Android.Triada.4675

Technical information

Malicious functions:

Executes code of the following detected threats:

Android.DownLoader.906.origin
Android.Triada.4567
Android.Triada.482.origin

Network activity:

Connects to:

UDP(DNS) <Google DNS>
TCP(HTTP/1.1) ln####.jqshe####.com:80
TCP(HTTP/1.1) gd.a.s####.com:80
TCP(HTTP/1.1) res####.a####.top:80
TCP(HTTP/1.1) ti####.c####.l####.####.com:80
TCP(HTTP/1.1) d####.cn:80
TCP(HTTP/1.1) dup.baidust####.com:80
TCP(HTTP/1.1) www.pc####.com.####.cn:80
TCP(HTTP/1.1) s####.e.qq.com:80
TCP(HTTP/1.1) u####.c####.com:80
TCP(HTTP/1.1) d0.x####.com.cn:80
TCP(HTTP/1.1) ass####.xca####.com.####.com:80
TCP(HTTP/1.1) s####.x####.com.cn:80
TCP(HTTP/1.1) kln.g####.sina####.com:80
TCP(HTTP/1.1) u####.dspliul####.com:99
TCP(HTTP/1.1) d.sin####.cn.####.net:80
TCP(HTTP/1.1) 58.2####.92.50:808
TCP(HTTP/1.1) ca####.gdt.qq.com:80
TCP(HTTP/1.1) a####.d####.com:80
TCP(HTTP/1.1) u####.a####.top:80
TCP(HTTP/1.1) f.qia####.com:80
TCP(HTTP/1.1) a####.w####.com:80
TCP(HTTP/1.1) d####.cn:808
TCP(HTTP/1.1) wi####.w####.com:80
TCP(HTTP/1.1) ad.qia####.com:80
TCP(HTTP/1.1) 58.2####.203.36:654
TCP(HTTP/1.1) ipp.zhito####.com:99
TCP(HTTP/1.1) pco####.ta####.com:80
TCP(HTTP/1.1) man####.mida####.xyz:80
TCP(HTTP/1.1) yun.tuit####.com.####.com:80
TCP(HTTP/1.1) s.zhito####.com:808
TCP(HTTP/1.1) jp####.njt####.com:10091
TCP(HTTP/1.1) yq####.jn####.ltd:80
TCP(HTTP/1.1) ne####.x####.com.cn:80
TCP(HTTP/1.1) cc.zbe####.org:80
TCP(HTTP/1.1) pg####.d2####.com:10273
TCP(HTTP/1.1) s.zhito####.com:999
TCP(HTTP/1.1) api.yunco####.com:80
TCP(HTTP/1.1) f####.c####.com.####.com:80
TCP(HTTP/1.1) mi.g####.qq.com:80
TCP(HTTP/1.1) www.c####.com.####.com:80
TCP(HTTP/1.1) ivy.pcon####.com.cn:80
TCP(HTTP/1.1) gm.mm####.com:80
TCP(HTTP/1.1) ei.c####.com:80
TCP(HTTP/1.1) adcha####.bz.m####.com:80
TCP(HTTP/1.1) api.lubang####.com:80
TCP(HTTP/1.1) kou####.a####.top:80
TCP(HTTP/1.1) tc.c####.com:80
TCP(HTTP/1.1) s.zhito####.com:8881
TCP(HTTP/1.1) luna-im####.qq.com.####.com:80
TCP(HTTP/1.1) z.c####.com:80
TCP(HTTP/1.1) qzones####.g####.cn.####.com:80
TCP(HTTP/1.1) a####.qia####.com:80
TCP(HTTP/1.1) api.mid####.com:80
TCP(HTTP/1.1) t####.a####.top:80
TCP(HTTP/1.1) flash####.mid####.com:80
TCP(HTTP/1.1) filt####.a####.top:80
TCP(HTTP/1.1) pp.c####.com:80
TCP(HTTP/1.1) 58.2####.198.157:999
TCP(HTTP/1.1) s.zhito####.com:807
TCP(HTTP/1.1) i####.xca####.com.####.com:80
TCP(HTTP/1.1) 47.1####.185.46:80
TCP(HTTP/1.1) g.cn.miao####.com:80
TCP(HTTP/1.1) tt####.vni####.com:20147
TCP(HTTP/1.1) en####.tui####.com:80
TCP(HTTP/1.1) c.c####.com:80
TCP(HTTP/1.1) ipp.zhito####.com:807
TCP(HTTP/1.1) w.i####.com:80
TCP(HTTP/1.1) amdc####.m.ta####.com:80
TCP(HTTP/1.1) w####.c####.com:80
TCP(HTTP/1.1) 47.1####.211.73:80
TCP(HTTP/1.1) e4####.0r####.com:10293
TCP(HTTP/1.1) s.zhito####.com:99
TCP(HTTP/1.1) h.w####.com:80
TCP(SSL/3.0) gm.mm####.com:443
TCP(TLS/1.0) p####.pc####.com.cn:443
TCP(TLS/1.0) 2####.h####.com.####.cn:443
TCP(TLS/1.0) z.c####.com:443
TCP(TLS/1.0) use####.api.max.####.com:443
TCP(TLS/1.0) v2.da.m####.com:443
TCP(TLS/1.0) www.pcon####.com.cn:443
TCP(TLS/1.0) s####.e.qq.com:443
TCP(TLS/1.0) ivy.pcon####.com.cn:443
TCP(TLS/1.0) col####.bz.m####.com:443
TCP(TLS/1.0) pp.c####.com:443
TCP(TLS/1.0) web.da.m####.com:443
TCP(TLS/1.0) mg####.api.max.####.com:443
TCP(TLS/1.0) c####.pc####.com.cn:443
TCP(TLS/1.0) gm.mm####.com:443
TCP(TLS/1.0) pos.b####.com:443
TCP(TLS/1.0) 3####.h####.com.####.com:443
TCP(TLS/1.0) u.j####.com:443
TCP(TLS/1.0) playhis####.bz.m####.com:443
TCP(TLS/1.0) wtc.d####.com:443
TCP(TLS/1.0) 2####.107.1.97:443
TCP(TLS/1.0) i.m####.com:443
TCP(TLS/1.0) cre####.bz.m####.com:443
TCP(TLS/1.0) img.pcon####.com.####.cn:443
TCP(TLS/1.0) wl.jd.com.####.com:443
TCP(TLS/1.0) c####.d####.v2.####.com:443
TCP(TLS/1.0) lhyysdk####.oss-cn-####.aliy####.com:443
TCP(TLS/1.0) ec####.b####.com:443
TCP(TLS/1.0) g####.api.m####.com:443
TCP(TLS/1.0) www.m####.com:443
TCP(TLS/1.0) h####.m####.com:443
TCP(TLS/1.0) p####.m.jd.com:443
TCP(TLS/1.0) sw4.d####.com:443
TCP(TLS/1.0) pc.bz.m####.com:443
TCP(TLS/1.0) api.g####.vip:443
TCP(TLS/1.0) w.i####.com:443
TCP(TLS/1.0) vi####.m####.com:443
TCP(TLS/1.0) cr.3con####.com:443
TCP(TLS/1.0) img.pc####.com.cn:443
TCP(TLS/1.0) av####.h####.com.####.com:443
TCP(TLS/1.0) analy####.map.qq.com:443
TCP(TLS/1.0) mg####.pcon####.com.cn:443
TCP(TLS/1.0) ei.c####.com:443
TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
TCP(TLS/1.0) vip.bz.m####.com:443
TCP(TLS/1.0) www.pc####.com.####.cn:443
TCP(TLS/1.0) mobi####.bz.m####.com:443
TCP(TLS/1.0) wi####.w####.com:443
TCP(TLS/1.0) cou####.bz.m####.com:443
TCP(TLS/1.0) s3.h####.com:443
TCP(TLS/1.0) c.c####.com:443
TCP(TLS/1.0) l####.bz.m####.com:443
TCP(TLS/1.0) com####.m####.com:443
TCP(TLS/1.0) hm.b####.com:443
TCP(TLS/1.0) rc-cha####.bz.m####.com:443
TCP(TLS/1.0) pcwe####.log.m####.com:443
TCP(TLS/1.0) dup.baidust####.com:443
TCP(TLS/1.0) p####.api.m####.com:443
TCP(TLS/1.0) js.3con####.com.####.cn:443
TCP(TLS/1.0) pc####.api.m####.com:443
TCP(TLS/1.0) i####.d####.com:443
TCP(TLS/1.0) counter####.pc####.com.cn:443
TCP(TLS/1.0) s####.shidux####.com:443
TCP zb-cent####.m.ta####.com:443

DNS requests:

0####.h####.com
1####.h####.com
2####.h####.com
3####.h####.com
608.a####.top
a####.d####.com
a####.man.aliy####.com
a####.qia####.com
a####.w####.com
ad.7d####.com
ad.qia####.com
adcha####.bz.m####.com
adverti####.mida####.com
ag####.m.ta####.com
amdc####.m.ta####.com
analy####.map.qq.com
api.g####.vip
api.lubang####.com
api.mid####.com
api.yunco####.com
as.m####.com
ass####.xca####.com
av####.h####.com
c####.d####.v2.####.com
c####.mm####.com
c####.pc####.com.cn
c####.zhito####.com
c.c####.com
ca####.gdt.qq.com
cc.zbe####.org
col####.bz.m####.com
com####.m####.com
cou####.bz.m####.com
counter####.pc####.com.cn
cr.3con####.com
cre####.bz.m####.com
css.m####.com
d####.cn
d0.x####.com.cn
dup.baidust####.com
e####.h####.com
e4####.0r####.com
ec####.b####.com
ei.c####.com
en####.tui####.com
f####.c####.com
f.qia####.com
filt####.a####.top
flash####.mid####.com
g####.api.m####.com
g.cn.miao####.com
h####.m####.com
h.w####.com
hm.b####.com
i####.d####.com
i####.x####.com.cn
i####.xca####.com
i.m####.com
i1.h####.com
i2.h####.com
i3.h####.com
i4.h####.com
i5.h####.com
img.m####.com
img.pc####.com.cn
img.pcon####.com.cn
imgc####.qq.com
ip.remo####.com
ipp.zhito####.com
ivy.pc####.com.cn
ivy.pcon####.com.cn
jp####.njt####.com
js.3con####.com
js.x####.com.cn
kou####.a####.top
l####.bz.m####.com
lhyysdk####.oss-cn-####.aliy####.com
ln####.jqshe####.com
m.360bu####.com
man####.mida####.xyz
mg####.api.max.####.com
mg####.pcon####.com.cn
mi.g####.qq.com
mobi####.bz.m####.com
ne####.x####.com.cn
o####.sin####.cn
p####.api.m####.com
p####.m.jd.com
p####.pc####.com.cn
pc####.api.m####.com
pc.bz.m####.com
pco####.c####.com
pcwe####.log.m####.com
pg####.d2####.com
playhis####.bz.m####.com
plb####.u####.com
pos.b####.com
pp.c####.com
pv.s####.com
qzones####.g####.cn
rc-cha####.bz.m####.com
rc.m####.com
res####.a####.top
s####.e.qq.com
s####.shidux####.com
s####.x####.com.cn
s.zhito####.com
s1.h####.com
s11.c####.com
s13.c####.com
s19.c####.com
s20.c####.com
s3.h####.com
s4.c####.com
s5.c####.com
s9.c####.com
s95.c####.com
s96.c####.com
st####.h####.com
sto####.360bu####.com
sw4.d####.com
t####.a####.top
tb.m####.com
tc.c####.com
tjs.sjs.si####.cn
tt####.vni####.com
u####.a####.top
u####.c####.com
u####.dspliul####.com
u####.u####.com
u.api.m####.com
u.j####.com
ugc.h####.com
umen####.m.ta####.com
umengj####.m.ta####.com
use####.api.max.####.com
v.t.q####.com
v1.c####.com
v2.da.m####.com
vi####.m####.com
vip.bz.m####.com
vip.log.m####.com
w####.c####.com
w####.jd.com
w####.pc####.com.cn
w####.pcon####.com.cn
w.i####.com
web.da.m####.com
wi####.w####.com
wtc.d####.com
www.c####.com
www.m####.com
www.pc####.com.cn
www.pcon####.com.cn
yq####.jn####.ltd
yun.tuit####.com
z11.c####.com
z12.c####.com
z2.c####.com
z3.c####.com
z6.c####.com
z9.c####.com

HTTP GET requests:

58.2####.92.50:808/ghyd.html
58.2####.92.50:808/mg.html
a####.d####.com/rewrite?fromid=####
adcha####.bz.m####.com/direct?cc=####
api.lubang####.com/Public/jar/remote_2.2.31586770113.jar
ass####.xca####.com.####.com/resource/common/statistic/iwt-min.js
ass####.xca####.com.####.com/resource/newcar/ps/nav.js?v=####
c.c####.com/core.php?web_id=####&t=####
c.c####.com/stat.php?id=####
c.c####.com/stat.php?id=####&web_id=####
c.c####.com/z_stat.php?id=####
ca####.gdt.qq.com/canvas/1?viewid=####&ckn=####
cc.zbe####.org/PClick.aspx?AID=####&KEY=####
d####.cn/bwm.html
d####.cn/fenpei.html?3####
d####.cn/xincan.html?3####
d####.cn/ywm.html
d####.cn:808/mg.html
d.sin####.cn.####.net/open/api/js/wb.js
d0.x####.com.cn/adpush/push/ad.php?pid=####&pushtype=####&cid=####&style...
dup.baidust####.com/js/os.js
ei.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sh...
ei.c####.com/stat.htm?id=1275700069&r=http://183.131.85.27:99/newcar/ind...
en####.tui####.com/index/image?timestamp=####&nonce=####&md=####&signatu...
f####.c####.com.####.com/adicon-bottom.png
f####.c####.com.####.com/ast/loginface/cookielogin9.js?v=####
f####.c####.com.####.com/ast/loginface/style5.css?v=####
f####.c####.com.####.com/images/icon-cms1.gif
f####.c####.com.####.com/images/icon-cms2.gif
f####.c####.com.####.com/index/images/title.png
f####.c####.com.####.com/index/styles/css/basic.css?v=####
f####.c####.com.####.com/index/styles/css/index20180829_2.css
f####.c####.com.####.com/index/styles/css/loginface.css?v=####
f####.c####.com.####.com/index/styles/images/all_dh_bc.png
f####.c####.com.####.com/index/styles/images/city.png
f####.c####.com.####.com/index/styles/images/kuohao_bc.png
f####.c####.com.####.com/index/styles/images/logo2017.png
f####.c####.com.####.com/index/styles/images/nav_bac.png
f####.c####.com.####.com/index/styles/images/new_nav.png
f####.c####.com.####.com/index/styles/images/sprite.png
f####.c####.com.####.com/index/styles/images/title.png
f####.c####.com.####.com/index/styles/js/add_new_20160528k.js
f####.c####.com.####.com/index/styles/js/changePic.js
f####.c####.com.####.com/index/styles/js/jquery.mscroll.js
f####.c####.com.####.com/index/styles/js/jquery_172.js
f####.c####.com.####.com/js/imagerollover.js
f####.c####.com.####.com/main.html?v=####
f####.c####.com.####.com/styles/cms.css
f####.c####.com.####.com/styles/images/ci123_logo.gif
f####.c####.com.####.com/styles/images/nav_mall_left.gif
f####.c####.com.####.com/styles/images/nav_menu2_bg.gif
f####.c####.com.####.com/styles/images/nav_menu2_block2.gif
f####.c####.com.####.com/styles/images/nav_menu3_bg.gif
f####.c####.com.####.com/styles/images/nav_menu3_s.gif
f####.c####.com.####.com/styles/images/search_sub.gif
f####.c####.com.####.com/styles/images/tabnavi.gif
f####.c####.com.####.com/ttd.png
f.qia####.com/e/20200106161510b_600017_v78.enc
filt####.a####.top/filter_control_608.json
flash####.mid####.com/storage/query?timestamp=1587428709851&appkey=ut796...
flash####.mid####.com/storage/query?timestamp=1587428711480&appkey=ut796...
flash####.mid####.com/storage/query?timestamp=1587428713579&appkey=ut796...
g.cn.miao####.com/x/k=2163107&p=7YyUx&dx=__IPDX__&rt=2&ns=__IP__&ni=__IE...
gd.a.s####.com/cityjson?ie=####
gm.mm####.com/9.gif?abc=####&rnd=####
i####.xca####.com.####.com/b145/s9598/m_20171214170018430066355805157.jpg
i####.xca####.com.####.com/b145/s9598/s_20171214170017508067483753735.jpg
i####.xca####.com.####.com/b145/s9598/s_20171214170018430066355805157.jpg
i####.xca####.com.####.com/b145/s9598/s_20171214170018713702134755698.jpg
i####.xca####.com.####.com/b145/s9598/s_20171222134545840232663920053.jpg
i####.xca####.com.####.com/b5/s9402/m_20170907154720613469154280127.jpg
i####.xca####.com.####.com/b5/s9402/s_20170906115404220798780985284.jpg
i####.xca####.com.####.com/b5/s9402/s_20170907154720613469154280127.jpg
i####.xca####.com.####.com/b5/s9402/s_20170907154721328188172396465.jpg
i####.xca####.com.####.com/b5/s9402/s_20171219152759776677897394266.jpg
i####.xca####.com.####.com/b59/s7483/m_20181128162738902619810492453.jpg
i####.xca####.com.####.com/b59/s7483/s_20181128162651741831041291607.jpg
i####.xca####.com.####.com/b59/s7483/s_20181128162737298084094477952.jpg
i####.xca####.com.####.com/b59/s7483/s_20181128162738902619810492453.jpg
i####.xca####.com.####.com/b59/s7483/s_20181128162752452995332878980.jpg
ipp.zhito####.com:807/0322/index.html
ipp.zhito####.com:807/0322/style="display:
ipp.zhito####.com:807/0322/yrc_001mobile.js
ipp.zhito####.com:99/wap/index.php
ivy.pcon####.com.cn/click?id=####&adid=####&watch=####
kln.g####.sina####.com/wikipic/icon/16x16.png
kou####.a####.top/kouling.json
ln####.jqshe####.com/zz/401jkmhjhwy.zip
luna-im####.qq.com.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/pr...
man####.mida####.xyz/manager//ad/special/wifiManage/get
mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
mi.g####.qq.com/gdt_mview.fcg?posw=####&spsa=####&posh=####&count=####&r...
ne####.x####.com.cn/images/np_ps_bj.jpg
ne####.x####.com.cn/images/r_map.gif
ne####.x####.com.cn/images/rl_bj.gif
ne####.x####.com.cn/jsinclude/jquery.js
ne####.x####.com.cn/new_ol_19.html
ne####.x####.com.cn/new_ol_2348.html
ne####.x####.com.cn/new_ol_config163.html
ne####.x####.com.cn/new_ol_config35.html?jum####
ne####.x####.com.cn/new_ol_news1.html
ne####.x####.com.cn/new_ol_photo12.html?jum####
ne####.x####.com.cn/new_ol_photo2.html
ne####.x####.com.cn/new_ol_photo7.html
ne####.x####.com.cn/xcarjump/new_jump_other.php?type=####
pco####.ta####.com/app.gif?&cna=####
pp.c####.com/cf.php?o_id=246?130####
pp.c####.com/cf.php?o_id=246?382####
pp.c####.com/cf.php?o_id=246?391####
pp.c####.com/cf.php?o_id=246?580####
pp.c####.com/cf.php?o_id=246?796####
pp.c####.com/cf.php?o_id=246?797####
pp.c####.com/icfzx.php
qzones####.g####.cn.####.com/ac/qzone_v5/app/app_share/qz_logo.png
qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/a...
qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/i...
qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/p...
qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/images/t...
qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/intersti...
qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/js-relea...
qzones####.g####.cn.####.com/qzone/biz/gdt/mob/sdk/v2/android01/js/lib/r...
res####.a####.top/LHYY.png
res####.a####.top/sdk13_2.png
res####.a####.top/sdk17.png
res####.a####.top/sdk18.png
res####.a####.top/sdk6.png
s####.x####.com.cn/flow/flow.php?m=####
s.zhito####.com:807/528/0322.html
s.zhito####.com:808/0322/index.html
s.zhito####.com:808/pctja.html
s.zhito####.com:8881/wap/index.html
s.zhito####.com:99/funt/index.html
s.zhito####.com:99/newcar/index.html
s.zhito####.com:99/tat/index.html
s.zhito####.com:999/c/index.php
s.zhito####.com:999/tat/index.php
t####.a####.top/channl_haoqi1.png
t####.a####.top/percent.json
t####.a####.top/pingpaiAD.json
t####.a####.top/req.json
tc.c####.com/adimage.php?filename=####&contenttype=####
tc.c####.com/adscache/caches/217.js?n=####
tc.c####.com/adscache/caches/26.js?n=####
tc.c####.com/adscache/caches/324.js?n=####
tc.c####.com/adscache/caches/340.js?n=####
tc.c####.com/adscache/caches/41.js?n=####
tc.c####.com/adscache/caches/46.js?n=####
tc.c####.com/adscache/caches/56.js?n=####
tc.c####.com/adscache/caches/609.js?n=####
tc.c####.com/adscache/caches/610.js?n=####
tc.c####.com/adscache/caches/611.js?n=####
tc.c####.com/adscache/caches/616.js?n=####
tc.c####.com/adscache/caches/img/150226ss-260_60.jpg.jpg
tc.c####.com/adscache/caches/img/2018011711063932.jpg.jpg
tc.c####.com/iframeads/mediaads/js/adsfu6.php
tc.c####.com/js/tcjs.php
ti####.c####.l####.####.com/common/1.7.2.min.js
ti####.c####.l####.####.com/d8036zbqje4.png
ti####.c####.l####.####.com/tools/requirejs/2.3.js?v=####
u####.a####.top/608.html
u####.c####.com/json/NewMessageNum.php?typeId=####&uid=####&funcName=####
u####.dspliul####.com:99/ip/index.html
w####.c####.com/abc/xyz/point/index.php
w.i####.com/iwt/a.gif?url=####&ua=####&uuid=####&sign=####&ts=####
w.i####.com/iwt/a.gif?url=http://newcar.xcar.com.cn/new_ol_photo12.html?...
wi####.w####.com/relationship/followbutton.php?language=####&width=####&...
www.c####.com.####.com/d/article.php/21459
www.c####.com.####.com/index/styles/images/bg_icons2.png
www.c####.com.####.com/index/styles/images/rili.png
www.c####.com.####.com/index/styles/js/index.js
www.c####.com.####.com/index/styles/js/jquery.SuperSlide.js
www.c####.com.####.com/index/styles/js/marquee.js
www.c####.com.####.com/js/baobao.js
www.c####.com.####.com/main.html
www.c####.com.####.com/main.html?v=####
www.c####.com.####.com/styles/images/bg.gif
www.c####.com.####.com/styles/images/nav_bg.jpg
www.c####.com.####.com/styles/images/nav_city_bg_160.gif
www.c####.com.####.com/styles/images/nav_menu2_block.gif
www.c####.com.####.com/styles/images/nav_menu2_right.gif
www.c####.com.####.com/styles/images/nav_tool.gif
www.c####.com.####.com/styles/menu_style_v2.css?v=####
www.pc####.com.####.cn/autox/6a976e56b61b2febd215f6cbe5186f5f.htm
yq####.jn####.ltd/sy/fdvdar
yun.tuit####.com.####.com/mami-media/img/7jn0e17th7.png
yun.tuit####.com.####.com/mami-media/img/9e7g2rn8w0.png
yun.tuit####.com.####.com/mami-media/img/9tn7e5xgif.gif
yun.tuit####.com.####.com/mami-media/img/a0xjh96nev.gif
yun.tuit####.com.####.com/mami-media/img/d3nizdkeg1.gif
yun.tuit####.com.####.com/mami-media/img/dh1s2j6zge.gif
yun.tuit####.com.####.com/mami-media/img/ex6bql3zng.gif
yun.tuit####.com.####.com/mami-media/img/ghrtfh4v8s.jpg
yun.tuit####.com.####.com/mami-media/img/knrpj113v7.gif
yun.tuit####.com.####.com/mami-media/img/p6ouaopg0c.png
yun.tuit####.com.####.com/mami-media/img/q4qt7y5edk.gif
yun.tuit####.com.####.com/mami-media/img/r2psdeyacm.gif
yun.tuit####.com.####.com/mami-media/img/snsm03w4h9.png
yun.tuit####.com.####.com/mami-media/img/swenauuwsj.gif
yun.tuit####.com.####.com/mami-media/img/z69wju9o03.gif
z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
z.c####.com/stat.htm?id=1275700069&r=http://183.131.85.27:99/newcar/inde...

HTTP POST requests:

a####.qia####.com//api/2io82K
a####.qia####.com//api/8VbeIo
a####.qia####.com//api/Ddgv3VE
a####.qia####.com//api/SJoGF44Q
a####.qia####.com//api/SVFUp6
a####.qia####.com//api/voEYG7
a####.w####.com/rest/pt
ad.qia####.com//api/2io82K
ad.qia####.com//api/8VbeIo
ad.qia####.com//api/SVFUp6
amdc####.m.ta####.com/amdc/mobileDispatch?appkey=####&deviceId=####&plat...
api.lubang####.com/ext_up.php
api.lubang####.com/ext_up.php?ac=####
api.mid####.com/configure/query
api.yunco####.com/service/rest
e4####.0r####.com:10293/widlth/
e4####.0r####.com:10293/xkeila/
flash####.mid####.com/flashcall/upgrade?timestamp=####&appkey=####&nonce...
flash####.mid####.com/user/query
h.w####.com/api/Gu5wT0Z
jp####.njt####.com:10091/wisdom/marking
pg####.d2####.com:10273/dvjnzt/
pg####.d2####.com:10273/rnggno/
pg####.d2####.com:10273/tzvntp/
s####.e.qq.com/activate
s####.e.qq.com/msg
tt####.vni####.com:20147/dijc1v/

File system changes:

Creates the following files:

/data/data/####/.3WN9
/data/data/####/.5TE4.xml
/data/data/####/.J1_v.xml
/data/data/####/.__mob_rmt.dat
/data/data/####/.__mob_rmt.dat (deleted)
/data/data/####/.fKSra
/data/data/####/.fKSra.zip
/data/data/####/.imprint
/data/data/####/.jg.ic
/data/data/####/13_2.jar
/data/data/####/17.jar
/data/data/####/18.jar
/data/data/####/2178.yaqcookie
/data/data/####/44367F39739CCD6BBF960E91E7DB78B2.xml
/data/data/####/4B8DB6B83129A65A2EF4DCFC1393C3B0.xml
/data/data/####/5016ba473a64090954d2bd4c2c238821.db
/data/data/####/5016ba473a64090954d2bd4c2c238821.jar
/data/data/####/6.jar
/data/data/####/7295ece1696c2c3e0ee9a8b27f4b49a3.db
/data/data/####/76924073b8c910199fef670575272677.db
/data/data/####/85b8370a53d6eca22da5f3fb5c291ed7.db
/data/data/####/8EAD111D030291821E19A80E344C340A.xml
/data/data/####/93a34fe8d0bdbc1425e88dd745161a17.db
/data/data/####/ACCS_BINDumeng;52371a0556240b0d9f029655.xml
/data/data/####/ACCS_SDK.xml
/data/data/####/ACCS_SDK_CHANNEL.xml
/data/data/####/AGOO_BIND.xml
/data/data/####/Agoo_AppStore.xml
/data/data/####/Alvin2.xml
/data/data/####/ApplicationCache.db-journal
/data/data/####/BuglySdkInfos.xml
/data/data/####/ContextData.xml
/data/data/####/DaemonServer
/data/data/####/GDTSDK.db
/data/data/####/GDTSDK.db-journal
/data/data/####/MessageStore.db-journal
/data/data/####/MsgLogStore.db-journal
/data/data/####/PREF_CONFIG_METHOD_TYPES.xml
/data/data/####/UTCommon.xml
/data/data/####/XkdjsIx132mM356507059351895comm.xml
/data/data/####/XkdjsIx132mM356507059351895tasks.xml
/data/data/####/XkdjsIx132mMskey1.xml
/data/data/####/___xad__remote.jar
/data/data/####/_p.xml
/data/data/####/_sh.xml
/data/data/####/accs.db-journal
/data/data/####/agoo.pid
/data/data/####/ahq_spu_ti.xml
/data/data/####/com.midainc.wxpass.wxmmpjq.xml
/data/data/####/com.midainc.wxpass.wxmmpjq_preferences.xml
/data/data/####/d4cab475ef65ce588fc480f637c5347a4f8ffeb5bed1634....0.tmp
/data/data/####/dW1weF9pbnRlcm5hbF8xNTg3NDI4NzAzMTU1;
/data/data/####/dW1weF9wdXNoX2xhdW5jaF8xNTg3NDI4NzE4ODU3;
/data/data/####/data_0
/data/data/####/data_1
/data/data/####/data_2
/data/data/####/data_3
/data/data/####/devCloudSetting.cfg
/data/data/####/devCloudSetting.sig
/data/data/####/dexMethod.36117467.dat
/data/data/####/download.db-journal
/data/data/####/e74e8d28744baa23d6476cc6dcf5f13d
/data/data/####/e74e8d28744baa23d6476cc6dcf5f13d.temp
/data/data/####/exchangeIdentity.json
/data/data/####/exid.dat
/data/data/####/f_000001
/data/data/####/f_000002
/data/data/####/f_000003
/data/data/####/f_000004
/data/data/####/f_000005
/data/data/####/f_000006
/data/data/####/f_000007
/data/data/####/f_000008
/data/data/####/f_000009
/data/data/####/f_00000a
/data/data/####/f_00000b
/data/data/####/f_00000c
/data/data/####/f_00000d
/data/data/####/f_00000e
/data/data/####/f_00000f
/data/data/####/f_000010
/data/data/####/f_000011
/data/data/####/f_000012
/data/data/####/f_000013
/data/data/####/f_000014
/data/data/####/f_000015
/data/data/####/f_000016
/data/data/####/f_000017
/data/data/####/f_000018
/data/data/####/f_000019
/data/data/####/f_00001a
/data/data/####/f_00001b
/data/data/####/f_00001c
/data/data/####/f_00001d
/data/data/####/f_00001e
/data/data/####/f_00001f
/data/data/####/f_000020
/data/data/####/f_000021
/data/data/####/f_000022
/data/data/####/f_000023
/data/data/####/f_000024
/data/data/####/f_000025
/data/data/####/f_000026
/data/data/####/f_000027
/data/data/####/f_000028
/data/data/####/f_000029
/data/data/####/f_00002a
/data/data/####/f_00002b
/data/data/####/f_00002c
/data/data/####/f_00002d
/data/data/####/f_00002e
/data/data/####/f_00002f
/data/data/####/f_000030
/data/data/####/f_000031
/data/data/####/f_000032
/data/data/####/f_000033
/data/data/####/f_000034
/data/data/####/f_000035
/data/data/####/f_000036
/data/data/####/f_000037
/data/data/####/f_000038
/data/data/####/f_000039
/data/data/####/f_00003a
/data/data/####/f_00003b
/data/data/####/f_00003c
/data/data/####/f_00003d
/data/data/####/f_00003e
/data/data/####/f_00003f
/data/data/####/f_000040
/data/data/####/f_000041
/data/data/####/f_000042
/data/data/####/f_000043
/data/data/####/f_000044
/data/data/####/f_000045
/data/data/####/f_000046
/data/data/####/f_000047
/data/data/####/f_000048
/data/data/####/f_000049
/data/data/####/f_00004a
/data/data/####/f_00004b
/data/data/####/f_00004c
/data/data/####/f_00004d
/data/data/####/f_00004e
/data/data/####/f_00004f
/data/data/####/f_000050
/data/data/####/f_000051
/data/data/####/f_000052
/data/data/####/f_000053
/data/data/####/f_000054
/data/data/####/f_000055
/data/data/####/f_000056
/data/data/####/f_000057
/data/data/####/f_000058
/data/data/####/f_000059
/data/data/####/f_00005a
/data/data/####/f_00005b
/data/data/####/f_00005c
/data/data/####/f_00005d
/data/data/####/f_00005e
/data/data/####/f_00005f
/data/data/####/f_000060
/data/data/####/f_000061
/data/data/####/f_000062
/data/data/####/f_000063
/data/data/####/f_000064
/data/data/####/f_000065
/data/data/####/f_000066
/data/data/####/f_000067
/data/data/####/f_000068
/data/data/####/f_000069
/data/data/####/f_00006a
/data/data/####/f_00006b
/data/data/####/f_00006c
/data/data/####/f_00006d
/data/data/####/f_00006e
/data/data/####/f_00006f
/data/data/####/f_000070
/data/data/####/f_000071
/data/data/####/f_000072
/data/data/####/f_000073
/data/data/####/f_000074
/data/data/####/f_000075
/data/data/####/f_000076
/data/data/####/f_000077
/data/data/####/f_000078
/data/data/####/f_000079
/data/data/####/f_00007a
/data/data/####/f_00007b
/data/data/####/f_00007c
/data/data/####/f_00007d
/data/data/####/f_00007e
/data/data/####/f_00007f
/data/data/####/f_000080
/data/data/####/f_000081
/data/data/####/f_000082
/data/data/####/f_000083
/data/data/####/f_000084
/data/data/####/f_000085
/data/data/####/f_000086
/data/data/####/f_000087
/data/data/####/f_000088
/data/data/####/f_000089
/data/data/####/f_00008a
/data/data/####/f_00008b
/data/data/####/f_00008c
/data/data/####/f_00008d
/data/data/####/f_00008e
/data/data/####/f_00008f
/data/data/####/f_000090
/data/data/####/f_000091
/data/data/####/f_000092
/data/data/####/f_000093
/data/data/####/f_000094
/data/data/####/f_000095
/data/data/####/f_000096
/data/data/####/f_000097
/data/data/####/f_000098
/data/data/####/gameid
/data/data/####/gameid.zip
/data/data/####/gdt_config.cfg
/data/data/####/gdt_plugin.jar
/data/data/####/gdt_plugin.jar.sig
/data/data/####/gdt_plugin.tmp
/data/data/####/gdt_plugin.tmp.sig
/data/data/####/gdt_stat.db
/data/data/####/gdt_stat.db-journal
/data/data/####/gdt_suid
/data/data/####/heqqkgxg.jar
/data/data/####/hhq_spu_ti.xml
/data/data/####/httpdns_config_cache.xml
/data/data/####/i==1.2.0&&5.3.8_1587428703614_envelope.log
/data/data/####/index
/data/data/####/info.xml
/data/data/####/journal.tmp
/data/data/####/libjiagu-435494926.so
/data/data/####/libpuuqlu.so
/data/data/####/libpuuqlu.so-32
/data/data/####/libpuuqlu.so-64
/data/data/####/libyaqbasic.36117467.so
/data/data/####/libyaqpro.36117467.so
/data/data/####/message_accs_db
/data/data/####/message_accs_db-journal
/data/data/####/mkv.xml
/data/data/####/oqoyet.png
/data/data/####/pref_app_ad_display_num1.xml
/data/data/####/pref_tao_word_command.xml
/data/data/####/prefs_versions.xml
/data/data/####/sdkCloudSetting.cfg
/data/data/####/sdkCloudSetting.sig
/data/data/####/shared_preferences_name_online.xml
/data/data/####/ua.db
/data/data/####/ua.db-journal
/data/data/####/um_pri.xml
/data/data/####/umdat.xml
/data/data/####/umengDown.jar
/data/data/####/umeng_common_config.xml
/data/data/####/umeng_common_location.xml
/data/data/####/umeng_general_config.xml
/data/data/####/umeng_it.cache
/data/data/####/umeng_message_state.xml
/data/data/####/update_lc
/data/data/####/ut.db
/data/data/####/ut.db-journal
/data/data/####/webview.db-journal
/data/data/####/webviewCookiesChromium.db-journal
/data/data/####/webviewCookiesChromiumPrivate.db-journal
/data/data/####/yaqsdkcookie
/data/data/####/yd_config_c.xml
/data/media/####/.a.dat
/data/media/####/.adfwe.dat
/data/media/####/.cca.dat
/data/media/####/.lju
/data/media/####/.nomedia
/data/media/####/.umm.dat
/data/media/####/.usdis
/data/media/####/1b7e28ac891f47dd8bf07d6c5c10634a
/data/media/####/226C6D0262EDF21275151A3830CCD201.temp
/data/media/####/6067CD2BC58AF269E2045AB73920FC13
/data/media/####/6fd0d1d2a985471da868751698ec260e
/data/media/####/77BBC24F6E2262579E8F8001738BA340.jar
/data/media/####/77BBC24F6E2262579E8F8001738BA340.temp
/data/media/####/Alvin2.xml
/data/media/####/ContextData.xml
/data/media/####/_pn
/data/media/####/_shn
/data/media/####/bede228f507842719aee000361f25baa
/data/media/####/cf3269b0517b454db770e587f26ae26f
/data/media/####/deviceToken

Miscellaneous:

Executes the following shell scripts:

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
<Package Folder>/files/DaemonServer -s <Package Folder>/lib/ -n runServer -p startservice -n <Package>/com.taobao.accs.ChannelService --user 0 -f <Package Folder> -t 600 -c agoo.pid -P <Package Folder> -K 1009527 -U tb_accs_eudemon_1.1.3 -L http://agoodm.m.taobao.com/agoo/report -D {"package":"<Package>","appKey":"umeng:52371a0556240b0d9f029655","utdid":"Xp49XYa1AY8DAGdzx1FL3EdC","sdkVersion":"221"} -I agoodm.m.taobao.com -O 80 -T -Z
cat /proc/version
cat /sys/class/net/wlan0/address
chmod 500 <Package Folder>/files/DaemonServer
getprop
getprop ro.board.platform
getprop ro.product.cpu.abi
ls /
ls /sys/class/thermal
sh

Loads the following dynamic libraries:

libjiagu-435494926
libpuuqlu
libyaqbasic.36117467
libyaqpro.36117467
tnet-3.1
ut_c_api

Uses the following algorithms to encrypt data:

AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
AES-ECB-PKCS7Padding
DES
DESede-CBC-PKCS5Padding
RSA-None-PKCS1Padding

Uses the following algorithms to decrypt data:

AES-CBC-NoPadding
AES-CBC-PKCS5Padding
AES-CBC-PKCS7Padding
AES-ECB-PKCS5Padding
AES-ECB-PKCS7Padding
DES
DESede-CBC-PKCS5Padding
RSA-ECB-PKCS1Padding
RSA-None-PKCS1Padding

Accesses the ITelephony private interface.

Uses special library to hide executable bytecode.

Gets information about location.

Gets information about network.

Gets information about phone status (number, IMEI, etc.).

Gets information about installed apps.

Gets information about running apps.

Adds tasks to the system scheduler.

Displays its own windows over windows of other apps.

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical information

Recommandations pour le traitement

Free trial