Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.HiddenAds.1200
Downloads the following detected threats from the Internet:
- Android.HiddenAds.1200
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) v2.g####.qq.com:80
- TCP(HTTP/1.1) z####.heyc####.net:80
- TCP(HTTP/1.1) a.bjsd####.com:80
- TCP(HTTP/1.1) yun.tuis####.com:80
- TCP(HTTP/1.1) ser####.ad.a####.com:80
- TCP(HTTP/1.1) dn.tc####.com:80
- TCP(HTTP/1.1) pi####.qq.com:80
- TCP(HTTP/1.1) en####.tui####.com:80
- TCP(HTTP/1.1) 06img####.eas####.com.####.com:80
- TCP(HTTP/1.1) acti####.russi####.cn:80
- TCP(HTTP/1.1) fp-st####.b0.a####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) api.ia####.com:651
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) sc.g####.qq.com:80
- TCP(HTTP/1.1) yun.d####.com.cn:80
- TCP(HTTP/1.1) ser####.aib####.a####.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) yun.t####.cn:80
- TCP(HTTP/1.1) p.zcul####.net:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) ser####.kv.dandanj####.tv:80
- TCP(HTTP/1.1) w####.pcon####.com.cn:80
- TCP(HTTP/1.1) d####.dd7####.com:80
- TCP(HTTP/1.1) i####.a####.com:80
- TCP(HTTP/1.1) loc.map.b####.com:80
- TCP(HTTP/1.1) s.androi####.com:80
- TCP(HTTP/1.1) yun.russi####.cn.####.com:80
- TCP(HTTP/1.1) d.bjsd####.com:80
- TCP(HTTP/1.1) ser####.vid####.a####.com:80
- TCP(HTTP/1.1) sh.wagbr####.aliyun####.com:80
- TCP(HTTP/1.1) anal####.a####.com:80
- TCP(HTTP/1.1) yun.d####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(SSL/3.0) hunter-####.d####.com:443
- TCP(TLS/1.0) ser####.vid####.a####.com:443
- TCP(TLS/1.0) fp.ton####.net:443
- TCP(TLS/1.0) api.w####.com:443
- TCP(TLS/1.0) e.crashly####.com:443
- TCP(TLS/1.0) ada####.m.ta####.com:443
- TCP(TLS/1.0) s####.e.qq.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.0) analy####.map.qq.com:443
- TCP(TLS/1.0) aliyuno####.oss-cn-####.aliy####.com:443
- TCP(TLS/1.0) sh.wagbr####.ta####.com:443
- TCP(TLS/1.0) fp.fraudme####.cn:443
- TCP(TLS/1.0) feedbac####.aliy####.com:443
- TCP(TLS/1.0) clien####.i####.net:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) hunter-####.d####.com:443
- TCP(WHOIS) w####.a####.net:43
- TCP(WHOIS) w####.r####.net:43
DNS requests:
- 06img####.eas####.com
- 1####.i####.com
- a####.man.aliy####.com
- a####.u####.com
- a.bjsd####.com
- acti####.russi####.cn
- ada####.ut.ta####.com
- adas####.ut.ta####.com
- aliyuno####.oss-cn-####.aliy####.com
- anal####.a####.com
- analy####.map.qq.com
- api.16####.com
- api.ia####.com
- api.map.b####.com
- api.w####.com
- cdn.v####.aib####.####.tv
- clien####.i####.net
- d####.dd7####.com
- d.bjsd####.com
- dn.tc####.com
- e.crashly####.com
- en####.tui####.com
- feedbac####.aliy####.com
- fp.fraudme####.cn
- fp.ton####.net
- hunter-####.d####.com
- i####.a####.com
- i####.aib####.a####.com
- img.aib####.a####.com
- imgc####.qq.com
- loc.map.b####.com
- mi.g####.qq.com
- p####.ugd####.com
- p.zcul####.net
- pi####.qq.com
- qzones####.g####.cn
- rw####.softl####.com
- s####.e.qq.com
- s.androi####.com
- sc.g####.qq.com
- ser####.ad.a####.com
- ser####.aib####.a####.com
- ser####.kv.dandanj####.tv
- ser####.ne####.a####.com
- ser####.vid####.a####.com
- sett####.crashly####.com
- st####.fraudme####.cn
- v.g####.qq.com
- v2.g####.qq.com
- w####.a####.net
- w####.pcon####.com.cn
- w####.r####.net
- yun.d####.com
- yun.d####.com.cn
- yun.russi####.cn
- yun.t####.cn
- yun.tuis####.com
- z####.heyc####.net
- z5.c####.com
HTTP GET requests:
- 06img####.eas####.com.####.com/mobile/20190403/2019040303_8284420faf6043...
- acti####.russi####.cn/activity/getAllSkin?timestamp=####&couponSkinId=##...
- acti####.russi####.cn/activity/getReturnPage?timestamp=####&slotId=####&...
- acti####.russi####.cn/activity/index?id=####&slotId=####&login=####&appK...
- acti####.russi####.cn/cardCollect/getUserCardsInfo?timestamp=####&activi...
- acti####.russi####.cn/common/ip
- anal####.a####.com/v1/wallpaper/category
- anal####.a####.com/v1/wallpaper/tab?channel=####&version=####
- d####.dd7####.com//upload/plog/dfkn.jar
- d####.dd7####.com//upload/sdk2/SDK31dex20190220.jar
- d####.dd7####.com//upload/sdk2/clsdkdex20181129.jar
- d####.dd7####.com//upload/sdk2/sdk04dex20190218.jar
- d####.dd7####.com//upload/sdk3/Imgdex20190326.jar
- d####.dd7####.com//upload/sdk3/cjmob20190301.jar
- d####.dd7####.com/upload/plog/N38de20181225.jar
- d####.dd7####.com/upload/plog/mfgz.jar
- d####.dd7####.com/upload/sdk3/SSDK_28.jar
- dn.tc####.com/dnfile/image/bxm/wg_0104_v11_011_1f.jar
- en####.tui####.com/index/activity?appKey=####&adslotId=####
- fp-st####.b0.a####.com/v2/fm.js?ver=####&t=####
- i####.a####.com/5c73d1dde7bce75e91a072cb?imageVi####
- i####.a####.com/5c7cdb44e7bce7558d78ffd9?imageVi####
- i####.a####.com/5c80b8dae7bce755372a1ec8?imageVi####
- i####.a####.com/5c80b8e5e7bce7554e131012?imageVi####
- i####.a####.com/5ca274969a1aa33a13069e41?imageVi####
- i####.a####.com/download/50641c15cd29917b1d818c02
- mi.g####.qq.com/gdt_mview.fcg?actual_width=####&count=####&r=####&templa...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.appcache
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/banner.html
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/banner_close_b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg03.jpg
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/bannerbg07.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close02.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/close03.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon....
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/download_icon_...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/gdt_logo_black...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/icon-ad.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/sdk_bg.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tc-gdt-sdk-ope...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_ad_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/images/tsa_logo.png
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js-release/20170821/b...
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android01/js/lib/require.js
- p####.tc.qq.com/qzone/biz/gdt/mob/sdk/v2/android03/js-release/1.1.0/nati...
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- s####.tc.qq.com/gdt/0/DAAizTJAUAALQABiBcn2F3BBlVWze_.jpg/0?ck=####
- s.androi####.com/5ca2290831f6132e3f1835f3.jpg?newver=####&imageMo####&si...
- s.androi####.com/android_res/fanxing.jpg
- s.androi####.com/download/575c2e14742aa75c809c2dd2
- s.androi####.com/download/594b8b1ce7bce7188ba2b769
- s.androi####.com/download/59afd7ade7bce729760f403e
- s.androi####.com/download/59b26f60e7bce729aa47e1a0
- s.androi####.com/download/5c94c22831f6136a1c2b5d9e
- s.androi####.com/videowp/1212.png
- sc.g####.qq.com/gdt_mclick.fcg?viewid=####&jtype=####&i=####&os=####&asi...
- ser####.ad.a####.com/v3/ad/appdetail?app=####&iso=####&osVer=####&mcc=##...
- ser####.ad.a####.com/v3/ad/bundle?position=####&app=####&iso=####&osVer=...
- ser####.ad.a####.com/v3/ad/config?os=####&model=####&apiver=####&osversi...
- ser####.ad.a####.com/v3/ad/list?app=####&iso=####&osVer=####&mcc=####&o=...
- ser####.ad.a####.com/v3/ad/splash?app=####&iso=####&osVer=####&mcc=####&...
- ser####.ad.a####.com/v3/ad?limit=####&os=####&model=####&apiver=####&osv...
- ser####.aib####.a####.com/v1/client/skin?adult=####
- ser####.aib####.a####.com/v1/user/title?adult=####
- ser####.aib####.a####.com/v1/wallpaper/album/51dd49aa48d5b95f6195a096/wa...
- ser####.aib####.a####.com/v3/homepage?order=####&adult=####&first=####&d...
- ser####.kv.dandanj####.tv/online/params?os=####¤ttime=####&sys=###...
- ser####.kv.dandanj####.tv/online/params?package_name=####&adult=####
- ser####.vid####.a####.com/v1/analytics?id=####&type=####
- ser####.vid####.a####.com/v1/news?adult=####&skip=####
- ser####.vid####.a####.com/v3/ad/config?os=####&model=####&apiver=####&os...
- ser####.vid####.a####.com/v3/ad?limit=####&os=####&model=####&apiver=###...
- v2.g####.qq.com/gdt_stats.fcg?viewid=####&i=####&os=####&xp=####
- yun.d####.com.cn/h5-tuia/couponPrize/lucky.png?nnn=####
- yun.d####.com/figerprint/webfiger.cache.js?x=####
- yun.russi####.cn.####.com/h5-mami/h5-discern-simulator-1.0.19.min.js?t=#...
- yun.russi####.cn.####.com/h5-mami/insurance/taobao/clipboard.min.js
- yun.russi####.cn.####.com/h5-mami/shendun/shendun0313.js
- yun.t####.cn/tuia/skyeye/skyeye.js
- yun.tuis####.com/h5-mami/QBModal/index_201801031421.css
- yun.tuis####.com/h5-mami/QBModal/index_201801171227.js
- yun.tuis####.com/h5-mami/activity/luckyBox/btn-record.png?x-oss-process=...
- yun.tuis####.com/h5-mami/activity/luckyBox/btn-rule.png?x-oss-process=####
- yun.tuis####.com/h5-mami/activity/luckyBox/hand.png?x-oss-process=####
- yun.tuis####.com/h5-mami/activity/luckyBox/rp2.png?x-oss-process=####
- yun.tuis####.com/h5-mami/biiModal/index_201801242113.css
- yun.tuis####.com/h5-mami/biiModal/index_201801242113.js
- yun.tuis####.com/h5-mami/couponPrize/alipay/index_201807161748.css
- yun.tuis####.com/h5-mami/couponPrize/alipay/index_201807161748.js
- yun.tuis####.com/h5-mami/dist/1c08437980dcfba576e3867ba6a95ba6.png?x-oss...
- yun.tuis####.com/h5-mami/dist/1c8f0170fdf3987ce4be80f9fe2e8fd1.png?x-oss...
- yun.tuis####.com/h5-mami/dist/5c32bf2a98d1aedb8317cb1f024d6051.jpg?x-oss...
- yun.tuis####.com/h5-mami/dist/8f8595799e79acc006ecd8b6db5bb0f3.png?x-oss...
- yun.tuis####.com/h5-mami/dist/activity-common.268240fd9c76f29e7518.js
- yun.tuis####.com/h5-mami/dist/activity-luckyBox-v2-entry.62dcae69135f6bf...
- yun.tuis####.com/h5-mami/dist/activity-luckyBox-v2-entry.aa8f60856eaab12...
- yun.tuis####.com/h5-mami/dist/apple.7f6a3291740a5b0f1575.js
- yun.tuis####.com/h5-mami/dist/eccca417260ced2b9078cdca4b00ba30.png?x-oss...
- yun.tuis####.com/h5-mami/dist/ef82452c536e552399253354acad5c3e.png?x-oss...
- yun.tuis####.com/h5-mami/dist/es6-promise.auto.min.js
- yun.tuis####.com/h5-mami/dist/fastclick.884d135bf77e46aaaafb.js
- yun.tuis####.com/h5-mami/dist/intercept.f4deebb1b20275244b00.js
- yun.tuis####.com/h5-mami/dist/kefu.86948c2a3f49318246b3.js
- yun.tuis####.com/h5-mami/dist/lotteryPublic.594b3cd6c7b628c8625a.js
- yun.tuis####.com/h5-mami/dist/record.da93ec66bc38409db739.js
- yun.tuis####.com/h5-mami/dist/rule.cda0c35826bb19418a0b.js
- yun.tuis####.com/h5-mami/dist/vendors.83716396abcfb6b37c43.js
- yun.tuis####.com/h5-mami/objectModal/index_201801031418.css
- yun.tuis####.com/h5-mami/objectModal/index_201801092025.js
- yun.tuis####.com/newactivity/assets/btn1.c13ecc71a2b7aca26f652f66a9a3b1b...
- yun.tuis####.com/newactivity/assets/btn2.68421d158b038dab250be36c1c2b1ee...
- yun.tuis####.com/newactivity/assets/btn3.6dd5c839fd72bf08210a8f159f563cf...
- yun.tuis####.com/newactivity/assets/coupon1.1731233f29a6f34013cac39f8636...
- yun.tuis####.com/newactivity/assets/coupon3.1e978075c7fab7c4a07684ba2c09...
- yun.tuis####.com/newactivity/assets/encourageIcon.0c6fe406.css
- yun.tuis####.com/newactivity/assets/encourageIcon.2aa6e3e8.js
- yun.tuis####.com/newactivity/assets/encourageLayer.2701876e.js
- yun.tuis####.com/newactivity/assets/encourageLayer.a7e5d089.css
- yun.tuis####.com/newactivity/assets/gyroscope.90b7461a.js
- yun.tuis####.com/newactivity/assets/layer-483.24adb5fb.css
- yun.tuis####.com/newactivity/assets/layer-483.e8affea0.js
- yun.tuis####.com/newactivity/assets/showThanks.18de8f8a.css
- yun.tuis####.com/newactivity/assets/showThanks.baa45fac.js
- yun.tuis####.com/newactivity/assets/showVirtualPrize.18ac1fd0.css
- yun.tuis####.com/newactivity/assets/showVirtualPrize.c7daadd6.js
- yun.tuis####.com/newactivity/assets/touchs.3bae3309.js
- yun.tuis####.com/tuia/hunter/2.3.0/hunter.js
- z.c####.com/stat.htm?id=####&cnzz_eid=####
HTTP POST requests:
- a####.u####.com/app_logs
- a.bjsd####.com/index.php?r=####
- acti####.russi####.cn/activity/getLimitTimes
- acti####.russi####.cn/pluginTools/responsiveIndex
- anal####.a####.com/v2/picasso/app
- anal####.a####.com/v2/picasso/event
- anal####.a####.com/v2/picasso/page
- anal####.a####.com/v2/picasso/user
- anal####.a####.com/v2/picasso/visit
- api.ia####.com:651/api_yi.aspx
- api.ia####.com:651/slsdk/getdata.aspx
- api.ia####.com:651/slsdk/settings.aspx
- d.bjsd####.com/index.php?r=####
- loc.map.b####.com/sdk.php
- p.zcul####.net/m/a/t
- pi####.qq.com/mstat/report/?index=####
- s####.e.qq.com/activate
- s####.e.qq.com/click
- s####.e.qq.com/launch
- s####.e.qq.com/msg
- ser####.aib####.a####.com/v2/wallpaper/wallpaper/5c73d1dde7bce75e91a072c...
- ser####.aib####.a####.com/v2/wallpaper/wallpaper/5c80b8dae7bce755372a1ec...
- sh.wagbr####.aliyun####.com/man/api?ak=####&s=####
- v2.g####.qq.com/gdt_stats.fcg
- w####.pcon####.com.cn/ip.jsp
- z####.heyc####.net/getlist
- z####.heyc####.net/xlogin
File system changes:
Creates the following files:
- /data/data/####/-1486506318-1699985015
- /data/data/####/-1638584026-1485938731
- /data/data/####/-37512920-1485938731
- /data/data/####/-961972195462486127
- /data/data/####/.imprint
- /data/data/####/.mta-wxop.xml
- /data/data/####/15237665-138746866
- /data/data/####/1743893553-813674615
- /data/data/####/2296.yaqcookie
- /data/data/####/2715.yaqcookie
- /data/data/####/3e62ccd556bd954a0d6e78ba0fe9fa2fefa2c2bbda7f5e3....0.tmp
- /data/data/####/442928809935700871
- /data/data/####/461686552-1899349734
- /data/data/####/461686552624499943
- /data/data/####/4d5df4a29ea4c9093ee8fcb6f857a269c4de8bab23c43c6....0.tmp
- /data/data/####/5CA3EDD5011A-0001-08F8-65F0A9BCB84EBeginSession.cls_temp
- /data/data/####/5CA3EDD5011A-0001-08F8-65F0A9BCB84ESessionApp.cls_temp
- /data/data/####/5CA3EDD5011A-0001-08F8-65F0A9BCB84ESessionDevice.cls_temp
- /data/data/####/5CA3EDD5011A-0001-08F8-65F0A9BCB84ESessionOS.cls_temp
- /data/data/####/5CA3EDD5011A-0001-08F8-65F0A9BCB84ESessionUser.cls_temp
- /data/data/####/5CA3EDF10219-0001-0A9B-65F0A9BCB84EBeginSession.cls_temp
- /data/data/####/5CA3EDF10219-0001-0A9B-65F0A9BCB84ESessionApp.cls_temp
- /data/data/####/5CA3EDF10219-0001-0A9B-65F0A9BCB84ESessionDevice.cls_temp
- /data/data/####/5CA3EDF10219-0001-0A9B-65F0A9BCB84ESessionOS.cls_temp
- /data/data/####/682696364232392179
- /data/data/####/6db8ce672aa8fcb15361459863d272c2da278c65ade2215....0.tmp
- /data/data/####/702237486-1169788530
- /data/data/####/702237486232392179
- /data/data/####/74b38b008fa772912e5a02fb8d6e0f5c189419a6f128f96....0.tmp
- /data/data/####/7a858774094a18c23d34f1fe18b9802e65956c9e17718fe....0.tmp
- /data/data/####/7dc0fa05775cb87067464e75ab7c7a27f7e6af2734a49fa....0.tmp
- /data/data/####/845891299-138746866
- /data/data/####/8715a31aa80075e2699523c2d007495bb66829fbb2143f7....0.tmp
- /data/data/####/88f4313e13d40472aa72d22614417e8e869544f4e394926....0.tmp
- /data/data/####/8e169f50540bd9582c254913ffad86dfaa3eed6c572e3cf....0.tmp
- /data/data/####/8e169f50540bd9582c254913ffad86dfaa3eed6c572e3cf...7e69.0
- /data/data/####/8ef81c7e0ae128fe59fe9a9848e756fb3a1b958da37b06d....0.tmp
- /data/data/####/9047435651018146486
- /data/data/####/9047435651713758507
- /data/data/####/970322859935700871
- /data/data/####/9ebe04631db5b2973e41a7d1a45b5b43033ef22dfc73e4b....0.tmp
- /data/data/####/AdvSDK.xml
- /data/data/####/Alvin2.xml
- /data/data/####/AppStore.xml
- /data/data/####/ApplicationCache.db-journal
- /data/data/####/BuglySdkInfos.xml
- /data/data/####/CachedGeoposition.db
- /data/data/####/CachedGeoposition.db-journal
- /data/data/####/ContextData.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/TwitterAdvertisingInfoPreferences.xml
- /data/data/####/UTCommon.xml
- /data/data/####/UmengLocalNotificationStore.db-journal
- /data/data/####/a75858be3c1c34e7e6e703ecd37d9ad27c867a7ee200ac7....0.tmp
- /data/data/####/adesk_online_config
- /data/data/####/adkBody_pref.xml
- /data/data/####/adk_pref.xml
- /data/data/####/ap.Lock
- /data/data/####/authStatus_com.lovebizhi.wallpaper;remote.xml
- /data/data/####/b0a1f3e4f7b4e31aee42051141f61c71060b0b2acce2f08....0.tmp
- /data/data/####/b453e6b55023e91b2b7337adee09fd8353e4e4b04c46d40....0.tmp
- /data/data/####/cate_wp_animation
- /data/data/####/cate_wp_girl
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/cdf925fba877b2d289e2692d9c779cb24019fe740ff1371....0.tmp
- /data/data/####/com.crashlytics.prefs.xml
- /data/data/####/com.crashlytics.sdk.android;answers;settings.xml
- /data/data/####/com.crashlytics.settings.json
- /data/data/####/com.lovebizhi.wallpaper-1.apk.classes-1581451311.zip
- /data/data/####/com.lovebizhi.wallpaper_preferences.xml
- /data/data/####/common_config.xml
- /data/data/####/config.xml
- /data/data/####/d10f5bfd37f1e6953cddb0511c2fccc093cad2358ddbe8f....0.tmp
- /data/data/####/d91cb9e3dbe774636416a1fffcb5bd1a4980688fc799c42....0.tmp
- /data/data/####/d9784921196a152d624d46259514000642d97f71bb48a3f....0.tmp
- /data/data/####/d9784921196a152d624d46259514000642d97f71bb48a3f...2b73.0
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/dd74fe7331f33c266c7e710d75b3ec11144d3346cd6e417....0.tmp
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/dexMethod.48462615.dat
- /data/data/####/dexMethod.82894129.dat
- /data/data/####/dialog_config.xml
- /data/data/####/dpi
- /data/data/####/e7702c18b133d6cd25aceda3732d5ef3304e906c173ebbc....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f7d5b0ee7e229cee3b31ff1f2ac39882f18fd2be5485b27....0.tmp
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/fgzde.data-journal
- /data/data/####/file_cate_album_animation
- /data/data/####/file_cate_album_girl
- /data/data/####/firll.dat
- /data/data/####/gdt_config.cfg
- /data/data/####/gdt_plugin.dex (deleted)
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.tmp
- /data/data/####/gdt_plugin.tmp.sig
- /data/data/####/gdt_stat.db
- /data/data/####/gdt_stat.db-journal
- /data/data/####/gdt_suid
- /data/data/####/hid.db
- /data/data/####/index
- /data/data/####/initialization_marker
- /data/data/####/io.fabric.sdk.android;fabric;io.fabric.sdk.andr...ng.xml
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libyaqbasic.48462615.so
- /data/data/####/libyaqbasic.82894129.so
- /data/data/####/libyaqpro.48462615.so
- /data/data/####/libyaqpro.82894129.so
- /data/data/####/lzzhe.xml
- /data/data/####/lzzhe.xml.bak (deleted)
- /data/data/####/multidex.version.xml
- /data/data/####/mykernel.apk
- /data/data/####/online_params_pre.xml
- /data/data/####/pos_config_path
- /data/data/####/pri_wxop_tencent_analysis.db-journal
- /data/data/####/sa_9ac631b5-3671-467a-be78-f83c16b7f3e1_1554247155678.tap
- /data/data/####/sa_bdce9835-4e71-410d-99f7-f8ccc6942ebd_1554247125770.tap
- /data/data/####/sa_cf40c468-711e-473d-9a5d-9816260722ea_1554247127424.tap
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/session_analytics.tap
- /data/data/####/session_analytics.tap.tmp
- /data/data/####/skin_serializable
- /data/data/####/splash_ads_path
- /data/data/####/splash_config_path
- /data/data/####/temp.file
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_message_state.xml
- /data/data/####/update_lc
- /data/data/####/ut.db
- /data/data/####/ut.db-journal
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/weibo_sdk_aid1
- /data/data/####/wp_cates
- /data/data/####/wxop_tencent_analysis.db-journal
- /data/data/####/yaqsdkcookie
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.mid.txt
- /data/media/####/.nid
- /data/media/####/Alvin2.xml
- /data/media/####/ContextData.xml
- /data/media/####/Imgdex20190326.jar
- /data/media/####/N38de20181225.jar
- /data/media/####/SDK31dex20190220.jar
- /data/media/####/SSDK_28.jar
- /data/media/####/cjmob20190301.jar
- /data/media/####/clsdkdex20181129.jar
- /data/media/####/dfkn.jar
- /data/media/####/mfgz.jar
- /data/media/####/mykernel.apk
- /data/media/####/picasso.db
- /data/media/####/picasso.db-journal
- /data/media/####/sdk04dex20190218.jar
- /data/media/####/test.0
- /data/media/####/yoh.dat
- /data/media/####/yol.dat
- /data/media/####/yom.dat
Miscellaneous:
Executes the following shell scripts:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- /system/bin/sh
- cat /sys/class/android_usb/android0/idProduct
- cat /sys/class/android_usb/android0/idVendor
- getprop
- getprop net.dns1
- ls -l /dev
- ls -l /dev/block
- ls -l /dev/block/vold
- ls -l /dev/bus
- ls -l /dev/bus/usb
- ls -l /dev/bus/usb/001
- ls -l /dev/com.android.settings.daemon
- ls -l /dev/cpuctl
- ls -l /dev/cpuctl/apps
- ls -l /dev/cpuctl/apps/bg_non_interactive
- ls -l /dev/graphics
- ls -l /dev/input
- ls -l /dev/log
- ls -l /dev/pts
- ls -l /dev/snd
- ls -l /dev/socket
- ps
Loads the following dynamic libraries:
- box2d
- ezaction
- ezbase
- ezinterpolator
- ezlwp
- ezparticle
- ezpathiterator
- ezphysics
- ezrt
- eztransition
- libyaqbasic.48462615
- libyaqbasic.82894129
- libyaqpro.48462615
- libyaqpro.82894129
- locSDK7
- picasso
- ut_c_api
- weibosdkcore
- wiengine
- wiskia
- wisound
Uses the following algorithms to encrypt data:
- AES
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- AES-ECB-PKCS7Padding
- DES
- DES-CBC-PKCS5Padding
- RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about APN settings.
Gets information about installed apps.
Gets information about running apps.
Displays its own windows over windows of other apps.