Executes next shell scripts:
- /system/bin/sh -c getprop
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.thirdsdk.getui.NPushService 24970 300 0
- <Package Folder>/lib/libxguardian.so <Package>,2100294216; 55403 203.205.128.130 [{ idx :0, ts :%d, et :2000, si :0, ui : <IMEI> , ky : Axg%lu , mid : 0 , ev :{ ov : 18 , sr : 600*752 , md : <System Property> , lg : en , sv : 3.23 , mf : unknown , apn : %s }}] 0 18
- chmod 444/storage/emulated/0/.td-3
- chmod 444/storage/emulated/0/.tdck
- chmod 444/storage/emulated/0/Alarms/.tdck
- chmod 444/storage/emulated/0/Android/.td-3
- chmod 444/storage/emulated/0/Android/.tdck
- chmod 444/storage/emulated/0/DCIM/.td-3
- chmod 444/storage/emulated/0/DCIM/.tdck
- chmod 444/storage/emulated/0/Download/.td-3
- chmod 444/storage/emulated/0/Download/.tdck
- chmod 444/storage/emulated/0/Movies/.td-3
- chmod 444/storage/emulated/0/Movies/.tdck
- chmod 444/storage/emulated/0/Music/.td-3
- chmod 444/storage/emulated/0/Music/.tdck
- chmod 444/storage/emulated/0/Notifications/.td-3
- chmod 444/storage/emulated/0/Notifications/.tdck
- chmod 444/storage/emulated/0/Pictures/.td-3
- chmod 444/storage/emulated/0/Pictures/.tdck
- chmod 444/storage/emulated/0/Podcasts/.td-3
- chmod 444/storage/emulated/0/Podcasts/.tdck
- chmod 444/storage/emulated/0/Ringtones/.td-3
- chmod 444/storage/emulated/0/Ringtones/.tdck
- chmod 444/storage/emulated/0/libs/.tdck
- chmod 444/storage/emulated/0/system/.td-3
- chmod 444/storage/emulated/0/system/.tdck
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu-1110564872.so
- date
- df
- getprop
- getprop net.dns1
- id
- logcat -d -v threadtime
- ls -l /system/xbin/su
- ls /system/fonts
- mkdir -p <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/
- ps
- service call iphonesubinfo 1
- sh -c cat
- sh -c cat /proc/meminfo
- sh -c cat /proc/sys/kernel/osrelease
- sh -c cat /proc/sys/kernel/random/boot_id
- sh -c cat /proc/sys/kernel/random/uuid
- sh -c cat /proc/uptime
- sh -c cat /sys/block/mmcblk0/device/cid
- sh -c cat /sys/class/net/eth0/address
- sh -c cat /sys/class/net/eth1/address
- sh -c cat /sys/class/net/eth2/address
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..ccdid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..ccvid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/..cvtid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._android.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._driver.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/._system.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccdid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccvid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.cvtid
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_android.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_driver.dat
- sh -c cat <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_system.dat
- sh -c cd /proc/;cat cpuinfo
- sh -c cd /proc/net/ && cat arp
- sh -c cd /proc/self/;cat status
- sh -c cd /sys/class/net/eth0/ && cat address
- sh -c cd /sys/class/net/wlan0/ && cat address
- sh -c echo MjRDNjhCRjJGRTcwRDZBMjdBMzM2RjUwMjIwRjNFRTRjOGZ2NXhDVjUrMllMaEtrSGRjWjQ2NGp3aGlwbGFNMTV4R3gydjFBVUIxUXMzVUNHMGN5OC9qNFJUK3E5N0xkbGYxdkF6WE5udSsxTDV0MnF6dSt5QnphWHRvODdJUmNxTjAvenE2bDBMeWpza3Zva0Z1UnFxMTdOMW9iWWFSZlArVkZJOE5oS0MvUmcvaWVtYkFyVG1jQlRJZWlJSGlJb3NNaDhZNFNRdFlVUGhBM2pFb3V4TEpJeHozSDdPN25wdEhrRTNqYXVMS1NndFlWY3Y4NXljSzE4YU5IaS9zSHBvWnF4S2FEMWgxVXRjd01wSmlFWlZRaHcvcnM5bmp4SUQvNEpCekE2SHJPS0syK2ljQXBpejJwUWc5Y09Pd3ovWWk2YXFoY3Q4NnJwb0g3Tk4vbTZqYjQzcTZvZ3pzK1lPQ2JRY1ZQRkd4NG1EdGZTKzJVbDYwTzRURlJNdWd5azVjSG43UnVjZ1VnOHM1RStxWUM1eEQ2YUdrZUNFc29vOHAzajNjbjJSWT0= > <SD-Card>/../../../../../..<SD-Card>/..ccdid
- sh -c echo MjRDNjhCRjJGRTcwRDZBMjdBMzM2RjUwMjIwRjNFRTRjOGZ2NXhDVjUrMllMaEtrSGRjWjQ2NGp3aGlwbGFNMTV4R3gydjFBVUIxUXMzVUNHMGN5OC9qNFJUK3E5N0xkbGYxdkF6WE5udSsxTDV0MnF6dSt5QnphWHRvODdJUmNxTjAvenE2bDBMeWpza3Zva0Z1UnFxMTdOMW9iWWFSZlArVkZJOE5oS0MvUmcvaWVtYkFyVG1jQlRJZWlJSGlJb3NNaDhZNFNRdFlVUGhBM2pFb3V4TEpJeHozSDdPN25wdEhrRTNqYXVMS1NndFlWY3Y4NXljSzE4YU5IaS9zSHBvWnF4S2FEMWgxVXRjd01wSmlFWlZRaHcvcnM5bmp4SUQvNEpCekE2SHJPS0syK2ljQXBpejJwUWc5Y09Pd3ovWWk2YXFoY3Q4NnJwb0g3Tk4vbTZqYjQzcTZvZ3pzK1lPQ2JRY1ZQRkd4NG1EdGZTKzJVbDYwTzRURlJNdWd5azVjSG43UnVjZ1VnOHM1RStxWUM1eEQ2YUdrZUNFc29vOHAzajNjbjJSWT0= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccdid
- sh -c echo NkRGMTFDMTFGMTFBODA1M0MwMjQ1QTZCQTVDNkU4MzIyMDE4MDIwOTAwMDM= > <SD-Card>/../../../../../..<SD-Card>/..ccvid
- sh -c echo NkRGMTFDMTFGMTFBODA1M0MwMjQ1QTZCQTVDNkU4MzIyMDE4MDIwOTAwMDM= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccvid
- sh -c echo OTc0QjA1RDEzRDgwOUE2RUUxMzc3MkIyRUJFNDJDNTExMEQ3RjQ6RTM5QzUxOkZDOTc5Nw== > <SD-Card>/../../../../../..<SD-Card>/._android.dat
- sh -c echo OTc0QjA1RDEzRDgwOUE2RUUxMzc3MkIyRUJFNDJDNTExMEQ3RjQ6RTM5QzUxOkZDOTc5Nw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_android.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/._system.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_system.dat
- sh -c echo RDc4Q0FBMEQ0N0JBN0YyQjVCQUIyMDNGMUM0QjVGN0YxNTM0NDkwMTkx > <SD-Card>/../../../../../..<SD-Card>/..cvtid
- sh -c echo RDc4Q0FBMEQ0N0JBN0YyQjVCQUIyMDNGMUM0QjVGN0YxNTM0NDkwMTkx > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.cvtid
- sh -c echo RjFFODY0Q0E3OEZDOTQ0QTdBQzZFM0EyMzRERTZFOTI4NjlDNjA6Mzc1NzBCOkEzQzM2OQ== > <SD-Card>/../../../../../..<SD-Card>/._driver.dat
- sh -c echo RjFFODY0Q0E3OEZDOTQ0QTdBQzZFM0EyMzRERTZFOTI4NjlDNjA6Mzc1NzBCOkEzQzM2OQ== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_driver.dat
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/<Package>.thirdsdk.getui.NPushService 24970 300 0
Loads the following dynamic libraries:
- Bugly
- du
- getuiext2
- libjiagu-1110564872
- tongdun
- tpnsSecurity
Uses the following algorithms to encrypt data:
- AES
- AES-CBC-PKCS7Padding
- AES-CFB8-NoPadding
- AES-ECB-PKCS5Padding
- AES-GCM-NoPadding
- RSA
- RSA-ECB-PKCS1PADDING
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
- AES
- AES-CFB8-NoPadding
- AES-GCM-NoPadding
- DES-ECB-PKCS5Padding
- desede-CBC-NoPadding
Uses special library to hide executable bytecode.
Gains access to geolocation.
Gains access to network information.
Gains access to telephone information (number, imei, etc.).
Gains access to information about APN settings.
Gains access to information about installed applications.
Gains access to information about running applications.
Adds tasks to the system scheduler.
Displays its own windows over windows of other applications.