Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) i####.com:80
- TCP(HTTP/1.1) aserver####.m.ta####.com:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) a####.b####.qq.com:8011
- TCP(HTTP/1.1) ti####.c####.l####.####.com:80
- TCP(HTTP/1.1) log.mm####.com:80
- TCP(HTTP/1.1) t####.c####.q####.####.com:80
- TCP(HTTP/1.1) p####.tc.qq.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) s####.e.qq.com:80
- TCP(HTTP/1.1) a.appj####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) acs-####.m.ta####.com:80
- TCP(HTTP/1.1) huo####.m.ta####.com:80
- TCP(HTTP/1.1) af.al####.com:80
- TCP(HTTP/1.1) pco####.y####.com:80
- TCP(HTTP/1.1) st####.y####.com:80
- TCP(HTTP/1.1) mi.g####.qq.com:80
- TCP(TLS/1.0) app-ro####.leanc####.cn:443
- TCP(TLS/1.0) af.al####.com:443
- TCP(TLS/1.0) mfs.y####.com:443
- TCP(TLS/1.0) api.leanc####.cn:443
- TCP c####.g####.ig####.com:5225
- TCP sdk.o####.t####.####.com:5224
- 7j####.c####.z0.####.com
- a####.b####.qq.com
- a.appj####.com
- acs.y####.com
- af.al####.com
- and####.b####.qq.com
- api.leanc####.cn
- app-ro####.leanc####.cn
- c####.g####.ig####.com
- c-h####.g####.com
- g.al####.com
- gm.mm####.com
- gw.al####.com
- huo####.m.ta####.com
- i####.com
- img.al####.com
- imgc####.qq.com
- js.y####.com
- log.mm####.com
- m.y####.com
- mi.g####.qq.com
- pco####.y####.com
- qr.y####.com
- r1.y####.com
- s####.e.qq.com
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- st####.api.3g.####.com
- st####.y####.com
- v.y####.com
- af.al####.com/AWSC/uab/114.js?d=####
- af.al####.com/alilog/??s/8.7.7/plugin/aplus_client.js,aplus_cplugin/0.4....
- af.al####.com/alilog/mlog/aplus_v2.js
- af.al####.com/hollywood/hollywood-lib/2.0.2/mtop.js
- af.al####.com/hollywood/hollywood-lib/2.0.2/promise.js
- af.al####.com/js/uac.js
- af.al####.com/js/uac.js?t=####
- af.al####.com/ku/bigview.runtime/1.4.5/bigview.runtime.min.js
- af.al####.com/mm/yksdk/0.0.4/main.js
- af.al####.com/mtb/lib-flexible/0.3.2/flexible.js
- af.al####.com/player/h5phoneplayer/1.6.33/css/h5phoneplayer.min.css
- af.al####.com/player/h5phoneplayer/1.6.33/js/h5phoneplayer.min.js
- af.al####.com/player/ykplayer/0.5.91/youku-player.min.js
- af.al####.com/secdev/entry/index.js?t=####
- af.al####.com/secdev/sufei_data/3.6.8/index.js
- af.al####.com/tfs/TB1uzJUkv1TBuNjy0FjXXajyXXa-40-40.png
- af.al####.com/youku-node/h5-playpage/1.0.8/libs/iwt.js
- af.al####.com/youku-node/h5-playpage/1.1.1/feShareSdk.min.js
- af.al####.com/youku-node/h5-playpage/1.4.2/video.min.css
- af.al####.com/youku-node/h5-playpage/1.4.38/video.min.js
- af.al####.com/youku-node/pc-playpage/1.1.10/styles/layout.min.css
- af.al####.com/youku-node/pc-playpage/1.1.12/common.min.js
- aserver####.m.ta####.com/openapi-wireless/statis/recall_app_service?from...
- aserver####.m.ta####.com/v_show/id_XMTc2NjA1NzI0NA==.html?from=####&spm=...
- aserver####.m.ta####.com/video/id_XMTc2NjA1NzI0NA==.html?from=####&spm=#...
- gm.mm####.com/yt/youku_h5playpage.pagelet.performance?gmkey=####&gokey=v...
- gm.mm####.com/yt/youku_h5playpage.pagelet.ynhp_pv?gmkey=####&gokey=v####...
- gm.mm####.com/yt/youkuphoneplaypage.page404.https_gray_data?gmkey=####&g...
- gm.mm####.com/yt/youkuphoneplaypage.page404.inMtopRequest?gmkey=CLK&goke...
- gm.mm####.com/yt/youkuplayer.fdl.playerckey?gmkey=####&gokey=v####&ccode...
- huo####.m.ta####.com/api/data/v2/714e206843fe47b5af0b4ce46b403f6e.js
- huo####.m.ta####.com/api/data/v2/d9543feac7c9433a98bc85be3ba856b1.js
- i####.com/irt?_iwt_UA=UA-youku-000008&ref=/v.youku.com/v_show/id_XMTc2Nj...
- log.mm####.com/eg.js
- log.mm####.com/yt.gif?logtype=####&title=####&pre=####&scr=####&category...
- mi.g####.qq.com/gdt_mview.fcg?posw=####&posh=####&count=####&r=####&data...
- p####.tc.qq.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/r...
- pco####.y####.com/app.gif?&cna=####
- st####.y####.com/h5/html/share/images/h5_300x300.png
- t####.c####.q####.####.com/tdata_SzD730
- t####.c####.q####.####.com/tdata_ZCi456
- ti####.c####.l####.####.com/config/hz-hzv3.conf
- a####.b####.qq.com:8011/rqd/async?aid=####
- a.appj####.com/ad-service/ad/mark
- acs-####.m.ta####.com/h5/mtop.youku.haixing.play.h5.detail/1.0/?jsv=####...
- and####.b####.qq.com/rqd/async?aid=####
- c-h####.g####.com/api.php?format=####&t=####
- s####.e.qq.com/activate
- s####.e.qq.com/msg
- sdk.o####.p####.####.com/api.php?format=####&t=####
- /data/data/####/.jg.ic
- /data/data/####/1002
- /data/data/####/1004
- /data/data/####/650bd191f18fbc15904925ba18a19d64
- /data/data/####/AVOSCloud-SDK.xml
- /data/data/####/AV_CLOUD_API_VERSION_KEY_ZONE.xml
- /data/data/####/GDTSDK.db
- /data/data/####/GDTSDK.db-journal
- /data/data/####/a7d56111128d7b56461a1735894e99bb
- /data/data/####/avoscloud-analysis
- /data/data/####/bigbangs.db-journal
- /data/data/####/bugly_db_-journal
- /data/data/####/com.avos.avoscloud.RequestStatisticsUtil.data.xml
- /data/data/####/com.avos.avoscloud.analysis.xml
- /data/data/####/com.avos.avoscloud.approuter.MVsh1KoKS2f9042TnF...sz.xml
- /data/data/####/com.hwj.mybigbangs.BETA_VALUES.xml
- /data/data/####/crashrecord.xml
- /data/data/####/daemon
- /data/data/####/devCloudSetting.cfg
- /data/data/####/devCloudSetting.sig
- /data/data/####/gdaemon_20161017
- /data/data/####/gdt_plugin.jar
- /data/data/####/gdt_plugin.jar.sig
- /data/data/####/gdt_plugin.next
- /data/data/####/gdt_plugin.next.sig
- /data/data/####/gdt_suid
- /data/data/####/gx_sp.xml
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/jg_app_update_settings_random.xml
- /data/data/####/libjiagu.so
- /data/data/####/local_crash_lock
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/sdkCloudSetting.cfg
- /data/data/####/sdkCloudSetting.sig
- /data/data/####/security_info
- /data/data/####/tdata_SzD730
- /data/data/####/tdata_SzD730.jar
- /data/data/####/tdata_ZCi456
- /data/data/####/tdata_ZCi456.jar
- /data/data/####/update_lc
- /data/media/####/.nomedia
- /data/media/####/app.db
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.hwj.mybigbangs.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/tdata_SzD730
- /data/media/####/tdata_ZCi456
- /data/media/####/test.log
- /system/bin/sh -c getprop
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 24799 300 0
- chmod 700 <Package Folder>/app_bin/daemon
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- getprop
- mars_d -p <Package> -s <Package>.service.Service2 -p1r 56 -p1w 57 -p2r 58 -p2w 59
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.igexin.sdk.PushService 24799 300 0
- Bugly
- daemon_api20
- getuiext2
- libjiagu
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-ECB-PKCS7Padding
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding