Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.RemoteCode.127.origin
Accesses the ITelephony private interface.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8011
- TCP(HTTP/1.1) aexcep####.b####.qq.com:8012
- TCP(HTTP/1.1) api.won####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) a####.exc.mob.com:80
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) api.s####.com:443
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) loc.map.b####.com:443
DNS requests:
- a####.b####.qq.com
- a####.exc.mob.com
- aexcep####.b####.qq.com
- and####.b####.qq.com
- api.map.b####.com
- api.s####.com
- api.won####.com
- img.won####.com
- loc.map.b####.com
- plb####.u####.com
- u####.u####.com
HTTP GET requests:
- ti####.c####.l####.####.com/userfiles/image/20180519/19160556b122357a438...
- ti####.c####.l####.####.com/userfiles/image/20180628/281711435e0ff815bb5...
- ti####.c####.l####.####.com/userfiles/image/20180702/0215303380269c1b5d3...
- ti####.c####.l####.####.com/userfiles/image/20180702/0215323966e48b93526...
- ti####.c####.l####.####.com/userfiles/image/20180706/061608160e13a9e6928...
- ti####.c####.l####.####.com/userfiles/image/20180709/091518114ac0188cfc7...
- ti####.c####.l####.####.com/userfiles/image/20180711/11100421ad7a59d0988...
- ti####.c####.l####.####.com/userfiles/image/20180728/2820312896082017ba3...
- ti####.c####.l####.####.com/userfiles/image/20180728/2820313457cf07bb6e8...
- ti####.c####.l####.####.com/userfiles/image/20180804/0415170446fb01b7b25...
- ti####.c####.l####.####.com/userfiles/image/20180815/15180341a1ef7e3a9d8...
- ti####.c####.l####.####.com/userfiles/image/20180905/05180751ccbb061f133...
- ti####.c####.l####.####.com/userfiles/image/20180919/1916451496665b981e7...
- ti####.c####.l####.####.com/userfiles/image/20180928/28155708a80bd4ecc08...
- ti####.c####.l####.####.com/userfiles/image/20180929/29164928bf7f7632937...
- ti####.c####.l####.####.com/userfiles/image/20180930/30161045106a008c942...
- ti####.c####.l####.####.com/userfiles/image/20180930/30175525ff378630af4...
- ti####.c####.l####.####.com/userfiles/image/20180930/301756193bb5f484a69...
- ti####.c####.l####.####.com/userfiles/image/20181001/0115312902fb558ec12...
- ti####.c####.l####.####.com/userfiles/image/20181013/131538518efa50280f9...
- ti####.c####.l####.####.com/userfiles/image/20181014/14093322816d5096798...
- ti####.c####.l####.####.com/userfiles/image/20181119/191115268c8049f6d61...
- ti####.c####.l####.####.com/userfiles/image/20181122/221430568a15d1b7126...
- ti####.c####.l####.####.com/userfiles/image/20181128/28141204853dbb75eb2...
- ti####.c####.l####.####.com/userfiles/image/20181203/0313485626e3d572494...
- ti####.c####.l####.####.com/userfiles/image/20181213/131452089153093bbe2...
- ti####.c####.l####.####.com/userfiles/image/20181218/1815145903c603a3289...
- ti####.c####.l####.####.com/userfiles/image/20181218/1816545941459c21684...
- ti####.c####.l####.####.com/userfiles/image/20181220/20103707c8a963180e2...
- ti####.c####.l####.####.com/userfiles/image/20181220/20104658a55b9883429...
- ti####.c####.l####.####.com/userfiles/image/20181220/201048282b416d69813...
- ti####.c####.l####.####.com/userfiles/image/20181220/2011092451f3655dc60...
- ti####.c####.l####.####.com/userfiles/image/20181220/201115071b9541d2342...
- ti####.c####.l####.####.com/userfiles/image/20181220/2016425147205823590...
- ti####.c####.l####.####.com/userfiles/image/20190107/07175349571b96fdb09...
- ti####.c####.l####.####.com/userfiles/image/20190111/11140443c7d04b5f755...
- ti####.c####.l####.####.com/userfiles/image/20190111/11182115cc0ee2d3e33...
- ti####.c####.l####.####.com/userfiles/image/20190111/111826586908820d749...
- ti####.c####.l####.####.com/userfiles/image/20190111/11183011ec2288071d9...
- ti####.c####.l####.####.com/userfiles/images/180823145817yeay14sch4q.jpg...
- ti####.c####.l####.####.com/userfiles/images/180824104312x4knfk1wjkv.png...
- ti####.c####.l####.####.com/userfiles/images/180824121929bv35n5kpwoz.jpg...
- ti####.c####.l####.####.com/userfiles/images/180824122849huntkmehntk.jpg...
- ti####.c####.l####.####.com/userfiles/images/180829184305kullgx10qt0.jpg...
- ti####.c####.l####.####.com/userfiles/images/180829185630iycfcqhukhq.jpg...
- ti####.c####.l####.####.com/userfiles/images/1808291925174ioj0eisv20.jpg...
- ti####.c####.l####.####.com/userfiles/images/180831190958tvjgsb43zkj.jpg...
- ti####.c####.l####.####.com/userfiles/images/1808311959012oun2ynpg4o.jpg...
- ti####.c####.l####.####.com/userfiles/images/180904233205bqqe1p3biy1.jpg...
- ti####.c####.l####.####.com/userfiles/images/1809050055451zoiw3zn1d1.png...
- ti####.c####.l####.####.com/userfiles/images/180905200151hbpcotiwim0.jpg...
- ti####.c####.l####.####.com/userfiles/images/180912205816kbvkma2fevm.jpg...
- ti####.c####.l####.####.com/userfiles/images/180912214910pbs1k3kzg3q.jpg...
- ti####.c####.l####.####.com/userfiles/images/181009023458eho45f4hfq5.jpg...
- ti####.c####.l####.####.com/userfiles/images/4ggcxc01e4h4ggcxc01e4h.jpg-...
- ti####.c####.l####.####.com/userfiles/images/a5mbp0odr35a5mbp0odr35.jpg-...
- ti####.c####.l####.####.com/userfiles/images/b3ytllcrm5f.jpg-m.houses.list
- ti####.c####.l####.####.com/userfiles/images/cozy235g3m1cozy235g3m1.jpg-...
- ti####.c####.l####.####.com/userfiles/images/vgbyu3tploevgbyu3tploe.jpg-...
- ti####.c####.l####.####.com/userfiles/images/vnaapfhmazbvnaapfhmazb.jpg-...
- ti####.c####.l####.####.com/userfiles/images/xv3kfukbev2xv3kfukbev2.jpg-...
HTTP POST requests:
- a####.exc.mob.com/errconf
- aexcep####.b####.qq.com:8011/rqd/async
- aexcep####.b####.qq.com:8012/rqd/async
- and####.b####.qq.com/rqd/async
- and####.b####.qq.com/rqd/async?aid=####
- api.won####.com/api/v1/developer/brands
- api.won####.com/api/v1/developer/brands/detail?developer_id=####
- api.won####.com/api/v1/houses/detail?houses_id=####&api_token=####
- api.won####.com/api/v1/houses/search?area_id=####&page=####
- api.won####.com/api/v1/houses/similar?houses_id=####
- api.won####.com/api/v1/planner?page=####&area_id=####&api_token=####
- api.won####.com/api/v1/public/acreage/list
- api.won####.com/api/v1/public/app/version?type=####
- api.won####.com/api/v1/public/areas
- api.won####.com/api/v1/public/areas/business?area_id=####
- api.won####.com/api/v1/public/broadcast
- api.won####.com/api/v1/public/feature/list?area_id=####
- api.won####.com/api/v1/public/house/price/list?area_id=####
- api.won####.com/api/v1/public/house/types
- api.won####.com/api/v1/public/sale/status/list
- api.won####.com/api/v1/public/slide?area_id=####
- api.won####.com/api/v1/public/type/list
- api.won####.com/api/v1?area_id=####
File system changes:
Creates the following files:
- /data/data/####/-1106445582
- /data/data/####/-1115058732
- /data/data/####/-1421164408
- /data/data/####/-1821612606
- /data/data/####/-569690973
- /data/data/####/-889919583
- /data/data/####/-890492684
- /data/data/####/.duid
- /data/data/####/.imprint
- /data/data/####/.lock
- /data/data/####/.vpl_lock
- /data/data/####/083faa0e465cc1e359ddbeb258720bcab9922c131e7276c....0.tmp
- /data/data/####/08cd1e5dff7e99fc6fa148305d9058b94187419e03ee7fc....0.tmp
- /data/data/####/08ff28255f6d6843dda1cedf20411baf08448251742aa28....0.tmp
- /data/data/####/0b33c32fa3827b0c9d820c73243756d8756ca80b4c4ad52....0.tmp
- /data/data/####/0cc2789934651e2ae16ac66df6387c24e50ed5722a5636c....0.tmp
- /data/data/####/0e5aca7d0a560d7e1abc3c802c0623b1c644a120718dec8....0.tmp
- /data/data/####/1004
- /data/data/####/109526449
- /data/data/####/1112798511
- /data/data/####/12e0e30c5b5a23b9f3c8eba71217fa0fe0bb4ffc0207d2a....0.tmp
- /data/data/####/1374173782
- /data/data/####/14387470a2bee3e734155f5366f29e9787f3b69bb65370c....0.tmp
- /data/data/####/17627ef2e0e477c38df33cfaf85f6891b41d0cf5b25c6bd....0.tmp
- /data/data/####/1990137437
- /data/data/####/1c0c681d69275dc2ce2c569ef05e51175ca8a0d3c31536e....0.tmp
- /data/data/####/1ca6bd71a40c3efc19b6f328f33600c886310fa219eba9c....0.tmp
- /data/data/####/1d1ce1dfeb0ad83f7f487a6a264ec571ec86ed2596c9a0e....0.tmp
- /data/data/####/1e7742abdd74ae9961156e74579765943a0bbd8835c9396....0.tmp
- /data/data/####/202710deab858c58986597cfb25a08a01f9b219a11c4484....0.tmp
- /data/data/####/20bc882be92811afe7dacaaede19be4929928c551364e58....0.tmp
- /data/data/####/231cf474a409e50434a401108ce7063b03cd253c071b32b....0.tmp
- /data/data/####/23a2ca48519491dbf92a5737be0f8b60b43a86c1962c85d....0.tmp
- /data/data/####/24e475b25c8268a931cb20802cfc908918d76ce451f49ad....0.tmp
- /data/data/####/24f7ba7eea86a5d5b0bae87a5e3b1c0582934d6e7b31ecb....0.tmp
- /data/data/####/2af0d23f3be7e90fe14a1b94456c389f064fb49f69d2ab5....0.tmp
- /data/data/####/30ad81b7ab999c61869116c405e983c7fec12d0ecc52017....0.tmp
- /data/data/####/329b40cdef73ed98116685d2307d1a31fd3d7c7f759816c....0.tmp
- /data/data/####/330fb63f5ec7a1e10050ee4e789a94f4f271e8183d2b1e5....0.tmp
- /data/data/####/345e50466f26c2b595ecd519b50dbafbc1ac6d9ced00e3e....0.tmp
- /data/data/####/34fa2304bdc55d78cdd1168c710b9f334b6a811ed8909ae....0.tmp
- /data/data/####/3744dd60adf45009dd00b59a749c99cdcaba4244c584812....0.tmp
- /data/data/####/39201f1223b32d3b2a08a55097a4c76a9c24d106101aea7....0.tmp
- /data/data/####/3c84f4bad39424e36f760076fa9fe9b0b0efef342425447....0.tmp
- /data/data/####/3c90326f06cf36b7b14d282f7280789deda00cbc04a1896....0.tmp
- /data/data/####/3c9f7b77d9c3d29302e7bd46933c255989ca9df629320f4....0.tmp
- /data/data/####/403a92b2823f197d3f39921cc1cd9c8a3d577ecf09f0c8d....0.tmp
- /data/data/####/4153c302b6045f5816dc9559d401ec78898cc5a9042acfe....0.tmp
- /data/data/####/44dba8ba0d7acb1f821e0e9020eb641f70bf6aa42578bd5....0.tmp
- /data/data/####/478d894caab10949e5c799a683ba11a3021d6543490a130....0.tmp
- /data/data/####/48ba316f17f67e456a3bb331d12736af17676693426b9f5....0.tmp
- /data/data/####/4c19f9112eb8c6ae5a33457b959907bcfcb5697dd8a2706....0.tmp
- /data/data/####/4d45385e0b3e5f0cff4875483824231614f057b915aa864....0.tmp
- /data/data/####/4eb606e5ecb82c7c95170c6cfee1204bb447756de447e18....0.tmp
- /data/data/####/4f0e606223f566e26bb951efcc9ab8577239eee5fb03e4f....0.tmp
- /data/data/####/50a3029effc0a73d7a5958463e2a49fce1fa520a1ce87d3....0.tmp
- /data/data/####/5229bb075eb9a407b568d5b1ba8d26319c50446e00c1770....0.tmp
- /data/data/####/52faa38e71534b7de3cfce23bbfd3af4d76a493a67908e6....0.tmp
- /data/data/####/530cfa9ad99020d74007b62ee64dc857e866d6a959f2158....0.tmp
- /data/data/####/57299bac387f0943bfbb02e52cc1503e589258024b45a57....0.tmp
- /data/data/####/593af04fbd6fc1b991da870ba59510d727ace629de390aa....0.tmp
- /data/data/####/59fee4c5258d30cedbdeed6d14c4bfbfecbb71d70d1780f....0.tmp
- /data/data/####/5dbae2247c9ed49c706589e4766451b86f816478d25d4c3....0.tmp
- /data/data/####/600edb470466a13d44bbdb701092c6c9a936406bbdcbc53....0.tmp
- /data/data/####/64ebb501b25520f8142419cb3fe2757a953862868f0465b....0.tmp
- /data/data/####/669066272
- /data/data/####/697024654dec09b824ffc4c2f3508146202cc9a1a958576....0.tmp
- /data/data/####/6a2d970d3883c90fb677a5d9d951449e861581b8d38a7fa....0.tmp
- /data/data/####/6e1e38e7e1aa589a8735ce1e37c7190f7ff819dac41e1a3....0.tmp
- /data/data/####/6ee355b3daa1cc35a5748d3568078961700c90e70e1fe74....0.tmp
- /data/data/####/7027f3fe111ef62f44688b3658e950a4cbd4da8ce4d7989....0.tmp
- /data/data/####/71e6d117c99e75b49c2ea4a300891f42cd6638d4bef6f3d...d26d.0
- /data/data/####/7759476a43467fcf0c1b698c2f2b2affe6245f8a4fe4cc3....0.tmp
- /data/data/####/781799a4bb8a78aeafa7b4635effda905c25f2f4fff29f0....0.tmp
- /data/data/####/78bae7ad2a9b5310d6458a76b6c8b77047bd9eab60ac66a....0.tmp
- /data/data/####/7d4cca1bd612f97f125e7fd678a08f6d9e20245bf98e8bd....0.tmp
- /data/data/####/7d80c59a1596905437779fb6d9f72b52663f54f12bcabeb....0.tmp
- /data/data/####/7d9bfbcc89e7f5553690f8cc1e5833c565a0a67a147fe54....0.tmp
- /data/data/####/82890498f7bba116d02c7856da3d223e75ce747595f64c0....0.tmp
- /data/data/####/8293463e7234ec43eb67d7a597344591b1f3373998ef376....0.tmp
- /data/data/####/8b5c0377551900a9449408c06f784a188556796e631cf95....0.tmp
- /data/data/####/8d8d7bd3599171344345605a89a892e52ca30268209ef02....0.tmp
- /data/data/####/8dc99be60f67fb11471d59c1174bdb0b1b4cb8a42e74148....0.tmp
- /data/data/####/8e7b2d49219d0757a059cae7a212c3063d1239f56a19e26....0.tmp
- /data/data/####/905248af806afd8bcf21627e218a1a1091050088799da5f....0.tmp
- /data/data/####/90f1be389c2ff0c2669a7678f7a32e2b6389abb5df3c8b8....0.tmp
- /data/data/####/926ca91a2772224124466881a633a75868f605a4c7aba77....0.tmp
- /data/data/####/960cae8680fc2d6fbb40fbfe51090f6e09d462cb75fc65e....0.tmp
- /data/data/####/9771843cdd408026ca6fea19fbfb0d8aa8c0d5a41724e93....0.tmp
- /data/data/####/981ffda5422d89074a10fadc14e5a1ad9ee67fac7108d71....0.tmp
- /data/data/####/9a4e5867db635d067cdda47d76bf5ffb6ee226b8511fa7a....0.tmp
- /data/data/####/9a53adfc3e7de91ed1417c78fc134d7059c4fcd723fdd02....0.tmp
- /data/data/####/9ad1b649f2c2b82fe74b349f273b8c95629bbdab68be00a....0.tmp
- /data/data/####/9c64e26337f2dfe8b11bc982f26f6020ef5d7751aa22855....0.tmp
- /data/data/####/9da09b4c468186f509938d0df1150f0be6708c9c238d117....0.tmp
- /data/data/####/9ef12364e8910b04f7c4ee4e26c5fc8e578033aadfeb6cc....0.tmp
- /data/data/####/CustomIndex
- /data/data/####/DVDirectory.cfg
- /data/data/####/DVHotMap.cfg
- /data/data/####/DVHotcity.cfg
- /data/data/####/DVIndoor.cfg
- /data/data/####/DVSDirectory.cfg
- /data/data/####/DVVersion.cfg
- /data/data/####/ResPackIndoorMap.rs
- /data/data/####/ThrowalbeLog.db-journal
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/a1611a47cba624c9f951820d4aa2824e01a8e615051b189....0.tmp
- /data/data/####/a1fe756c7019617a6cf6877be898ea4d801917d114a8e1e....0.tmp
- /data/data/####/a2ba782fb3389f7f247541d41187a5d91943343a1495baf....0.tmp
- /data/data/####/a5f3ba3188096107dd9cfe4869c63b2817dbd3aead06165....0.tmp
- /data/data/####/a==7.5.4&&1.1.0_1547247442978_envelope.log
- /data/data/####/aa0e16881ea2c06137155d63e18ef0375bcf807aa9755c0....0.tmp
- /data/data/####/ada05774f5f83d482d0294391efb099056e5fb50eecda26....0.tmp
- /data/data/####/adaae55a41cbe7146117176d03e4809743b139f05bf3ba7....0.tmp
- /data/data/####/af22166f05ec8d0ee425d6675e93285e3e3c4468f5492f5....0.tmp
- /data/data/####/afdd29856b245da740b0d82d85e8b4dc34c6c2d4f9cf87c....0.tmp
- /data/data/####/authStatus_com.mgmt.woniuge.xml
- /data/data/####/authStatus_com.mgmt.woniuge;remote.xml
- /data/data/####/b42469608c2065e96bf52a6ece1ab1dfbd3f9e18eace4f8....0.tmp
- /data/data/####/b489b5edb0e42e8ea5b32d7dfdf706bbda56ce74e850c3e....0.tmp
- /data/data/####/b6d60f82a86f73a8231655571f832a67213c586be418f15....0.tmp
- /data/data/####/b7d3ce0b39e6e7b42f7b63af774e41c12de2a9b92a99110....0.tmp
- /data/data/####/b9952b48a5e2ff9f4f8dd67c95a0927c025252b40166e98....0.tmp
- /data/data/####/baseindoormap.sty
- /data/data/####/bf4b5cc58985d6b945a08c0bb861c272fafe52930a003e1....0.tmp
- /data/data/####/bugly_db_-journal
- /data/data/####/bugly_db_legu-journal
- /data/data/####/c828e7167e87f44e893c6176f9195b2d545efbc5ff8ac45....0.tmp
- /data/data/####/c8da6d75b39e31ac7fdc8f5dca230099828913217ca661c....0.tmp
- /data/data/####/c9f4e4c8356c3ed4c2fa183948583f3d67d3fcbcd4ea3bf....0.tmp
- /data/data/####/ca9eea78b566b1e119b2d93964a3f6c2dcfadc7a0e27d25....0.tmp
- /data/data/####/ccbc231047231b23dbf42abad9f61ca80ff9036f73044a9....0.tmp
- /data/data/####/cff9968a5c3b87b24dbff1be87869b13044bd02bb2b2a27....0.tmp
- /data/data/####/crashrecord.xml
- /data/data/####/d13ec67816b4df8f4d5de179cb97d2711ff3adaa6b53143...ecc8.0
- /data/data/####/d1bc733f328c8f61a0ef99a4605d4a6a8946cbaa88d6a7d....0.tmp
- /data/data/####/d397071db1ad53c13212f718a9e34a4e6d1a5afa4e62a41....0.tmp
- /data/data/####/d690537e3165b79233097770271c394f8c42a322038482b....0.tmp
- /data/data/####/d9297e009b4aa1047baec82abd51dcad5997fa1a2522b8d....0.tmp
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTQ3MjQ3NDQwOTE0;
- /data/data/####/da7771a25c4e9305781a69ee3260b3350c9b915142e895e....0.tmp
- /data/data/####/dab336bcb5cd2dd4b544c7e5209b0ae5efbb58530b84535....0.tmp
- /data/data/####/db64bbcf7ad1deb28a92e75d7d0cffea8bfe32629132601....0.tmp
- /data/data/####/db9299bb671201be5ff3daab4cddaa38daf3439ed316538....0.tmp
- /data/data/####/dc3d1b0cf48f707103a7199b1ef7801492995abee0e1266....0.tmp
- /data/data/####/dd3ee57a4839659ea5b69ef7216778bb64f40543db1395e....0.tmp
- /data/data/####/domain_1
- /data/data/####/e0aa17413679c763aeefe63d4393492073cdb011e38a856....0.tmp
- /data/data/####/e7930879cc769f6eca86f73e1e419e0431fd1dd996f3b26....0.tmp
- /data/data/####/e7b25fefd5ce20d21868d38357a034d8395485beae71def....0.tmp
- /data/data/####/e813f7fdff08583774210fdd3b97a9a58ae9671d5609e0a....0.tmp
- /data/data/####/ebb41171af9f3bb254859de7a947a8653c55f07c0184225....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f13f436fa549dacc84519a22384ac580acc49175bdbbc4f....0.tmp
- /data/data/####/f190edff32a862e4e30d8ec3518bf1cf362745847ea6788....0.tmp
- /data/data/####/f24e5aa03e94d9935e68ddbbe273aba6a7b2b2f173c0eba....0.tmp
- /data/data/####/f34c267102cb770701b0d7f2826e2ef0e7b55f464165a73....0.tmp
- /data/data/####/f91bdbb495e541f18c891951e7fedd0ae1b9c07eddb74f2....0.tmp
- /data/data/####/fc424ad5e168a05b64f91a9a71be59cf185c4dff728b74c....0.tmp
- /data/data/####/fecb6d93f5da37908d27594101982e807af91050f218d7d....0.tmp
- /data/data/####/firll.dat
- /data/data/####/hst.db
- /data/data/####/hst.db-journal
- /data/data/####/i==1.2.0&&1.1.0_1547247442126_envelope.log
- /data/data/####/info.xml
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libnfix.so
- /data/data/####/libshella-2.9.0.2.so
- /data/data/####/libufix.so
- /data/data/####/local_crash_lock
- /data/data/####/map.rs
- /data/data/####/map.sty
- /data/data/####/map_pref.xml
- /data/data/####/mix.dex
- /data/data/####/mob_commons_1
- /data/data/####/mob_sdk_exception_1
- /data/data/####/native_record_lock
- /data/data/####/reduct.rs
- /data/data/####/reduct.sty
- /data/data/####/security_info
- /data/data/####/sobot_chat_20190111_log.txt
- /data/data/####/sobot_config.xml
- /data/data/####/traffic.rs
- /data/data/####/traffic.sty
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/um_pri.xml
- /data/data/####/umdat.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_common_location.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/ver.dat
- /data/data/####/wng_sp.xml
- /data/media/####/.a.dat
- /data/media/####/.adfwe.dat
- /data/media/####/.artc_lock
- /data/media/####/.cca.dat
- /data/media/####/.cuid2
- /data/media/####/.di
- /data/media/####/.dic_lock
- /data/media/####/.duid
- /data/media/####/.globalLock
- /data/media/####/.im_lock
- /data/media/####/.lesd_lock
- /data/media/####/.mn_-1464060969
- /data/media/####/.nomedia
- /data/media/####/.pkg_lock
- /data/media/####/.pkgs_lock
- /data/media/####/.rc_lock
- /data/media/####/.slw
- /data/media/####/.ss_lock
- /data/media/####/.umm.dat
- /data/media/####/DTTempdat.dat
- /data/media/####/DTTempdat.idx
- /data/media/####/DVUserdat.cfg
- /data/media/####/test.0
- /data/media/####/yoh.dat
- /data/media/####/yol.dat
- /data/media/####/yom.dat
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh -c getprop
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- cat /sys/class/net/wlan0/address
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.9.0.2.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- getprop
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- logcat -d -v threadtime
- ls /
- ls /sys/class/thermal
Loads the following dynamic libraries:
- BaiduMapSDK_base_v5_2_1
- BaiduMapSDK_map_v5_2_1
- Bugly
- libnfix
- libshella-2.9.0.2
- libufix
- locSDK7b
- nfix
- ufix
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-NoPadding
- AES-GCM-NoPadding
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
