Technical information
- Adware.Gexin.2.origin
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(HTTP/1.1) and####.b####.qq.com:80
- TCP(HTTP/1.1) te####.39.net:80
- TCP(HTTP/1.1) y####.39.net:80
- TCP(HTTP/1.1) www.go####.com:80
- TCP(HTTP/1.1) sdk.o####.p####.####.com:80
- TCP(HTTP/1.1) sni.c####.q####.####.net:80
- TCP(HTTP/1.1) i####.39.net:80
- TCP(TLS/1.0) sh.wagbr####.alibaba####.com:443
- TCP(TLS/1.0) inter####.39.net:443
- TCP(TLS/1.0) i####.39.net:443
- TCP(TLS/1.0) pim####.b0.a####.com:443
- TCP c####.g####.ig####.com:5224
- TCP sdk.o####.t####.####.com:5224
- 7j####.c####.z0.####.com
- and####.b####.qq.com
- at.u####.com
- c####.g####.ig####.com
- c-h####.g####.com
- hm.b####.com
- i####.39.net
- i####.39.net
- inter####.39.net
- p####.39.net
- sdk.c####.ig####.com
- sdk.o####.p####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.com
- sdk.o####.t####.####.net
- te####.39.net
- www.go####.com
- www.google-####.com
- y####.39.net
- i####.39.net/tools/bdtj_yyk.js
- sni.c####.q####.####.net/config/hz-hzv3.conf
- sni.c####.q####.####.net/tdata_Soq141
- sni.c####.q####.####.net/tdata_vxj811
- te####.39.net/UploadImages/ListImg/1230717525.jpg
- te####.39.net/UploadImages/ListImg/1836633481.jpg
- te####.39.net/UploadImages/ListImg/1967361073.jpg
- te####.39.net/UploadImages/ListImg/701890936.jpg
- www.go####.com/complete/search?hl=####&client=####&q####
- www.go####.com/complete/search?hl=####&client=####&q=####
- y####.39.net/page/app/download.jsp
- and####.b####.qq.com/rqd/async?aid=####
- c-h####.g####.com/api.php?format=####&t=####
- sdk.o####.p####.####.com/api.php?format=####&t=####
- /data/data/####/.jg.ic
- /data/data/####/1004
- /data/data/####/2238469904700.0
- /data/data/####/3538457323391.0
- /data/data/####/63ec081dc8108b5bc42e4c681dfe70924a2c96450e6c4e3....0.tmp
- /data/data/####/9f0c0d662f05b8e786374a013362fa722dfe14202999f0a....0.tmp
- /data/data/####/bugly_db_-journal
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/crashrecord.xml
- /data/data/####/daoyiAppData.xml
- /data/data/####/daoyi_db-journal
- /data/data/####/fc5b7af66c11310de83cf9ad6b8ea860
- /data/data/####/fe7ca4b909747db659c4ea74e5867d33
- /data/data/####/gdaemon_20161017
- /data/data/####/getui_sp.xml
- /data/data/####/gx_sp.xml
- /data/data/####/hmdb
- /data/data/####/hmdb-journal
- /data/data/####/init.pid
- /data/data/####/init_c1.pid
- /data/data/####/journal
- /data/data/####/journal.tmp
- /data/data/####/libjiagu.so
- /data/data/####/local_crash_lock
- /data/data/####/logdb.db
- /data/data/####/logdb.db-journal
- /data/data/####/mobclick_agent_cached_com.qisheng.daoyi.activity38
- /data/data/####/multidex.version.xml
- /data/data/####/native_record_lock
- /data/data/####/push.pid
- /data/data/####/pushext.db-journal
- /data/data/####/pushg.db-journal
- /data/data/####/pushsdk.db-journal
- /data/data/####/run.pid
- /data/data/####/security_info
- /data/data/####/tdata_Soq141
- /data/data/####/tdata_Soq141.jar
- /data/data/####/tdata_vxj811
- /data/data/####/tdata_vxj811.jar
- /data/data/####/umeng_general_config.xml
- /data/media/####/.nomedia
- /data/media/####/10e290145aac2aa13aba8ad6b84fec57.0
- /data/media/####/163e2618142734e94ecda4eac503a209.0.tmp (deleted)
- /data/media/####/1d301a8e1b5487e2f05573fc1c857cff.0
- /data/media/####/3cb66f26527a5bee02b3c8ba0419d3f3.0
- /data/media/####/51d26ba34290682c96b2268cc2c3638b.0
- /data/media/####/5292fc7f39ef76f058b7aeb474afbfef.0
- /data/media/####/58bc608cf6843386143ecca892cfef41.0
- /data/media/####/5925d46dead46ce35ce9ecda82f78cf7.0
- /data/media/####/698f32d9522765e1951fb34b5712dfb3.0
- /data/media/####/6f9e0236f708b1f1784004afc5884566.0
- /data/media/####/7097cf58d8d8893021ec92e3fba6a078.0
- /data/media/####/7fb001d8a36f97233ab37bd3fc7a89a2.0
- /data/media/####/83f73d4ac7da58db6fa66b905df8b8ff.0.tmp (deleted)
- /data/media/####/8e1cffa631d9af727c3eaa0458b37839.0.tmp (deleted)
- /data/media/####/921374b7a035f89768b855b1c3a961d1.0
- /data/media/####/99619291b8889b7a438abe982c883976.0
- /data/media/####/a8dc49a2cb43671b8aa158586007bdf1.0
- /data/media/####/app.db
- /data/media/####/baf1c8239aa78293fef8d8e0247e748c.0
- /data/media/####/be1c24858664bbfd3dd2a87439b949a9.0.tmp (deleted)
- /data/media/####/c4c6971c49c38c483b0aff39fd56cf80.0
- /data/media/####/ce1bac3bbbf6f12bdab31c6eb8bd5bb5.0.tmp (deleted)
- /data/media/####/com.getui.sdk.deviceId.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/com.qisheng.daoyi.activity.bin
- /data/media/####/com.qisheng.daoyi.activity.db
- /data/media/####/d3bd277ac18a3824a69987c44584235e.0
- /data/media/####/d65c3bb905a717141b8216a53427a7c5.0
- /data/media/####/d65c3bb905a717141b8216a53427a7c5.0.tmp (deleted)
- /data/media/####/df4097476d0fba327b27a861f26171e7.0.tmp (deleted)
- /data/media/####/dfd44edcbe46fd51b905298c9cda3fbb.0
- /data/media/####/dfd44edcbe46fd51b905298c9cda3fbb.0.tmp (deleted)
- /data/media/####/e0a7009ffdffba251c9713491fa5cfc0.0
- /data/media/####/e884f45a8772c8d10752032a450f1b50.0
- /data/media/####/eb39b293178e04efaec5cd0e5a453bc2.0
- /data/media/####/f43e40fcebf08c3e39d6437298750b0c.0
- /data/media/####/fab7be66cfccd0fc6be37ac46938517c.0.tmp (deleted)
- /data/media/####/journal.tmp
- /data/media/####/tdata_Soq141
- /data/media/####/tdata_vxj811
- /data/media/####/test.log
- /system/bin/sh -c getprop
- /system/bin/sh -c type su
- <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qisheng.daoyi.service.DemoPushService 25619 300 0
- chmod 700 <Package Folder>/files/gdaemon_20161017
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
- getprop
- sh <Package Folder>/files/gdaemon_20161017 0 <Package>/com.qisheng.daoyi.service.DemoPushService 25619 300 0
- 39_encrypt_jni
- Bugly
- getuiext2
- libjiagu
- libtpnsSecurity
- tpnsSecurity
- AES-GCM-NoPadding
- RSA-ECB-PKCS1Padding
- RSA-NONE-OAEPWithSHA1AndMGF1Padding
- AES-GCM-NoPadding