Technical information
- Android.Backdoor.336.origin
- Android.Backdoor.478.origin
- UDP(DNS) <Google DNS>
- TCP(GCM) <Google Host>
- TCP(HTTP/1.1) eed.ta####.com:80
- TCP(HTTP/1.1) sys.aedx####.com:80
- TCP(HTTP/1.1) mo####.jet####.com:80
- TCP(HTTP/1.1) ade.clmb####.co####.####.net:80
- TCP(HTTP/1.1) api.timespo####.com.####.net:80
- TCP(HTTP/1.1) r####.cr####.com:80
- TCP(HTTP/1.1) im####.google####.com:80
- TCP(HTTP/1.1) re####.s####.c####.####.cn:80
- TCP(HTTP/1.1) d####.smyk####.com:80
- TCP(HTTP/1.1) api.gad####.com:80
- TCP(HTTP/1.1) timesof####.indiat####.com.####.net:80
- TCP(HTTP/1.1) b.scoreca####.com.####.net:80
- TCP(HTTP/1.1) www.googlet####.com:80
- TCP(HTTP/1.1) toib####.timesof####.indiat####.####.net:80
- TCP(HTTP/1.1) vc.jet####.com:80
- TCP(HTTP/1.1) m.aedx####.com:80
- TCP(HTTP/1.1) user####.indiat####.com:80
- TCP(HTTP/1.1) app.jet####.com:80
- TCP(HTTP/1.1) a####.google####.com:80
- TCP(HTTP/1.1) a####.u####.com:80
- TCP(HTTP/1.1) i####.timespo####.i####.####.net:80
- TCP(HTTP/1.1) f####.jet####.com:80
- TCP(HTTP/1.1) datace####.jet####.com:80
- TCP(HTTP/1.1) www.google-####.com:80
- TCP(HTTP/1.1) m.timesof####.com.####.net:80
- TCP(HTTP/1.1) www.b####.com:80
- TCP(HTTP/1.1) gs.a.s####.com:80
- TCP(HTTP/1.1) st####.chart####.com:80
- TCP(TLS/1.0) digice####.rubicon####.com.####.net:443
- TCP(TLS/1.0) s0.2####.net:443
- TCP(TLS/1.0) ge####.indiat####.com.####.net:443
- TCP(TLS/1.0) tap-se####.rubicon####.com:443
- TCP(TLS/1.0) pu####.g.doublec####.net:443
- TCP(TLS/1.0) m.timesof####.com.####.net:443
- TCP(TLS/1.0) a.rf####.com:443
- TCP(TLS/1.0) m####.ad####.org:443
- TCP(TLS/1.0) s####.1rx.io:443
- TCP(TLS/1.0) i####.timespo####.i####.####.net:443
- TCP(TLS/1.0) pug22####.pubm####.com:443
- TCP(TLS/1.0) spug22####.pubm####.com:443
- TCP(TLS/1.0) pugm22####.pubm####.com:443
- TCP(TLS/1.0) t####.adfor####.ak####.net:443
- TCP(TLS/1.0) ade.clmb####.co####.####.net:443
- TCP(TLS/1.0) securep####.g.doublec####.net:443
- TCP(TLS/1.0) pubm####.edg####.net:443
- TCP(TLS/1.0) cm.g.doublec####.net:443
- TCP(TLS/1.0) api.timespo####.com.####.net:443
- TCP(TLS/1.0) st####.clmb####.co####.####.net:443
- TCP(TLS/1.0) j####.indiat####.com:443
- TCP(TLS/1.0) app.ad####.com:443
- TCP(TLS/1.0) ge####.b####.com:443
- a####.google####.com
- a####.u####.com
- ade.clmb####.com
- ads.pubm####.com
- api.gad####.com
- api.timespo####.com
- app.ad####.com
- app.jet####.com
- b.scoreca####.com
- c1.ad####.net
- cm.g.doublec####.net
- d####.smyk####.com
- datace####.jet####.com
- eed.ta####.com
- f####.jet####.com
- ge####.b####.com
- ge####.indiat####.com
- i####.timespo####.i####.in
- im####.google####.com
- im####.pubm####.com
- im####.pubm####.com
- j####.indiat####.com
- m####.ad####.org
- m.aedx####.com
- m.timesof####.com
- mo####.jet####.com
- p.rf####.com
- pu####.g.doublec####.net
- r####.cr####.com
- s####.1rx.io
- s0.2####.net
- secure-####.rubicon####.com
- securep####.g.doublec####.net
- sim####.pubm####.com
- sim####.pubm####.com
- st####.chart####.com
- st####.clmb####.com
- sys.aedx####.com
- tap-se####.rubicon####.com
- timesof####.indiat####.com
- toib####.timesof####.indiat####.com
- user####.indiat####.com
- vc.jet####.com
- www.b####.com
- www.google-####.com
- www.googlet####.com
- www.s####.com
- www.s####.com.cn
- api.timespo####.com.####.net/cde/data/v4.htm?id=####&_v=####&auds=####&_...
- api.timespo####.com.####.net/common/config/nocache/wversion
- datace####.jet####.com/portal/JARRoot/20161009/1475978164997.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978198106.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978227403.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978264840.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978342448.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978372651.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978450604.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978484478.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978510681.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978532790.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978623446.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978686476.jar
- datace####.jet####.com/portal/JARRoot/20161009/1475978714366.jar
- datace####.jet####.com/portal/JARRoot/20161020/1476957785761.jar
- datace####.jet####.com/portal/JARRoot/20161021/1477032541677.jar
- i####.timespo####.i####.####.net/tpwidgets/static/dist/js/main.js
- i####.timespo####.i####.####.net/tpwidgets/static/dist/js/tpwidget.js?v=...
- im####.google####.com/js/core/bridge3.179.0_en.html
- im####.google####.com/js/sdkloader/ima3.js
- m.timesof####.com.####.net/
- m.timesof####.com.####.net/ads.cms?msid=####&feedtype=####
- m.timesof####.com.####.net/ads_js_new2.cms?v=####&minify=####&msid=####&...
- m.timesof####.com.####.net/cityweather_js_v2.cms?v=####
- m.timesof####.com.####.net/combine_css.cms?v=####&template=####&headerco...
- m.timesof####.com.####.net/defaultinterstitial_js/minify-1.cms
- m.timesof####.com.####.net/extlangnews.cms?reqtype=####&_=####
- m.timesof####.com.####.net/fonts/Caslon224ITCbyBT-Bold.svg
- m.timesof####.com.####.net/fonts/Caslon224ITCbyBT-Bold.ttf
- m.timesof####.com.####.net/fonts/proxima_nova_extrabold_1.ttf
- m.timesof####.com.####.net/fonts/proxima_nova_light_1.ttf
- m.timesof####.com.####.net/fonts/proxima_nova_regular_1.ttf
- m.timesof####.com.####.net/fonts/proximanova-semibold.ttf
- m.timesof####.com.####.net/merg_js.cms?minify=####&donotshowurl=####&tem...
- m.timesof####.com.####.net/personalisation_newhp.cms
- m.timesof####.com.####.net/toivp_css/v-23.cms
- m.timesof####.com.####.net/videos/mobilelivetvloc.cms?callback=####
- r####.cr####.com/delivery/rta/rta.js?netId=####&cookieName=####&rnd=####...
- user####.indiat####.com/userreco/v2/reco?domain=####&mediaType=####&call...
- www.b####.com/
- www.google-####.com/analytics.js
- api.gad####.com/oversea_adjust_and_download_write_redis/notify/download/...
- datace####.jet####.com/AddApkDownloadAndroid.aspx
- datace####.jet####.com/AddUserResponse.aspx
- datace####.jet####.com/BatchNumOper.aspx
- datace####.jet####.com/SDKV4-0/GetClientBoutiqueApps.aspx
- datace####.jet####.com/SDKV4-3/GetAdSNotifiBar.aspx
- datace####.jet####.com/SDKV4-3/GetAppReplace.aspx
- datace####.jet####.com/SDKV4-4/GetScenarizedAD.aspx
- datace####.jet####.com/SDKV4-5/GetAdsConfig.aspx
- datace####.jet####.com/SDKV4-5/GetHostSeparate.aspx
- datace####.jet####.com/Sdk4_4/Dispatch.aspx
- m.aedx####.com/errorview/api/601
- sys.aedx####.com/ggview/rsddateindex
- <Package Folder>/cache/####/data_0
- <Package Folder>/cache/####/data_1
- <Package Folder>/cache/####/data_2
- <Package Folder>/cache/####/data_3
- <Package Folder>/cache/####/f_000001
- <Package Folder>/cache/####/f_000002
- <Package Folder>/cache/####/f_000003
- <Package Folder>/cache/####/f_000004
- <Package Folder>/cache/####/f_000005
- <Package Folder>/cache/####/f_000006
- <Package Folder>/cache/####/f_000007
- <Package Folder>/cache/####/f_000008
- <Package Folder>/cache/####/f_000009
- <Package Folder>/cache/####/f_00000a
- <Package Folder>/cache/####/f_00000b
- <Package Folder>/cache/####/index
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/webviewCookiesChromium.db-journal (deleted)
- <Package Folder>/files/####/.catr.apk
- <Package Folder>/files/####/.center.tapk
- <Package Folder>/files/####/.client
- <Package Folder>/files/####/.dg
- <Package Folder>/files/####/.dico.apk
- <Package Folder>/files/####/.dlme.apk
- <Package Folder>/files/####/.dlsb.apk
- <Package Folder>/files/####/.dsmt.apk
- <Package Folder>/files/####/.ir
- <Package Folder>/files/####/.p.apk
- <Package Folder>/files/####/.service
- <Package Folder>/files/####/.ukd
- <Package Folder>/files/####/.uks
- <Package Folder>/files/####/.uok
- <Package Folder>/files/####/5f79d63143102423ac148986c2ae37a0.data.temp
- <Package Folder>/files/####/DaemonConfig
- <Package Folder>/files/####/RunConfig
- <Package Folder>/files/####/ShellConfig
- <Package Folder>/files/####/a.xml
- <Package Folder>/files/####/acquisition_3_4_6_1.jar
- <Package Folder>/files/####/appcollect_21_4_9_1.jar
- <Package Folder>/files/####/appinstallrecommend_16_4_9_1.jar
- <Package Folder>/files/####/apprecommend_8_4_9_1.jar
- <Package Folder>/files/####/b.png
- <Package Folder>/files/####/bombboxrecommend_17_4_9_1.jar
- <Package Folder>/files/####/browserPageRecommend_18_4_9_1.jar
- <Package Folder>/files/####/busybox
- <Package Folder>/files/####/checkFile0
- <Package Folder>/files/####/checkFile13
- <Package Folder>/files/####/dspbombbox_26_4_9_3.jar
- <Package Folder>/files/####/floatingiconbrowser_27_4_9_4.jar
- <Package Folder>/files/####/floatingrecommend_24_4_9_1.jar
- <Package Folder>/files/####/framework.jar
- <Package Folder>/files/####/framework_loader.jar
- <Package Folder>/files/####/framework_mini.jar
- <Package Folder>/files/####/gamecollect_9_4_9_1.jar
- <Package Folder>/files/####/hostseparation_25_4_9_1.jar
- <Package Folder>/files/####/libandroidext.so
- <Package Folder>/files/####/libdlm2016092701.so
- <Package Folder>/files/####/libjavamini.so
- <Package Folder>/files/####/libjavazipext.so
- <Package Folder>/files/####/libsdkext.so
- <Package Folder>/files/####/maincontrol.jar
- <Package Folder>/files/####/maincontrolloader.jar
- <Package Folder>/files/####/mkdevsh
- <Package Folder>/files/####/myshell
- <Package Folder>/files/####/notificationrecommend_22_4_9_1.jar
- <Package Folder>/files/####/postroot.sh
- <Package Folder>/files/####/r1
- <Package Folder>/files/####/r2
- <Package Folder>/files/####/r3
- <Package Folder>/files/####/r4
- <Package Folder>/files/####/recommendreplace_20_4_9_1.jar
- <Package Folder>/files/####/rsh
- <Package Folder>/files/####/rt8
- <Package Folder>/files/####/scenarizedrecommend_23_4_6_1.jar
- <Package Folder>/files/####/sdk_commonutils_v4.jar
- <Package Folder>/files/####/sdk_v4_android.jar
- <Package Folder>/files/####/sdk_v4_sdk.jar
- <Package Folder>/files/####/shortcut_5_4_6_1.jar
- <Package Folder>/files/####/supolicy
- <Package Folder>/files/####/sys_config.ziptemp
- <Package Folder>/files/####/sys_jar.ziptemp
- <Package Folder>/files/####/zebraDaemon
- <Package Folder>/files/5f79d63143102423ac148986c2ae37a0.data
- <Package Folder>/files/AdjustIoActivityState
- <Package Folder>/files/AdjustIoPackageQueue
- <Package Folder>/files/Loadertemp.jar
- <Package Folder>/files/ShellLoadertemp.jar
- <Package Folder>/files/shell_Daemon
- <Package Folder>/pthe/name.apk
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/shared_prefs/Acquisition_delay_module.xml
- <Package Folder>/shared_prefs/AppCollect_delay_module.xml
- <Package Folder>/shared_prefs/AppInstallRecommend_delay_module.xml
- <Package Folder>/shared_prefs/AppRecommend_delay_module.xml
- <Package Folder>/shared_prefs/BombBoxRecommend_delay_module.xml
- <Package Folder>/shared_prefs/BrowserPageRecommend_delay_module.xml
- <Package Folder>/shared_prefs/DspBobmBox_delay_module.xml
- <Package Folder>/shared_prefs/FloatingIconBrowser_delay_module.xml
- <Package Folder>/shared_prefs/FloatingRecommend_delay_module.xml
- <Package Folder>/shared_prefs/GameCollect_delay_module.xml
- <Package Folder>/shared_prefs/NotificationRec_delay_module.xml
- <Package Folder>/shared_prefs/Phoenix_delay_module.xml
- <Package Folder>/shared_prefs/RecommendReplace_delay_module.xml
- <Package Folder>/shared_prefs/SRRec.xml
- <Package Folder>/shared_prefs/SRRec_delay_module.xml
- <Package Folder>/shared_prefs/ShortCut.xml
- <Package Folder>/shared_prefs/ShortCut_delay_module.xml
- <Package Folder>/shared_prefs/ShortCut_delay_module.xml.bak
- <Package Folder>/shared_prefs/System_Shell.xml
- <Package Folder>/shared_prefs/System_delay_module.xml
- <Package Folder>/shared_prefs/jniData.xml
- <Package Folder>/shared_prefs/mobclick_agent_header_<Package>.xml
- <Package Folder>/shared_prefs/mobclick_agent_state_<Package>.xml
- <Package Folder>/shared_prefs/phonetfc.xml
- <SD-Card>/.windy/508e8558f784e3a21d3368e4763e2693.tmp
- <SD-Card>/Android/####/.tw3.jpg
- <SD-Card>/Android/####/2bb9b2a5f58c7f8fb7fa95046f9fe029552b8a68
- <SD-Card>/Android/####/<Package>.txt
- <SD-Card>/Android/####/App.db-journal
- <SD-Card>/Android/####/AppDownUpload.sys
- <SD-Card>/Android/####/Channeldata.db
- <SD-Card>/Android/####/Channeldata.db-journal
- <SD-Card>/Android/####/DSPAds.db-journal
- <SD-Card>/Android/####/DownloadApk
- <SD-Card>/Android/####/Install.db-journal
- <SD-Card>/Android/####/InstallScan.db-journal
- <SD-Card>/Android/####/Log.db-journal
- <SD-Card>/Android/####/NotificationRec.db-journal
- <SD-Card>/Android/####/Oper.db-journal
- <SD-Card>/Android/####/Operator
- <SD-Card>/Android/####/Phoenix.db-journal
- <SD-Card>/Android/####/RunConfig
- <SD-Card>/Android/####/ScenarizedRec.db-journal
- <SD-Card>/Android/####/Task.db
- <SD-Card>/Android/####/Task.db-journal
- <SD-Card>/Android/####/UserOperationUploader.sys
- <SD-Card>/Android/####/_ANDROID_SYS_.mJar.zip
- <SD-Card>/Android/####/acquisition_3_4_6_1.jar
- <SD-Card>/Android/####/ad.txt
- <SD-Card>/Android/####/appcollect_21_4_9_1.jar
- <SD-Card>/Android/####/appinstallrecommend.db-journal
- <SD-Card>/Android/####/appinstallrecommend_16_4_9_1.jar
- <SD-Card>/Android/####/apprecommend_8_4_9_1.jar
- <SD-Card>/Android/####/bombboxrecommend_17_4_9_1.jar
- <SD-Card>/Android/####/browserPageRecommend_18_4_9_1.jar
- <SD-Card>/Android/####/caches.db-journal
- <SD-Card>/Android/####/data.db-journal
- <SD-Card>/Android/####/db_zebra.db-journal
- <SD-Card>/Android/####/dspbombbox_26_4_9_3.jar
- <SD-Card>/Android/####/floatingiconbrowser_27_4_9_4.jar
- <SD-Card>/Android/####/floatingrecommend_24_4_9_1.jar
- <SD-Card>/Android/####/gamecollect_9_4_9_1.jar
- <SD-Card>/Android/####/hostseparation_25_4_9_1.jar
- <SD-Card>/Android/####/lock.temp
- <SD-Card>/Android/####/log.txt
- <SD-Card>/Android/####/netlock.temp
- <SD-Card>/Android/####/notificationrecommend_22_4_9_1.jar
- <SD-Card>/Android/####/ra.loc
- <SD-Card>/Android/####/recommendreplace_20_4_9_1.jar
- <SD-Card>/Android/####/scenarizedrecommend_23_4_6_1.jar
- <SD-Card>/Android/####/shortcut_5_4_6_1.jar
- <SD-Card>/Android/####/stamp.txt
- <SD-Card>/Android/####/sys_DownFile
- <SD-Card>/Android/####/sys_Operator
- <SD-Card>/Android/####/tag.db-journal
- <SD-Card>/Android/####/taskpooldata.db
- <SD-Card>/Android/####/taskpooldata.db-journal
- <SD-Card>/Android/####/uid_status.tt
- <SD-Card>/Android/####/unSysPkgInf.temp
- <SD-Card>/Android/####/update_DownloadApk
- <SD-Card>/Android/####/update_Operator
- <SD-Card>/Android/####/uploadlock.temp
- <SD-Card>/config.json
- <SD-Card>/sys/####/small_icon.jgp
- <SD-Card>/time.cfg
- /system/bin/sh ./mkdevsh
- <Package Folder>/files/.snow/exp <Package Folder>/files/.snow <Package Folder>/files/.work
- app_process /system/bin com.android.commands.pm.Pm disable com.android.tools.receiver
- app_process /system/bin com.android.commands.pm.Pm disable com.android.upon.hash
- app_process /system/bin com.android.commands.pm.Pm disable com.master.main.yaogirl.longe.wei
- app_process /system/bin com.android.commands.pm.Pm disable com.qiu.qing.bing.shuo.tu
- app_process /system/bin com.android.commands.pm.Pm disable com.setting.dysdtool
- app_process /system/bin com.android.commands.pm.Pm disable com.slave.wuw.yiyi.ranran.fang
- app_process /system/bin com.android.commands.pm.Pm enable com.android.tools.receiver
- app_process /system/bin com.android.commands.pm.Pm enable com.android.upon.hash
- app_process /system/bin com.android.commands.pm.Pm enable com.master.main.yaogirl.longe.wei
- app_process /system/bin com.android.commands.pm.Pm enable com.qiu.qing.bing.shuo.tu
- app_process /system/bin com.android.commands.pm.Pm enable com.setting.dysdtool
- app_process /system/bin com.android.commands.pm.Pm enable com.slave.wuw.yiyi.ranran.fang
- chcon u:object_r:system_file:s0 /system/bin/.author
- chcon u:object_r:system_file:s0 /system/xbin/.ci.pm
- chcon u:object_r:system_file:s0 /system/xbin/.cp
- chcon u:object_r:system_file:s0 /system/xbin/supolicy
- chmod 777 <Package Folder>/files/.snow/.catr.apk
- chmod 777 <Package Folder>/files/.snow/.client
- chmod 777 <Package Folder>/files/.snow/.dg
- chmod 777 <Package Folder>/files/.snow/.service
- chmod 777 <Package Folder>/files/.snow/.ukd
- chmod 777 <Package Folder>/files/.snow/.uks
- chmod 777 <Package Folder>/files/.snow/.uok
- chmod 777 <Package Folder>/files/.snow/.zip/
- chmod 777 <Package Folder>/files/.snow/.zip/mkdevsh
- chmod 777 <Package Folder>/files/.snow/.zip/r1
- chmod 777 <Package Folder>/files/.snow/.zip/r2
- chmod 777 <Package Folder>/files/.snow/.zip/r3
- chmod 777 <Package Folder>/files/.snow/.zip/r4
- chmod 777 <Package Folder>/files/.snow/.zip/rsh
- chmod 777 <Package Folder>/files/.snow/.zip/rt8
- chmod 777 <Package Folder>/files/.snow/a.xml
- chmod 777 <Package Folder>/files/.snow/b.png
- chmod 777 <Package Folder>/files/.snow/busybox
- chmod 777 <Package Folder>/files/.snow/myshell
- chmod 777 <Package Folder>/files/.snow/supolicy
- chmod 777 <Package Folder>/files/.work/postroot.sh
- chmod 777 <Package Folder>/files/shell_Daemon
- chown 0.0 /data/local/tmp/busybox
- chown 0.0 /system/app/Dingps.apk
- chown 0.0 /system/app/Linkcai.apk
- chown 0.0 /system/app/MainMaster.apk
- chown 0.0 /system/app/WelSlave.apk
- chown 0.0 /system/bin/.author
- chown 0.0 /system/xbin/.ci.pm
- chown 0.0 /system/xbin/.cp
- chown 0.0 /system/xbin/.rainin
- chown 0.0 /system/xbin/supolicy
- chown 0:0 /data/local/tmp/.catr.apk
- chown 0:0 /data/local/tmp/busybox
- chown 0:0 /system/app/Dingps.apk
- chown 0:0 /system/app/Linkcai.apk
- chown 0:0 /system/app/MainMaster.apk
- chown 0:0 /system/app/WelSlave.apk
- chown 0:0 /system/app/oneshs.apk
- chown 0:0 /system/bin/.author
- chown 0:0 /system/bin/debuggerd
- chown 0:0 /system/lib/libsoon.so
- chown 0:0 /system/xbin/.ci.pm
- chown 0:0 /system/xbin/.cp
- chown 0:0 /system/xbin/.rainin
- chown 0:0 /system/xbin/supolicy
- df /system
- mount -o remount ro /system
- mount -o remount rw /system
- mount -o remount,ro /system
- mount -o remount,rw /system
- mount -ro remount ro /system
- mount -ro remount,ro /system
- mount -wo remount rw /system
- mount -wo remount,rw /system
- sh
- javamini
- AES-CBC-NoPadding
- AES-CBC-NoPadding