Technical information
- Android.Backdoor.627.origin
- Android.Mobifun.11.origin
- Android.RemoteCode.6122
- Android.Triada.491.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) d####.doodlem####.com:8080
- TCP(HTTP/1.1) f2.doodlem####.com:80
- TCP(HTTP/1.1) fff.abcdse####.com:8666
- TCP(HTTP/1.1) newfeat####.perfect####.com:80
- TCP(HTTP/1.1) cdn.dc####.com:8080
- TCP(HTTP/1.1) d239g0z####.cloudf####.net:80
- TCP(TLS/1.0) bcd.lk####.com:443
- TCP(TLS/1.0) ws.tapjo####.com:443
- TCP(TLS/1.0) abc.lk####.com:443
- TCP(TLS/1.0) c####.isp####.com:443
- TCP(TLS/1.0) and####.cli####.go####.com:443
- TCP(TLS/1.0) f####.only####.com:443
- TCP(TLS/1.0) con####.ta####.com:443
- TCP(TLS/1.0) s3.amazo####.com:443
- TCP(TLS/1.0) d####.fl####.com:443
- TCP(TLS/1.0) log.lk####.com:443
- TCP(TLS/1.0) h.online-####.net:443
- abc.lk####.com
- and####.cli####.go####.com
- bcd.lk####.com
- c####.isp####.com
- cdn.dc####.com
- con####.ta####.com
- con####.ta####.com
- d####.doodlem####.com
- d####.fl####.com
- d239g0z####.cloudf####.net
- f####.only####.com
- f2.doodlem####.com
- feat####.perfect####.com
- fff.abcdse####.com
- h.online-####.net
- log.lk####.com
- lp.cooktra####.com
- mt####.go####.com
- newfeat####.perfect####.com
- p####.9b####.com
- rrx68gi####.d.aa.####.net
- rrx68gi####.d.aa.####.net
- rrx68gi####.d.aa.####.net
- rrx68gi####.d.aa.####.net
- rrx68gi####.d.aa.####.net
- s3.amazo####.com
- ws.tapjo####.com
- cdn.dc####.com:8080/group1/M00/00/08/ChmjBl38NHuAeVgUAATcA1fW0RY272.enc
- d239g0z####.cloudf####.net/icons/icon_drumpad.png
- d####.doodlem####.com:8080/dmdata_zmm/ReceiveServlet
- f2.doodlem####.com/feature_server/fullScreen/get.php
- f2.doodlem####.com/feature_server/geo-ip/test.php
- fff.abcdse####.com:8666/bd/getIp
- newfeat####.perfect####.com/featureview/getfeatureview/
- /data/data/####/.FlurrySenderIndex.info.AnalyticsData_XZPSVKMH3...YV_172
- /data/data/####/.FlurrySenderIndex.info.AnalyticsMain
- /data/data/####/.dmgames_prefs.xml
- /data/data/####/.flurryagent.2da95a23
- /data/data/####/.flurrydatasenderblock.2da46d5d-e9bb-458e-8487-...7e217d
- /data/data/####/.flurrydatasenderblock.478d80b7-be48-4cef-b311-...475493
- /data/data/####/.flurrydatasenderblock.655666ff-7a30-4875-8572-...c03f90
- /data/data/####/.flurrydatasenderblock.b833ea36-c93a-427a-8b52-...99d5ba
- /data/data/####/.flurrydatasenderblock.c3e7215d-f49d-4718-b696-...f87dbc
- /data/data/####/.flurrydatasenderblock.ca77557e-6418-4200-a3e9-...2bb8f0
- /data/data/####/.flurrydatasenderblock.e246d5f5-3c41-4980-9020-...32ff46
- /data/data/####/.flurrydatasenderblock.f3976b0a-e6e0-428c-8b68-...99f1bc
- /data/data/####/.flurrydatasenderblock.f4916db4-2561-4e33-a01f-...726774
- /data/data/####/.jg.ic
- /data/data/####/0f901bb3_300b_4e8e_b06f_55b692572c23.jar
- /data/data/####/14275abd_ce84_4ace_a209_4540c8ffdc6a.jar
- /data/data/####/1611565863085.log
- /data/data/####/1d76cb07_8778_4d97_811e_41a798df312a.jar
- /data/data/####/2078793401
- /data/data/####/240b7b98_3913_44a0_9d00_61ea90a14d0a.jar
- /data/data/####/28b2d0ff_5094_4e2d_ac95_c783054b4400.jar
- /data/data/####/2be3b6f5_f039_4af8_a969_f6532bdf4736.jar
- /data/data/####/3064790.dex (deleted)
- /data/data/####/3064790.jar
- /data/data/####/3064976.jar
- /data/data/####/3065297.jar
- /data/data/####/3066006.jar
- /data/data/####/3066731.jar
- /data/data/####/3067534.jar
- /data/data/####/3127248a_c8fc_4e08_94c5_264213ddcbd6.jar
- /data/data/####/4609a46e_7f6c_4ddc_9c72_bc290df1ee32.jar
- /data/data/####/62f2082e_9474_4306_ba36_e2da01a96bc4.jar
- /data/data/####/84548D0CAE87BF7CB2D898B7C0E78CCC.xml
- /data/data/####/8DE2282CB8AD7775422636DA8C5F6ECA.xml
- /data/data/####/8e401ac2_ad79_41c8_9768_44dc307272f6.jar
- /data/data/####/9a9bbcea_270b_47ea_a91e_ff334e4e3141.jar
- /data/data/####/9e93ce76_5917_4170_be09_ddcb404b3c20.jar
- /data/data/####/E4BA2F49415D1AAD5E8979FB2DDBCDCC.xml
- /data/data/####/ThreatMetrixMobileSDK.xml
- /data/data/####/a091d827_61b5_4891_9dba_d343c9e7a938.jar
- /data/data/####/ads-1337163965.jar
- /data/data/####/b37615ff_cc57_4179_8a35_339709b4ef24.jar
- /data/data/####/b7305d7f_82e4_4d71_a6ef_8898d46e96f2.jar
- /data/data/####/bstdq66b0ae2175774e1d94129abc5035aa80.so
- /data/data/####/c8aad412_1d96_478a_a19c_87cc300ddf2b.jar
- /data/data/####/c90a5ef54738e5286e82fd69fa182b612553.temp
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/com.jzb.adventurer.xml
- /data/data/####/d17bdf77_0dc1_4570_a7f6_6c71566bfa26.jar
- /data/data/####/d187c76a4c1b4236eace0d6fe2e866dd.d
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dkzzgb7b4e41fdfed4d4aa8ac2f176e20111b.so
- /data/data/####/e65b042d_0c66_4ed3_a814_20871c00a5b7.jar
- /data/data/####/e76eafda_284a_49aa_a4a0_992a497ef06c.jar
- /data/data/####/ef520368_7a54_4616_b89f_5b961fe54396.dex (deleted)
- /data/data/####/ef520368_7a54_4616_b89f_5b961fe54396.jar
- /data/data/####/f29f8938_4c75_44cc_a49f_b952f04dbfca.jar
- /data/data/####/fb4267d660c129daa3aaef39377055bc.jar
- /data/data/####/ffc392e3_7e6a_4ddd_b9b6_803f7738c1c6.jar
- /data/data/####/gaClientId
- /data/data/####/gpay_res.apk
- /data/data/####/h.online-metrix.net.443
- /data/data/####/index
- /data/data/####/jquery_1_7.applet
- /data/data/####/libjiagu-454168803.so
- /data/data/####/omeqq2b0977af70c34efdb65433a32f63d6eb.so
- /data/data/####/pay_event_7_7.applet
- /data/data/####/pay_method_card_1_7.applet
- /data/data/####/pay_method_mobile_2_7.applet
- /data/data/####/pay_sms_6_7.applet
- /data/data/####/qbw.so
- /data/data/####/tjcPrefrences.xml
- /data/data/####/tkufte.dex (deleted)
- /data/data/####/tkufte.jar
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/umeng_general_config.xml.bak (deleted)
- /data/data/####/web2553.temp
- /data/data/####/web2874.temp
- /data/data/####/webview.db
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromium.db-journal (deleted)
- /data/data/####/webyw
- /data/data/####/webyw.dex
- /data/data/####/webyw.jar
- /data/data/####/yyxsk3081dabdefb94ad2ab1a6751ef503e0a.so
- /data/data/####/zcwcmefb71da2eef54c448b4d8f05f97606a0.so
- /data/data/####/zcwcmefb71da2eef54c448b4d8f05f97606a0.so (deleted)
- /data/media/####/.nomedia
- /data/media/####/04a099a3831a550da1008c519a6345ec.xml
- /data/media/####/613db30a8c2012b96698ad804613de34.xml
- /data/media/####/8e15625d6c158ec48f374efb77bd2714_54.8e
- /data/media/####/8e15625d6c158ec48f374efb77bd2714_94.8e
- /data/media/####/aHR0cDovL2QyMzlnMHo2N2pjdGVkLmNsb3VkZnJvbnQubm...5wbmc=
- /data/media/####/cfg.xml
- /data/media/####/global.xml
- /data/media/####/gpay_jquery_1_7.ap
- /data/media/####/gpay_pay_event_7_7.ap
- /data/media/####/gpay_pay_method_card_1_7.ap
- /data/media/####/gpay_pay_method_mobile_2_7.ap
- /data/media/####/gpay_pay_sms_6_7.ap
- /data/media/####/gptrxsn.bak
- /data/media/####/gptrxsn.lock
- /data/media/####/gptrxsn.rlck
- /data/media/####/gptrxsn.wlck
- /data/media/####/use.xml
- /data/media/####/web.apk
- /data/media/####/webadlist_1.cache
- /data/media/####/webadlist_1.xml
- /data/media/####/webadlist_1_last.cache
- /data/media/####/webinfo.xml
- /system/bin/cat /proc/cpuinfo
- cat /proc/cpuinfo
- ps
- X86Bridge
- bstdq66b0ae2175774e1d94129abc5035aa80
- dkzzgb7b4e41fdfed4d4aa8ac2f176e20111b
- libjiagu-454168803
- mono
- omeqq2b0977af70c34efdb65433a32f63d6eb
- qbw
- trustdefender-jni
- unity
- webyw
- yyxsk3081dabdefb94ad2ab1a6751ef503e0a
- zcwcmefb71da2eef54c448b4d8f05f97606a0
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-CFB-NoPadding
- AES-ECB-PKCS5Padding
- DES-ECB-NoPadding
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding
- AES
- AES-CBC-NoPadding
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-CFB-NoPadding
- DES-ECB-NoPadding
- Des-ECB-NoPadding
- RSA-ECB-PKCS1Padding