Executes next shell scripts:
- /system/bin/sh -c getprop ro.aa.romver
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.meizu.product.model
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c type su
- chmod 0644 /system/app/time.apk
- chmod 0644 /system/lib/libStarEngine.so
- chmod 0777 /system/app/key.bat
- chmod 700 <Package Folder>/tx_shell/libnfix.so
- chmod 700 <Package Folder>/tx_shell/libshella-2.10.1.so
- chmod 700 <Package Folder>/tx_shell/libufix.so
- cp <Package Folder>/app_a/key.bat /system/app/
- cp <Package Folder>/app_a/libStarEngine.so /system/lib/
- dumpsys meminfo 2099
- getprop ro.aa.romver
- getprop ro.board.platform
- getprop ro.build.fingerprint
- getprop ro.build.nubia.rom.name
- getprop ro.build.rom.id
- getprop ro.build.tyd.kbstyle_version
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.gn.gnromvernumber
- getprop ro.lenovo.series
- getprop ro.lewa.version
- getprop ro.meizu.product.model
- getprop ro.miui.ui.version.name
- getprop ro.vivo.os.build.display.id
- getprop ro.yunos.version
- id
- logcat -d -v threadtime
- logcat -t 500 -v time
- ls data
- mount -o rw,remount /system
- mv /system/app/key.bat /system/app/time.apk
- setenforce 0
- sh
- su
Loads the following dynamic libraries:
- Bugly
- libnfix
- libshella-2.10.1
- libufix
- nfix
- ufix
- zcloud
Uses the following algorithms to encrypt data:
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
Uses the following algorithms to decrypt data:
- AES
- AES-CBC-PKCS5Padding
- AES-GCM-NoPadding
Uses elevated priveleges.
Uses special library to hide executable bytecode.
Gains access to telephone information (number, imei, etc.).
Displays its own windows over windows of other applications.