/973274203724ac54_0
- /data/data/####/97b99ef2394e7452f3b31c7f3bea76a7.0.tmp
- /data/data/####/97b99ef2394e7452f3b31c7f3bea76a7.1.tmp
- /data/data/####/985958d976619751_0
- /data/data/####/985958d976619751_1
- /data/data/####/989637c8e6e182c5_0
- /data/data/####/9964379cc494a500_0
- /data/data/####/996c40cab681b32d_0
- /data/data/####/99a1db57a63cd6b7_0 (deleted)
- /data/data/####/9a51ae6b891c1205_0
- /data/data/####/9bd94d3dfea12076_0
- /data/data/####/9cdf8e397c1dc061_0
- /data/data/####/9cdf8e397c1dc061_1
- /data/data/####/Cookies-journal
- /data/data/####/HttpDNSConstantsJson.xml
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/_p.xml
- /data/data/####/_sh.xml
- /data/data/####/a1345af851b5d4e46e74031fc7d536c8bc80f66ddf25a90....0.tmp
- /data/data/####/a1e77b866aa997f5_0
- /data/data/####/a1e77b866aa997f5_1
- /data/data/####/a299ebccc6d2f08c29168c41caa787c4.0.tmp
- /data/data/####/a299ebccc6d2f08c29168c41caa787c4.1.tmp
- /data/data/####/a42ac462ccf6227e29cc95aae609ca7a74c32abd062922f....0.tmp
- /data/data/####/a4733c2fd2822968a46d88644f5c9014.0.tmp
- /data/data/####/a4733c2fd2822968a46d88644f5c9014.1.tmp (deleted)
- /data/data/####/a6008cceec49dc39_0
- /data/data/####/a894974a22107322_0
- /data/data/####/b0fa485906002339_0
- /data/data/####/b3fca43d61b768560a92ea1c9b7fef2d0a975ba2320e050....0.tmp
- /data/data/####/b428357b7b257efc_0
- /data/data/####/b42a0b9127123411_0
- /data/data/####/b42a0b9127123411_1
- /data/data/####/b4b087dcbcac375c_0
- /data/data/####/b4b087dcbcac375c_1
- /data/data/####/ba0cf29adc00a207_0
- /data/data/####/ba0cf29adc00a207_1
- /data/data/####/ba60c3b3f11da7238efdab9f3e0d529131bf72d2b2b801c....0.tmp
- /data/data/####/bb229b2983b3f087b727ccd257ac3e14.0.tmp
- /data/data/####/bb229b2983b3f087b727ccd257ac3e14.1.tmp
- /data/data/####/bba25ec664d0f4c0_0
- /data/data/####/bcad4dfef986d4cb_0
- /data/data/####/bce53bbc561a8b8b_0
- /data/data/####/bce53bbc561a8b8b_1
- /data/data/####/be34ff59610e630b_0
- /data/data/####/bfe57df2b8f0b5cb_0
- /data/data/####/bfe57df2b8f0b5cb_1
- /data/data/####/c11eddc5ee4a9504_0
- /data/data/####/c135408d227d7188_0
- /data/data/####/c28c0b95a2d9a69978738b9174c618849ac21738fb202a2....0.tmp
- /data/data/####/c3be56c6f07f309b2d60b4a1deaa064f.0.tmp
- /data/data/####/c3be56c6f07f309b2d60b4a1deaa064f.1
- /data/data/####/c4bee6a44a67b032_0
- /data/data/####/c5968ee66e56bc26_0
- /data/data/####/c75448b1ddf235f7_0
- /data/data/####/c879a5210a2c0d41_0
- /data/data/####/c880b676acc3d439_0
- /data/data/####/c960b85393467d28_0
- /data/data/####/c99eb62b82effaac_0
- /data/data/####/caa60358faec5e8d_0
- /data/data/####/cbbe06e4baa7129d_0
- /data/data/####/cca2da790f141be8b8b357c73092b75a.0.tmp
- /data/data/####/cca2da790f141be8b8b357c73092b75a.1.tmp
- /data/data/####/cdaf3a4a4e5236ccf7615a923d4f8bf6.0.tmp
- /data/data/####/cdaf3a4a4e5236ccf7615a923d4f8bf6.1.tmp
- /data/data/####/cec6cd56f90ce075_0
- /data/data/####/classes.dex
- /data/data/####/classes.dex;classes2.dex
- /data/data/####/classes.dex;classes3.dex
- /data/data/####/com.meiju592.app_preferences.xml
- /data/data/####/d02b0c9719e9d37f_0
- /data/data/####/d07444cce2869831_0
- /data/data/####/d119490a6becf284_0
- /data/data/####/d1e23a7eb5b99212f65021422a9e5559a1b66a620918be1....0.tmp
- /data/data/####/d4219fff9a178666_0
- /data/data/####/d4710a27870df09c1f4d6085535300a5.0.tmp
- /data/data/####/d4710a27870df09c1f4d6085535300a5.1
- /data/data/####/d5b6153b697bdc5ac17dabd7d16be2a3.0.tmp
- /data/data/####/d5b6153b697bdc5ac17dabd7d16be2a3.1.tmp
- /data/data/####/d7be71d8ba86704890a0f056b94fe3d5.0.tmp
- /data/data/####/d7be71d8ba86704890a0f056b94fe3d5.1
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTg2ODUzNjYwMTI5;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTg2ODUzNjc1NzIz;
- /data/data/####/da16f7c07344520b_0
- /data/data/####/da16f7c07344520b_1
- /data/data/####/da353525d04c580d_0
- /data/data/####/da4d01d89126a74e_0
- /data/data/####/db64144592e6c02b040383ecdf104e9c1d3c316f1fc6c34....0.tmp
- /data/data/####/dc78af037ddbe4de_0
- /data/data/####/de1038af3d850c48_0
- /data/data/####/deb626bb61f0553d7b565faea685c5293306eb0f9656456....0.tmp
- /data/data/####/df31068f21e2cc13_0
- /data/data/####/dns_ip_info.db
- /data/data/####/dns_ip_info.db-journal
- /data/data/####/downUmeng.dex
- /data/data/####/downUmeng.dex.flock (deleted)
- /data/data/####/downUmeng.jar
- /data/data/####/e12e7b2416e4ac25_0
- /data/data/####/e3186e548ee5632c_0
- /data/data/####/e4ce854977001b53_0
- /data/data/####/e58922ccb513eee955b57e50b0297906.0.tmp
- /data/data/####/e60a1fb2b4146722129ac1d05188cff8119b6fbd77c5b32....0.tmp
- /data/data/####/e7aeec34673c3ecb_0
- /data/data/####/e878be79bec482a3_0
- /data/data/####/e8ad824e2fee2daa_0
- /data/data/####/e8fc9c245e74e6cd_0
- /data/data/####/eb75708765578dac_0
- /data/data/####/ee830662704b3d3b_0 (deleted)
- /data/data/####/ef3e3cf75ff31cb0af5d33e45b2eb39d.0.tmp
- /data/data/####/ef3e3cf75ff31cb0af5d33e45b2eb39d.1.tmp
- /data/data/####/eff058d64a227341_0
- /data/data/####/eff058d64a227341_1
- /data/data/####/efff4a2e5cf1ffa4_0
- /data/data/####/efff4a2e5cf1ffa4_1
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f141e6bf4428c404_0
- /data/data/####/f23e8344436aa86a_0
- /data/data/####/f280aa81003c3558_0
- /data/data/####/f2fd141d18d594cc_0
- /data/data/####/f2fd141d18d594cc_1
- /data/data/####/f3b10db176b0debe_0
- /data/data/####/f3bb9af871ed3f22b9d8373b954a03035a6473604f24acd....0.tmp
- /data/data/####/f43fdc983f9f2be2_0
- /data/data/####/f47f17539b77f392_0
- /data/data/####/f4a36eb82cf376f8_0
- /data/data/####/f4a36eb82cf376f8_1
- /data/data/####/f81bc34dcf358ebf_0
- /data/data/####/faac2ee2925bfa92_0
- /data/data/####/faac2ee2925bfa92_1
- /data/data/####/fea3c7a571930a27_0
- /data/data/####/ff543ceb07c8374f_0
- /data/data/####/hcdml.xml
- /data/data/####/http_s.zhitoudsp.com_808.localstorage-journal
- /data/data/####/i==1.2.0&&全球VIP绝版_1586853660729_envelope.log
- /data/data/####/index
- /data/data/####/info.xml
- /data/data/####/journal.tmp
- /data/data/####/libjiagu.so
- /data/data/####/liblg9417791
- /data/data/####/meijuniaoV2.db-journal
- /data/data/####/meijuniaoV2.db-journal (deleted)
- /data/data/####/metrics_guid
- /data/data/####/mkv.xml
- /data/data/####/mkv.xml.bak
- /data/data/####/prdopt.xml
- /data/data/####/proc_auxv
- /data/data/####/t2pr.xml
- /data/data/####/t==8.0.0&&全球VIP绝版_1586853681639_envelope.log
- /data/data/####/the-real-index
- /data/data/####/tmp7.xml
- /data/data/####/tools8977.xml
- /data/data/####/tools8978.xml
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_general_config.xml.bak (deleted)
- /data/data/####/umeng_it.cache
- /data/data/####/web.dex
- /data/data/####/web.dex.flock (deleted)
- /data/data/####/web.jar
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.cca.dat
- /data/media/####/.lju
- /data/media/####/.umm.dat
- /data/media/####/015f394577cb92386a56ef34de95bc97.jpg
- /data/media/####/0f4e1d5ae60f6339bf30f0a3de1b4923.png
- /data/media/####/226C6D0262EDF21275151A3830CCD201.temp
- /data/media/####/77BBC24F6E2262579E8F8001738BA340.temp
- /data/media/####/_pn
- /data/media/####/_shn
- /data/media/####/fdpi.jar
- /data/media/####/httpdns.log
- /data/media/####/plg.dat
- /data/misc/####/primary.prof
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/dex2oat --instruction-set=x86 --dex-file=<Package Folder>/.jiagu/classes.dex --dex-file=<Package Folder>/.jiagu/classes.dex:classes2.dex --dex-file=<Package Folder>/.jiagu/classes.dex:classes3.dex --oat-file=<Package Folder>/.jiagu/classes.oat --inline-depth-limit=0 --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_cache/.hefbdhsfb/api/api.jar --oat-fd=203 --oat-location=/data/user/0/<Package>/app_cache/.hefbdhsfb/api/api.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/app_cache/.hefbdhsfb/web/web.jar --oat-fd=77 --oat-location=/data/user/0/<Package>/app_cache/.hefbdhsfb/web/web.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/cache/cacheUmeng/oatCache/downUmeng.jar --oat-fd=60 --oat-location=/data/user/0/<Package>/cache/cacheUmeng/oatCache/downUmeng/downUmeng.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/1.jar --oat-fd=179 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/1.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/17.jar --oat-fd=64 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/17.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/3.jar --oat-fd=82 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/3.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/5016ba473a64090954d2bd4c2c238821.jar --oat-fd=198 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/5016ba473a64090954d2bd4c2c238821.dex --compiler-filter=speed
- /system/bin/dex2oat --runtime-arg -classpath --runtime-arg & --instruction-set=x86 --instruction-set-features=smp,ssse3,sse4.1,sse4.2,-avx,-avx2,-lock_add,popcnt --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --dex-file=/data/user/0/<Package>/files/cache/cacheUmeng/6.jar --oat-fd=82 --oat-location=/data/user/0/<Package>/files/cache/cacheUmeng/6.dex --compiler-filter=speed
- cat /sys/class/net/wlan0/address
- getprop
- ls /
- ls /sys/class/thermal
Загружает динамические библиотеки:
- liblg9417791
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS5Padding
- DES
- DESede-CBC-PKCS5Padding
- Des-ECB-NoPadding
- RSA-None-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- DES
- DESede-CBC-PKCS5Padding
- RSA-None-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
