Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.DownLoader.611.origin
Gains access to the ITelephony private interface.
Network activity:
Connecting to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) t####.dmp.y####.net:80
- TCP(HTTP/1.1) l####.c####.q####.####.net:80
- TCP(HTTP/1.1) int.d####.s####.####.cn:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) s.a.longy####.com:80
- TCP(HTTP/1.1) sia.taol####.cn:80
- TCP(HTTP/1.1) w####.pcon####.com.cn:80
- TCP(HTTP/1.1) api.tui####.b####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) im####.st####.juhu####.cn:80
- TCP(HTTP/1.1) v.g####.qq.com:80
- TCP(HTTP/1.1) weiboi####.g####.sina####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) dn.gogo####.top:80
- TCP(HTTP/1.1) s####.taol####.cn:80
- TCP(HTTP/1.1) sf1-ttc####.ps####.com:80
- TCP(HTTP/1.1) pre.bule####.cn:6501
- TCP(HTTP/1.1) 1####.25.201.164:8000
- TCP(HTTP/1.1) reso####.msg.xi####.net:80
- TCP(HTTP/1.1) v3.bule####.cn:7001
- TCP(HTTP/1.1) k.36####.com:80
- TCP(HTTP/1.1) p4.q####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(HTTP/1.1) s.y####.net:80
- TCP(HTTP/1.1) api.itaoxia####.com:80
- TCP(TLS/1.0) wapif####.dftou####.com:443
- TCP(TLS/1.0) i####.sogo####.com.####.com:443
- TCP(TLS/1.0) e####.b####.com:443
- TCP(TLS/1.0) repor####.dftou####.com:443
- TCP(TLS/1.0) ci####.s####.com:443
- TCP(TLS/1.0) m.tt.vip-dns####.com:443
- TCP(TLS/1.0) dup.baidust####.com:443
- TCP(TLS/1.0) fp.ton####.net:443
- TCP(TLS/1.0) weiboi####.g####.sina####.com:443
- TCP(TLS/1.0) sf1-ttc####.ps####.com:443
- TCP(TLS/1.0) wn.pos.b####.com:443
- TCP(TLS/1.0) en####.tui####.com:443
- TCP(TLS/1.0) s####.tc.qq.com:443
- TCP(TLS/1.0) softwor####.dftou####.com:443
- TCP(TLS/1.0) t####.sogo####.com.####.com:443
- TCP(TLS/1.0) yun.d####.com.cn:443
- TCP(TLS/1.0) fp.fraudme####.cn:443
- TCP(TLS/1.0) acti####.tui####.com:443
- TCP(TLS/1.0) dfttde####.dftou####.com:443
- TCP(TLS/1.0) cfg.a####.com:443
- TCP(TLS/1.0) www.a.sh####.com:443
- TCP(TLS/1.0) yun.tuis####.com:443
- TCP(TLS/1.0) image####.b####.com:443
- TCP(TLS/1.0) yun.tui####.com.####.com:443
- TCP(TLS/1.0) d####.eas####.com:443
- TCP(TLS/1.0) regi####.xm####.xi####.com:443
- TCP(TLS/1.0) wapac####.dftou####.com:443
- TCP(TLS/1.0) fp-st####.b0.a####.com:443
- TCP(TLS/1.0) api.tui####.b####.com:443
- TCP(TLS/1.0) hm.b####.com:443
- TCP(TLS/1.0) c####.baidust####.com:443
- TCP(TLS/1.0) pos.b####.com:443
- TCP(TLS/1.0) lf.sn####.com:443
- TCP(TLS/1.0) ser####.e####.s####.com:443
- TCP(TLS/1.0) si####.jom####.com:443
- TCP(TLS/1.0) statson####.pu####.b####.com:443
- TCP(TLS/1.0) posi####.dftou####.com:443
- TCP 4####.62.94.2:443
- TCP sa1.tui####.b####.com:5287
- TCP 47.74.1####.156:5222
DNS requests:
- 0####.s####.com
- 00.img####.eas####.com
- 02.img####.eas####.com
- 03.img####.eas####.com
- 04.img####.eas####.com
- 05.img####.eas####.com
- 06.img####.eas####.com
- 07.img####.eas####.com
- 09.img####.eas####.com
- 6####.nd####.y####.com
- 6####.nd####.y####.com
- 923.nd####.y####.com
- LB-IM-1####.ap-sout####.elb.####.com
- a####.tui####.b####.com
- a####.u####.com
- acti####.tui####.com
- and####.b####.qq.com
- api.itaoxia####.com
- api.tui####.b####.com
- c####.baidust####.com
- cfg.a####.com
- ci####.s####.com
- d####.eas####.com
- dfttde####.dftou####.com
- dn.gogo####.top
- dup.baidust####.com
- e####.b####.com
- en####.tui####.com
- f10.b####.com
- f11.b####.com
- f12.b####.com
- fp.fraudme####.cn
- fp.ton####.net
- hm.b####.com
- i####.sogo####.com
- im####.st####.juhu####.cn
- image####.b####.com
- imgc####.qq.com
- imgsre####.dftou####.com
- int.d####.s####.####.cn
- k.36####.com
- lf.sn####.com
- m####.eas####.com
- m.t####.cn
- mi.g####.qq.com
- p####.g####.cn
- p0.q####.com
- p4.q####.com
- p8.q####.com
- pos.b####.com
- posi####.dftou####.com
- pre.bule####.cn
- qzones####.g####.cn
- r####.wx.qq.com
- regi####.xm####.xi####.com
- repor####.dftou####.com
- reso####.msg.xi####.net
- rp####.itaoxia####.com
- rp####.itaoxia####.com
- s####.e.qq.com
- s####.gw.y####.net
- s####.taol####.cn
- s####.taol####.cn
- s.a.longy####.com
- s.y####.net
- sa1.tui####.b####.com
- sdk.st####.y####.com
- ser####.e####.s####.com
- sf1-ttc####.ps####.com
- sia.taol####.cn
- softwor####.dftou####.com
- sp0.b####.com
- st####.fraudme####.cn
- statson####.pu####.b####.com
- t####.dmp.y####.net
- t####.sogo####.com
- t10.b####.com
- t11.b####.com
- t12.b####.com
- v.g####.qq.com
- v3.bule####.cn
- w####.pcon####.com.cn
- wapac####.dftou####.com
- wapif####.dftou####.com
- wn.pos.b####.com
- wu####.e####.s####.com
- wx3.sin####.cn
- yun.d####.com.cn
- yun.tui####.com
- yun.tuis####.com
HTTP GET requests:
- 1####.25.201.164:8000/configs/hbnews_options.txt
- api.itaoxia####.com/authopt/get_withdraw_mission_money.do?android_id=###...
- api.itaoxia####.com/get_channels.do?android_id=####&appid=####&brand=###...
- api.itaoxia####.com/get_news_item.do?android_id=####&appid=####&brand=##...
- api.itaoxia####.com/get_news_items.do?android_id=####&appid=####&brand=#...
- api.itaoxia####.com/get_video_channels.do?android_id=####&appid=####&bra...
- api.itaoxia####.com/get_withdraw_orders.do?android_id=####&appid=####&br...
- api.itaoxia####.com/public/v2/get_activity_list.do?android_id=####&appid...
- api.itaoxia####.com/redpaper/dv/get_splash_ads.do?PACKAGE_NAME=####&VERS...
- api.itaoxia####.com/redpaper/dv/get_tuia_share_ads.do?PACKAGE_NAME=####&...
- dn.gogo####.top/dnfile/Video/2018051018534094txb7.mp4
- dn.gogo####.top/dnfile/shengjibao/VideoKApiNewYi84.jar
- im####.st####.juhu####.cn/ad/jb_up copy.png
- k.36####.com/pc/list?channel_id=####
- k.36####.com/pc/list?n=####&p=####&f=####&ajax=####&channel_id=####
- l####.c####.q####.####.net/core/aos-dex/1806/8204/de603c61
- l####.c####.q####.####.net/core/aos-so/1611/7000/ad389c56.so
- mi.g####.qq.com/gdt_mview.fcg?actual_width=####&count=####&r=####&templa...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&spsa=####&posh=####&count=####&r...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android03/js-release/1.1.0/nati...
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- p4.q####.com/dr/_100_70/t0123365626c960a29e.jpg
- p4.q####.com/dr/_100_70/t015dfafd1c12f4da48.jpg
- p4.q####.com/dr/_100_70/t0165fe41cfb8905db4.jpg
- p4.q####.com/dr/_100_70/t016aad889fdae0cb57.jpg
- p4.q####.com/dr/_100_70/t016c6cc3ab8c9a0277.jpg
- p4.q####.com/dr/_100_70/t019bf3573a80183bf8.jpg
- p4.q####.com/dr/_100_70/t01be15635435509add.jpg
- p4.q####.com/dr/_100_70/t01f17174a7340f32d3.jpg
- p4.q####.com/video/568_320_70/t01045fade7aef14724.jpg
- p4.q####.com/video/568_320_70/t0149096ccbb04288fb.jpg
- p4.q####.com/video/568_320_70/t017837c7feae18e3b6.jpg
- p4.q####.com/video/568_320_70/t01942829434dc2ea2d.jpg
- p4.q####.com/video/568_320_70/t0196062830d3afc973.jpg
- p4.q####.com/video/568_320_70/t019aeb9801e61ab653.jpg
- p4.q####.com/video/568_320_70/t01b90a758b45279ac5.jpg
- p4.q####.com/video/568_320_70/t01c133286eaa3d2829.jpg
- reso####.msg.xi####.net/gslb/?ver=####&type=####&conpt=d####&uuid=####&l...
- s####.taol####.cn/?idfv=####&ra_net=####&userid=####&cm_o=####&ct_ca=###...
- s####.tc.qq.com/gdt/0/DAAHU5BAKAAPAABhBaU0iDA-5UD-LG.jpg/0?ck=####
- s####.tc.qq.com/gdt/0/DAARNTlAUAALQAAXBa8UVLCXKt6OH8.jpg/0?ck=####
- s####.tc.qq.com/gdt/0/DAAZKssAUAALQABjBbF1RkCbVMOaze.jpg/0?ck=####
- s.y####.net/aos/v3/initf?s=####
- s.y####.net/stat/aos/v3/pkc?s=####
- s.y####.net/stat/aos/v3/pku?s=####
- s.y####.net/stat/v3/udt2?appid=####&s=####
- sf1-ttc####.ps####.com/404.html
- sf1-ttc####.ps####.com/img/ad.union.api/1746717128829dee83fc3271c5d11b31...
- sf1-ttc####.ps####.com/mobile/180629130953658.html?qid=####
- sf1-ttc####.ps####.com/mobile/20180628/20180628100356_dceb94170005bbb50a...
- sf1-ttc####.ps####.com/mobile/20180628/20180628112124_f6a2470f74c98cdc03...
- sf1-ttc####.ps####.com/mobile/20180628/20180628124230_f1b74ffcb391bef8dc...
- sf1-ttc####.ps####.com/mobile/20180629/20180629130953_b34d70134b24173251...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_032c69906700188fa68fe67c...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_26c331a74b3598d5de457fd7...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_2db69e6382cecb1b84e27d1c...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_50021b9ad6777c48ba199d67...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_83b868cb530b28d8c4e65c6a...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_8c3d87675c84bf6f0c6e389f...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_bb213b6e0cea5e1fed7017fe...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_c2cc76b6d4c7979e375aaa0d...
- sf1-ttc####.ps####.com/mobile/20180629/20180629_e19f8f81479c287c60460f56...
- sia.taol####.cn/?idfv=####&ra_net=####&userid=####&cm_o=####&ct_ca=####&...
- sia.taol####.cn/?idfv=####&ra_net=####&userid=####&type=####&cm_o=####&c...
- weiboi####.g####.sina####.com/mw690/6954537bly1fiu3ty2kidj20u009ojtz.jpg
HTTP POST requests:
- a####.u####.com/app_logs
- and####.b####.qq.com/rqd/async?aid=####
- api.tui####.b####.com/rest/2.0/channel/4505845304785627131
- api.tui####.b####.com/rest/2.0/channel/channel
- int.d####.s####.####.cn/iplookup/iplookup.php?format=####
- pre.bule####.cn:6501/pre/api_settings.aspx
- s####.e.qq.com/activate
- s####.e.qq.com/msg
- s.a.longy####.com/
- t####.dmp.y####.net/v1/android/packages?rt=####&sign=####
- t####.dmp.y####.net/v2/android/pkgtime?rt=####&sign=####
- v.g####.qq.com/gdt_stats.fcg
- v3.bule####.cn:7001/v3/api_request.aspx
- v3.bule####.cn:7001/v3/api_settings.aspx
- w####.pcon####.com.cn/ip.jsp
Modified file system:
Creates the following files:
- /data/data/####/.imprint
- /data/data/####/1002
- /data/data/####/1004
- /data/data/####/840eb4fcb230839a47c790ac73119013
- /data/data/####/840eb4fcb230839a47c790ac73119013-journal
- /data/data/####/97157f95d9de8e964f9a27900e0db783
- /data/data/####/97157f95d9de8e964f9a27900e0db783-journal
- /data/data/####/Alvin2.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml
- /data/data/####/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml (deleted)
- /data/data/####/C0XKJAO3JLZKJPDKJFXLINQCJIOAOD.xml.bak
- /data/data/####/CE94557724F842149D690D0E8CBB1CBD.xml
- /data/data/####/ContextData.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/P15pKIjsm64m
- /data/data/####/P15pKIjsm64m-journal
- /data/data/####/T1oX0rhhuXWt
- /data/data/####/T1oX0rhhuXWt-journal
- /data/data/####/VideoRes.apk
- /data/data/####/VideoRes.apk (deleted)
- /data/data/####/XKwVoK0huy3R
- /data/data/####/XKwVoK0huy3R-journal
- /data/data/####/XMPushServiceConfig.xml
- /data/data/####/__gather_impl.jar
- /data/data/####/__gather_impl142874975050274544175.jar
- /data/data/####/b598b7030dc2601baf59f50dc1ffc9f7.temp
- /data/data/####/bdpush_modeconfig.json
- /data/data/####/bindcache.xml
- /data/data/####/bugly_db_-journal
- /data/data/####/cache-184235048950274417006
- /data/data/####/cache171279422650274236420
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/com.martian.hotnews-1.apk.classes-590400186.zip
- /data/data/####/com.martian.hotnews-1.apk.classes1265205383.zip
- /data/data/####/com.martian.hotnews.BETA_VALUES.xml
- /data/data/####/com.martian.hotnews.push_sync.xml
- /data/data/####/com.martian.hotnews.self_push_sync.xml
- /data/data/####/com.martian.hotnews;pushservice
- /data/data/####/com.martian.hotnews_preferences.xml
- /data/data/####/config.xml
- /data/data/####/config_pre7.xml
- /data/data/####/crashrecord.xml
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dc5ce7ed5b08c03cd81ca295f6075880-journal
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/dk_search.db
- /data/data/####/dk_search.db-journal
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_suid
- /data/data/####/idfca5ce0f-0d62-4408-98ce-6230a2c3ad09.tmp
- /data/data/####/index
- /data/data/####/jqIqJYOT3JpT
- /data/data/####/jqIqJYOT3JpT-journal
- /data/data/####/libabcdefgh.so.new
- /data/data/####/libcuid.so
- /data/data/####/libgather.xml
- /data/data/####/lmvideonewad_db-journal
- /data/data/####/local_crash_lock
- /data/data/####/longyun_sdk.xml
- /data/data/####/martian_cache_cookie.json
- /data/data/####/mipush.xml
- /data/data/####/mipush_account.xml
- /data/data/####/mipush_extra.xml
- /data/data/####/multidex.version.xml
- /data/data/####/pst.xml
- /data/data/####/pushclient.xml
- /data/data/####/pushinfo.db
- /data/data/####/pushinfo.db-journal
- /data/data/####/pushstat_5.1.0.db
- /data/data/####/pushstat_5.1.0.db-journal
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/search_sdk.xml
- /data/data/####/security_info
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/update_lc
- /data/data/####/videokernel.apk
- /data/data/####/wIU6pTyUBYWX
- /data/data/####/wIU6pTyUBYWX-journal
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/wsUL1uCdKvjD
- /data/data/####/wsUL1uCdKvjD-journal
- /data/data/####/wxoptions_json_file
- /data/data/####/ymdex.jar
- /data/data/####/ymdex.jar.new
- /data/media/####/-1061078493.tmp
- /data/media/####/-1135500474.tmp
- /data/media/####/-1188769238.tmp
- /data/media/####/-1239228668.tmp
- /data/media/####/-126784900.tmp
- /data/media/####/-1420399350.tmp
- /data/media/####/-1476528877.tmp
- /data/media/####/-1954656612.tmp
- /data/media/####/-2083700539.tmp
- /data/media/####/-2143316051.tmp
- /data/media/####/-558257745.tmp
- /data/media/####/-571836739.tmp
- /data/media/####/-573844323.tmp
- /data/media/####/-654440790.tmp
- /data/media/####/-68265174.tmp
- /data/media/####/-718096012.tmp
- /data/media/####/-887703999.tmp
- /data/media/####/-958436096.tmp
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.nomedia
- /data/media/####/1007115956.tmp
- /data/media/####/1021734615.tmp
- /data/media/####/1070585761.tmp
- /data/media/####/1272743546.tmp
- /data/media/####/1281072223.tmp
- /data/media/####/1455586409.tmp
- /data/media/####/14785960.tmp
- /data/media/####/1790827857.tmp
- /data/media/####/1815319601.tmp
- /data/media/####/1915057632.tmp
- /data/media/####/2018051018534094txb7.mp4
- /data/media/####/2034186815.tmp
- /data/media/####/2045724253.tmp
- /data/media/####/2063792820.tmp
- /data/media/####/2081778672.tmp
- /data/media/####/226113890.tmp
- /data/media/####/322233952.tmp
- /data/media/####/347939603.tmp
- /data/media/####/504030254.tmp
- /data/media/####/53767918.tmp
- /data/media/####/553309680.tmp
- /data/media/####/649325398.tmp
- /data/media/####/860782054.tmp
- /data/media/####/877385819.tmp
- /data/media/####/928324748.tmp
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/DXTX902KJZX9JASLDJF
- /data/media/####/DXTX902KJZX9JASLDJF.ymtf
- /data/media/####/SOX90123JSOALK2098SD
- /data/media/####/SOX90123JSOALK2098SD.ymtf
- /data/media/####/Videoshell.log
- /data/media/####/fcef8968a08b4bd9673e7489cb2b033f
- /data/media/####/i42d45df023jnkdd93la483f9xGFKXI
- /data/media/####/kernel.dat.tmp
- /data/media/####/log.lock
- /data/media/####/log1.txt
- /data/media/####/s92TjjdfoP2n3o9dfji2l9s1olkjf0p
Miscellaneous:
Executes next shell scripts:
- /system/bin/cat /sys/devices/system/cpu/kernel_max
- /system/bin/sh -c getprop
- /system/bin/sh -c type su
- cat /sys/class/net/wlan0/address
Loads the following dynamic libraries:
- Bugly
- abcdefgh
- bdpush_V2_7
- tongdun_db
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- DES-CBC-PKCS5Padding
- PBEWITHMD5andDES
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- PBEWITHMD5andDES
- RSA-ECB-PKCS1Padding
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about installed applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.