Technical information
Malicious functions:
Removes app icon from the screen.
Threat detection based on machine learning.
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(TLS/1.0) cl####.map.n.####.com:443
- TCP(TLS/1.0) ais####.b####.com:443
- TCP(TLS/1.0) and####.b####.qq.com:443
- TCP(TLS/1.0) gmscomp####.google####.com:443
- TCP(TLS/1.0) newve####.map.b####.com:443
- TCP(TLS/1.0) msh####.b####.com:443
- TCP(TLS/1.0) a####.u####.com.####.com:443
- TCP(TLS/1.0) opencdn####.jom####.com:443
- TCP(TLS/1.0) ccs.u####.com.####.com:443
- TCP(TLS/1.0) 2####.58.207.227:443
- TCP(TLS/1.0) st####.y####.com:443
- TCP(TLS/1.0) rr5---s####.g####.com:443
- TCP(TLS/1.0) h.t####.qq.com:443
- TCP(TLS/1.0) new-####.u####.com:443
- TCP(TLS/1.0) and####.a####.go####.com:443
- TCP(TLS/1.0) def####.duals####.cn.####.com:443
- TCP(TLS/1.0) cstati####.126.net.####.com:443
- TCP(TLS/1.0) newcl####.map.b####.com:443
- TCP(TLS/1.0) p####.google####.com:443
- TCP(TLS/1.0) rr9---s####.g####.com:443
- TCP(TLS/1.0) f####.gst####.com:443
- TCP(TLS/1.0) dl####.b####.com.####.com:443
- TCP(TLS/1.0) al####.u####.com:443
- TCP(TLS/1.0) v.map.b####.com:443
- TCP(TLS/1.0) down####.y####.com:443
- TCP(TLS/1.0) api.map.b####.com:443
- TCP(TLS/1.2) 1####.250.74.67:443
- TCP(TLS/1.2) 2####.58.207.238:443
- TCP(TLS/1.2) 1####.250.74.68:443
- TCP(TLS/1.2) gmscomp####.google####.com:443
- TCP(TLS/1.2) 2####.58.207.227:443
- UDP p####.google####.com:443
- TCP down####.y####.com:443
- TCP im####.y####.com:443
- TCP st####.y####.com:443
- TCP ms####.m.u####.com:80
- TCP ms####.m.u####.com:443
DNS requests:
- a####.u####.com
- ais####.b####.com
- amdc####.m.ta####.com
- and####.a####.go####.com
- and####.b####.qq.com
- and####.google####.com
- api.map.b####.com
- api.y####.com
- ccs.u####.com
- cl####.map.b####.com
- cstati####.126.net
- dl####.b####.com
- down####.y####.com
- f####.gst####.com
- gmscomp####.google####.com
- h.t####.qq.com
- im####.y####.com
- lf3-cdn####.byteg####.com
- m.y####.com
- msh####.b####.com
- newcl####.map.b####.com
- newve####.map.b####.com
- of####.u####.com
- p####.google####.com
- rr5---s####.g####.com
- rr9---s####.g####.com
- st####.y####.com
- st####.y####.com
- u####.u####.com
- umen####.m.ta####.com
- umengj####.m.ta####.com
- ut####.u####.com
- v.map.b####.com
- vector####.b####.com
HTTP GET requests:
- msh####.b####.com:443/p/1/rs/250/985057761/1741077404/e39239a3991f1ad7d0...
HTTP POST requests:
- a####.u####.com.####.com:443/v3/a/audid/req
- al####.u####.com:443/umpx_push_launch
- al####.u####.com:443/umpx_push_register
- al####.u####.com:443/umpx_share
- al####.u####.com:443/unify_logs
- al####.u####.com:443/zcfg
- and####.b####.qq.com:443/rqd/async?aid=####
- api.map.b####.com:443/sdkcs/verify
- ccs.u####.com.####.com:443/aa
- def####.duals####.cn.####.com:443/v2/offmsg/req
- msh####.b####.com:443/c/11/z/250/985057761/1741077402/267a8f849f1a34e841...
- msh####.b####.com:443/c/11/z/250/985057761/1741077408/db6d1f0755922e39ea...
- msh####.b####.com:443/c/11/z/250/985057761/1741077413/9528a4f3ce15f42a51...
- msh####.b####.com:443/c/11/z/250/985057761/1741077419/220226c1ef97d9072d...
- msh####.b####.com:443/f/2/jc/250/985057761/1741077403/0263b211d45d11466b...
- msh####.b####.com:443/p/1/auh/250/985050001/1741077398/b4003b27bba3bce9d...
- msh####.b####.com:443/p/1/r/250/985057761/1741077407/0f6348e4a8264cc2f73...
- msh####.b####.com:443/p/1/r/250/985057761/1741077408/db6d1f0755922e39ea5...
- msh####.b####.com:443/s/3/gd/250/985057761/1741077401/12052fb195c4233e8f...
- msh####.b####.com:443/s/5/aio/250/985057761/1741077399/72fff68bfe68e853d...
- new-####.u####.com:443/api/postZdata/v4
File system changes:
Creates the following files:
- /data/data/####/.imprint
- /data/data/####/.jg.ac
- /data/data/####/020944b9bde6d8385f41ee5af1371910c061362e2195b33....0.tmp
- /data/data/####/020944b9bde6d8385f41ee5af1371910c061362e2195b33...a4cb.0
- /data/data/####/04b976a5a962c7524bcc017ce2a483c361a27706f3a816c....0.tmp
- /data/data/####/07a13ac23c83da00fda54c82c6de9c77408956cb9ba6544....0.tmp
- /data/data/####/07a13ac23c83da00fda54c82c6de9c77408956cb9ba6544...45ff.0
- /data/data/####/07bbaa75fb360b58_0
- /data/data/####/07bbaa75fb360b58_1
- /data/data/####/09ed17fb6de984ff1f92d9059492e1753431dfe303a3cb7....0.tmp
- /data/data/####/09ed17fb6de984ff1f92d9059492e1753431dfe303a3cb7...50c9.0
- /data/data/####/0e1a67b73fc9a4cc_0
- /data/data/####/0e1a67b73fc9a4cc_1
- /data/data/####/1004
- /data/data/####/1247cf664298578481fbe3adeac9b30ecaa62bc38889106....0.tmp
- /data/data/####/1247cf664298578481fbe3adeac9b30ecaa62bc38889106...4ebc.0
- /data/data/####/1585d25eaefbaf3b3d3fdf3ff580638026d20fb44958576....0.tmp
- /data/data/####/1585d25eaefbaf3b3d3fdf3ff580638026d20fb44958576...3bce.0
- /data/data/####/21aea72a65e445ad3830ff700c3656f0ee7a95ceae1ee10...a1c4.0
- /data/data/####/23eaf34356937230_0
- /data/data/####/2a05f529c9a4b6e99e9be44cff2e8ad83db48e349106819....0.tmp
- /data/data/####/2a05f529c9a4b6e99e9be44cff2e8ad83db48e349106819...5e54.0
- /data/data/####/2a7d1e473b5b52d07ce0940b3843b28076c7e9d103c7ab2....0.tmp
- /data/data/####/2a8c7645ac2b842a_0
- /data/data/####/2a8c7645ac2b842a_1
- /data/data/####/2baf89995838bd819a0b2a1ccab3d39ce3de4e26d9a7e6f...471a.0
- /data/data/####/2c0048044fa0aa08b040af53078a87422baaedcdccbaf5c....0.tmp
- /data/data/####/2e05c4f856d6ec5c_0
- /data/data/####/2e899ec7e6c5e99eb4046d5eb85572b6a56c6948f18abb7....0.tmp
- /data/data/####/2e899ec7e6c5e99eb4046d5eb85572b6a56c6948f18abb7...c0d7.0
- /data/data/####/2ee6f7e79c8bfc5e308f8f1c7f0f802ef652debbf0d9376...35d7.0
- /data/data/####/30122ac2ca5b75ad_0
- /data/data/####/39799c151232c3fd_0
- /data/data/####/3df8b68a19217bbe92120860662ca3489faf1c513fdc276....0.tmp
- /data/data/####/3df8b68a19217bbe92120860662ca3489faf1c513fdc276...ca56.0
- /data/data/####/3f6b1672c1fc7c21_0
- /data/data/####/4040a18830dbfda0_0
- /data/data/####/428e26935c6532651b19d62c3f86188c2c4b2540d804cf8....0.tmp
- /data/data/####/42ce3e9c3b9f449a_0
- /data/data/####/44048f179fa9d1455ff41a3095a8afb8ef5f86b709c7209....0.tmp
- /data/data/####/44048f179fa9d1455ff41a3095a8afb8ef5f86b709c7209...7ef1.0
- /data/data/####/45ba0ee23d4727e9dafac9004704759b1ee225a58534718....0.tmp
- /data/data/####/45ba0ee23d4727e9dafac9004704759b1ee225a58534718...ad56.0
- /data/data/####/464b76979c9190bc_0
- /data/data/####/464b76979c9190bc_1
- /data/data/####/4730b9a50f2aafec894fa6d1f3484a7544fe0682a0677a3....0.tmp
- /data/data/####/4730b9a50f2aafec894fa6d1f3484a7544fe0682a0677a3...86eb.0
- /data/data/####/4b7089ce4b870b4e9f75ebb04e875cb2d99e21a1a41fd47....0.tmp
- /data/data/####/4b7089ce4b870b4e9f75ebb04e875cb2d99e21a1a41fd47...953d.0
- /data/data/####/4db54b6f2ab4b3ad149a2b8782f77bacdf3885c69c2eba8...86a3.0
- /data/data/####/4ef3b388adb9489b8089eeb9e7d2426d3c2e4c5b29a02a8....0.tmp
- /data/data/####/4ef3b388adb9489b8089eeb9e7d2426d3c2e4c5b29a02a8...946e.0
- /data/data/####/4f0870b0e3883897_0
- /data/data/####/4f0870b0e3883897_1
- /data/data/####/505666b994ea912c_0 (deleted)
- /data/data/####/5447dbbcf5b97e777082187c5b64521d8bfcbd20c5ec807....0.tmp
- /data/data/####/58edcaf88d4aa802_0
- /data/data/####/596da57ba9135638_0
- /data/data/####/596da57ba9135638_1
- /data/data/####/5ed8d0da7e9f99ca6bdbb7afcaa2b15bb12992bafca522d....0.tmp
- /data/data/####/5ed8d0da7e9f99ca6bdbb7afcaa2b15bb12992bafca522d...1e8c.0
- /data/data/####/675990fa1350e0da28096de153349a482c4f8899fae1bc9....0.tmp
- /data/data/####/675f48f9b5ee606be65643740667dc49332fa1f736e33e2...606e.0
- /data/data/####/67a47709c091d279_0
- /data/data/####/6920fcda9d7e72fec4867d279c43fc6c54a016b087a3466...8866.0
- /data/data/####/6ba9a5835d38380fcaef6bbb91add5650db7ae42a401851....0.tmp
- /data/data/####/6ba9a5835d38380fcaef6bbb91add5650db7ae42a401851...c7a6.0
- /data/data/####/6c81bb3525d31060049e78d5320cf6e721e0ee61a3a137f....0.tmp
- /data/data/####/6c81bb3525d31060049e78d5320cf6e721e0ee61a3a137f...b050.0
- /data/data/####/76a9b174495249e5bdca3ef9b687b229409af135c4e0750...3ac3.0
- /data/data/####/788a29699c55cc046c8f9acbc5a2fefe40a6f8a315ef17c....0.tmp
- /data/data/####/788a29699c55cc046c8f9acbc5a2fefe40a6f8a315ef17c...ded0.0
- /data/data/####/79d9c05eed0010b4b5a74e75af0612974e357e609230838....0.tmp
- /data/data/####/79d9c05eed0010b4b5a74e75af0612974e357e609230838...4008.0
- /data/data/####/7a3d50b157acda9d_0
- /data/data/####/7c8cc95350553563_0
- /data/data/####/7c8cc95350553563_1
- /data/data/####/7dbae0e9f0d2f082_0
- /data/data/####/7dbae0e9f0d2f082_1
- /data/data/####/8833bf3d7a629fc7584ecf4ccf4a20180c051e98b5cf78c....0.tmp
- /data/data/####/8833bf3d7a629fc7584ecf4ccf4a20180c051e98b5cf78c...793c.0
- /data/data/####/88a2be0a98c87657fb06d3f63a98bb8ebf0189474eb0767...72f8.0
- /data/data/####/88c882922d0195ff9bb40b5012783ad0512165cac506135....0.tmp
- /data/data/####/88c882922d0195ff9bb40b5012783ad0512165cac506135...5e3b.0
- /data/data/####/8fc6d0d89736852c2e86c541b365c9f01c13fbdf495bdd9....0.tmp
- /data/data/####/8fc6d0d89736852c2e86c541b365c9f01c13fbdf495bdd9...69ac.0
- /data/data/####/9022b0b4183cbe6d_0 (deleted)
- /data/data/####/9290183ae0167edf7af9ccce0e2158ea0f03d28a487fb9f....0.tmp
- /data/data/####/9b9158b8898eb918a2ffe28edfbe758af47929fb248e465....0.tmp
- /data/data/####/9b9158b8898eb918a2ffe28edfbe758af47929fb248e465...6038.0
- /data/data/####/ACCS_BINDdefault.xml
- /data/data/####/ACCS_SDK.xml
- /data/data/####/ACCS_SDK_CHANNEL.xml
- /data/data/####/AGOO_BIND.xml
- /data/data/####/Agoo_AppStore.xml
- /data/data/####/Agoo_AppStore.xml.bak
- /data/data/####/BUGLY_COMMON_VALUES.xml
- /data/data/####/Cookies-journal
- /data/data/####/DTTempdat.datv2
- /data/data/####/DTTempdat.idxv2
- /data/data/####/DVDirectory.cfg
- /data/data/####/DVHotMap.cfg
- /data/data/####/DVHotcity.cfg
- /data/data/####/DVOperation.cfg_seg
- /data/data/####/DVOperation.cfg_svc
- /data/data/####/DVSDirectory.cfg
- /data/data/####/DVVersion.cfg
- /data/data/####/DVVersion_pkg.cfg
- /data/data/####/ErrCLogInfo.html
- /data/data/####/HMTempdat.datv2
- /data/data/####/HMTempdat.idxv2
- /data/data/####/KVCache.xml
- /data/data/####/LabelIcondat.sdb-journal (deleted)
- /data/data/####/Map_Privacy.xml
- /data/data/####/MessageStore.db-journal
- /data/data/####/MsgLogStore.db-journal
- /data/data/####/SP_AROUTER_CACHE.xml
- /data/data/####/SP_AROUTER_CACHE.xml.bak
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/a044844e004aa5bd8119ca16ba3fd1add6b65e9ab9e7dc8...3906.0
- /data/data/####/a0df166055fbcf83_0
- /data/data/####/a0df166055fbcf83_1
- /data/data/####/a61515dd4d9b4ec8e56c4a3ca4b332b983f176e984b8d57...2a0a.0
- /data/data/####/a7ff5dcb3d025026_0
- /data/data/####/a845f16c78510f30a157abc787ce490d0b30b1cf5c1bf07....0.tmp
- /data/data/####/a845f16c78510f30a157abc787ce490d0b30b1cf5c1bf07...b4a2.0
- /data/data/####/account.xml
- /data/data/####/accountInfo.xml
- /data/data/####/accs.db-journal
- /data/data/####/ad_auth.xml
- /data/data/####/androidx.work.workdb-journal (deleted)
- /data/data/####/b16e4586c9643f43_0
- /data/data/####/b16e4586c9643f43_1
- /data/data/####/bcbd6242dabd33f3_0
- /data/data/####/beda6dfc02fd2c1a0cda355ad4d9e3542aa29d1b3204a74....0.tmp
- /data/data/####/beda6dfc02fd2c1a0cda355ad4d9e3542aa29d1b3204a74...37fa.0
- /data/data/####/bugly_db_-journal
- /data/data/####/bugly_last_us_up_tm
- /data/data/####/c327be639976287261cf7204e7c7c859cd495859c8a7a7f...3abb.0
- /data/data/####/c60f18252bd2064382f56924e0b8fbda21b5c1293158302....0.tmp
- /data/data/####/ce1c341f5d169822_0
- /data/data/####/channel_umeng_common_config.xml
- /data/data/####/classes.dex
- /data/data/####/classes.dex;classes2.dex
- /data/data/####/classes.dex;classes3.dex
- /data/data/####/classes.dex;classes4.dex
- /data/data/####/classes.dex;classes5.dex
- /data/data/####/classes.dex;classes6.dex
- /data/data/####/classes.dex;classes7.dex
- /data/data/####/classes.dex;classes8.dex
- /data/data/####/classes.dex;classes9.dex
- /data/data/####/com.vivo.push_preferences.appconfig_v1.xml
- /data/data/####/com.vivo.push_preferences.xml
- /data/data/####/com.yjyz.uc_7.6.1_1741077438.txt
- /data/data/####/com.yjyz.uc_preferences.xml
- /data/data/####/crashrecord.xml
- /data/data/####/d031cddb9481c26f269e1808514ec48efa4326469fccc33...ea57.0
- /data/data/####/d7a25f931af3226acb58df4566fcc1c956c7daadfa77ab4....0.tmp
- /data/data/####/d7a25f931af3226acb58df4566fcc1c956c7daadfa77ab4...8c8b.0
- /data/data/####/db80b5191b80455d_0
- /data/data/####/de80f6ed5608aa404c1e04588f0644a4c74986cf7166242....0.tmp
- /data/data/####/de80f6ed5608aa404c1e04588f0644a4c74986cf7166242...1396.0
- /data/data/####/delayed_transmission_flag_new.xml
- /data/data/####/device.xml
- /data/data/####/dfc4cd7f511af6c4_0
- /data/data/####/dfc4cd7f511af6c4_1
- /data/data/####/e292ebeaa74a17802b12f2064899fdf8772f8e73260a28e....0.tmp
- /data/data/####/e292ebeaa74a17802b12f2064899fdf8772f8e73260a28e...342c.0
- /data/data/####/e7f419023811cd0089c85c695add67b1e3c7ae85c524be0....0.tmp
- /data/data/####/e7f419023811cd0089c85c695add67b1e3c7ae85c524be0...22b7.0
- /data/data/####/e86ac0197ac1bb6d879bae333b8b1c5940a74d37155a5d1....0.tmp
- /data/data/####/e86ac0197ac1bb6d879bae333b8b1c5940a74d37155a5d1...24f9.0
- /data/data/####/edf93f8460b112c93e184a7e52811ed91ccd15eebe12bff....0.tmp
- /data/data/####/edf93f8460b112c93e184a7e52811ed91ccd15eebe12bff...912e.0
- /data/data/####/engine_resource_sp.xml
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f04a1b812ecf069e_0
- /data/data/####/f42abafcc9dc45f789b0d7bde220fd264ca3b30e38996d1....0.tmp
- /data/data/####/f42abafcc9dc45f789b0d7bde220fd264ca3b30e38996d1...210f.0
- /data/data/####/f785ffb3f235a66ca5e62bc3c5d00fcc8b47c55741a7295....0.tmp
- /data/data/####/f785ffb3f235a66ca5e62bc3c5d00fcc8b47c55741a7295...749c.0
- /data/data/####/fb417dad7174a5af9e9865106750567521907e4af3bad44....0.tmp
- /data/data/####/fb417dad7174a5af9e9865106750567521907e4af3bad44...6e81.0
- /data/data/####/febba98ee7a3a20a7a686455f38b043cd6d7dbc9ea7395d....0.tmp
- /data/data/####/febba98ee7a3a20a7a686455f38b043cd6d7dbc9ea7395d...d910.0
- /data/data/####/ff6b22e8ed0efbf5_0
- /data/data/####/ff6b22e8ed0efbf5_1
- /data/data/####/https_m.yjzf.com_0.localstorage-journal
- /data/data/####/i==1.2.0&&3.12.0_1741077394967_dW5pZnlfbG9ncw==;.log
- /data/data/####/index
- /data/data/####/indoor.rs
- /data/data/####/indoor.sty
- /data/data/####/jgobfppppp (deleted)
- /data/data/####/journal.tmp
- /data/data/####/leroadcfg.xml
- /data/data/####/leroadmshieldcfg.xml
- /data/data/####/libjiagu_64.so
- /data/data/####/local_crash_lock
- /data/data/####/map.rs
- /data/data/####/map.sty
- /data/data/####/map_pref.xml
- /data/data/####/message_accs_db
- /data/data/####/message_accs_db-journal
- /data/data/####/metrics_guid
- /data/data/####/msfffppcfg.xml
- /data/data/####/msfffppcfg.xml (deleted)
- /data/data/####/msfffppcfg.xml.bak
- /data/data/####/msfffppcfg.xml.bak (deleted)
- /data/data/####/msgzpfc.xml
- /data/data/####/msre.db-journal
- /data/data/####/msre_po_rt.xml
- /data/data/####/msre_po_rt.xml (deleted)
- /data/data/####/msvolcano.db-journal
- /data/data/####/native_record_lock
- /data/data/####/p==6.5.6&&3.12.0_1741077392291_dW1weF9wdXNoX3Jl...y;.log
- /data/data/####/p==6.5.6&&3.12.0_1741077402888_dW1weF9wdXNoX2xh...=;.log
- /data/data/####/proc_auxv
- /data/data/####/profileinstaller_profileWrittenFor_lastUpdateTime.dat
- /data/data/####/prv_config.xml
- /data/data/####/reduct.rs
- /data/data/####/reduct.sty
- /data/data/####/s==7.3.4&&3.12.0_1741077390566_dW1weF9zaGFyZQ==;.log
- /data/data/####/sec_gd_config_mshield.xml
- /data/data/####/sec_gd_config_mshield.xml.bak
- /data/data/####/sec_gd_config_mshield.xml.bak (deleted)
- /data/data/####/share.db-journal
- /data/data/####/t==9.5.2&&3.12.0_1741077391190_dW5pZnlfbG9ncw==;.log
- /data/data/####/tableLogo.xml
- /data/data/####/the-real-index
- /data/data/####/traffic.rs
- /data/data/####/traffic.sty
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/uc_config_data.xml
- /data/data/####/ujuz_agent.db-journal
- /data/data/####/um_policy_grant.xml
- /data/data/####/um_push_ut.xml
- /data/data/####/um_session_id.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_policy_result_flag
- /data/data/####/umeng_push.xml
- /data/data/####/umeng_push.xml.bak
- /data/data/####/umeng_socialize.xml
- /data/data/####/umeng_sp_oaid.xml
- /data/data/####/umeng_zcfg_flag
- /data/data/####/umeng_zero_cache.db
- /data/data/####/umeng_zero_cache.db-journal
- /data/data/####/umzid_general_config.xml
- /data/data/####/ver.dat
- /data/data/####/z==1.2.0&&3.12.0_1741077388217_emNmZw==;.log
- /data/media/####/.g_b_d_v
- /data/media/####/.g_m_b_s
- /data/media/####/.gdidv
- /data/media/####/.icosc
- /data/media/####/.x_b_d
- /data/media/####/DVUserdat.cfg
- /data/misc/####/primary.prof
- /data/user_de/####/move_to_de_records.xml
Miscellaneous:
Executes the following shell scripts:
- getprop ro.build.version.security_patch
- logcat -d -v threadtime
- ls /
- ls /sys/class/thermal
Loads the following dynamic libraries:
- libBaiduMapSDK_base_v7_6_1
- libBaiduMapSDK_map_v7_6_1
- libBugly_Native
- libaliyunaf
- libjiagu_64
- libtiny_magic
- libtnet-3.1.14
- libumeng-spy
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES-CBC-PKCS7Padding
- RSA-ECB-PKCS1Padding
Accesses the ITelephony private interface.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.
Requests the system alert window permission.