Executes the following shell scripts:
- /system/bin/sh -c getprop
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.app.service.DemoPushService 24659 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- date
- df
- getprop
- id
- ip link
- ls /dev/socket
- ls /system/fonts
- mkdir -p <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/
- ps
- service call iphonesubinfo 1
- sh -c cat /proc/meminfo
- sh -c cat /sys/class/net/eth0/address
- sh -c cd /proc/;cat cpuinfo
- sh -c cd /proc/net/ && cat arp
- sh -c cd /proc/self/;cat status
- sh -c echo MEM0QTdFOTk3RkVEMTg5RUI5ODg2NUIzQTM1RUM5RTA0MDBhY2M4MGE1YWY0YjEwOWJjYjc5NmVhOTI1MWNlYQo= > <SD-Card>/../../../../../..<SD-Card>/.duid
- sh -c echo MEM0QTdFOTk3RkVEMTg5RUI5ODg2NUIzQTM1RUM5RTA0MDBhY2M4MGE1YWY0YjEwOWJjYjc5NmVhOTI1MWNlYQo= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/duid
- sh -c echo MjVENTVBRDI4M0FBNDAwQUY0NjRDNzZENzEzQzA3QUQxMjM0NTY3OA== > <SD-Card>/../../../../../..<SD-Card>/.n_a
- sh -c echo MjVENTVBRDI4M0FBNDAwQUY0NjRDNzZENzEzQzA3QUQxMjM0NTY3OA== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/n_a
- sh -c echo NEE3RDFFRDQxNDQ3NEU0MDMzQUMyOUNDQjg2NTNEOUIwMDAw > <SD-Card>/../../../../../..<SD-Card>/.n_c
- sh -c echo NEE3RDFFRDQxNDQ3NEU0MDMzQUMyOUNDQjg2NTNEOUIwMDAw > <SD-Card>/../../../../../..<SD-Card>/.n_d
- sh -c echo NEE3RDFFRDQxNDQ3NEU0MDMzQUMyOUNDQjg2NTNEOUIwMDAw > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/n_c
- sh -c echo NEE3RDFFRDQxNDQ3NEU0MDMzQUMyOUNDQjg2NTNEOUIwMDAw > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/n_d
- sh -c echo QTQ1NDE4MDAxMEUyNjdDQUVEOEE0NjgzREMwRUIwQTEyMDE5MDgwMTAwMDE= > <SD-Card>/../../../../../..<SD-Card>/..ccvid
- sh -c echo QTQ1NDE4MDAxMEUyNjdDQUVEOEE0NjgzREMwRUIwQTEyMDE5MDgwMTAwMDE= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccvid
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/._system.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/.o_a
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_system.dat
- sh -c echo QjU4NUVFQTBCMEQ3MkI1Mzg5QjM5ODQ1MzQ1NUNFMDMzQzdBQjU6ODg2Qzc4OjI3RERDMw== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/o_a
- sh -c echo QzlDODU0MTRDMkY2NkVDNjNENkEyOTIyOEI3ODI3OUJGNTVBQUY6OEZDNTVBOjAwNTgwOA== > <SD-Card>/../../../../../..<SD-Card>/._android.dat
- sh -c echo QzlDODU0MTRDMkY2NkVDNjNENkEyOTIyOEI3ODI3OUJGNTVBQUY6OEZDNTVBOjAwNTgwOA== > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/_android.dat
- sh -c echo RDBCNTk5QjlGNDU2MkI4NTU3MUE3Qzk0NzRCMzE2NjN5QWdTdXM0c3pzQ1RqbWFmOThUc0Q1YWd1M25vRzBvdDNVdlhkT1RVM2pVa3d3L1UyakdqTGZtVFdIb0hzeFNBUGJKVG1GaS80bHBJZEk3aUdXc3hob0tkdnRScm5EbmM0SEFMOEhjNnA2VWJxUG1TamY4Y2xmWHAwak1vOVlNaHpBOUVkcU9mSkcyeEFOcVlnMWlDRXVFYmFvY3dIb0JPVk9wMWFaTStydlVzYk5ja0lnbnY4VmQycVpQbWVWVzE= > <SD-Card>/../../../../../..<SD-Card>/..ccdid
- sh -c echo RDBCNTk5QjlGNDU2MkI4NTU3MUE3Qzk0NzRCMzE2NjN5QWdTdXM0c3pzQ1RqbWFmOThUc0Q1YWd1M25vRzBvdDNVdlhkT1RVM2pVa3d3L1UyakdqTGZtVFdIb0hzeFNBUGJKVG1GaS80bHBJZEk3aUdXc3hob0tkdnRScm5EbmM0SEFMOEhjNnA2VWJxUG1TamY4Y2xmWHAwak1vOVlNaHpBOUVkcU9mSkcyeEFOcVlnMWlDRXVFYmFvY3dIb0JPVk9wMWFaTStydlVzYk5ja0lnbnY4VmQycVpQbWVWVzE= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/.ccdid
- sh -c echo RTEwQURDMzk0OUJBNTlBQkJFNTZFMDU3RjIwRjg4M0UxMjM0NTY= > <SD-Card>/../../../../../..<SD-Card>/.n_b
- sh -c echo RTEwQURDMzk0OUJBNTlBQkJFNTZFMDU3RjIwRjg4M0UxMjM0NTY= > <SD-Card>/../../../../../..<SD-Card>/Android/Data/System/local/n_b
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.app.service.DemoPushService 24659 300 0
Loads the following dynamic libraries:
- 37CF018B
- BaiduMapSDK_base_v5_1_0
- Bugly
- YYDroidJni
- du
- getuiext3
- libjiagu-1458590997
- locSDK7b
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
- RSA
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
Uses the following algorithms to decrypt data:
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
- DES
- desede-CBC-NoPadding
Accesses the ITelephony private interface.
Uses special library to hide executable bytecode.
Gets information about location.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Gets information about running apps.
Adds tasks to the system scheduler.
Displays its own windows over windows of other apps.