Technical information
Malicious functions:
Executes code of the following detected threats:
- Android.Gexin.1
Network activity:
Connects to:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) sdk-ope####.g####.com:80
- TCP(HTTP/1.1) sdk.c####.g####.####.cn:80
- TCP(HTTP/1.1) c-h####.g####.com:80
- TCP(TLS/1.0) rr2---s####.g####.com:443
- TCP(TLS/1.0) www.google####.com:443
- TCP(TLS/1.0) 1####.194.73.94:443
- TCP(TLS/1.0) pla####.google####.com:443
- TCP(TLS/1.0) and####.a####.go####.com:443
- TCP(TLS/1.0) rr9---s####.g####.com:443
- TCP(TLS/1.0) p####.google####.com:443
- TCP(TLS/1.2) 1####.177.14.103:443
- TCP(TLS/1.2) www.google####.com:443
- TCP(TLS/1.2) 1####.194.73.94:443
- TCP cm-10####.g####.com:5226
- TCP sdk.o####.t####.####.com:5224
- UDP p####.google####.com:443
DNS requests:
- 7j####.c####.z0.####.com
- a.appj####.com
- and####.a####.go####.com
- and####.google####.com
- c-h####.g####.com
- cdn-sdk####.g####.com
- cm-10####.g####.com
- gmscomp####.google####.com
- p####.google####.com
- pla####.google####.com
- rr2---s####.g####.com
- rr9---s####.g####.com
- sdk-ope####.g####.com
- sdk.c####.g####.com
- sdk.o####.i####.####.com
- sdk.o####.t####.####.com
- www.google####.com
HTTP GET requests:
- sdk.c####.g####.####.cn/config/hzv9.conf
HTTP POST requests:
- c-h####.g####.com/api.php?format=####&t=####
- sdk-ope####.g####.com/api.php?format=####&t=####
File system changes:
Creates the following files:
- /data/data/####/.jg.ic
- /data/data/####/Alvin2.xml
- /data/data/####/ContextData.xml
- /data/data/####/Cookies-journal
- /data/data/####/H574DA27D.xml
- /data/data/####/H574DA27D_storages.xml
- /data/data/####/WebViewChromiumPrefs.xml
- /data/data/####/cc.db
- /data/data/####/cc.db-journal
- /data/data/####/classes.dex
- /data/data/####/classes.oat
- /data/data/####/classes2.dex
- /data/data/####/classes3.dex
- /data/data/####/cn.dataenergy.ShenzhenPowerSupply_preferences.xml
- /data/data/####/increment.db-journal
- /data/data/####/index
- /data/data/####/init.pid
- /data/data/####/jg_app_update_settings_random.xml
- /data/data/####/libjiagu.so
- /data/data/####/metrics_guid
- /data/data/####/push.pid
- /data/data/####/pushsdk.db-journal
- /data/data/####/qihoo_jiagu_crash_report.xml
- /data/data/####/run.pid
- /data/data/####/the-real-index
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_general_config.xml.bak
- /data/media/####/.nomedia
- /data/media/####/Alvin2.xml
- /data/media/####/BUS_TODO.png
- /data/media/####/CUT_OFF_QUERY.png
- /data/media/####/ContextData.xml
- /data/media/####/ELEC_ANALYZE.png
- /data/media/####/ELEC_NEWS.png
- /data/media/####/EMAIL.png
- /data/media/####/LBS.png
- /data/media/####/ONLINE_KF.png
- /data/media/####/SYS_MSG.png
- /data/media/####/TROUBLE_DECLARE.png
- /data/media/####/TS_RUN_WARN.png
- /data/media/####/about.html
- /data/media/####/about.html.js
- /data/media/####/accoun_psw.png
- /data/media/####/account_add.html
- /data/media/####/account_add.html.js
- /data/media/####/account_apply.png
- /data/media/####/account_bind.html
- /data/media/####/account_bind.html.js
- /data/media/####/account_cost.html
- /data/media/####/account_cost.html.js
- /data/media/####/account_detail.html
- /data/media/####/account_detail.html.js
- /data/media/####/account_form.html
- /data/media/####/account_form.html.js
- /data/media/####/account_help.png
- /data/media/####/account_manage.html
- /data/media/####/account_manage.html.js
- /data/media/####/account_ratio.html
- /data/media/####/account_ratio.html.js
- /data/media/####/account_setting.png
- /data/media/####/account_share.html
- /data/media/####/account_share.html.js
- /data/media/####/account_tip.png
- /data/media/####/add.png
- /data/media/####/agent_analysis.png
- /data/media/####/agent_compare.png
- /data/media/####/agent_more.png
- /data/media/####/agent_turnover.png
- /data/media/####/ajax_loader.gif
- /data/media/####/all.css
- /data/media/####/app.db
- /data/media/####/app.js
- /data/media/####/app.png
- /data/media/####/area_add.html
- /data/media/####/area_add.html.js
- /data/media/####/area_choice_main.html
- /data/media/####/area_choice_main.html.js
- /data/media/####/area_choice_sub.html
- /data/media/####/area_choice_sub.html.js
- /data/media/####/auth_code.html
- /data/media/####/auth_code.html.js
- /data/media/####/award_punish.html
- /data/media/####/award_punish.html.js
- /data/media/####/bar.js
- /data/media/####/batch_pay.html
- /data/media/####/batch_pay.html.js
- /data/media/####/bill_detail.html
- /data/media/####/bill_detail.html.js
- /data/media/####/bill_electric.png
- /data/media/####/bill_gas.png
- /data/media/####/bill_home.html
- /data/media/####/bill_home.html.js
- /data/media/####/bill_list.html
- /data/media/####/bill_list.html.js
- /data/media/####/bill_property.png
- /data/media/####/bill_total_detail.html
- /data/media/####/bill_total_detail.html.js
- /data/media/####/bill_water.png
- /data/media/####/bind-failed.png
- /data/media/####/body_main.html
- /data/media/####/body_main.html.js
- /data/media/####/business_bill_detail.html
- /data/media/####/business_bill_detail.html.js
- /data/media/####/business_bill_detail_detail.html
- /data/media/####/business_bill_detail_detail.html.js
- /data/media/####/business_handling.html
- /data/media/####/business_handling.html.js
- /data/media/####/business_map.js
- /data/media/####/calc-tools.png
- /data/media/####/calc_content_1.png
- /data/media/####/calc_content_2.png
- /data/media/####/calc_content_3.png
- /data/media/####/calc_list.html
- /data/media/####/calc_list.html.js
- /data/media/####/calc_method_result.html
- /data/media/####/calc_method_result.html.js
- /data/media/####/calc_method_setting.html
- /data/media/####/calc_method_setting.html.js
- /data/media/####/calc_tips.png
- /data/media/####/calc_title.png
- /data/media/####/cesuangongju.png
- /data/media/####/chajiaodianfei.png
- /data/media/####/change_pwd.html
- /data/media/####/change_pwd.html.js
- /data/media/####/chart.js
- /data/media/####/chart_frame.html
- /data/media/####/chart_frame.html.js
- /data/media/####/chart_theme.js
- /data/media/####/china_city.js
- /data/media/####/choice_list.html
- /data/media/####/choice_list.html.js
- /data/media/####/cn.dataenergy.ShenzhenPowerSupply.db
- /data/media/####/com.igexin.sdk.deviceId.db
- /data/media/####/common_chart.html.js
- /data/media/####/company.png
- /data/media/####/composite.html
- /data/media/####/composite.html.js
- /data/media/####/config.js
- /data/media/####/config.json
- /data/media/####/contact_info.html
- /data/media/####/contact_info.html.js
- /data/media/####/contacts.html
- /data/media/####/contacts.html.js
- /data/media/####/contacts_list.html
- /data/media/####/contacts_list.html.js
- /data/media/####/contract.png
- /data/media/####/customer_service.png
- /data/media/####/dianfeifenxi.png
- /data/media/####/duiba.html
- /data/media/####/duiba.html.js
- /data/media/####/early_warning.html
- /data/media/####/early_warning.html.js
- /data/media/####/early_warning_detail.html
- /data/media/####/early_warning_detail.html.js
- /data/media/####/echarts.js
- /data/media/####/echarts.min.js
- /data/media/####/ele-cost.png
- /data/media/####/ele-measure.png
- /data/media/####/electric_detail.html
- /data/media/####/electric_detail.html.js
- /data/media/####/electric_detail_bill.html
- /data/media/####/electric_detail_bill.html.js
- /data/media/####/electro_repair_list.html
- /data/media/####/electro_repair_list.html.js
- /data/media/####/energy-service-w.png
- /data/media/####/energy-service.png
- /data/media/####/energy_bad.png
- /data/media/####/energy_good.png
- /data/media/####/energy_great.png
- /data/media/####/energy_usage_compare.html
- /data/media/####/energy_usage_compare.html.js
- /data/media/####/energy_usage_parts.html
- /data/media/####/energy_usage_parts.html.js
- /data/media/####/enter.png
- /data/media/####/exchange_setting.png
- /data/media/####/extension.html
- /data/media/####/extension.html.js
- /data/media/####/fault.png
- /data/media/####/faultContact-1.png
- /data/media/####/faultContact-2.png
- /data/media/####/feedback_setting.png
- /data/media/####/fitLayout.js
- /data/media/####/force_rate.html
- /data/media/####/force_rate.html.js
- /data/media/####/forecast.html
- /data/media/####/forecast.html.js
- /data/media/####/frame.html
- /data/media/####/frame.html.js
- /data/media/####/gengduo.png
- /data/media/####/gold.png
- /data/media/####/h5plugin.js
- /data/media/####/handling_detail.html
- /data/media/####/handling_detail.html.js
- /data/media/####/handling_more.html
- /data/media/####/handling_more.html.js
- /data/media/####/hangyeduibiao.png
- /data/media/####/header.css
- /data/media/####/header_iOS7.css
- /data/media/####/home.css
- /data/media/####/home.html
- /data/media/####/home.html.js
- /data/media/####/home_bg_default.png
- /data/media/####/house.png
- /data/media/####/house_detail_statistic.html
- /data/media/####/house_detail_statistic.html.js
- /data/media/####/house_nick.js
- /data/media/####/iconfont-alipay.png
- /data/media/####/iconfont-dingwei.png
- /data/media/####/iconfont-dingwei2.png
- /data/media/####/iconfont-jinggao.png
- /data/media/####/iconfont-pay.png
- /data/media/####/iconfont-unionpay.png
- /data/media/####/iconfont-wxpay.png
- /data/media/####/iconfont.css
- /data/media/####/iconfont.eot
- /data/media/####/iconfont.svg
- /data/media/####/iconfont.ttf
- /data/media/####/iconfont.woff
- /data/media/####/image_box.js
- /data/media/####/image_cacher.js
- /data/media/####/image_editor.html
- /data/media/####/image_editor.html.js
- /data/media/####/image_picker.html
- /data/media/####/image_picker.html.js
- /data/media/####/imageeditor.js
- /data/media/####/imageviewer.js
- /data/media/####/industry_analysis.png
- /data/media/####/industry_compare.png
- /data/media/####/industry_energy.png
- /data/media/####/industry_list.html
- /data/media/####/industry_list.html.js
- /data/media/####/industry_more.png
- /data/media/####/industry_tools.png
- /data/media/####/industry_turnover.png
- /data/media/####/industry_warning.png
- /data/media/####/introduction.html
- /data/media/####/introduction.html.js
- /data/media/####/jiankongyujing.png
- /data/media/####/jiaofeilishi.png
- /data/media/####/knockout-3.3.0.js
- /data/media/####/line.js
- /data/media/####/load_correlation.html
- /data/media/####/load_correlation.html.js
- /data/media/####/load_rate.html
- /data/media/####/load_rate.html.js
- /data/media/####/loading.css
- /data/media/####/loading.gif
- /data/media/####/loading.png
- /data/media/####/location.html
- /data/media/####/location.html.js
- /data/media/####/location_4.png
- /data/media/####/login-auth_code.png
- /data/media/####/login-tel.png
- /data/media/####/login.css
- /data/media/####/login.html
- /data/media/####/login.html.js
- /data/media/####/login_bg.png
- /data/media/####/login_eye_close.png
- /data/media/####/login_eye_open.png
- /data/media/####/login_logo.png
- /data/media/####/login_password.png
- /data/media/####/login_user.png
- /data/media/####/ma_vl.html
- /data/media/####/ma_vl.html.js
- /data/media/####/main.html
- /data/media/####/main.html.js
- /data/media/####/mall.png
- /data/media/####/manifest.json
- /data/media/####/md5.js
- /data/media/####/me.html
- /data/media/####/me.html.js
- /data/media/####/menu_config.json
- /data/media/####/mete_fee.html
- /data/media/####/mete_fee.html.js
- /data/media/####/moment.min.js
- /data/media/####/monitor.html
- /data/media/####/monitor.html.js
- /data/media/####/msg.config.js
- /data/media/####/msg.html
- /data/media/####/msg.html.js
- /data/media/####/msg_setting.html
- /data/media/####/msg_setting.html.js
- /data/media/####/msg_timeline.css
- /data/media/####/msg_timeline.html
- /data/media/####/msg_timeline.html.js
- /data/media/####/msg_timeline_main.html
- /data/media/####/msg_timeline_main.html.js
- /data/media/####/mui.css
- /data/media/####/mui.js
- /data/media/####/mui.min.css
- /data/media/####/mui.min.js
- /data/media/####/mui.picker.min.css
- /data/media/####/mui.picker.min.js
- /data/media/####/mui.ttf
- /data/media/####/mui_extend.js
- /data/media/####/my_handling.html
- /data/media/####/my_handling.html.js
- /data/media/####/mygold.html
- /data/media/####/mygold.html.js
- /data/media/####/nearby.html
- /data/media/####/nearby.html.js
- /data/media/####/nearby_1.png
- /data/media/####/nearby_2.png
- /data/media/####/nearby_3.png
- /data/media/####/nearby_4.png
- /data/media/####/nearby_5.png
- /data/media/####/nearby_6.png
- /data/media/####/nearby_7.png
- /data/media/####/nearby_8.png
- /data/media/####/need_apply_result.html
- /data/media/####/need_apply_result.html.js
- /data/media/####/need_apply_setting.html
- /data/media/####/need_apply_setting.html.js
- /data/media/####/nengxiaofenxi.png
- /data/media/####/nodata.png
- /data/media/####/nonbind_account_detail.html
- /data/media/####/nonbind_account_detail.html.js
- /data/media/####/old_days_electric.html
- /data/media/####/old_days_electric.html.js
- /data/media/####/oss-js-upload.js
- /data/media/####/overall_fee.html
- /data/media/####/overall_fee.html.js
- /data/media/####/pay_detail.html
- /data/media/####/pay_detail.html.js
- /data/media/####/pay_history.html
- /data/media/####/pay_history.html.js
- /data/media/####/pay_main.html
- /data/media/####/pay_main.html.js
- /data/media/####/pay_query.html
- /data/media/####/pay_query.html.js
- /data/media/####/payment.html
- /data/media/####/payment.html.js
- /data/media/####/payment_failed.html
- /data/media/####/payment_failed.html.js
- /data/media/####/payment_success.html
- /data/media/####/payment_success.html.js
- /data/media/####/person_airer.png
- /data/media/####/person_analysis.png
- /data/media/####/person_more.png
- /data/media/####/person_nearby.png
- /data/media/####/person_pay.png
- /data/media/####/person_ranking.png
- /data/media/####/person_share.png
- /data/media/####/person_turnover.png
- /data/media/####/phone_bind.html
- /data/media/####/phone_bind.html.js
- /data/media/####/pie.js
- /data/media/####/pinyin.js
- /data/media/####/position.png
- /data/media/####/power_cut_event.html
- /data/media/####/power_cut_event.html.js
- /data/media/####/power_cut_map.html
- /data/media/####/power_cut_map.html.js
- /data/media/####/power_factor.html
- /data/media/####/power_factor.html.js
- /data/media/####/protocol.html
- /data/media/####/protocol.html.js
- /data/media/####/public_page.html
- /data/media/####/public_page.html.js
- /data/media/####/pull_down_menu.js
- /data/media/####/pull_down_module.js
- /data/media/####/qq.png
- /data/media/####/query.css
- /data/media/####/query_account_list.html
- /data/media/####/query_account_list.html.js
- /data/media/####/query_result.html
- /data/media/####/query_result.html.js
- /data/media/####/rank_air_condition.html
- /data/media/####/rank_air_condition.html.js
- /data/media/####/rank_history.html
- /data/media/####/rank_history.html.js
- /data/media/####/rank_infomation.png
- /data/media/####/rank_month.html
- /data/media/####/rank_month.html.js
- /data/media/####/recommend.html
- /data/media/####/recommend.html.js
- /data/media/####/recommend.png
- /data/media/####/recommend_setting.png
- /data/media/####/refer_account.html
- /data/media/####/refer_account.html.js
- /data/media/####/register.html
- /data/media/####/register.html.js
- /data/media/####/resident_done.html
- /data/media/####/resident_done.html.js
- /data/media/####/resident_statistics.html
- /data/media/####/resident_statistics.html.js
- /data/media/####/resident_step1.html
- /data/media/####/resident_step1.html.js
- /data/media/####/resident_step2.html
- /data/media/####/resident_step2.html.js
- /data/media/####/resident_step3.html
- /data/media/####/resident_step3.html.js
- /data/media/####/sea-config.js
- /data/media/####/sea.js
- /data/media/####/set_password.html
- /data/media/####/set_password.html.js
- /data/media/####/setting.html
- /data/media/####/setting.html.js
- /data/media/####/setting.png
- /data/media/####/share.png
- /data/media/####/share_list.html
- /data/media/####/share_list.html.js
- /data/media/####/share_result.html
- /data/media/####/share_result.html.js
- /data/media/####/share_service.js
- /data/media/####/share_service_popover.css
- /data/media/####/share_setting.html
- /data/media/####/share_setting.html.js
- /data/media/####/statistics.html
- /data/media/####/statistics.html.js
- /data/media/####/success.png
- /data/media/####/suggestion.html
- /data/media/####/suggestion.html.js
- /data/media/####/system_setting.png
- /data/media/####/tap_popover.js
- /data/media/####/taskmanager.js
- /data/media/####/tel_auth.html
- /data/media/####/tel_auth.html.js
- /data/media/####/template.html
- /data/media/####/template.html.js
- /data/media/####/tendency.html
- /data/media/####/tendency.html.js
- /data/media/####/test_menu_config.json
- /data/media/####/tingdianchaxun.png
- /data/media/####/tip-arrow.png
- /data/media/####/tip-happy.png
- /data/media/####/tip-unhappy.png
- /data/media/####/transformer_result.html
- /data/media/####/transformer_result.html.js
- /data/media/####/transformer_setting.html
- /data/media/####/transformer_setting.html.js
- /data/media/####/update_contract_alias.html
- /data/media/####/update_contract_alias.html.js
- /data/media/####/updater.js
- /data/media/####/user.png
- /data/media/####/user_guide.js
- /data/media/####/user_male.png
- /data/media/####/util.js
- /data/media/####/video-js.min.css
- /data/media/####/video.min.js
- /data/media/####/warning-moni-w.png
- /data/media/####/warning-moni.png
- /data/media/####/warning.html
- /data/media/####/warning.html.js
- /data/media/####/wxcicle.png
- /data/media/####/wxfriend.png
- /data/media/####/yewubanli.png
- /data/media/####/zhangdanliushui.png
- /data/media/####/zhanghushezhi.png
- /data/media/####/zhoubianfuwu.png
- /data/media/####/zhuanzuke.png
Miscellaneous:
Executes the following shell scripts:
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Loads the following dynamic libraries:
- libjiagu
Uses the following algorithms to encrypt data:
- AES-CBC-PKCS5Padding
Uses special library to hide executable bytecode.
Gets information about network.
Gets information about phone status (number, IMEI, etc.).
Gets information about installed apps.
Displays its own windows over windows of other apps.
Requests the system alert window permission.