Adware.Gexin.10442

Technical information

Malicious functions:

Executes code of the following detected threats:

Adware.Gexin.3.origin

Accesses the ITelephony private interface.

Network activity:

Connects to:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) ser####.dc####.net.cn:80
TCP(HTTP/1.1) o####.map.b####.com:80
TCP(HTTP/1.1) www.up####.vip:80
TCP(HTTP/1.1) and####.b####.qq.com:80
TCP(HTTP/1.1) pr.m####.qq.com:80
TCP(HTTP/1.1) loc.map.b####.com:80
TCP(HTTP/1.1) a####.b####.qq.com:8011
TCP(HTTP/1.1) a####.b####.qq.com:8012
TCP(TLS/1.0) api.map.b####.com:443
TCP(TLS/1.0) x####.tc.qq.com:443
TCP(TLS/1.0) ser####.dc####.net.cn:443
TCP(TLS/1.0) pr.m####.qq.com:443
TCP(TLS/1.0) m####.qq.com:443

DNS requests:

3####.qq.com
a####.b####.qq.com
a####.map.qq.com
aexcep####.b####.qq.com
and####.b####.qq.com
api.map.b####.com
loc.map.b####.com
m####.qq.com
o####.map.b####.com
pr.m####.qq.com
ser####.dc####.net.cn
st####.dc####.net.cn
www.up####.vip

HTTP GET requests:

pr.m####.qq.com/ws/coord/v1/translate?locations=####&type=####&key=####
www.up####.vip//Storage/Shop/16/Products/100/1_350.png
www.up####.vip//Storage/Shop/16/Products/107/1_350.png
www.up####.vip//Storage/Shop/16/Products/110/1_350.png
www.up####.vip//Storage/Shop/16/Products/111/1_350.png
www.up####.vip//Storage/Shop/16/Products/112/1_350.png
www.up####.vip//Storage/Shop/16/Products/113/1_350.png
www.up####.vip//Storage/Shop/16/Products/114/1_350.png
www.up####.vip//Storage/Shop/16/Products/115/1_350.png
www.up####.vip//Storage/Shop/16/Products/116/1_350.png
www.up####.vip//Storage/Shop/16/Products/117/1_350.png
www.up####.vip//Storage/Shop/16/Products/118/1_350.png
www.up####.vip//Storage/Shop/16/Products/119/1_350.png
www.up####.vip//Storage/Shop/16/Products/120/1_350.png
www.up####.vip//Storage/Shop/16/Products/121/1_350.png
www.up####.vip//Storage/Shop/16/Products/122/1_350.png
www.up####.vip//Storage/Shop/16/Products/126/1_350.png
www.up####.vip//Storage/Shop/16/Products/128/1_350.png
www.up####.vip//Storage/Shop/16/Products/129/1_350.png
www.up####.vip//Storage/Shop/16/Products/130/1_350.png
www.up####.vip//Storage/Shop/16/Products/131/1_350.png
www.up####.vip//Storage/Shop/16/Products/132/1_350.png
www.up####.vip//Storage/Shop/16/Products/134/1_350.png
www.up####.vip//Storage/Shop/16/Products/135/1_350.png
www.up####.vip//Storage/Shop/16/Products/136/1_350.png
www.up####.vip//Storage/Shop/16/Products/137/1_350.png
www.up####.vip//Storage/Shop/16/Products/145/1_350.png
www.up####.vip//Storage/Shop/16/Products/146/1_350.png
www.up####.vip//Storage/Shop/16/Products/147/1_350.png
www.up####.vip//Storage/Shop/16/Products/154/1_350.png
www.up####.vip//Storage/Shop/16/Products/156/1_350.png
www.up####.vip//Storage/Shop/16/Products/166/1_350.png
www.up####.vip//Storage/Shop/16/Products/206/1_350.png
www.up####.vip//Storage/Shop/16/Products/207/1_350.png
www.up####.vip//Storage/Shop/16/Products/240/1_350.png
www.up####.vip//Storage/Shop/16/Products/241/1_350.png
www.up####.vip//Storage/Shop/16/Products/253/1_350.png
www.up####.vip//Storage/Shop/16/Products/254/1_350.png
www.up####.vip//Storage/Shop/16/Products/255/1_350.png
www.up####.vip//Storage/Shop/16/Products/256/1_350.png
www.up####.vip//Storage/Shop/16/Products/315/1_350.png
www.up####.vip//Storage/Shop/16/Products/316/1_350.png
www.up####.vip//Storage/Shop/16/Products/317/1_350.png
www.up####.vip//Storage/Shop/16/Products/319/1_350.png
www.up####.vip//Storage/Shop/16/Products/320/1_350.png
www.up####.vip//Storage/Shop/16/Products/321/1_350.png
www.up####.vip//Storage/Shop/16/Products/322/1_350.png
www.up####.vip//Storage/Shop/16/Products/323/1_350.png
www.up####.vip//Storage/Shop/16/Products/324/1_350.png
www.up####.vip//Storage/Shop/16/Products/325/1_350.png
www.up####.vip//Storage/Shop/16/Products/326/1_350.png
www.up####.vip//Storage/Shop/16/Products/327/1_350.png
www.up####.vip//Storage/Shop/16/Products/329/1_350.png
www.up####.vip//Storage/Shop/16/Products/330/1_350.png
www.up####.vip//Storage/Shop/16/Products/331/1_350.png
www.up####.vip//Storage/Shop/16/Products/332/1_350.png
www.up####.vip//Storage/Shop/16/Products/334/1_350.png
www.up####.vip//Storage/Shop/16/Products/335/1_350.png
www.up####.vip//Storage/Shop/16/Products/336/1_350.png
www.up####.vip//Storage/Shop/16/Products/337/1_350.png
www.up####.vip//Storage/Shop/16/Products/338/1_350.png
www.up####.vip//Storage/Shop/16/Products/340/1_350.png
www.up####.vip//Storage/Shop/16/Products/344/1_350.png
www.up####.vip//Storage/Shop/16/Products/345/1_350.png
www.up####.vip//Storage/Shop/16/Products/346/1_350.png
www.up####.vip//Storage/Shop/16/Products/347/1_350.png
www.up####.vip//Storage/Shop/16/Products/348/1_350.png
www.up####.vip//Storage/Shop/16/Products/349/1_350.png
www.up####.vip//Storage/Shop/16/Products/350/1_350.png
www.up####.vip//Storage/Shop/16/Products/352/1_350.png
www.up####.vip//Storage/Shop/16/Products/353/1_350.png
www.up####.vip//Storage/Shop/16/Products/356/1_350.png
www.up####.vip//Storage/Shop/16/Products/478/1_350.png
www.up####.vip//Storage/Shop/16/Products/479/1_350.png
www.up####.vip//Storage/Shop/16/Products/59/1_350.png
www.up####.vip//Storage/Shop/16/Products/60/1_350.png
www.up####.vip//Storage/Shop/16/Products/62/1_350.png
www.up####.vip//Storage/Shop/16/Products/76/1_350.png
www.up####.vip//Storage/Shop/16/Products/86/1_350.png
www.up####.vip//Storage/Shop/16/Products/88/1_350.png
www.up####.vip//Storage/Shop/16/Products/92/1_350.png
www.up####.vip//Storage/Shop/16/Products/94/1_350.png
www.up####.vip/AppHome/data/default.json?app_key=####&timestamp=####&sig...
www.up####.vip/Storage/template/0/20190105/6368227885050579489617582.jpg
www.up####.vip/Storage/template/0/20190121/6368366577159971573213956.jpg
www.up####.vip/Storage/template/0/20190122/6368376565910051528353559.png
www.up####.vip/Storage/template/0/20190124/6368393505633329971110540.png
www.up####.vip/Storage/template/0/20190124/6368393517995830978575739.png
www.up####.vip/Storage/template/0/20190124/6368393518836459728842287.png
www.up####.vip/Storage/template/0/20190124/6368393561627086738180728.png
www.up####.vip/Storage/template/0/20190124/6368393638489616569594795.jpg
www.up####.vip/Storage/template/0/20190124/6368394592978638216710979.png
www.up####.vip/Storage/template/0/20190124/6368394593044261644110034.png
www.up####.vip/Storage/template/0/20190124/6368394593078639141538807.png
www.up####.vip/Storage/template/0/20190124/6368394593103638486995764.png
www.up####.vip/Storage/template/0/20190124/6368394593133326493736801.png
www.up####.vip/Storage/template/0/20190124/6368394593155203867437095.png
www.up####.vip/Storage/template/0/20190305/6368740164585908963879617.jpeg
www.up####.vip/Storage/template/0/20190312/6368800223014021021165932.png
www.up####.vip/Storage/template/0/20190312/6368800254682770328617032.png
www.up####.vip/Storage/template/0/20190312/6368800286031204398411771.png
www.up####.vip/Storage/template/0/20190312/6368800322889012443708850.png
www.up####.vip/Storage/template/0/20190312/6368800359440582852009120.png
www.up####.vip/Storage/template/0/20190312/6368800389065581786503077.png
www.up####.vip/Storage/template/0/20190312/6368800407139020266653689.png
www.up####.vip/Storage/template/0/20190313/6368807597662472756534155.png
www.up####.vip/Storage/template/0/20190313/6368807655699579552859658.png
www.up####.vip/Storage/template/0/20190313/6368807699617159873288577.png
www.up####.vip/Storage/template/0/20190313/6368808304932753017316628.png
www.up####.vip/Storage/template/0/20190313/6368808325995259785802838.png
www.up####.vip/Storage/template/0/20190313/6368808344759325394776428.png
www.up####.vip/Storage/template/0/20190313/6368808361293890913796771.png
www.up####.vip/Storage/template/0/20190313/6368808417056219677539194.png
www.up####.vip/Storage/template/0/20190313/6368808447774972145625930.png
www.up####.vip/Storage/template/0/20190313/6368808582191767925238920.png
www.up####.vip/Storage/template/0/20190313/6368808681576527477614515.png
www.up####.vip/Storage/template/0/20190313/6368808715384341673162849.png
www.up####.vip/Storage/template/0/20190313/6368808743026530511814638.png
www.up####.vip/Storage/template/0/20190313/6368808764179654963156860.png
www.up####.vip/Storage/template/0/20190313/6368808818446847198467774.png
www.up####.vip/Storage/template/0/20190313/6368809258774979058308595.png
www.up####.vip/Storage/template/0/20190313/6368809267345292033058912.png
www.up####.vip/Storage/template/0/20190313/6368809267360916587544053.png
www.up####.vip/Storage/template/0/20190313/6368809267370290798515869.png
www.up####.vip/Storage/template/0/20190313/6368809267379666534785857.png
www.up####.vip/Storage/template/0/20190313/6368809267393042941743581.png
www.up####.vip/Storage/template/0/20190313/6368809267404668831242814.png
www.up####.vip/Storage/template/0/20190313/6368809743506222693759749.png
www.up####.vip/Storage/template/0/20190313/6368809750432773946566063.png
www.up####.vip/Storage/template/0/20190313/6368809750448399322051204.png
www.up####.vip/Storage/template/0/20190313/6368809750460896574779683.png
www.up####.vip/Storage/template/0/20190313/6368809750470273635751498.png
www.up####.vip/Storage/template/0/20190313/6368809750481212765250732.png
www.up####.vip/Storage/template/0/20190313/6368809750489025752993302.png
www.up####.vip/Storage/template/0/20190313/6368810178154664636183612.png
www.up####.vip/Storage/template/0/20190313/6368810178167163658912090.png
www.up####.vip/Storage/template/0/20190313/6368810178181225605869814.png
www.up####.vip/Storage/template/0/20190313/6368810178190601676841630.png
www.up####.vip/Storage/template/0/20190313/6368810178206223842326771.png
www.up####.vip/Storage/template/0/20190313/6368810178218725875055249.png
www.up####.vip/Storage/template/0/20190313/6368810303642147221378900.png
www.up####.vip/Storage/template/0/20190314/6368818686368715858377894.png
www.up####.vip/Storage/template/0/20190314/6368818710894804289881883.png
www.up####.vip/Storage/template/0/20190315/6368827113412485588818946.png
www.up####.vip/Storage/template/0/20190315/6368827113543736303617056.png
www.up####.vip/Storage/template/0/20190315/6368827113601546883273541.png
www.up####.vip/Storage/template/0/20190315/6368827948854663568961086.png
www.up####.vip/Storage/template/0/20190316/6368833124314021089241715.png
www.up####.vip/Storage/template/0/20190316/6368833126768707159009402.png
www.up####.vip/Storage/template/0/20190316/6368833560609333471068072.png
www.up####.vip/Storage/template/0/20190316/6368833560645265331726090.png
www.up####.vip/Storage/template/0/20190316/6368833560685892682668188.png
www.up####.vip/Storage/template/0/20190316/6368833560714016759881807.png
www.up####.vip/Storage/template/0/20190316/6368834149984327952827592.png
www.up####.vip/api/Home/GetAppGuidePages?app_key=####&timestamp=####&sig...
www.up####.vip/api/ShopBranchWeb/GetIndexData?app_key=####&timestamp=###...
www.up####.vip/api/home/Get?pageno=####&pagesize=####&app_key=####&times...
www.up####.vip/api/home/GetUpdateApp?appversion=####&type=####&app_key=#...
www.up####.vip/special/36/data/default.json?app_key=####&timestamp=####&...

HTTP POST requests:

a####.b####.qq.com:8011/rqd/async
a####.b####.qq.com:8012/rqd/async
and####.b####.qq.com/rqd/async
loc.map.b####.com/sdk.php
o####.map.b####.com/offline_loc
ser####.dc####.net.cn/device/location

File system changes:

Creates the following files:

/data/data/####/.imei.txt
/data/data/####/1.chunk.js
/data/data/####/2.chunk.js
/data/data/####/Collection.png
/data/data/####/CommonJS.js
/data/data/####/H5F563BDD.xml
/data/data/####/HappyBeans.html
/data/data/####/NearStore.html
/data/data/####/_adio.dcloud.feature.ad.a.a.xml
/data/data/####/aboutus.html
/data/data/####/aboutus.png
/data/data/####/account.css
/data/data/####/accouticon.png
/data/data/####/ad.png
/data/data/####/ad_img.png
/data/data/####/address-add.html
/data/data/####/address-edit.html
/data/data/####/address.html
/data/data/####/addressicon.png
/data/data/####/app.js
/data/data/####/arrow_down.png
/data/data/####/arrow_down2.png
/data/data/####/arrow_up.png
/data/data/####/arrow_up2.png
/data/data/####/assets-icon.png
/data/data/####/authStatus_upmall.app.xml
/data/data/####/authStatus_upmall.app;remote.xml
/data/data/####/bar01.png
/data/data/####/bar02.png
/data/data/####/beansOrder.html
/data/data/####/beansbg.png
/data/data/####/big1_img.png
/data/data/####/big_img.png
/data/data/####/bind-phone.html
/data/data/####/blank.gif
/data/data/####/bonus-box.png
/data/data/####/bonus.png
/data/data/####/border.png
/data/data/####/bugly_db_legu-journal
/data/data/####/cart-box.html
/data/data/####/cart.html
/data/data/####/category.html
/data/data/####/comment.png
/data/data/####/consumed.png
/data/data/####/coupon_bg.png
/data/data/####/coupon_bg1.jpg
/data/data/####/coupon_bg1.png
/data/data/####/data_0
/data/data/####/data_1
/data/data/####/data_2
/data/data/####/data_3
/data/data/####/dc_ad_type_key.xml
/data/data/####/default-photo.png
/data/data/####/default.png
/data/data/####/delayimg.min.js
/data/data/####/distribution_icon_1.png
/data/data/####/eje3cnc
/data/data/####/errors.png
/data/data/####/f_000001
/data/data/####/f_000002
/data/data/####/f_000003
/data/data/####/f_000004
/data/data/####/f_000005
/data/data/####/f_000006
/data/data/####/f_000007
/data/data/####/f_000008
/data/data/####/f_000009
/data/data/####/f_00000a
/data/data/####/f_00000b
/data/data/####/f_00000c
/data/data/####/f_00000d
/data/data/####/f_00000e
/data/data/####/f_00000f
/data/data/####/f_000010
/data/data/####/f_000011
/data/data/####/f_000012
/data/data/####/f_000013
/data/data/####/f_000014
/data/data/####/f_000015
/data/data/####/f_000016
/data/data/####/f_000017
/data/data/####/f_000018
/data/data/####/f_000019
/data/data/####/f_00001a
/data/data/####/f_00001b
/data/data/####/f_00001c
/data/data/####/f_00001d
/data/data/####/f_00001e
/data/data/####/f_00001f
/data/data/####/f_000020
/data/data/####/f_000021
/data/data/####/f_000022
/data/data/####/f_000023
/data/data/####/f_000024
/data/data/####/f_000025
/data/data/####/f_000026
/data/data/####/f_000027
/data/data/####/f_000028
/data/data/####/f_000029
/data/data/####/f_00002a
/data/data/####/f_00002b
/data/data/####/f_00002c
/data/data/####/f_00002d
/data/data/####/f_00002e
/data/data/####/f_00002f
/data/data/####/f_000030
/data/data/####/f_000031
/data/data/####/f_000032
/data/data/####/f_000033
/data/data/####/f_000034
/data/data/####/f_000035
/data/data/####/f_000036
/data/data/####/f_000037
/data/data/####/f_000038
/data/data/####/f_000039
/data/data/####/f_00003a
/data/data/####/f_00003b
/data/data/####/f_00003c
/data/data/####/f_00003d
/data/data/####/f_00003e
/data/data/####/f_00003f
/data/data/####/f_000040
/data/data/####/f_000041
/data/data/####/f_000042
/data/data/####/f_000043
/data/data/####/f_000044
/data/data/####/f_000045
/data/data/####/f_000046
/data/data/####/f_000047
/data/data/####/f_000048
/data/data/####/f_000049
/data/data/####/f_00004a
/data/data/####/f_00004b
/data/data/####/f_00004c
/data/data/####/f_00004d
/data/data/####/f_00004e
/data/data/####/f_00004f
/data/data/####/f_000050
/data/data/####/f_000051
/data/data/####/f_000052
/data/data/####/f_000053
/data/data/####/f_000054
/data/data/####/f_000055
/data/data/####/f_000056
/data/data/####/f_000057
/data/data/####/f_000058
/data/data/####/f_000059
/data/data/####/f_00005a
/data/data/####/f_00005b
/data/data/####/f_00005c
/data/data/####/f_00005d
/data/data/####/f_00005e
/data/data/####/f_00005f
/data/data/####/f_000060
/data/data/####/f_000061
/data/data/####/f_000062
/data/data/####/f_000063
/data/data/####/f_000064
/data/data/####/f_000065
/data/data/####/f_000066
/data/data/####/f_000067
/data/data/####/f_000068
/data/data/####/f_000069
/data/data/####/f_00006a
/data/data/####/f_00006b
/data/data/####/f_00006c
/data/data/####/favorite.png
/data/data/####/favorite_on.png
/data/data/####/fenxiang.png
/data/data/####/file__0.localstorage-journal
/data/data/####/firll.dat
/data/data/####/flow.png
/data/data/####/footprint.png
/data/data/####/gal.db
/data/data/####/gal.db-journal
/data/data/####/getui_sp.xml
/data/data/####/goodsView1.jpg
/data/data/####/goodsView2.jpg
/data/data/####/goodsView3.jpg
/data/data/####/goodsView4.jpg
/data/data/####/group_1_2.png
/data/data/####/group_1_3.png
/data/data/####/group_1_4.png
/data/data/####/group_1_5.png
/data/data/####/group_2_2.png
/data/data/####/group_2_3.png
/data/data/####/group_2_4.png
/data/data/####/group_2_5.png
/data/data/####/group_2_6.png
/data/data/####/group_2_7.png
/data/data/####/group_3_2.png
/data/data/####/group_3_3.png
/data/data/####/group_3_4.png
/data/data/####/group_3_5.png
/data/data/####/group_3_6.png
/data/data/####/group_3_7.png
/data/data/####/group_4_2.png
/data/data/####/group_4_3.png
/data/data/####/group_4_4.png
/data/data/####/group_4_5.png
/data/data/####/group_4_6.png
/data/data/####/group_4_7.png
/data/data/####/group_4_8.png
/data/data/####/group_4_9.png
/data/data/####/guide.html
/data/data/####/home.html
/data/data/####/hst.db
/data/data/####/hst.db-journal
/data/data/####/html5Geo.xml
/data/data/####/ic_arrow.png
/data/data/####/ic_arrow2.png
/data/data/####/ic_cart.png
/data/data/####/ic_cart_disable.png
/data/data/####/ic_clear.png
/data/data/####/ic_close.png
/data/data/####/ic_locate.png
/data/data/####/ic_locate2.png
/data/data/####/ic_locate3.png
/data/data/####/ic_phone.png
/data/data/####/ic_trash.png
/data/data/####/ic_upgrade.png
/data/data/####/icon-search-16-16.png
/data/data/####/icon.png
/data/data/####/icon_fx.png
/data/data/####/iconfont.ttf
/data/data/####/index
/data/data/####/index-banner.png
/data/data/####/index.html
/data/data/####/init_c1.pid
/data/data/####/inte-icon.png
/data/data/####/integral-coupon.html
/data/data/####/integral-detail.html
/data/data/####/integral-gift.html
/data/data/####/integral-home.html
/data/data/####/integral-order-detail.html
/data/data/####/integral-order.html
/data/data/####/integral-submit.html
/data/data/####/integral-use.html
/data/data/####/integral1.png
/data/data/####/integral2.png
/data/data/####/invite_bg.png
/data/data/####/jd_07.jpg
/data/data/####/jquery-1.12.0.min.js
/data/data/####/jquery.himallStorage.js
/data/data/####/kmicon.png
/data/data/####/libcuid.so
/data/data/####/libnfix.so
/data/data/####/libshella-2.9.1.2.so
/data/data/####/libufix.so
/data/data/####/limitbuy-list.html
/data/data/####/loading.gif
/data/data/####/local_crash_lock
/data/data/####/locating.gif
/data/data/####/login-bind.html
/data/data/####/login.html
/data/data/####/logo-bg.png
/data/data/####/logo.png
/data/data/####/lrz.bundle.js
/data/data/####/manifest.json
/data/data/####/md5.js
/data/data/####/meiqia-btn.png
/data/data/####/meiqia.html
/data/data/####/meiqia_icon.png
/data/data/####/merge-any.html
/data/data/####/merge-any.jpg
/data/data/####/merge-call.html
/data/data/####/merge-call.jpg
/data/data/####/merge-detail.html
/data/data/####/merge-list-thumb-mask.png
/data/data/####/merge-list.html
/data/data/####/merge-not.jpg
/data/data/####/merge-personal-detail-line.png
/data/data/####/merge-personal-detail.html
/data/data/####/merge-personal-list.html
/data/data/####/merge.png
/data/data/####/mid1_img.png
/data/data/####/mid_img.png
/data/data/####/mix.dex
/data/data/####/more6.png
/data/data/####/mui.listpicker.css
/data/data/####/mui.listpicker.js
/data/data/####/mui.min.css
/data/data/####/mui.min.js
/data/data/####/mui.poppicker.css
/data/data/####/mui.poppicker.js
/data/data/####/mui.previewimage.js
/data/data/####/mui.ttf
/data/data/####/mui.zoom.js
/data/data/####/multidex.version.xml
/data/data/####/native_record_lock
/data/data/####/navigation.png
/data/data/####/noauth.html
/data/data/####/noimage200.png
/data/data/####/null.png
/data/data/####/ofl.config
/data/data/####/ofl_location.db
/data/data/####/ofl_location.db-journal
/data/data/####/ofl_statistics.db
/data/data/####/ofl_statistics.db-journal
/data/data/####/ok-black.png
/data/data/####/ok-check.png
/data/data/####/ok.png
/data/data/####/online_btn_03.png
/data/data/####/order-choose-store.html
/data/data/####/order-detail.html
/data/data/####/order-evaluate-append.html
/data/data/####/order-evaluate.html
/data/data/####/order-express.html
/data/data/####/order-list.html
/data/data/####/order-pickup-goods.html
/data/data/####/order-qrcode.html
/data/data/####/order-refund-detail.html
/data/data/####/order-refund-list.html
/data/data/####/order-refund.html
/data/data/####/order-share.html
/data/data/####/order-submit.html
/data/data/####/password-change.html
/data/data/####/password-forget.html
/data/data/####/payment.png
/data/data/####/paypwd-change.html
/data/data/####/paypwd-forget.html
/data/data/####/pdr.xml
/data/data/####/phone2.png
/data/data/####/pickup.png
/data/data/####/point-change.html
/data/data/####/pointbg.jpg
/data/data/####/pointimg.png
/data/data/####/posi-icon1.png
/data/data/####/product-comment.html
/data/data/####/product-detail.html
/data/data/####/qq.png
/data/data/####/qq_icon.png
/data/data/####/qr-status.png
/data/data/####/qr_bg.png
/data/data/####/qrcode.min.js
/data/data/####/refund.png
/data/data/####/reg.html
/data/data/####/remm.png
/data/data/####/search.html
/data/data/####/security_info
/data/data/####/sendicon.png
/data/data/####/shopfavorite.png
/data/data/####/small1_img.png
/data/data/####/small2_img.png
/data/data/####/small_img.png
/data/data/####/stars_grey.png
/data/data/####/stars_orange.png
/data/data/####/start.png
/data/data/####/start_statistics_data.xml
/data/data/####/store-choose-address.html
/data/data/####/store-comment.html
/data/data/####/store-detail.html
/data/data/####/store-evaluate.html
/data/data/####/store-home.html
/data/data/####/store-list.html
/data/data/####/store-product-detail.html
/data/data/####/store-search.html
/data/data/####/store-tag.html
/data/data/####/storeHome.js
/data/data/####/storeShopCart.js
/data/data/####/store_add.png
/data/data/####/store_addressicon.png
/data/data/####/store_minus.png
/data/data/####/store_minus2.png
/data/data/####/stores.html
/data/data/####/storetel.png
/data/data/####/stream_permission.xml
/data/data/####/style.css
/data/data/####/swiper.min.js
/data/data/####/swiper.png
/data/data/####/template.js
/data/data/####/test_app
/data/data/####/thumb.png
/data/data/####/title_img.png
/data/data/####/topic-detail.html
/data/data/####/topic.html
/data/data/####/user-account.html
/data/data/####/user-assets.html
/data/data/####/user-coupon.html
/data/data/####/user-favproduct.html
/data/data/####/user-favshop.html
/data/data/####/user-history.html
/data/data/####/user-info.html
/data/data/####/user-invite.html
/data/data/####/user-recharge.html
/data/data/####/userbg.jpg
/data/data/####/usercenter.html
/data/data/####/vshop-category.html
/data/data/####/vshop-coupon.html
/data/data/####/vshop-detail.html
/data/data/####/vshop-intro.html
/data/data/####/vshop-list.html
/data/data/####/vshop-search.html
/data/data/####/vshop.html
/data/data/####/waitupload.png
/data/data/####/waitupload5.png
/data/data/####/waitupload6.png
/data/data/####/web-show.html
/data/data/####/webview.db-journal
/data/data/####/webviewCookiesChromium.db-journal
/data/data/####/webviewCookiesChromiumPrivate.db-journal
/data/data/####/weixin.png
/data/data/####/wx-page.html
/data/data/####/wxfriend.png
/data/media/####/.cuid
/data/media/####/.cuid2
/data/media/####/.imei.txt
/data/media/####/AdEnable.dat
/data/media/####/conlts.dat
/data/media/####/ls.db
/data/media/####/ls.db-journal
/data/media/####/yoh.dat
/data/media/####/yol.dat
/data/media/####/yom.dat

Miscellaneous:

Executes the following shell scripts:

/system/bin/sh -c getprop ro.aa.romver
/system/bin/sh -c getprop ro.board.platform
/system/bin/sh -c getprop ro.build.fingerprint
/system/bin/sh -c getprop ro.build.nubia.rom.name
/system/bin/sh -c getprop ro.build.rom.id
/system/bin/sh -c getprop ro.build.tyd.kbstyle_version
/system/bin/sh -c getprop ro.build.version.emui
/system/bin/sh -c getprop ro.build.version.opporom
/system/bin/sh -c getprop ro.gn.gnromvernumber
/system/bin/sh -c getprop ro.lenovo.series
/system/bin/sh -c getprop ro.lewa.version
/system/bin/sh -c getprop ro.meizu.product.model
/system/bin/sh -c getprop ro.miui.ui.version.name
/system/bin/sh -c getprop ro.vivo.os.build.display.id
/system/bin/sh -c type su
chmod 700 <Package Folder>/tx_shell/libnfix.so
chmod 700 <Package Folder>/tx_shell/libshella-2.9.1.2.so
chmod 700 <Package Folder>/tx_shell/libufix.so
getprop ro.aa.romver
getprop ro.board.platform
getprop ro.build.fingerprint
getprop ro.build.nubia.rom.name
getprop ro.build.rom.id
getprop ro.build.tyd.kbstyle_version
getprop ro.build.version.emui
getprop ro.build.version.opporom
getprop ro.gn.gnromvernumber
getprop ro.lenovo.series
getprop ro.lewa.version
getprop ro.meizu.product.model
getprop ro.miui.ui.version.name
getprop ro.vivo.os.build.display.id
getprop ro.yunos.version
logcat -d -v threadtime

Loads the following dynamic libraries:

BaiduMapSDK_base_v4_3_1
Bugly
getuiext2
libnfix
libshella-2.9.1.2
libufix
locSDK7a
nfix
ufix

Uses the following algorithms to encrypt data:

AES-CBC-PKCS5Padding
AES-GCM-NoPadding
RSA-ECB-PKCS1Padding
RSA-NONE-OAEPWithSHA1AndMGF1Padding

Uses the following algorithms to decrypt data:

AES-CBC-PKCS5Padding
AES-GCM-NoPadding

Uses special library to hide executable bytecode.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

Gets information about installed apps.

Displays its own windows over windows of other apps.

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical information

Curing recommendations

Free trial