Technical information
- Android.Backdoor.613.origin
- Android.SmsSend.1848.origin
- Android.Triada.243
- Android.Triada.247.origin
- Android.Triada.248.origin
- UDP(DNS) 8####.8.4.4:53
- TCP(HTTP/1.1) pay.9####.com:9000
- TCP(TLS/1.0) rr1---s####.g####.com:443
- TCP(TLS/1.0) p####.google####.com:443
- TCP(TLS/1.0) and####.a####.go####.com:443
- TCP(TLS/1.0) connect####.gst####.com:443
- TCP(TLS/1.0) rr5---s####.g####.com:443
- TCP(TLS/1.0) www.google####.com:443
- TCP(TLS/1.0) rr4---s####.g####.com:443
- TCP(TLS/1.2) www.google####.com:443
- TCP(TLS/1.2) connect####.gst####.com:443
- TCP(TLS/1.2) 1####.251.36.46:443
- UDP rr5---s####.g####.com:443
- UDP www.google####.com:443
- UDP rr1---s####.g####.com:443
- UDP p####.google####.com:443
- UDP rr3---s####.g####.com:443
- a.cs####.top
- a.cs####.top.####.8
- aa.vas####.cn
- aa.vas####.cn.####.8
- and####.a####.go####.com
- and####.google####.com
- b.cs####.top
- b.cs####.top.####.8
- bg.vas####.cn
- bg.vas####.cn.####.8
- connect####.gst####.com
- p####.9####.com
- p####.9####.com.####.8
- p####.google####.com
- p1.i####.cc
- pay.9####.com
- rr1---s####.g####.com
- rr3---s####.g####.com
- rr4---s####.g####.com
- rr5---s####.g####.com
- sdkup####.9####.com
- sdkup####.9####.com.####.8
- www.google####.com
- pay.9####.com:9000/versionpatch?updVersion=####&crc32=####&imsi=####&ver...
- /data/data/####/.appInfo
- /data/data/####/24RfOfoVefl2jKxu
- /data/data/####/2pPMh30mz_1nvEBFYEMRcVpN4sP85BR4
- /data/data/####/2pPMh30mz_1nvEBFYEMRcVpN4sP85BR4.new
- /data/data/####/2vgi07v99G2ujNApbA3aSA==.new
- /data/data/####/7qpnXdjGDxNADNcpZepxLrRLbDTtDB6r
- /data/data/####/7qpnXdjGDxNADNcpZepxLrRLbDTtDB6r.new
- /data/data/####/7v4q9vnz0advapCSxO3f6kGdrmteUxas
- /data/data/####/7v4q9vnz0advapCSxO3f6kGdrmteUxas.new
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_CgVRl7uQQjGQWz...IexYs=
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_CgVRl7uQQjGQWz...ournal
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_rt64V8DKTGE=-journal
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_unWrRdTBbF_ygf...ournal
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_unWrRdTBbF_ygfvOVBs8ng==
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_vwjOhukP1v4THs...ournal
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_vwjOhukP1v4THs0wjgKY9Q==
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_z0PAnkEgqzSOHeFR
- /data/data/####/8wWrjiKVHx5oDULBb-8Zgrlv-MFTFtJi_z0PAnkEgqzSOHeFR-journal
- /data/data/####/A1WZMUxuzqJuWB2aBuzntgnzidtUjNF-.new
- /data/data/####/A55OL1FsxU2u3p-qW-RXG9QFo8s=.new
- /data/data/####/CG_XHmdCh4vRKQQ5M41TmbbwjDiSE934
- /data/data/####/CG_XHmdCh4vRKQQ5M41TmbbwjDiSE934.new
- /data/data/####/DB-journal
- /data/data/####/ErpKAZ8-6_KMkltjvEdpVIRYQL9S7sZ0KJyhAg==.new
- /data/data/####/GJ6H4TazWIh-BYPCTv5uQgJYyfLrynVm2uz70h9ox1Y=.new
- /data/data/####/H3eAaHiy_QHgLpnqK5F2-FrOo_ogWuD1DHVa4A==.new
- /data/data/####/LANG_SDK_PREF.xml
- /data/data/####/LWeZ3xdicDAsojJURr5Lhk-GonAVRvvUcT5f8zkQEFM=
- /data/data/####/MaiStore.db-journal
- /data/data/####/P8sssWSziUuB2MO9hw5_w53EJHcqOTQ9
- /data/data/####/P8sssWSziUuB2MO9hw5_w53EJHcqOTQ9.new
- /data/data/####/Qv_NLgInaJ0qkd_ubo866w==
- /data/data/####/SadQC1d3OaTN9tWLNcxH6J_BA6s=.new
- /data/data/####/Spf.xml
- /data/data/####/Tel9gFYGgjP1BaJNOMTLC4uGdeE=.new
- /data/data/####/TxLDPrvPim701bSODffF7iK7n8JkXqXT.new
- /data/data/####/Upgp3KaCndzOSCtDiGl4N3ClH2Ty01nNzadlYQ==.new
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/bJ00DasA9xWBZHuFKiLvJ-WmuJjNhRCoyF51U5gjumw=
- /data/data/####/bJ00DasA9xWBZHuFKiLvJ-WmuJjNhRCoyF51U5gjumw=.new
- /data/data/####/b_setting.xml
- /data/data/####/b_share.xml
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/com.tssdzz.game_preferences.xml
- /data/data/####/g6mcaXOP37Xz9MIoQ66iYEe7ciecj8BAkXPrh5mbnl0=
- /data/data/####/g6mcaXOP37Xz9MIoQ66iYEe7ciecj8BAkXPrh5mbnl0=.new
- /data/data/####/jmsdk.dat.xml
- /data/data/####/jmsdk.dat.xml.bak
- /data/data/####/lang_encrypt_dex.dex
- /data/data/####/lang_encrypt_dex.dex.flock (deleted)
- /data/data/####/libtpgjni_9.3.23_0.so
- /data/data/####/libyunsvc
- /data/data/####/libyunsvc.lck
- /data/data/####/ma_call.xml
- /data/data/####/ma_data.xml
- /data/data/####/ma_epay_share.xml
- /data/data/####/ma_epay_share.xml.bak
- /data/data/####/metrics_guid
- /data/data/####/nbMpXB6j7SlzzRc4.dex
- /data/data/####/nbMpXB6j7SlzzRc4.dex.flock (deleted)
- /data/data/####/nbMpXB6j7SlzzRc4.zip
- /data/data/####/nexor.dex
- /data/data/####/nexor.dex.flock (deleted)
- /data/data/####/nexor.jar
- /data/data/####/nnt_data.xml
- /data/data/####/o78UOgwS4lM3Z5l9jlz9-iF78zQ=
- /data/data/####/onib_clz.dex
- /data/data/####/onib_clz.dex.flock (deleted)
- /data/data/####/onib_clz.jar
- /data/data/####/plugin.apk
- /data/data/####/plugin.dex
- /data/data/####/plugin.dex.flock (deleted)
- /data/data/####/prim.dex
- /data/data/####/prim.dex.flock (deleted)
- /data/data/####/prim.jar
- /data/data/####/proc_auxv
- /data/data/####/rdata_comrjkaoike.new
- /data/data/####/rhwghKCwElxkYbQaioFYAQ==.new
- /data/data/####/rp9sWWRT-TkyYWKHekts2-WXP84=.new
- /data/data/####/rtaA8Ge5YeMLwFndLxla7g==.new
- /data/data/####/runner_info.prop.new
- /data/data/####/share_data.xml
- /data/data/####/share_data.xml.bak
- /data/data/####/share_ecd.xml
- /data/data/####/share_version.xml
- /data/data/####/shareyuanlangfirst.xml
- /data/data/####/t8oPYhZXPm_xp5ZxUHz2hQI3T0lNK0Qk
- /data/data/####/t8oPYhZXPm_xp5ZxUHz2hQI3T0lNK0Qk.new
- /data/data/####/tuiiua_f.dex
- /data/data/####/tuiiua_f.dex.flock (deleted)
- /data/data/####/tuiiua_f.zip
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/data/####/v14p1MFkXQXeztlCLQI3gg==
- /data/data/####/yunchao_sp.xml
- /data/media/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M
- /data/media/####/I7HE1pd26tdvkjhloLWlx5UBeDOAmh6M.lk
- /data/media/####/plugin.apk_35
- /data/misc/####/primary.prof
- /system/lib/arm/houdini /data/user/0/<Package>/files/libyunsvc /data/user/0/<Package>/files/libyunsvc <Package> <Package>:svc <Package>/com.yuanlang.pay.TheService
- app_process /system/bin com.android.commands.am.Am startservice <Package>/com.yuanlang.pay.TheService
- chmod 755 /data/user/0/<Package>/files/libyunsvc
- sh
- libcdidYsx
- libcocos2dcpp
- libdizhi
- libtpgjni_9.3.23_0
- libtpgjni_9.3.23_1
- AES-CBC-PKCS5Padding
- DES
- AES
- AES-CBC-PKCS5Padding
- DES
- DES-CBC-PKCS5Padding