Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Spy.5537
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) d####.opensp####.cn:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) amap####.cn-hang####.oss####.####.com:80
- TCP(HTTP/1.1) h####.opensp####.cn:80
- TCP(TLS/1.0) res####.a####.com:443
- TCP(TLS/1.0) www.google####.com:443
- TCP(TLS/1.0) connect####.gst####.com:443
- TCP(TLS/1.2) 64.2####.161.138:443
- TCP(TLS/1.2) www.google####.com:443
- TCP(TLS/1.2) connect####.gst####.com:443
- TCP(TLS/1.2) 74.1####.205.113:443
- UDP www.google####.com:443
- UDP rr2---s####.g####.com:443
DNS requests:
- a####.u####.com
- amap####.cn-hang####.oss####.####.com
- and####.google####.com
- connect####.gst####.com
- d####.opensp####.cn
- h####.opensp####.cn
- p####.google####.com
- res####.a####.com
- rr2---s####.g####.com
- rr9---s####.g####.com
- www.google####.com
- www.ye####.com
HTTP GET requests:
- amap####.cn-hang####.oss####.####.com/sdkcoor/android/armeabi-v7a/libJni...
- h####.opensp####.cn/launchconfig?t=####&p=eHhzZ####
HTTP POST requests:
- a####.u####.com/app_logs
- d####.opensp####.cn/index.php/clientrequest/clientcollect/isCollect
- res####.a####.com:443/v3/iasdkauth?key=####&ts=####&scode=####
File system changes:
Creates the following files:
- /data/data/####/.imprint
- /data/data/####/.jg.ic
- /data/data/####/Alvin2.xml
- /data/data/####/AudioTourAndroidCommon.xml
- /data/data/####/ContextData.xml
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/apkinformation.xml
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/classes.dex
- /data/data/####/classes2.dex
- /data/data/####/classes3.dex
- /data/data/####/com.awt.zjxxsd_preferences.xml
- /data/data/####/com.iflytek.id.xml
- /data/data/####/com.iflytek.msc.xml
- /data/data/####/dafile.db
- /data/data/####/dafile.db-journal
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/hmdb
- /data/data/####/hmdb-journal
- /data/data/####/ifly_launch_lib.xml
- /data/data/####/ifly_launch_lib.xml.bak
- /data/data/####/iflytek_state_com.awt.zjxxsd.xml
- /data/data/####/ifremind.xml
- /data/data/####/jg_so_upgrade_setting.xml
- /data/data/####/journal
- /data/data/####/libjiagu.so
- /data/data/####/libwgs2gcj.so
- /data/data/####/loctemp.so
- /data/data/####/logdb.db
- /data/data/####/logdb.db-journal
- /data/data/####/metrics_guid
- /data/data/####/pref.xml
- /data/data/####/pref.xml.bak
- /data/data/####/proc_auxv
- /data/data/####/ua.db
- /data/data/####/ua.db-journal
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/media/####/.2F6E2C5B63F0F83B
- /data/media/####/.nomedia
- /data/media/####/057096B895C87703758ABF0039C22FF6
- /data/media/####/0720D826A582BBAA1B04CC2487D38986
- /data/media/####/075BE25C4D5D4026C3A1AA35B41E3ACF
- /data/media/####/0CD46DD5AC6CB396F901E87902C2D078
- /data/media/####/1.ico
- /data/media/####/1.png
- /data/media/####/1.txt
- /data/media/####/10
- /data/media/####/100
- /data/media/####/1000
- /data/media/####/10000
- /data/media/####/100000
- /data/media/####/103.png
- /data/media/####/104.png
- /data/media/####/105.png
- /data/media/####/106.png
- /data/media/####/107.png
- /data/media/####/11.png
- /data/media/####/1138A93C0798D1E29783DF744E2E4DFF
- /data/media/####/150
- /data/media/####/15000
- /data/media/####/1D11863B89ADBA82EC1B0E897FF1B1C3
- /data/media/####/1_txt_reach_spot_1_1
- /data/media/####/2.ico
- /data/media/####/2.txt
- /data/media/####/20
- /data/media/####/200
- /data/media/####/2000
- /data/media/####/20000
- /data/media/####/21610AA388D520710BCC2121F192114C
- /data/media/####/22AA9776AA5A4C3D2309C49EF1E7205E
- /data/media/####/26469brief
- /data/media/####/26472brief
- /data/media/####/26475brief
- /data/media/####/26479brief
- /data/media/####/26481brief
- /data/media/####/26483brief
- /data/media/####/26486brief
- /data/media/####/26489brief
- /data/media/####/26490brief
- /data/media/####/26502brief
- /data/media/####/26505brief
- /data/media/####/26507brief
- /data/media/####/26510brief
- /data/media/####/26512brief
- /data/media/####/26514brief
- /data/media/####/26519brief
- /data/media/####/26520brief
- /data/media/####/26521brief
- /data/media/####/26524brief
- /data/media/####/26528brief
- /data/media/####/26530brief
- /data/media/####/26531brief
- /data/media/####/26533brief
- /data/media/####/26536brief
- /data/media/####/26545brief
- /data/media/####/26548brief
- /data/media/####/26550brief
- /data/media/####/26555brief
- /data/media/####/26560brief
- /data/media/####/26563brief
- /data/media/####/26568brief
- /data/media/####/26579brief
- /data/media/####/26581brief
- /data/media/####/26589brief
- /data/media/####/26591brief
- /data/media/####/26598brief
- /data/media/####/26599brief
- /data/media/####/26600brief
- /data/media/####/26602brief
- /data/media/####/26603brief
- /data/media/####/26607brief
- /data/media/####/26772brief
- /data/media/####/26773brief
- /data/media/####/26774brief
- /data/media/####/26775brief
- /data/media/####/26777brief
- /data/media/####/26778brief
- /data/media/####/26781brief
- /data/media/####/26782brief
- /data/media/####/26783brief
- /data/media/####/26784brief
- /data/media/####/26785brief
- /data/media/####/26786brief
- /data/media/####/26787brief
- /data/media/####/26789brief
- /data/media/####/26790brief
- /data/media/####/26793brief
- /data/media/####/26796brief
- /data/media/####/26801brief
- /data/media/####/26802brief
- /data/media/####/269E912C974CE40344508E6C1779EEE6
- /data/media/####/277D4BD221DE202F8E784981103D34A5
- /data/media/####/28D59888F165D6C43224514D3E9A1798
- /data/media/####/2C90DEF3C111B32F922D361778219D87
- /data/media/####/2CBCE3CCA30490BA1F37191DDE4DE72F
- /data/media/####/2E99AE07CA0621DC734147B67DB10E2D
- /data/media/####/2F936581E3CC1A4CB2936E6A788FD908
- /data/media/####/2_txt_reach_city_2_1
- /data/media/####/2_txt_reach_city_2_2
- /data/media/####/3.ico
- /data/media/####/30
- /data/media/####/300
- /data/media/####/3000
- /data/media/####/30000
- /data/media/####/301.png
- /data/media/####/302.png
- /data/media/####/303.png
- /data/media/####/304.png
- /data/media/####/305.png
- /data/media/####/30A4F23DE661654959D7075AF9F4F8E9
- /data/media/####/315571A56273C6D8E89F5CEE48DA064F
- /data/media/####/322DB55BC2482447DC6EFEC0076AC77D
- /data/media/####/3457715EA2520FBFC785C3487AF353CF
- /data/media/####/3613F98ABF78408DF1EDB97C73204363
- /data/media/####/39103414003056212B25A5A8ABC6B3DC
- /data/media/####/3F20ADF2EB08C58F2573B4B37C5DB58D
- /data/media/####/3_txt_out_city_2_1
- /data/media/####/3_txt_out_city_2_2
- /data/media/####/4.ico
- /data/media/####/40
- /data/media/####/400
- /data/media/####/4000
- /data/media/####/40000
- /data/media/####/40DBD82893FC1A5AB0010B12FB88A281
- /data/media/####/442E659F3C2707211A7484BE82B4E272
- /data/media/####/477BAE2F80BA1002FFDEC817759D8894
- /data/media/####/4A65719C16F4636C51FA6154B98CF50D
- /data/media/####/4B780B6AC5A849CF9E44E38C78BF52CE
- /data/media/####/4E799B2E256394BC77594ED99752DCCB
- /data/media/####/4_txt_in_city_2_1
- /data/media/####/4_txt_in_city_2_2
- /data/media/####/5.ico
- /data/media/####/50
- /data/media/####/500
- /data/media/####/5000
- /data/media/####/50000
- /data/media/####/55471EB7AA721DF953094E5DDBD9EAE2
- /data/media/####/55CF254D896A4160CD559D83ED0102D2
- /data/media/####/59D61373C912DAA3EED831AFE4D8539F
- /data/media/####/5FCFE3688BE1282B703F7CA465DDB9E0
- /data/media/####/5_txt_reach_scene_2_1
- /data/media/####/5_txt_reach_scene_2_2
- /data/media/####/6.ico
- /data/media/####/60
- /data/media/####/600
- /data/media/####/6000
- /data/media/####/60000
- /data/media/####/6014CE5156E4D79D91CA41A1B1092123
- /data/media/####/607BEB5CAB908420BE91859C8E15E18D
- /data/media/####/63C91C4D5DE4F941C9C6EFFA5790C414
- /data/media/####/63F80758A65D36624A1DA19B051BFCF3
- /data/media/####/672E9B8C5145BA89054C6096AB0F946D
- /data/media/####/691D8F8A606793CEF4CD1834671D122B
- /data/media/####/6_txt_scene_outside_2_1
- /data/media/####/6_txt_scene_outside_2_2
- /data/media/####/7.ico
- /data/media/####/70
- /data/media/####/700
- /data/media/####/7000
- /data/media/####/70000
- /data/media/####/70E80D24DCC4FC947B3C4070173B62D6
- /data/media/####/71D2BC6A94292C1DD0F9504B05B02B33
- /data/media/####/729246D77B6F9842BF84D8F9F09026D0
- /data/media/####/796934D604A4F0DD342B53C7753E517F
- /data/media/####/7C10EF57CDB3593050FB59C3DB92A0C5
- /data/media/####/7F70E3443ED99CEDED53668C071F86E9
- /data/media/####/80
- /data/media/####/800
- /data/media/####/8000
- /data/media/####/80000
- /data/media/####/85B807078DA80053E7C41573B905D88F
- /data/media/####/873C06F1965A8B7F289D29A05D13C8E3
- /data/media/####/8832B8660F10B3E418476F5A96C84E98
- /data/media/####/8BDAD90F2E2126095C8A21D8FEBFF9EA
- /data/media/####/8D7A6AC52DCE702A1ADF00B206ABB14E
- /data/media/####/8DFB0BF53F320B3271F744CE423F69E5
- /data/media/####/8E712951E5317EBC1DDA586F9CFB67DE
- /data/media/####/90
- /data/media/####/900
- /data/media/####/9000
- /data/media/####/90000
- /data/media/####/9008B4FE7640312BFFBB41698596225E
- /data/media/####/914757A760B429628556BB751B384783
- /data/media/####/918D67248973C7865290163CE6CE7848
- /data/media/####/91BA24861AFFA3CC22C6FCC063CB09DC
- /data/media/####/91D656EBBC76371F71210A634F760BA4
- /data/media/####/93DEDF964B753ABD8CBFAF5530C87A9B
- /data/media/####/95B174ABB78684E560BCF54F6EC95EDF
- /data/media/####/9999.png
- /data/media/####/9D3696DB1F4093B84FC5B87173BF4736
- /data/media/####/A3A656194711C666CF1E2EDED9DA4678
- /data/media/####/A5A6383558DC7EE401D3B34FDD05DB33
- /data/media/####/APlayer.min.css
- /data/media/####/APlayer.min.js
- /data/media/####/Alvin2.xml
- /data/media/####/B050EB0E2DDFE32D700D4885CF65C94F
- /data/media/####/B3DDF7C6C54FDD42B5B34AAE0E669586
- /data/media/####/B7134011236FB4532558BD9263B1A9C8
- /data/media/####/B87722927DA414894DCAB0757E995861
- /data/media/####/B8F7D0A64DE0170345F8B72DE366DC95
- /data/media/####/BE536A55845EE934A3E6AD971229095A
- /data/media/####/BE6F664D236A1E95160F88192EAF1647
- /data/media/####/C2B3224AC99D91B23653938E5348A5B0
- /data/media/####/C6F99DE5D6CE5B77DE1384AF92ED4591
- /data/media/####/C9BABA729C67ED2D299557F4313A80F4
- /data/media/####/CC68ABC88A808FE72AC0A51324741AFC
- /data/media/####/CEA20F99729C270376377C6FE4E2EBC5
- /data/media/####/ContextData.xml
- /data/media/####/D229AE77BD90E359F7D864C2190EDA01
- /data/media/####/D65515609FC0357BE4B3D2D06794AB56
- /data/media/####/D95E9AD41270520DD765D61B0437EC1D
- /data/media/####/D9CE16D74219D13ABB08AE01FAE67C4F
- /data/media/####/DA120F8C8E19D69FB02BA4DE6E498EAD
- /data/media/####/DB33D0CA49CC735F1B8A773801224B77
- /data/media/####/E740F3DC3B8E8E7BFA4DA0E23D2645DD
- /data/media/####/E857A481B7D293F5243EF92876152F0D
- /data/media/####/F12AEB6F53600CBD056F42FD70E93E6B
- /data/media/####/F25242C1B8632AAE22FBD44892B437F0
- /data/media/####/F3139BEFC3C16803E203F8C9CDA645A6
- /data/media/####/F5C1C336D7C94579DE503BB79B48A688
- /data/media/####/FD7CD2F878C45A6476355F79A0C30B4F
- /data/media/####/GP_10
- /data/media/####/GP_11
- /data/media/####/GP_12
- /data/media/####/GP_13
- /data/media/####/GP_14
- /data/media/####/GP_15
- /data/media/####/GP_16
- /data/media/####/GP_17
- /data/media/####/GP_18
- /data/media/####/GP_19
- /data/media/####/GP_2
- /data/media/####/GP_20
- /data/media/####/GP_21
- /data/media/####/GP_3
- /data/media/####/GP_4
- /data/media/####/GP_5
- /data/media/####/GP_6
- /data/media/####/GP_7
- /data/media/####/GP_8
- /data/media/####/GP_9
- /data/media/####/GP_99+
- /data/media/####/InfoBox_min.js
- /data/media/####/Installed.dat
- /data/media/####/JD_1
- /data/media/####/JD_10
- /data/media/####/JD_11
- /data/media/####/JD_12
- /data/media/####/JD_13
- /data/media/####/JD_14
- /data/media/####/JD_15
- /data/media/####/JD_16
- /data/media/####/JD_17
- /data/media/####/JD_18
- /data/media/####/JD_19
- /data/media/####/JD_2
- /data/media/####/JD_20
- /data/media/####/JD_21
- /data/media/####/JD_22
- /data/media/####/JD_23
- /data/media/####/JD_24
- /data/media/####/JD_24 (deleted)
- /data/media/####/JD_25
- /data/media/####/JD_26
- /data/media/####/JD_27
- /data/media/####/JD_28
- /data/media/####/JD_29
- /data/media/####/JD_3
- /data/media/####/JD_30
- /data/media/####/JD_31
- /data/media/####/JD_32
- /data/media/####/JD_33
- /data/media/####/JD_34
- /data/media/####/JD_35
- /data/media/####/JD_36
- /data/media/####/JD_37
- /data/media/####/JD_38
- /data/media/####/JD_39
- /data/media/####/JD_4
- /data/media/####/JD_40
- /data/media/####/JD_41
- /data/media/####/JD_42
- /data/media/####/JD_43
- /data/media/####/JD_44
- /data/media/####/JD_45
- /data/media/####/JD_46
- /data/media/####/JD_47
- /data/media/####/JD_48
- /data/media/####/JD_49
- /data/media/####/JD_5
- /data/media/####/JD_50
- /data/media/####/JD_6
- /data/media/####/JD_7
- /data/media/####/JD_8
- /data/media/####/JD_9
- /data/media/####/MarkerClusterer_bd.js
- /data/media/####/MarkerClusterer_min.js
- /data/media/####/TextIconOverlay_min.js
- /data/media/####/Thumbs.db
- /data/media/####/alike.xml
- /data/media/####/all_zr_0_8063
- /data/media/####/alsn.db
- /data/media/####/alsn.db-journal
- /data/media/####/anim.js
- /data/media/####/aplayer-fontello.eot
- /data/media/####/aplayer-fontello.svg
- /data/media/####/aplayer-fontello.ttf
- /data/media/####/aplayer-fontello.woff
- /data/media/####/apoint_end
- /data/media/####/apoint_end.png
- /data/media/####/apoint_start.png
- /data/media/####/arrow-down.png
- /data/media/####/atask.log
- /data/media/####/audio.png
- /data/media/####/back
- /data/media/####/background.mp3
- /data/media/####/bg.png
- /data/media/####/c_8063brief
- /data/media/####/car
- /data/media/####/cb_scout_sprite_api_003.png
- /data/media/####/cc.js
- /data/media/####/close.png
- /data/media/####/closedhand_8_8.cur
- /data/media/####/common.js
- /data/media/####/controls.js
- /data/media/####/cover2.jpg
- /data/media/####/crosshair.cur
- /data/media/####/didong.mp3
- /data/media/####/distance_2you
- /data/media/####/distance_about
- /data/media/####/down.png
- /data/media/####/download.db
- /data/media/####/download.db-journal
- /data/media/####/drag_cross_67_16.png
- /data/media/####/drawing.js
- /data/media/####/drawing.png
- /data/media/####/drawing_impl.js
- /data/media/####/ellipsis.xml
- /data/media/####/exploreMarker
- /data/media/####/foot.html
- /data/media/####/front
- /data/media/####/fw1.png
- /data/media/####/ga.js
- /data/media/####/geocoder.js
- /data/media/####/geometry.js
- /data/media/####/global.css
- /data/media/####/global_phone.js
- /data/media/####/google_white.png
- /data/media/####/grey.gif
- /data/media/####/guide.xml
- /data/media/####/guider0
- /data/media/####/guider1
- /data/media/####/head.jpg
- /data/media/####/head1.jpg
- /data/media/####/home_poi_icon_attractions
- /data/media/####/home_poi_icon_floor
- /data/media/####/home_poi_icon_food
- /data/media/####/home_poi_icon_gate
- /data/media/####/home_poi_icon_hotel
- /data/media/####/home_poi_icon_other
- /data/media/####/home_poi_icon_pier
- /data/media/####/home_poi_icon_shopping
- /data/media/####/home_poi_icon_snack
- /data/media/####/home_poi_icon_souvenir
- /data/media/####/home_poi_icon_traffic
- /data/media/####/home_poi_icon_wc
- /data/media/####/howto.html
- /data/media/####/ic_home_article
- /data/media/####/ic_home_foot
- /data/media/####/ic_home_in
- /data/media/####/ic_home_list
- /data/media/####/ic_home_other
- /data/media/####/icon.ico
- /data/media/####/icon.png
- /data/media/####/icon10.png
- /data/media/####/icon11.png
- /data/media/####/icon11b.png
- /data/media/####/icon12a.png
- /data/media/####/icon12b.png
- /data/media/####/icon12c.png
- /data/media/####/icon12d.png
- /data/media/####/icon12e.png
- /data/media/####/icon12f.png
- /data/media/####/icon12g.png
- /data/media/####/icon12h.png
- /data/media/####/icon12i.png
- /data/media/####/icon12j.png
- /data/media/####/icon12k.png
- /data/media/####/icon12l.png
- /data/media/####/icon14.png
- /data/media/####/icon15.png
- /data/media/####/icon16a.png
- /data/media/####/icon16b.png
- /data/media/####/icon16c.png
- /data/media/####/icon17a.png
- /data/media/####/icon22.png
- /data/media/####/icon23.png
- /data/media/####/icon24.png
- /data/media/####/icon25.png
- /data/media/####/icon31.jpg
- /data/media/####/icon33.jpg
- /data/media/####/icon33b.png
- /data/media/####/icon33c.png
- /data/media/####/icon34a.png
- /data/media/####/icon34b.png
- /data/media/####/icon7.png
- /data/media/####/icon_pause.png
- /data/media/####/icon_play.png
- /data/media/####/iflyworkdir_test (deleted)
- /data/media/####/imgbg.jpg
- /data/media/####/imgs8.png
- /data/media/####/index.html
- /data/media/####/index.xml
- /data/media/####/infobox.js
- /data/media/####/infowindow.js
- /data/media/####/iw3.png
- /data/media/####/iw_close.gif
- /data/media/####/iw_minus.gif
- /data/media/####/iw_plus.gif
- /data/media/####/jquery-1.7.2.min.js
- /data/media/####/jquery.lazyload.js
- /data/media/####/jquery_easing.js
- /data/media/####/kml.js
- /data/media/####/label_bg.png
- /data/media/####/layers.js
- /data/media/####/left
- /data/media/####/leftback
- /data/media/####/leftfront
- /data/media/####/lib.js
- /data/media/####/linetest.js
- /data/media/####/loader.gif
- /data/media/####/location
- /data/media/####/location_pin.png
- /data/media/####/m1.png
- /data/media/####/m2.png
- /data/media/####/m3.png
- /data/media/####/m4.png
- /data/media/####/m5.png
- /data/media/####/main.js
- /data/media/####/mainindex.xml
- /data/media/####/mainindex_en.xml
- /data/media/####/mainindextop.xml
- /data/media/####/mainindextop_en.xml
- /data/media/####/map.js
- /data/media/####/map_cancel.png
- /data/media/####/map_end
- /data/media/####/map_end.png
- /data/media/####/map_mode.jpg
- /data/media/####/map_start
- /data/media/####/map_start.png
- /data/media/####/map_start1
- /data/media/####/map_start1.png
- /data/media/####/mapapi.js
- /data/media/####/mapcontrols3d7.png
- /data/media/####/maplabel.js
- /data/media/####/marker.js
- /data/media/####/markerAnimate.js
- /data/media/####/markerGroup
- /data/media/####/marker_sprite.png
- /data/media/####/markerclusterer.js
- /data/media/####/maxzoom.js
- /data/media/####/mc1.png
- /data/media/####/menu_twp_play.png
- /data/media/####/mkAnim.js
- /data/media/####/newlib.js
- /data/media/####/onion.js
- /data/media/####/openhand_8_8.cur
- /data/media/####/overlay.js
- /data/media/####/paymentwarning
- /data/media/####/photo.png
- /data/media/####/places.js
- /data/media/####/places_impl.js
- /data/media/####/poly.js
- /data/media/####/qq.png
- /data/media/####/re_last.png
- /data/media/####/re_last_dis.png
- /data/media/####/re_next.png
- /data/media/####/re_next_dis.png
- /data/media/####/re_pause_normal.png
- /data/media/####/re_play_normal.png
- /data/media/####/right
- /data/media/####/rightback
- /data/media/####/rightfront
- /data/media/####/rotate2.png
- /data/media/####/route.txt
- /data/media/####/routeapp.txt
- /data/media/####/s2_736brief
- /data/media/####/s2_737brief
- /data/media/####/s_736brief
- /data/media/####/s_737brief
- /data/media/####/scene
- /data/media/####/scene_select
- /data/media/####/share.html
- /data/media/####/sign_play
- /data/media/####/sign_play0
- /data/media/####/sign_play1
- /data/media/####/sign_play2
- /data/media/####/sign_play3
- /data/media/####/smiconname_2
- /data/media/####/smiconname_3
- /data/media/####/smiconname_4
- /data/media/####/smiconname_5
- /data/media/####/smiconname_6
- /data/media/####/smiconname_7
- /data/media/####/spot.xml
- /data/media/####/spot_good
- /data/media/####/spot_good_select
- /data/media/####/spot_icon_web_1
- /data/media/####/spot_icon_web_2
- /data/media/####/spot_icon_web_3
- /data/media/####/spot_icon_web_4
- /data/media/####/spot_icon_web_5
- /data/media/####/spot_icon_web_6
- /data/media/####/spot_icon_web_7
- /data/media/####/spot_icon_web_8
- /data/media/####/spot_icon_web_door
- /data/media/####/spot_icon_web_food
- /data/media/####/spot_icon_web_gift
- /data/media/####/spot_icon_web_select_1
- /data/media/####/spot_icon_web_select_2
- /data/media/####/spot_icon_web_select_3
- /data/media/####/spot_icon_web_select_4
- /data/media/####/spot_icon_web_select_5
- /data/media/####/spot_icon_web_select_6
- /data/media/####/spot_icon_web_select_7
- /data/media/####/spot_icon_web_select_8
- /data/media/####/spot_icon_web_select_door
- /data/media/####/spot_icon_web_select_food
- /data/media/####/spot_icon_web_select_gift
- /data/media/####/spot_icon_web_select_ship
- /data/media/####/spot_icon_web_ship
- /data/media/####/spot_marker_icon_web_1
- /data/media/####/spot_marker_icon_web_1_select
- /data/media/####/spot_marker_icon_web_2
- /data/media/####/spot_marker_icon_web_2_select
- /data/media/####/spot_marker_icon_web_3
- /data/media/####/spot_marker_icon_web_3_select
- /data/media/####/spot_marker_icon_web_4
- /data/media/####/spot_marker_icon_web_4_select
- /data/media/####/spot_marker_icon_web_5
- /data/media/####/spot_marker_icon_web_5_select
- /data/media/####/spot_marker_icon_web_6
- /data/media/####/spot_marker_icon_web_6_select
- /data/media/####/spot_marker_icon_web_7
- /data/media/####/spot_marker_icon_web_7_select
- /data/media/####/spot_marker_icon_web_8
- /data/media/####/spot_marker_icon_web_8_select
- /data/media/####/spot_marker_icon_web_door
- /data/media/####/spot_marker_icon_web_door_select
- /data/media/####/spot_marker_icon_web_food
- /data/media/####/spot_marker_icon_web_food_select
- /data/media/####/spot_marker_icon_web_gift
- /data/media/####/spot_marker_icon_web_gift_select
- /data/media/####/spot_marker_icon_web_ship
- /data/media/####/spot_marker_icon_web_ship_select
- /data/media/####/spot_marker_icon_web_unknown
- /data/media/####/spot_marker_icon_web_unknown_select
- /data/media/####/spotindex.xml
- /data/media/####/spotindex_en.xml
- /data/media/####/start
- /data/media/####/start_cnyourmajesty
- /data/media/####/start_friend
- /data/media/####/start_traveler
- /data/media/####/start_yourmajesty
- /data/media/####/stats.js
- /data/media/####/style.css
- /data/media/####/style_2.css
- /data/media/####/szc4.png
- /data/media/####/t__1418929
- /data/media/####/text.png
- /data/media/####/tourindex.xml
- /data/media/####/tourindex_en.xml
- /data/media/####/transparent.png
- /data/media/####/ts.png
- /data/media/####/ttserror.mp3
- /data/media/####/txt_more_extension
- /data/media/####/undo_poly.png
- /data/media/####/usage.js
- /data/media/####/user_normal
- /data/media/####/user_normal.png
- /data/media/####/util.js
- /data/media/####/wall3
- /data/media/####/yxMobileSlider.js
- /data/media/####/zoom-in.png
- /data/media/####/zoom-in_g.png
- /data/media/####/zoom-out.png
- /data/media/####/zoom-out_g.png
- /data/media/####/zr_0_8063
- /data/media/####/zr_2_736
- /data/media/####/zr_2_737
- /data/misc/####/primary.prof
Miscellaneous:
Executes the following shell scripts:
- chmod 755 /data/user/0/<Package>/.jiagu/libjiagu.so
Loads the following dynamic libraries:
- libjiagu
- libmsc
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
- AES-CBC-PKCS7Padding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES-CBC-PKCS5Padding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Displays its own windows over windows of other apps.
Manages Wi-Fi connectivity.
Requests the system alert window permission.
