Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Adware.Was.1.origin
Сетевая активность:
Подключается к:
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) qzs.gd####.com.####.com:80
- TCP(HTTP/1.1) res.w####.xyz:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) g####.62####.com:8001
- TCP(HTTP/1.1) qzones####.mid.td####.com:80
- TCP(HTTP/1.1) a.da####.com:9127
- TCP(TLS/1.0) 1####.194.73.95:443
- TCP(TLS/1.0) 64.2####.164.95:443
- TCP(TLS/1.0) rr10---####.g####.com:443
- TCP(TLS/1.0) qzones####.mid.td####.com:443
- TCP(TLS/1.0) mi.g####.qq.com:443
- TCP(TLS/1.0) 64.2####.163.95:443
- TCP(TLS/1.0) t####.m.qq.com:443
- TCP(TLS/1.0) s####.e.qq.com:443
- TCP(TLS/1.2) 64.2####.163.95:443
- TCP(TLS/1.2) 1####.251.1.100:443
- TCP(TLS/1.2) 2####.85.233.94:443
- UDP 64.2####.163.95:443
Запросы DNS:
- a.da####.com
- g####.62####.com
- m####.go####.com
- mi.g####.qq.com
- p####.ugd####.com
- qzones####.g####.cn
- qzs.gd####.com
- res.w####.xyz
- rr10---####.g####.com
- s####.e.qq.com
- t####.m.qq.com
Запросы HTTP GET:
- a.da####.com:9127/ll/app_<Package>.json?a168014####
- a.da####.com:9127/ll/gs?baseversion=####&version=####&appversion=####&ch...
- mi.g####.qq.com:443/gdt_mview.fcg?actual_width=####&support_https=####&f...
- mi.g####.qq.com:443/gdt_mview.fcg?fc=####&datatype=####&posh=####&count=...
- qzones####.mid.td####.com/qzone/biz/gdt/mob/sdk/v2/android03/js-release/...
- qzs.gd####.com.####.com/union/res/android/plugin/plugin.dex-1063.jar
- res.w####.xyz/v2/okami_game/tc_3.01/Images/contents/1_tansaku_3_kokuban_...
- res.w####.xyz/v2/okami_game/tc_3.01/Images/contents/1_tansaku_4_tukue_tc...
- res.w####.xyz/v2/okami_game/tc_3.01/Images/contents/1_tansaku_shampoo_tc...
- res.w####.xyz/v2/okami_game/tc_3.01/Images/contents/new_end_tc.jpg
- res.w####.xyz/v2/okami_game/tc_3.01/Images/gimmickobjects/kyositu_kokuba...
- res.w####.xyz/v2/okami_game/tc_3.01/Images/gimmickobjects/living_new_end...
- res.w####.xyz/v2/okami_game/tc_3.01/Images/ui/item/item_syouko_1_kokuban...
- res.w####.xyz/v2/okami_game/tc_3.01/Images/ui/item/item_syouko_1_seisink...
- res.w####.xyz/v2/okami_game/tc_3.01/Plugin/script_patcher/downloader.lua
- res.w####.xyz/v2/okami_game/tc_3.01/filelist.php?patchVer=####
- res.w####.xyz/v2/okami_game/tc_3.01/initial_dl.lua
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/0912_banner_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/0912_popup_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/0926_2_popup_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/0926_banner_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/0926_popup_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/20190829_popup_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/20190829_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/20191203_popup_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/banner_20190713_tc.jpg
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/danshi3_banner_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/eve_another2_popup_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/evefanbook_banner_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/popup_2019-08-15_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/popup_20191010_tc.jpg
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/substory001_medium_tc.jpg
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/substory002_medium_tc.jpg
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/substory003_large_tc.jpg
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/substory003_medium_tc.jpg
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/substory005_large_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/substory005_medium_tc.png
- res.w####.xyz/v2/okami_game/tc_3.01/self_ads/wasabi_rectangle_20190424_t...
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/card/okami_chie_3_dark_dr...
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin.atlas
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin.json
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin2.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin3.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin4.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin5.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/hiroin6.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha.json
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha10.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha2.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha3.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha4.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha5.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha6.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha7.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha8.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/isha9.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu.atlas
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu.json
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu10.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu11.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu12.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu13.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu14.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu15.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu16.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu17.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu2.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu3.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu4.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu5.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu6.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu7.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu8.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/keisatsu9.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kill_common.atlas
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kill_common.json
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kill_common.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kill_common2.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kill_common3.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha.atlas
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha.json
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha10.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha2.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha3.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha4.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha5.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha6.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha7.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha8.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/kisha9.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori.atlas
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori.json
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori10.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori11.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori12.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori13.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori14.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori15.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori16.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori17.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori18.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori19.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori2.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori3.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori4.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori5.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori6.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori7.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori8.png
- res.w####.xyz/v2/okami_game/tc_3.01/spine_data/shokei/rori9.png
- res.w####.xyz/v2/okami_game/tc_3.01/translation/tc/eve/main/chapter.json
- res.w####.xyz/v2/okami_game/tc_3.01/translation/tc/okami/main/items.json
Запросы HTTP POST:
- a.da####.com:9127/ll//uu?t=####
- g####.62####.com:8001/adStatistics
- g####.62####.com:8001/addNewApp
- g####.62####.com:8001/gameState
- s####.e.qq.com/activate
- s####.e.qq.com:443/event
- t####.m.qq.com:443/?mc=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.dex2oatlock
- /data/data/####/.turing.dat
- /data/data/####/.updateIV.dat
- /data/data/####/.updateIV.dat_0
- /data/data/####/.updateIV.dat_1
- /data/data/####/.updateIV.dat_2
- /data/data/####/.updateIV.dat_3
- /data/data/####/0000000lllll_0.dex
- /data/data/####/0000000lllll_1.dex
- /data/data/####/0000000lllll_2.dex
- /data/data/####/0000000lllll_3.dex
- /data/data/####/000O00ll111l_0.dex
- /data/data/####/000O00ll111l_1.dex
- /data/data/####/000O00ll111l_2.dex
- /data/data/####/000O00ll111l_3.dex
- /data/data/####/00O000ll111l_0.dex
- /data/data/####/00O000ll111l_0.dex (deleted)
- /data/data/####/00O000ll111l_0.dex.flock
- /data/data/####/00O000ll111l_0.dex.flock (deleted)
- /data/data/####/00O000ll111l_1.dex
- /data/data/####/00O000ll111l_1.dex (deleted)
- /data/data/####/00O000ll111l_1.dex.flock
- /data/data/####/00O000ll111l_1.dex.flock (deleted)
- /data/data/####/00O000ll111l_2.dex
- /data/data/####/00O000ll111l_2.dex (deleted)
- /data/data/####/00O000ll111l_2.dex.flock
- /data/data/####/00O000ll111l_2.dex.flock (deleted)
- /data/data/####/00O000ll111l_3.dex
- /data/data/####/00O000ll111l_3.dex (deleted)
- /data/data/####/00O000ll111l_3.dex.flock
- /data/data/####/00O000ll111l_3.dex.flock (deleted)
- /data/data/####/0912_banner_tc.png
- /data/data/####/0912_popup_tc.png
- /data/data/####/0926_2_popup_tc.png
- /data/data/####/0926_banner_tc.png
- /data/data/####/0926_popup_tc.png
- /data/data/####/0OO00l111l1l
- /data/data/####/0OO00l111l1l.lock
- /data/data/####/1_tansaku_3_kokuban_tc.jpg
- /data/data/####/1_tansaku_4_tukue_tc.jpg
- /data/data/####/1_tansaku_shampoo_tc.jpg
- /data/data/####/20190829_popup_tc.png
- /data/data/####/20190829_tc.png
- /data/data/####/3618.yaqcookie
- /data/data/####/75e525eaa570bae9_0
- /data/data/####/7b4258c4328b3b69_0
- /data/data/####/7b4258c4328b3b69_1
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/Cookies-journal
- /data/data/####/Corona.xml
- /data/data/####/CoronaGooglePlayServicesAvailabilityStates.xml
- /data/data/####/CoronaProvider.licensing.google.lualoader.xml
- /data/data/####/FBAdPrefs.xml
- /data/data/####/FBAdPrefs.xml.bak
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/audience_network.dex
- /data/data/####/audience_network.dex.flock (deleted)
- /data/data/####/chapter.json
- /data/data/####/cheuu
- /data/data/####/com.facebook.ads.idfa.xml
- /data/data/####/com.google.InstanceId.properties
- /data/data/####/com.google.android.datatransport.events-journal
- /data/data/####/com.google.android.datatransport.events-journal (deleted)
- /data/data/####/com.google.android.gms.appid-no-backup
- /data/data/####/com.google.android.gms.appid.xml
- /data/data/####/com.google.android.gms.measurement.prefs.xml
- /data/data/####/com.google.android.gms.measurement.prefs.xml.bak
- /data/data/####/com.qq.e.sdkconfig.xml
- /data/data/####/com.qq.e.sdkconfig.xml.bak
- /data/data/####/com.wasabi.okami.tc.mt_preferences.xml
- /data/data/####/config
- /data/data/####/danshi3_banner_tc.png
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/download1008505051.tmp
- /data/data/####/download1009499056.tmp
- /data/data/####/download1035149403.tmp
- /data/data/####/download1101427983.tmp
- /data/data/####/download1110714911.tmp
- /data/data/####/download1111209196.tmp
- /data/data/####/download1111314041.tmp
- /data/data/####/download113926446.tmp
- /data/data/####/download1203729666.tmp
- /data/data/####/download1212618598.tmp
- /data/data/####/download1214499221.tmp
- /data/data/####/download1222184441.tmp
- /data/data/####/download1243953715.tmp
- /data/data/####/download1246894806.tmp
- /data/data/####/download1269177439.tmp
- /data/data/####/download1283706589.tmp
- /data/data/####/download1290862796.tmp
- /data/data/####/download1299304643.tmp
- /data/data/####/download1366265887.tmp
- /data/data/####/download1376848902.tmp
- /data/data/####/download140066948.tmp
- /data/data/####/download1402493704.tmp
- /data/data/####/download1403827091.tmp
- /data/data/####/download1404567042.tmp
- /data/data/####/download1409797904.tmp
- /data/data/####/download1440458534.tmp
- /data/data/####/download1466539939.tmp
- /data/data/####/download1473138439.tmp
- /data/data/####/download147787502.tmp
- /data/data/####/download1511889648.tmp
- /data/data/####/download1527803778.tmp
- /data/data/####/download152930889.tmp
- /data/data/####/download1548340403.tmp
- /data/data/####/download1577057015.tmp
- /data/data/####/download167336984.tmp
- /data/data/####/download1686408106.tmp
- /data/data/####/download1707966107.tmp
- /data/data/####/download1724503942.tmp
- /data/data/####/download1725566257.tmp
- /data/data/####/download1735286885.tmp
- /data/data/####/download1767942228.tmp
- /data/data/####/download1776415711.tmp
- /data/data/####/download1787856829.tmp
- /data/data/####/download1791087573.tmp
- /data/data/####/download1794092800.tmp
- /data/data/####/download1887369799.tmp
- /data/data/####/download1908074394.tmp
- /data/data/####/download1913949933.tmp
- /data/data/####/download1928430519.tmp
- /data/data/####/download1928769026.tmp
- /data/data/####/download193185340.tmp
- /data/data/####/download1944792465.tmp
- /data/data/####/download1993498902.tmp
- /data/data/####/download2015892751.tmp
- /data/data/####/download204242385.tmp
- /data/data/####/download2042902163.tmp
- /data/data/####/download2046907598.tmp
- /data/data/####/download2055852464.tmp
- /data/data/####/download2060502169.tmp
- /data/data/####/download2092064312.tmp
- /data/data/####/download2094935485.tmp
- /data/data/####/download2099363160.tmp
- /data/data/####/download2110751521.tmp
- /data/data/####/download2113370145.tmp
- /data/data/####/download229995517.tmp
- /data/data/####/download244596911.tmp
- /data/data/####/download279488137.tmp
- /data/data/####/download30995519.tmp
- /data/data/####/download3328556.tmp
- /data/data/####/download364469198.tmp
- /data/data/####/download396451390.tmp
- /data/data/####/download415646338.tmp
- /data/data/####/download418811994.tmp
- /data/data/####/download451629739.tmp
- /data/data/####/download467444762.tmp
- /data/data/####/download474271476.tmp
- /data/data/####/download483192837.tmp
- /data/data/####/download483365904.tmp
- /data/data/####/download483427967.tmp
- /data/data/####/download484809613.tmp
- /data/data/####/download509280357.tmp
- /data/data/####/download553999151.tmp
- /data/data/####/download56682373.tmp
- /data/data/####/download581677508.tmp
- /data/data/####/download589385898.tmp
- /data/data/####/download605354643.tmp
- /data/data/####/download617513921.tmp
- /data/data/####/download643417994.tmp
- /data/data/####/download664232939.tmp
- /data/data/####/download694381677.tmp
- /data/data/####/download702038880.tmp
- /data/data/####/download703278329.tmp
- /data/data/####/download717052912.tmp
- /data/data/####/download71928045.tmp
- /data/data/####/download725667092.tmp
- /data/data/####/download729426613.tmp
- /data/data/####/download737139900.tmp
- /data/data/####/download73981322.tmp
- /data/data/####/download741751121.tmp
- /data/data/####/download746993449.tmp
- /data/data/####/download768404946.tmp
- /data/data/####/download815291826.tmp
- /data/data/####/download849214359.tmp
- /data/data/####/download897251182.tmp
- /data/data/####/download943554086.tmp
- /data/data/####/download974050532.tmp
- /data/data/####/download976091972.tmp
- /data/data/####/download992007528.tmp
- /data/data/####/download998030523.tmp
- /data/data/####/downloaded_files_spine.json
- /data/data/####/downloader.db-journal (deleted)
- /data/data/####/downloader.lua
- /data/data/####/eve_another2_popup_tc.png
- /data/data/####/evefanbook_banner_tc.png
- /data/data/####/gamepayConf.json
- /data/data/####/gdt_config.cfg
- /data/data/####/gdt_plugin.dex
- /data/data/####/gdt_plugin.dex.flock (deleted)
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.next
- /data/data/####/gdt_plugin.next.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_stat.db
- /data/data/####/gdt_stat.db-journal
- /data/data/####/gdt_suid
- /data/data/####/google_app_measurement_local.db
- /data/data/####/google_app_measurement_local.db-journal
- /data/data/####/hiroin.atlas
- /data/data/####/hiroin.json
- /data/data/####/hiroin.png
- /data/data/####/hiroin2.png
- /data/data/####/hiroin3.png
- /data/data/####/hiroin4.png
- /data/data/####/hiroin5.png
- /data/data/####/hiroin6.png
- /data/data/####/index
- /data/data/####/initial_dl.lua
- /data/data/####/isha.atlas
- /data/data/####/isha.json
- /data/data/####/isha.png
- /data/data/####/isha10.png
- /data/data/####/isha3.png
- /data/data/####/isha4.png
- /data/data/####/isha5.png
- /data/data/####/isha6.png
- /data/data/####/isha7.png
- /data/data/####/isha8.png
- /data/data/####/isha9.png
- /data/data/####/item_syouko_1_kokuban_tc.jpg
- /data/data/####/item_syouko_1_seisinkalist_tc.jpg
- /data/data/####/items.json
- /data/data/####/keisatsu.atlas
- /data/data/####/keisatsu.json
- /data/data/####/keisatsu.png
- /data/data/####/keisatsu10.png
- /data/data/####/keisatsu11.png
- /data/data/####/keisatsu12.png
- /data/data/####/keisatsu13.png
- /data/data/####/keisatsu14.png
- /data/data/####/keisatsu15.png
- /data/data/####/keisatsu16.png
- /data/data/####/keisatsu17.png
- /data/data/####/keisatsu2.png
- /data/data/####/keisatsu3.png
- /data/data/####/keisatsu4.png
- /data/data/####/keisatsu5.png
- /data/data/####/keisatsu6.png
- /data/data/####/keisatsu7.png
- /data/data/####/keisatsu8.png
- /data/data/####/keisatsu9.png
- /data/data/####/kill_common.atlas
- /data/data/####/kill_common.json
- /data/data/####/kill_common.png
- /data/data/####/kill_common2.png
- /data/data/####/kill_common3.png
- /data/data/####/kisha.atlas
- /data/data/####/kisha.json
- /data/data/####/kisha.png
- /data/data/####/kisha10.png
- /data/data/####/kisha2.png
- /data/data/####/kisha3.png
- /data/data/####/kisha4.png
- /data/data/####/kisha5.png
- /data/data/####/kisha6.png
- /data/data/####/kisha7.png
- /data/data/####/kisha8.png
- /data/data/####/kisha9.png
- /data/data/####/kyositu_kokuban_tc.png
- /data/data/####/libMMANDKSignature.3c9e022f.so
- /data/data/####/libshellx-super.2019.so
- /data/data/####/libturingau.3c9e022f.so
- /data/data/####/libyaqbasic.3c9e022f.so
- /data/data/####/libyaqpro.3c9e022f.so
- /data/data/####/living_new_end_tc.png
- /data/data/####/metrics_guid
- /data/data/####/mpdc_105498_1
- /data/data/####/new_end_tc.jpg
- /data/data/####/o0oooOO0ooOo.dat
- /data/data/####/okami_chie_3_dark_draw.atlas
- /data/data/####/popup_2019-08-15_tc.png
- /data/data/####/popup_20191010_tc.jpg
- /data/data/####/proc_auxv
- /data/data/####/rori.atlas
- /data/data/####/rori.json
- /data/data/####/rori.png
- /data/data/####/rori10.png
- /data/data/####/rori11.png
- /data/data/####/rori12.png
- /data/data/####/rori13.png
- /data/data/####/rori14.png
- /data/data/####/rori15.png
- /data/data/####/rori16.png
- /data/data/####/rori17.png
- /data/data/####/rori18.png
- /data/data/####/rori19.png
- /data/data/####/rori2.png
- /data/data/####/rori3.png
- /data/data/####/rori4.png
- /data/data/####/rori5.png
- /data/data/####/rori6.png
- /data/data/####/rori7.png
- /data/data/####/rori8.png
- /data/data/####/rori9.png
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/secret.xml
- /data/data/####/substory001_medium_tc.jpg
- /data/data/####/substory002_medium_tc.jpg
- /data/data/####/substory003_large_tc.jpg
- /data/data/####/substory003_medium_tc.jpg
- /data/data/####/substory005_large_tc.png
- /data/data/####/substory005_medium_tc.png
- /data/data/####/the-real-index
- /data/data/####/tmd
- /data/data/####/tosversion
- /data/data/####/turingfd_conf_105498_auMini.xml
- /data/data/####/turingfd_conf_105498_auMini.xml.bak
- /data/data/####/turingfd_protect_105498_41_auMini.xml
- /data/data/####/tv
- /data/data/####/update_lc
- /data/data/####/usableStore.json
- /data/data/####/uuloi
- /data/data/####/vva
- /data/data/####/vva.dex
- /data/data/####/vva.dex.flock (deleted)
- /data/data/####/vva.jar
- /data/data/####/wasabi_rectangle_20190424_tc.png
- /data/data/####/yaq.3c9e022f.sec
- /data/data/####/yaq2.3c9e022f.sec
- /data/data/####/yaq3_0.3c9e022f.sec
- /data/data/####/yaqsdkcookie
- /data/media/####/.turing.dat
- /data/misc/####/primary.prof
Другие:
Запускает следующие shell-скрипты:
- /system/bin/df
- /system/bin/getprop
- cat /sys/class/net/wlan0/address
- getprop ro.product.cpu.abi
- ls /data/local
Загружает динамические библиотеки:
- libMMANDKSignature.3c9e022f
- libalmixer
- libcorona
- libjnlua5.1
- liblicensing
- liblua
- libmpg123
- libopenal
- libplugin.zip
- libshellx-super.2019
- libturingau.3c9e022f
- libyaqbasic.3c9e022f
- libyaqpro.3c9e022f
Использует следующие алгоритмы для шифрования данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS7Padding
Использует следующие алгоритмы для расшифровки данных:
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS7Padding
- RSA-ECB-PKCS1Padding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Отрисовывает собственные окна поверх других приложений.
Запрашивает разрешение на отображение системных уведомлений.
