Technical information
- Android.Backdoor.613.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) i####.api.eji####.com:10003
- TCP(HTTP/1.1) box.jom####.com:80
- TCP(HTTP/1.1) na0.bdst####.com.####.com:80
- TCP(HTTP/1.1) gdv.a.s####.com:80
- TCP(HTTP/1.1) and####.5####.com:8077
- TCP(HTTP/1.1) fc-####.cdn.bc####.####.com:80
- TCP(HTTP/1.1) hpd.b####.com:80
- TCP(HTTP/1.1) dl.eleve####.net.####.com:80
- TCP(HTTP/1.1) wap.n.sh####.com:80
- TCP(HTTP/1.1) i####.api.eji####.com:10002
- TCP(HTTP/1.1) supermo####.jom####.com:80
- TCP(TLS/1.0) sslbdst####.jom####.com:443
- TCP(TLS/1.0) box.jom####.com:443
- TCP(TLS/1.0) s####.tc.qq.com:443
- TCP(TLS/1.0) hpd.b####.com:443
- TCP(TLS/1.0) als.b####.com:443
- TCP(TLS/1.0) b.bdst####.com:443
- TCP(TLS/1.0) ssls####.jom####.com:443
- TCP(TLS/1.0) na0.bdst####.com.####.com:443
- TCP(TLS/1.0) mbdchu####.n.sh####.com:443
- TCP(TLS/1.0) t####.jom####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) wap.n.sh####.com:443
- TCP(TLS/1.0) p####.tc.qq.com:443
- TCP(TLS/1.0) sslb####.jom####.com:443
- a####.xctr####.com
- als.b####.com
- and####.5####.com
- b.bdst####.com
- d.hiph####.b####.com
- dl.eleve####.net
- ext.b####.com
- f####.b####.com
- f10.b####.com
- f11.b####.com
- f12.b####.com
- fc-####.cdn.bc####.com
- g####.bdst####.com
- g.hiph####.b####.com
- h####.b####.com
- hpd.b####.com
- i####.api.eji####.com
- m.b####.com
- mbd.b####.com
- na0.bdst####.com
- pv.s####.com
- qzones####.g####.cn
- r####.wx.qq.com
- re####.api.eji####.com
- s.bdst####.com
- sm.b####.com
- ss0.b####.com
- ss0.bdst####.com
- ss1.b####.com
- ss2.b####.com
- sv.bdst####.com
- ti####.b####.com
- ti####.b####.com
- timg####.b####.com
- timg####.b####.com
- timg####.b####.com
- timg####.b####.com
- timg####.b####.com
- box.jom####.com/common/openjs/openBox.js?_v=####
- box.jom####.com/news/pic/item/6d81800a19d8bc3e47d19d968b8ba61ea9d34595.jpg
- box.jom####.com/news/pic/item/f7246b600c3387447886b420580fd9f9d72aa02f.jpg
- dl.eleve####.net.####.com/apkf/3rdapk2/M01/22/E8/wKhklFtxWoqAOm7kAACzglN...
- fc-####.cdn.bc####.####.com/0/pic/588f3ea4e834a3e11fa911c6c0ed3568.jpg
- fc-####.cdn.bc####.####.com/0/pic/780e92bac362e95d5fc01d90bf344bc2.jpg
- fc-####.cdn.bc####.####.com/0/pic/e2e0f053f22f5f7e2e68d2d36f13a357.png
- gdv.a.s####.com/cityjson?ie=####
- hpd.b####.com/v.gif?ct=####&logFrom=####&cst=####&logInfo=####&logExtra=...
- hpd.b####.com/v.gif?logid=####&ssid=####&sid=####&from=####&pu=####&ct=#...
- hpd.b####.com/v.gif?tid=####&ct=####&cst=####&logFrom=####&logInfo=####&...
- i####.api.eji####.com:10002/v1/sdk/init?net_name=####&imei=####&package_...
- na0.bdst####.com.####.com/static/cover/static/shoubaiWapAds/nativeAds_6f...
- supermo####.jom####.com/static/wiseindex/amd_modules/@searchfe/assert_3e...
- supermo####.jom####.com/static/wiseindex/amd_modules/@searchfe/promise_a...
- supermo####.jom####.com/static/wiseindex/amd_modules/@searchfe/underscor...
- supermo####.jom####.com/static/wiseindex/amd_modules/ralltiir_13df900.js
- supermo####.jom####.com/static/wiseindex/iconfont/iconfont_2681c2d.ttf
- supermo####.jom####.com/static/wiseindex/img/fetch_ing_8_0.png
- supermo####.jom####.com/static/wiseindex/js/lib/atomWrapper_6fc442d.js
- supermo####.jom####.com/static/wiseindex/js/package/backflow_d744959.js
- supermo####.jom####.com/static/wiseindex/js/package/newsActivity_f3a3935...
- supermo####.jom####.com/static/wiseindex/js/package/superframe_5b7bdae.js
- wap.n.sh####.com/
- wap.n.sh####.com/?action=####&ms=####&version=####&callback=####&r=####&...
- wap.n.sh####.com/se/static/img/iphone/logo.png
- wap.n.sh####.com/se/static/img/iphone/tab_loading__bg_logo.png
- wap.n.sh####.com/se/static/js/bundles/ala-util_ac05be2.js
- wap.n.sh####.com/se/static/js/bundles/atom_44405ae.js
- wap.n.sh####.com/se/static/js/service/index_polymer_2957097.js
- wap.n.sh####.com/se/static/js/service/index_seloader_release.js?v=####
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/default_ic...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/dingdan_63...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/fankui_cc4...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/guanzhu_0e...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/hanbaobao_...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/pifu_eef38...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/shoucang_5...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/assets/img/spritelist...
- wap.n.sh####.com/se/static/wiseatom/personalcenter/pack_4bd4195.js
- wap.n.sh####.com/static/index/plus/public/icon_police.png
- wap.n.sh####.com/static/index/plus/public/tab_news.png
- wap.n.sh####.com/static/search/clear.png
- wap.n.sh####.com/sugrec?callback=####&type=####&prod=####&pic=####&from=...
- wap.n.sh####.com/tc?tcreq4log=####&r=####&logid=####&from=####&pu=####&c...
- wap.n.sh####.com/tcbox?service=####&action=####&ctv=####&cen=####&data={...
- and####.5####.com:8077/android/sms/netpay/prefetch.do
- and####.5####.com:8077/record-plat/msg/strategy/query.do
- and####.5####.com:8077/record-plat/record/upload.do
- and####.5####.com:8077/record-plat/seq/query.do
- i####.api.eji####.com:10003/v2/chis
- /data/data/####/ACCOUNT_SYSTEM_ACCOUNT_INFO.xml
- /data/data/####/BOOT_SMS_INFO.xml
- /data/data/####/BOOT_SMS_SENT_TIME.xml
- /data/data/####/Data_sync.db-journal
- /data/data/####/a8f33deb6c41ca27be76f9c264951596.apk
- /data/data/####/apk.zip
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/done
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/index
- /data/data/####/libabc
- /data/data/####/libcocos2dcpp.so
- /data/data/####/libcrypt_sign.so
- /data/data/####/libd8c630a6.so
- /data/data/####/plugin_record_app_info.xml
- /data/data/####/pref_recomm.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/webviewCookiesChromium.db-journal (deleted)
- /data/data/####/zzconfig.xml
- /data/media/####/com.newpay.spsdk.smspay.collection.siminfo.new.apk
- /data/media/####/com.newpay.spsdk.smspay.collection.siminfo.new.apk.temp
- /data/media/####/com.skymobi.pay.plugin.main.data
- /data/media/####/com.skymobi.pay.plugin.recordupload.data
- /data/media/####/com.skymobi.pay.plugin.smspay.data
- /data/media/####/user.sys
- /system/bin/netcfg
- chmod 777 <Package Folder>/app_lib/libd8c630a6.so
- libabc
- libd8c630a6
- DES-CBC-PKCS5Padding
- DES