Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Mixi.16.origin
Network activity:
Connecting to:
- s####.####.com
- g####.####.com
- i####.####.com
- a####.####.cn
- o####.####.com
- p####.####.com
- d####.####.com
- api####.####.com
- 1####.####.225
- m####.####.com
- a####.####.com
- b####.####.com
HTTP GET requests:
- s####.####.com/site/download/app/pl/news_article/112/ss_plugin_config.js...
- s####.####.com/list/190x124/1bf5001fcf7655d6c759.webp
- s####.####.com/list/190x124/1bc8000a310225673f70.webp
- d####.####.com/get_domains/v4/?ac=####&channel=####&aid=####&app_name=##...
- i####.####.com/concern/v2/follow/list/?plugin_info=####&iid=####&device_...
- p####.####.com/list/190x124/1e160007185de75da3a5.webp
- s####.####.com/toutiao/resource/tt_search/page/concern/swipe_3dffcb3.js
- m####.####.com/monitor/appmonitor/v2/settings?iid=####&device_id=####&ac...
- s####.####.com/list/190x124/1bf60019b951f6f67bf7.webp
- a####.####.cn/article/content/15/1/6409025899438915842/64090302568999162...
- s####.####.com/site/promotion/misc/whitelist.json?v=####&iid=####&device...
- i####.####.com/promotion/app/lt/?ac=####&channel=####&aid=####&app_name=...
- i####.####.com/2/article/hot_words/?iid=####&device_id=####&ac=####&chan...
- s####.####.com/video1609/1d1600067676dca7afb1
- s####.####.com/feedback/2/list/?appkey=####&count=####&iid=####&device_i...
- s####.####.com/inapp/log/combine.js
- i####.####.com/push/get_service_addrs/?ac=####&channel=####&aid=####&app...
- s####.####.com/article/content/15/1/6294201752254153217/6294201752254153...
- i####.####.com/api/news/feed/v50/?category=####&refer=####&count=####&li...
- i####.####.com/2/article/v50/refresh_tip/?category=####&min_behot_time=#...
- b####.####.com/app/config?os=####&key=####&sdkv=####
- s####.####.com/site/download/app/apk/news_article/app_replaceable_images...
- s####.####.com/cr/sdk/170417/des_V17041703Aj1so32.zip
- s####.####.com/article/content/15/1/6413893296569467137/6414210338652160...
- s####.####.com/article/content/15/1/6390252254292607233/6390252254292607...
- a####.####.cn/article/content/15/1/6414202521607241986/64142092104850478...
- i####.####.com/service/1/app_activity/?view_cursor=####&iid=####&device_...
- p####.####.com/list/190x124/1dcb0005b089656deff2.webp
- s####.####.com/article/content/15/1/6414023520719978754/6414026918693175...
- s####.####.com/article/content/15/1/6414051926740517122/6414056741696176...
- p####.####.com/video1609/71b000bd5b7d906a3cf
- a####.####.cn/article/content/15/1/6410278780740583681/64102815036950615...
- i####.####.com/follow/update/tips/?update_time=####&update_version=####&...
- p####.####.com/large/9494/7416271406
- m####.####.com/monitor/settings/?ac=####&channel=####&aid=####&app_name=...
- s####.####.com/article/content/15/1/6412111898090930433/6412386450045665...
- s####.####.com/inapp/TTAdblock.css
- s####.####.com/list/190x124/1dcb0005d06d0a8a3c7a.webp
- s####.####.com/list/190x124/1bc9000a65391ec65442.webp
- i####.####.com/api/news/feed/v50/?category=####&refer=####&count=####&la...
- s####.####.com/list/190x124/1bf6001d6eac236800a6.webp
- s####.####.com/toutiao/resource/tt_search/page/concern/concern_ac994b2.js
- i####.####.com/search/suggest/homepage_suggest/?ac=####&channel=####&aid...
- s####.####.com/site/download/app/hijack/108/black_list_20170331.json?iid...
- g####.####.com/cr/sv/getGoFile?name=####
- i####.####.com/2/article/city/?ac=####&channel=####&aid=####&app_name=##...
- g####.####.com/cr/sv/getRecord?eids=####&appKey=####&flag=####
- s####.####.com/2/user/info/?iid=####&device_id=####&ac=####&channel=####...
- a####.####.cn/article/content/15/1/6414249278520164866/64142492785201648...
- s####.####.com/article/content/15/1/6411293306331857409/6411293308999434...
- s####.####.com/list/190x124/1b8700036e86378ad9f1.webp
- s####.####.com/site/download/plugin_patch/plugin/c346702aec1b91fbbc081bf...
- i####.####.com/user/tab/tabs/?iid=####&device_id=####&ac=####&channel=##...
- s####.####.com/cr/sdk/170417/goplaysdk_statistics_all_1704171.dat
- i####.####.com/entry/subscription_list/v1/?req_type=####&iid=####&device...
- s####.####.com/thumb/96a00278d7bf9c57bb2
- s####.####.com/toutiao/resource/tt_search/static/js/lib/zepto-1.1.6.min_...
- s####.####.com/service/2/app_notify/?allow_notify=####&leave_time=####&i...
- s####.####.com/toutiao/resource/tt_search/page/concern/concern_e64197c.png
- s####.####.com/article/content/15/1/6414098078407868673/6414170952287912...
- p####.####.com/list/190x124/1e16000928dbacc4dee9.webp
- p####.####.com/list/190x124/1bf4000e8c170068a9b7.webp
- s####.####.com/site/app_web_article_online_updates/android_63_f4ed361115...
- p####.####.com/toutiao/resource/tt_search/static/js/lib/common_f64cdb7.js
- s####.####.com/service/2/app_alert/?has_market=####&lang=####&carrier=##...
- s####.####.com/inapp/toutiao.js
- s####.####.com/list/190x124/1bc80009fff1b151b926.webp
- s####.####.com/article/content/15/1/6414039176098611457/6414044765947429...
- i####.####.com/video_api/get_category/v1/?iid=####&device_id=####&ac=###...
- s####.####.com/article/content/15/1/6414253535291097346/6414257573825888...
- p####.####.com/large/135300016f5a4f3a312d
- i####.####.com/search/suggest/homepage_suggest/?iid=####&device_id=####&...
- s####.####.com/__utm.gif?screen=####&dpr=####&net_type=####&iframes=####...
- s####.####.com/2/user/info/?ac=####&channel=####&aid=####&app_name=####&...
HTTP POST requests:
- i####.####.com/api/ad/comment/v1/?ac=####&channel=####&aid=####&app_name...
- api####.####.com/v3/log/init
- g####.####.com/cr/sv/getEPList
- i####.####.com/location/suloin/?ac=####&channel=####&aid=####&app_name=#...
- i####.####.com/service/1/collect_settings/?iid=####&device_id=####&ac=##...
- i####.####.com/article/category/sort/v1/?ac=####&channel=####&aid=####&a...
- o####.####.com/v2/check_config_update
- i####.####.com/api/news/feed/v50/?iid=####&device_id=####&ac=####&channe...
- i####.####.com/api/news/feed/v50/?ac=####&channel=####&aid=####&app_name...
- o####.####.com/v2/get_update_time
- i####.####.com/service/14/app_ad/?_unused=####&carrier=####&mcc_mnc=####...
- i####.####.com/service/1/z_app_stats/?iid=####&device_id=####&ac=####&ch...
- i####.####.com/service/1/collect_settings/?ac=####&channel=####&aid=####...
- i####.####.com/service/2/app_log_config/?iid=####&device_id=####&ac=####...
- i####.####.com/article/category/get_subscribed/v1/?ac=####&channel=####&...
- a####.####.com/app_logs
- 1####.####.225/dreport
- s####.####.com/service/2/app_log_config/?ac=####&channel=####&aid=####&a...
- i####.####.com/cloudpush/callback/register_device/?iid=####&device_id=##...
- d####.####.com/xs.gif?k=####&iv=####&c=####&dm=####&ac=####&s=####
- i####.####.com/api/ad/share/v1/?ac=####&channel=####&aid=####&app_name=#...
Modified file system:
Creates the following files:
- /data/data/####/cache/load_dex.tmp
- /data/data/####/files/ss_js_res/tempimage1037851146.tmp
- /data/data/####/files/ss_js_res/63/v55/images/picture_details_night@2x.png
- /data/data/####/cache/image_cache/v2.ols100.1/7/gZNXuNR8SyjkXOpYPQ9OIOuU4k8.-1491253630.tmp
- /data/data/####/shared_prefs/ACCS_SDK_CHANNEL.xml
- /data/data/####/databases/article.db-journal
- /data/data/####/files/ss_js_res/63/v60/js/android.js
- /data/data/####/files/ss_hijack_res/63/v60/js/lib.js
- /data/data/####/files/ss_hijack_res/63/v55/images/image_bg_click_night.png
- /sdcard/Android/data/com.snssdk.api/cache/clientudid.dat
- /data/data/####/shared_prefs/Alvin2.xml
- /data/data/####/shared_prefs/main_app_settings.xml
- /data/data/####/files/ss_hijack_res/63/v55/images/image_bg_click.png
- /data/data/####/shared_prefs/ss_comment_ad.xml
- /data/data/####/files/ss_hijack_res/63/v60/js/android.js
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/files/ss_hijack_res/63/v60/images/follow_guide.png
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/files/ss_js_res/63/v60/images/spinner_night.png
- /data/data/####/databases/message_accs_db-journal
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/databases/ss_app_log.db-journal
- /sdcard/backups/system/.timestamp
- /data/data/####/files/ss_js_res/63/v55/images/spinner_night.png
- /data/data/####/files/ss_js_res/63/v55/js/lib.js
- /data/data/####/shared_prefs/multi_process_config.xml
- /data/data/####/files/ss_hijack_res/63/v60/images/picture_details@2x.png
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/files/secondary-dexes/####-1.apk.classes1235980114.zip
- /data/data/####/shared_prefs/plugin_update_info.xml
- /data/data/####/files/ss_hijack_res/63/v55/css/forum.css
- /data/data/####/shared_prefs/ss_app_config.xml
- /data/data/####/shared_prefs/imei.xml
- /data/data/####/files/ss_hijack_res/63/v60/images/musicplayer_states_night@3x.png
- /data/data/####/databases/ss_push_log.db-journal
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /data/data/####/files/ss_tab_config_res/tempimage1202485199.tmp
- /data/data/####/databases/accs.db-journal
- /data/data/####/shared_prefs/multidex.version.xml
- /data/data/####/cache/image_cache/v2.ols100.1/18/ylIbvVN6KA3jt0qRpHXuQYQSO9A.-1824726895.tmp
- /data/data/####/files/ss_js_res/android.js.dat
- /data/data/####/files/ss_tab_config_res/208/tab_background.png
- /data/data/####/files/ss_js_res/63/v55/images/picture_details@2x.png
- /data/data/####/shared_prefs/pre_control.xml
- /data/data/####/files/__local_ap_info_cache.json
- /data/data/####/shared_prefs/ACCS_SDK.xml.bak
- /sdcard/Android/data/####/cache/locationCache/journal
- /data/data/####/files/ss_tab_config_res/208/tab_mine_pressed.png
- /data/data/####/files/ss_hijack_res/63/v60/images/spinner_night.png
- /data/data/####/files/ss_tab_config_res/208/tab_video_night_pressed.png
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /sdcard/backups/system/.confd-journal
- /data/data/####/files/ss_tab_config_res/208/tab_no_login.png
- /data/data/####/files/ss_hijack_res/63/v60/images/iconfont.ttf
- /data/data/####/files/ss_js_res/63/v55/images/iconfont.ttf
- /data/data/####/files/ss_js_res/63/v60/images/toast_keywords_refresh_white@3x.png
- /data/data/####/files/ss_js_res/63/v60/images/spinner.png
- /data/data/####/files/ss_tab_config_res/208/tab_mine_night.png
- /data/data/####/files/ss_js_res/63/v55/images/toast_keywords_refresh_gray@3x.png
- /data/data/####/files/ss_js_res/63/v55/images/image_bg_loading_night.png
- /data/data/####/files/ss_js_res/63/v55/images/gificon_textpage_night@2x.png
- /data/data/####/files/ss_js_res/63/v60/images/toast_keywords_refresh_gray@2x.png
- /data/data/####/files/ss_js_res/63/v60/images/follow_guide.png
- /data/data/####/files/ss_hijack_res/63/v55/images/spinner.png
- /data/data/####/files/DaemonServer
- /data/data/####/files/ss_tab_config_res/208/tab_no_login_pressed.png
- /data/data/####/files/ss_tab_config_res/208/tab_stream_night_pressed.png
- /data/data/####/files/ss_hijack_res/63/v60/css/android.css
- /data/data/####/files/ss_tab_config_res/208/feed_publish_night_pressed.png
- /data/data/####/shared_prefs/monitor_config.xml
- /data/data/####/files/ss_js_res/63/v55/images/toast_keywords_refresh_gray@2x.png
- /data/data/####/files/__local_stat_cache.json
- /data/data/####/shared_prefs/app_setting.xml.bak
- /data/data/####/cache/image_cache/v2.ols100.1/43/iAGJjTth4xaNKqk4MwNzdpM6_AU.-968923495.tmp
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
- /data/data/####/cache/image_cache/v2.ols100.1/24/99dJ9Cw66NmxqFkBvPpRXR9UVmc.-71141785.tmp
- /data/data/####/files/ss_hijack_res/63/v55/js/lib.js
- /data/data/####/files/ss_hijack_res/63/v60/images/toast_keywords_refresh_white@3x.png
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/files/ss_tab_config_res/208/feed_publish_pressed.png
- /data/data/####/files/ss_tab_config_res/208/tab_stream.png
- /data/data/####/files/ss_hijack_res/63/v60/images/image_bg_click_night.png
- /sdcard/backups/system/.confd
- /data/data/####/cache/image_cache/v2.ols100.1/62/JZmGOv1kcriQyFi_yJ1xZkA354U.1264538626.tmp
- /data/data/####/files/libcuid.so
- /data/data/####/files/ss_hijack_res/tempimage-445769807.tmp
- /data/data/####/files/1493298766388_V17041703Aj1so32.so
- /data/data/####/files/ss_hijack_res/63/v55/images/Play_night@3x.png
- /data/data/####/files/hftJcw46N.jar
- /data/data/####/shared_prefs/last_know_location.xml
- /data/data/####/files/ss_js_res/63/v55/images/spinner.png
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao_pressed.png
- /data/data/####/cache/ss-http-cache-v2/journal
- /data/data/####/files/ss_js_res/63/v60/images/image_bg_loading_night.png
- /data/data/####/cache/ss-http-cache-v2/ba757efd883045f18ec126484dd0808d.1.tmp
- /data/data/####/files/ss_hijack_res/63/v55/images/follow_guide.png
- /data/data/####/databases/MsgLogStore.db-journal
- /data/data/####/files/ss_tab_config_res/208/.DS_Store
- /data/data/####/files/ss_tab_config_res/208/tab_video.png
- /data/data/####/shared_prefs/com.ss.spipe_setting.xml
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/files/ss_js_res/63/v60/images/Play@3x.png
- /data/data/####/files/ss_tab_config_res/208/feed_publish.png
- /data/data/####/files/ss_tab_config_res/208/refresh.png
- /data/data/####/files/ss_tab_config_res/208/tab_video_night.png
- /data/data/####/files/ss_js_res/63/v55/images/follow_guide.png
- /data/data/####/files/ss_hijack_res/detect.js.dat
- /data/data/####/databases/feedback.db-journal
- /data/data/####/files/ss_js_res/63/v60/images/Play_night@3x.png
- /data/data/####/files/ss_tab_config_res/208/tab_topic_pressed.png
- /data/data/####/files/ss_js_res/63/v60/css/android.css
- /sdcard/.UTSystemConfig/Global/Alvin2.xml
- /data/data/####/databases/MessageStore.db-journal
- /data/data/####/files/ss_tab_config_res/208/refresh_night.png
- /data/data/####/cache/ss-http-cache-v2/ba757efd883045f18ec126484dd0808d.0.tmp
- /data/data/####/shared_prefs/snssdk_openudid.xml
- /data/data/####/files/mobclick_agent_cached_####599
- /data/data/####/shared_prefs/ss_share_ad.xml
- /data/data/####/files/ss_js_res/63/v55/js/android.js
- /data/data/####/files/ss_hijack_res/63/v55/images/musicplayer_states_night@3x.png
- /data/data/####/files/ss_plugins/ss_plugin.json
- /data/data/####/files/ss_hijack_res/63/v55/images/iconfont.ttf
- /data/data/####/files/hijckBlacklist/tempimage504152709.tmp
- /data/data/####/files/ss_js_res/63/v55/images/Play@3x.png
- /data/data/####/files/ss_js_res/63/v60/images/musicplayer_states_night@3x.png
- /data/data/####/files/ss_tab_config_res/208/tab_no_login_night.png
- /data/data/####/shared_prefs/traffic_monitor_info.xml
- /data/data/####/files/ss_tab_config_res/208/tab_video_pressed.png
- /data/data/####/files/ss_hijack_res/63/v55/images/picture_details@2x.png
- /data/data/####/files/ss_hijack_res/63/v55/images/gificon_textpage_night@2x.png
- /sdcard/Android/data/####/cache/locationCache/journal.tmp
- /data/data/####/files/ss_js_res/63/v60/images/image_bg_click_night.png
- /data/data/####/files/umeng_it.cache
- /data/data/####/cache/image_cache/v2.ols100.1/70/79sa--0ondPKErqsInS-aiHQPPA.298418336.tmp
- /data/data/####/files/ss_hijack_res/63/v60/images/Play_night@3x.png
- /data/data/####/databases/ss_push_log.db
- /data/data/####/files/ss_js_res/63/v55/images/gificon_textpage@2x.png
- /data/data/####/app_file_dex/MasterControl.jar
- /data/data/####/files/ss_js_res/63/v55/css/android.css
- /data/data/####/files/secondary-dexes/####-1.apk.classes-208410378.zip
- /data/data/####/databases/article.db
- /data/data/####/files/ss_tab_config_res/208/feed_publish_night.png
- /data/data/####/files/ss_js_res/63/v60/images/gificon_textpage@2x.png
- /data/data/####/files/bksb2DB8520H4/5bksb2DB8520H46
- /data/data/####/files/ss_hijack_res/63/v60/images/picture_details_night@2x.png
- /data/data/####/files/ss_js_res/63/v60/images/toast_keywords_refresh_gray@3x.png
- /data/data/####/files/ss_js_res/63/v55/images/musicplayer_states_night@3x.png
- /data/data/####/cache/image_cache/v2.ols100.1/64/47AOT6hiGovT1lXTUxl3zb3kgiE.1713920695.tmp
- /data/data/####/files/ss_tab_config_res/208/tab_mine.png
- /data/data/####/cache/image_cache/v2.ols100.1/22/GogFzVpvd6yXM2EQRQXxlGjh5Sk.1309416906.tmp
- /data/data/####/files/ss_js_res/63/v60/images/iconfont.ttf
- /data/data/####/files/ss_js_res/63/v55/images/image_bg_click.png
- /sdcard/backups/.SystemConfig/.cuid2
- /data/data/####/files/ss_hijack_res/63/v60/images/Play@3x.png
- /data/data/####/shared_prefs/Agoo_AppStore.xml
- /data/data/####/files/ss_js_res/63/v55/images/Play_night@3x.png
- /data/data/####/shared_prefs/sp_my_concern.xml
- /data/data/####/shared_prefs/ss_splash_ad.xml
- /sdcard/Android/data/.nomedia
- /data/data/####/shared_prefs/hijack_info.xml
- /data/data/####/files/ss_hijack_res/63/v55/images/toast_keywords_refresh_white@2x.png
- /data/data/####/files/ss_hijack_res/63/v55/images/spinner_night.png
- /data/data/####/databases/ss_app_monitor.db-journal
- /data/data/####/files/ss_hijack_res/63/v60/images/image_bg_loading.png
- /data/data/####/files/ss_tab_config_res/208/tab_stream_pressed.png
- /data/data/####/files/ss_tab_config_res/208/tab_stream_night.png
- /data/data/####/files/ss_hijack_res/63/v55/css/android.css
- /data/data/####/files/ss_hijack_res/63/v60/images/Play_night@2x.png
- /data/data/####/files/ss_tab_config_res/208/tab_mine_night_pressed.png
- /data/data/####/ReadyHost.txt
- /data/data/####/cache/image_cache/v2.ols100.1/13/FesW8frVIVK2Q8fNqIH_fGdmAPQ.421643802.tmp
- /data/data/####/cache/image_cache/v2.ols100.1/59/f8k-zJd415eNOB3TsTRFbhnPc00.1989072081.tmp
- /data/data/####/files/ss_hijack_res/63/v55/js/android.js
- /data/data/####/files/ss_hijack_res/63/v55/images/musicplayer_states@3x.png
- /data/data/####/files/ss_hijack_res/63/v60/images/gificon_textpage_night@2x.png
- /sdcard/.DataStorage/ContextData.xml
- /data/data/####/files/ss_hijack_res/63/v55/images/image_bg_loading_night.png
- /data/data/####/files/ss_hijack_res/63/v60/images/toast_keywords_refresh_gray@3x.png
- /data/data/####/cache/image_cache/v2.ols100.1/77/wNWknhZWf6OsJYRyP6jSz84NL-I.1227970472.tmp
- /data/data/####/cache/ss_monitor_trace_logs/ss_monitor_trace-trace_file_1tt-trace.trace
- /data/data/####/shared_prefs/misc_config.xml
- /data/data/####/files/ss_hijack_res/63/v55/images/image_bg_loading.png
- /data/data/####/files/ss_hijack_res/63/v60/images/image_bg_loading_night.png
- /data/data/####/files/ss_hijack_res/63/v60/images/musicplayer_states@3x.png
- /sdcard/Android/data/####/files/.patchs/a84df58abd6520d200ec95afa3a729ce.tmp
- /data/data/####/files/ss_tab_config_res/208/tab_topic_night.png
- /data/data/####/files/ss_js_res/63/v60/images/musicplayer_states@3x.png
- /data/data/####/databases/message_accs_db
- /data/data/####/files/ss_hijack_res/63/v60/images/image_bg_click.png
- /data/data/####/files/ss_hijack_res/63/v60/images/toast_keywords_refresh_gray@2x.png
- /data/data/####/files/ss_hijack_res/63/v55/images/toast_keywords_refresh_gray@2x.png
- /data/data/####/files/ss_hijack_res/63/v60/images/spinner.png
- /data/data/####/files/ss_tab_config_res/208/tab_no_login_night_pressed.png
- /data/data/####/databases/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/files/ss_tab_config_res/208/tab_topic_night_pressed.png
- /data/data/####/shared_prefs/custom_channels.xml
- /data/data/####/files/ss_hijack_res/63/v60/images/Play@2x.png
- /data/data/####/files/23DB8520H32/####12x862
- /data/data/####/shared_prefs/pre_control.xml.bak
- /data/data/####/files/ss_plugins/tempimage1235980114.tmp
- /data/data/####/shared_prefs/ss_location.xml
- /data/data/####/files/ss_js_res/63/v60/images/Play@2x.png
- /data/data/####/files/ss_js_res/63/v55/images/image_bg_loading.png
- /data/data/####/files/ss_js_res/63/v55/images/image_bg_click_night.png
- /data/data/####/shared_prefs/push_setting.xml
- /data/data/####/files/ss_js_res/63/v60/images/Play_night@2x.png
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/shared_prefs/auth_shared.xml
- /data/data/####/shared_prefs/app_log_encrypt_switch_count.xml
- /data/data/####/files/ss_js_res/63/v55/css/forum.css
- /data/data/####/shared_prefs/ACCS_SDK.xml
- /data/data/####/files/ss_hijack_res/63/v55/images/toast_keywords_refresh_gray@3x.png
- /data/data/####/files/ss_hijack_res/63/v55/images/toast_keywords_refresh_white@3x.png
- /data/data/####/files/ss_hijack_res/63/v60/images/toast_keywords_refresh_white@2x.png
- /data/data/####/cache/image_cache/v2.ols100.1/29/9HNuItkauD0zXea-X6B3b1-hMMA.844183227.tmp
- /data/data/####/shared_prefs/local_settings.prefs.xml
- /data/data/####/files/ss_js_res/63/v55/images/toast_keywords_refresh_white@2x.png
- /data/data/####/files/ss_hijack_res/63/v60/images/gificon_textpage@2x.png
- /data/data/####/files/ss_js_res/63/v55/images/musicplayer_states@3x.png
- /data/data/####/shared_prefs/app_track.xml
- /data/data/####/cache/image_cache/v2.ols100.1/18/QknBXLJel8HFvGsIMrf1Nqm0qpA.-208410378.tmp
- /data/data/####/files/ss_js_res/63/v60/images/image_bg_click.png
- /data/data/####/files/ss_hijack_res/63/v55/images/picture_details_night@2x.png
- /data/data/####/files/ss_js_res/63/v55/images/toast_keywords_refresh_white@3x.png
- /data/data/####/files/ss_hijack_res/63/v55/images/Play@2x.png
- /data/data/####/files/ss_js_res/63/v60/images/toast_keywords_refresh_white@2x.png
- /data/data/####/files/.imprint
- /data/data/####/files/ss_tab_config_res/208.zip
- /data/data/####/files/ss_js_res/63/v60/images/picture_details@2x.png
- /data/data/####/shared_prefs/ContextData.xml
- /sdcard/backups/.SystemConfig/.cuid
- /data/data/####/files/hijckBlacklist/hijack.json
- /data/data/####/cache/image_cache/v2.ols100.1/30/m0KKt07PMB9z9tRrHxELoJOjmy4.867970825.tmp
- /data/data/####/files/ss_tab_config_res/208/tab_background_night.png
- /data/data/####/files/ss_js_res/63/v60/images/picture_details_night@2x.png
- /data/data/####/files/ss_js_res/63/v60/images/image_bg_loading.png
- /data/data/####/shared_prefs/applog_stats.xml
- /data/data/####/files/ss_hijack_res/63/v55/images/gificon_textpage@2x.png
- /data/data/####/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/PreExcuModsInfo.txt
- /data/data/####/files/agoo.pid
- /data/data/####/shared_prefs/multi_process_config.xml.bak
- /data/data/####/files/ss_js_res/63/v55/images/Play_night@2x.png
- /data/data/####/shared_prefs/auth_shared.xml.bak
- /data/data/####/databases/webview.db-journal
- /sdcard/Android/data/####/files/.patchs/com.ss.ijkplayer.jar
- /data/data/####/files/ss_tab_config_res/208/tab_topic.png
- /data/data/####/shared_prefs/ACCS_BIND.xml
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/shared_prefs/hijack_html_black_list_table.xml
- /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao_night_pressed.png
- /data/data/####/files/ss_js_res/63/v55/images/Play@2x.png
- /data/data/####/files/ss_hijack_res/63/v55/images/Play_night@2x.png
- /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao.png
- /data/data/####/files/ss_hijack_res/63/v55/images/Play@3x.png
- /data/data/####/cache/image_cache/v2.ols100.1/80/NmxYOo3rNVSlX-P6rQSD9acKtNU.-1873676771.tmp
- /data/data/####/databases/lib_log_queue.db-journal
- /data/data/####/shared_prefs/app_setting.xml
- /data/data/####/files/ss_js_res/63/v60/images/gificon_textpage_night@2x.png
- /data/data/####/files/ss_tab_config_res/208/tab_weitoutiao_night.png
- /data/data/####/shared_prefs/_andfix_.xml
- /data/data/####/cache/image_cache/v2.ols100.1/18/mXNcHu1qog_jDXTHw2SerFh1EY8.1092500377.tmp
- /data/data/####/files/ss_js_res/63/v60/js/lib.js
- /data/data/####/XmSmLockFile.txt
- /data/data/####/files/Android-x86112.jar
Sets the 'executable' attribute to the following files:
- /data/data/####/files/DaemonServer
Miscellaneous:
Executes next shell scripts:
- sh /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- sh -c rm /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- getprop persist.vivo.multiwindow
- /system/bin/dexopt --dex 27 102 40 23552 /data/data/####/files/hftJcw46N.jar 1251046254 1664476667 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/f
- chmod 500 /data/data/####/files/DaemonServer
- getenforce
- getprop persist.vivo.multiwindow_active
- /data/data/####/lib/libsupervisor.so #### com.ss.android.message.NotifyService ####:push /data/data/#### 0
- /data/data/####/files/DaemonServer -s /data/data/####/lib/ -n runServer -p startservice -n ####/com.taobao.accs.ChannelService --user 0 -f /data/data/#### -t 600 -
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- rm /data/data/####/files/hftJcw46N.dex
- sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- /system/bin/dexopt --dex 27 49 40 226208 /data/data/####/app_file_dex/MasterControl.jar 1244887144 -736492987 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.ja
- sh -c rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- rm -f /data/data/####/files/hftJcw46N.dex
- /system/bin/dexopt --dex 27 186 40 66944 /data/data/####/files/Android-x86112.jar 1251052727 1662001824 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /sys
- chmod 0771 /data/data/####/.syslib-
- sh -c rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- /system/bin/dexopt --dex 27 58 40 5586172 /data/data/####/files/secondary-dexes/####-1.apk.classes3.zip 1251740487 908038026 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bou
- sh -c rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- rm /data/data/####/files/hftJcw46N.jar
- rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /system/bin/dexopt --dex 27 57 40 2412980 /data/data/####/files/secondary-dexes/####-1.apk.classes2.zip 1251740482 2027266740 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bo
- sh /data/data/####/lib/libsupervisor.so #### com.ss.android.message.NotifyService ####:push /data/data/#### 0
- sh -c /system/usr/toolbox rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh
- sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c rm /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- rm -f /data/data/####/files/hftJcw46N.jar
- getprop ro.build.version.emui
- rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Contains functionality to send SMS messages automatically.