Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.627.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) c####.baidust####.com:80
- TCP(HTTP/1.1) z.c####.com:80
- TCP(HTTP/1.1) box.jom####.com:80
- TCP(HTTP/1.1) g####.d.cg:80
- TCP(HTTP/1.1) gm.mm####.com:80
- TCP(HTTP/1.1) cm.qt####.com:80
- TCP(HTTP/1.1) int.d####.s####.####.cn:80
- TCP(HTTP/1.1) s####.jom####.com:80
- TCP(HTTP/1.1) s####.tc.qq.com:80
- TCP(HTTP/1.1) plg.abcdse####.com:7901
- TCP(HTTP/1.1) www.ta####.com:80
- TCP(HTTP/1.1) hm.b####.com:80
- TCP(HTTP/1.1) dup.baidust####.com:80
- TCP(HTTP/1.1) cm.pos.b####.com:80
- TCP(HTTP/1.1) c.c####.com:80
- TCP(HTTP/1.1) up####.mnw.cn.####.com:80
- TCP(HTTP/1.1) zha####.b####.com:80
- TCP(HTTP/1.1) z####.b####.com:80
- TCP(HTTP/1.1) q.c####.com:80
- TCP(HTTP/1.1) pos.b####.com:80
- TCP(HTTP/1.1) map####.y####.com.cn:80
- TCP(HTTP/1.1) cm.g.doublec####.net:80
- TCP(HTTP/1.1) m.mnw.cn.####.com:80
- TCP(HTTP/1.1) nsc####.b####.com:80
- TCP(HTTP/1.1) wn.pos.b####.com:80
- TCP(HTTP/1.1) a####.mnw.cn:80
- TCP(HTTP/1.1) j.ba####.cn:80
- TCP(HTTP/1.1) s.c####.b####.com:80
- TCP(HTTP/1.1) wap.n.sh####.com:80
- TCP(HTTP/1.1) m.ta####.com:80
- TCP(HTTP/1.1) c####.jd.com:80
- TCP(TLS/1.0) ae.bdst####.com.####.com:443
- TCP(TLS/1.0) z.c####.com:443
- TCP(TLS/1.0) box.jom####.com:443
- TCP(TLS/1.0) mbd.n.sh####.com:443
- TCP(TLS/1.0) c####.baidust####.com:443
- TCP(TLS/1.0) gm.mm####.com:443
- TCP(TLS/1.0) c.c####.com:443
- TCP(TLS/1.0) m.ta####.com:443
Запросы DNS:
- a####.mnw.cn
- aaa.abcdse####.com
- ae.bdst####.com
- api.s####.b####.com
- b####.s####.b####.com
- bbb.abcdse####.com
- c####.baidust####.com
- c####.baidust####.com
- c####.jd.com
- c####.mm####.com
- c.c####.com
- cm.g.doublec####.net
- cm.pos.b####.com
- cm.qt####.com
- dup.baidust####.com
- ext.b####.com
- f10.b####.com
- f11.b####.com
- f12.b####.com
- g####.d.cg
- h####.c####.com
- hm.b####.com
- i####.mnw.cn
- i8.b####.com
- int.d####.s####.####.cn
- j.ba####.cn
- l.m####.cn
- m####.b####.com
- m.b####.com
- m.m####.cn
- m.ta####.com
- map####.y####.com.cn
- nsc####.b####.com
- plg.abcdse####.com
- pos.b####.com
- q5.c####.com
- r####.wx.qq.com
- s.bdst####.com
- s.c####.b####.com
- s11.c####.com
- s4.c####.com
- s59.c####.com
- s9.c####.com
- so.m####.cn
- t10.b####.com
- t11.b####.com
- t12.b####.com
- tp.m####.cn
- up####.mnw.cn
- w.c####.com
- wn.pos.b####.com
- www.ta####.com
- z####.b####.com
- z11.c####.com
- z13.c####.com
- z4.c####.com
Запросы HTTP GET:
- a####.mnw.cn/share/weixin_config.php?url=####
- a####.mnw.cn/stat.php?app=####&controller=####&action=####&jsoncallback=...
- box.jom####.com/it/u=115328535,222380918&fm=76
- box.jom####.com/it/u=1156333043,1530906062&fm=76
- box.jom####.com/it/u=1167032421,2516569385&fm=85&app=2&f=JPEG?w=####&h=#...
- box.jom####.com/it/u=1212882062,1690962817&fm=76
- box.jom####.com/it/u=137959412,298276258&fm=76
- box.jom####.com/it/u=1380474023,1558497845&fm=76
- box.jom####.com/it/u=14227813,1707185245&fm=76
- box.jom####.com/it/u=1425446014,3747818297&fm=76
- box.jom####.com/it/u=143890403,3878975986&fm=76
- box.jom####.com/it/u=1577837149,3925418978&fm=76
- box.jom####.com/it/u=1592959737,2051554434&fm=76
- box.jom####.com/it/u=170227848,2077667417&fm=76
- box.jom####.com/it/u=1819452975,2319387143&fm=76
- box.jom####.com/it/u=182460848,1538552309&fm=76
- box.jom####.com/it/u=1824963568,2603420695&fm=76
- box.jom####.com/it/u=1917028771,2243323210&fm=76
- box.jom####.com/it/u=191817669,2966227187&fm=76
- box.jom####.com/it/u=1926254011,2366719920&fm=76
- box.jom####.com/it/u=2073337102,2722025573&fm=85&s=EB13458F44207EB714AC8...
- box.jom####.com/it/u=208509117,3263269692&fm=76
- box.jom####.com/it/u=230332792,2167023383&fm=76
- box.jom####.com/it/u=2356688560,3191705092&fm=76
- box.jom####.com/it/u=244008231,4176175672&fm=76
- box.jom####.com/it/u=2478733111,3460707823&fm=76
- box.jom####.com/it/u=2481985522,2237170415&fm=76
- box.jom####.com/it/u=2577399638,3104766432&fm=76
- box.jom####.com/it/u=2582690745,3125594465&fm=76
- box.jom####.com/it/u=265859916,1662348378&fm=76
- box.jom####.com/it/u=272968580,3065198617&fm=76
- box.jom####.com/it/u=2755584431,1129246769&fm=76
- box.jom####.com/it/u=2804491576,843979835&fm=76
- box.jom####.com/it/u=282271226,204526767&fm=76
- box.jom####.com/it/u=2868965477,3307053804&fm=76
- box.jom####.com/it/u=2902386774,2034853982&fm=76
- box.jom####.com/it/u=2962259408,3125672836&fm=76
- box.jom####.com/it/u=3004942923,3302520070&fm=76
- box.jom####.com/it/u=310445324,694921658&fm=76
- box.jom####.com/it/u=3138743507,3728806229&fm=76
- box.jom####.com/it/u=3207100922,2947870568&fm=76
- box.jom####.com/it/u=3240398336,3389615642&fm=76
- box.jom####.com/it/u=326561860,3824299582&fm=76
- box.jom####.com/it/u=3335963470,2980791554&fm=76
- box.jom####.com/it/u=3338203536,3614097140&fm=76
- box.jom####.com/it/u=338097025,2190016770&fm=76
- box.jom####.com/it/u=3409019002,3768345488&fm=76
- box.jom####.com/it/u=352366022,3202084841&fm=76
- box.jom####.com/it/u=3609535856,4134694241&fm=76
- box.jom####.com/it/u=362552100,3308572158&fm=76
- box.jom####.com/it/u=3665535325,3822996823&fm=76
- box.jom####.com/it/u=3677229935,3861017593&fm=76
- box.jom####.com/it/u=3840926354,4017304945&fm=76
- box.jom####.com/it/u=397187382,2125601513&fm=76
- box.jom####.com/it/u=4019669016,1152596053&fm=76
- box.jom####.com/it/u=4090523315,4205237302&fm=76
- box.jom####.com/it/u=4111294463,800650790&fm=76
- box.jom####.com/it/u=416099583,2170993079&fm=76
- box.jom####.com/it/u=4198494657,1559579554&fm=76
- box.jom####.com/it/u=4217571386,1613213634&fm=76
- box.jom####.com/it/u=4244025284,1300786779&fm=76
- box.jom####.com/it/u=4274608525,1507073155&fm=76
- box.jom####.com/it/u=439814094,3218006628&fm=76
- box.jom####.com/it/u=444041928,3302823438&fm=76
- box.jom####.com/it/u=506370248,2407249221&fm=76
- box.jom####.com/it/u=518869138,4176473259&fm=76
- box.jom####.com/it/u=526698023,3413048942&fm=76
- box.jom####.com/it/u=532645031,3911915710&fm=76
- box.jom####.com/it/u=573611691,3213343411&fm=76
- box.jom####.com/it/u=5871021,1294843693&fm=76
- box.jom####.com/it/u=589546862,2241888480&fm=76
- box.jom####.com/it/u=597068059,1774618764&fm=76
- box.jom####.com/it/u=64422092,1968328821&fm=76
- box.jom####.com/it/u=704438683,3281331795&fm=76
- box.jom####.com/it/u=72506108,1949106642&fm=76
- box.jom####.com/it/u=735823441,4040288244&fm=76
- box.jom####.com/it/u=748813502,4133817067&fm=76
- box.jom####.com/it/u=78531821,1861842175&fm=76
- box.jom####.com/it/u=829564793,3923717155&fm=85&app=2&f=JPEG?w=####&h=##...
- box.jom####.com/it/u=861567632,4255134222&fm=76
- box.jom####.com/it/u=890144760,1344736620&fm=76
- box.jom####.com/it/u=911557225,1350274063&fm=76
- box.jom####.com/it/u=928769438,1774876841&fm=76
- c####.baidust####.com/cpro/ui/cm.js
- c####.baidust####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
- c####.baidust####.com/cpro/ui/pr.js
- c####.baidust####.com/sync.htm?cproid=####
- c####.jd.com/du?&baidu_error=####×tamp=####
- c####.jd.com/du?&baidu_user_id=####&cookie_version=####×tamp=####&e...
- c.c####.com/c.php?id=####
- c.c####.com/core.php?web_id=####&t=####
- c.c####.com/stat.php?id=####&web_id=####
- cm.g.doublec####.net/pixel?google_nid=####&googl####
- cm.g.doublec####.net/pixel?google_nid=####&google_cm=####&google_tc=####
- cm.pos.b####.com/allyes?allyes_id=####&allyes_cver=####&extra=####
- cm.pos.b####.com/gpixel?google_error=####
- cm.pos.b####.com/pixel?dspid=####
- cm.qt####.com/pixel?allyes_dspid=####&allye####&extra=####
- dup.baidust####.com/js/os.js
- g####.d.cg/js/forum-1.js
- g####.d.cg/m.js
- gm.mm####.com/9.gif?abc=####&rnd=####
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&ep=####&et=#...
- hm.b####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&vl=####&et=####&ja=#...
- hm.b####.com/hm.js?14819a5####
- int.d####.s####.####.cn/iplookup/iplookup.php?format=####
- j.ba####.cn/avnkbbdsn.js
- j.ba####.cn/bvzdlc.js
- j.ba####.cn/ezroffhvb.js
- j.ba####.cn/hcrkludlb.js
- j.ba####.cn/lgvovcdvo.js
- m.mnw.cn.####.com/
- m.mnw.cn.####.com/news/top/
- m.mnw.cn.####.com/photo/
- m.mnw.cn.####.com/style/come.jpg
- m.mnw.cn.####.com/style/jquery.min.js
- m.mnw.cn.####.com/yule/
- m.ta####.com/?sprefer=####
- map####.y####.com.cn/s/mapping/?baidu_error=####×tamp=####
- map####.y####.com.cn/s/mapping/?baidu_user_id=####&cookie_version=####&t...
- nsc####.b####.com/v.gif?pid=####&type=####&sign=####&desturl=####&linkid...
- pos.b####.com/gcrm?conwid=####&conhei=####&rdid=####&dc=####&di=####&dri...
- pos.b####.com/gcrm?di=####&dri=####&dis=####&dai=####&ps=####&enu=####&d...
- pos.b####.com/kchm?conwid=####&conhei=####&rdid=####&dc=####&di=####&dri...
- pos.b####.com/kchm?di=####&dri=####&dis=####&dai=####&ps=####&enu=####&d...
- pos.b####.com/ocjm?conwid=####&conhei=####&rdid=####&dc=####&di=####&dri...
- pos.b####.com/ocjm?di=####&dri=####&dis=####&dai=####&ps=####&enu=####&d...
- pos.b####.com/ocum?conwid=####&conhei=####&rdid=####&dc=####&di=####&dri...
- pos.b####.com/ocum?di=####&dri=####&dis=####&dai=####&ps=####&enu=####&d...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&cce=####&ant=####&dri...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&cce=####&drs=####&ccd...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&cce=####&exps=####&tl...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&cfv=####&pss=####&ti=...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&cja=####&dc=####&pis=...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&cpl=####&tcn=####&dai...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&cpl=####&tlm=####&cce...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&dc=####&psr=####&ti=#...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&dis=####&ti=####&pss=...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&dtm=####&exps=####&ps...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&dtm=####&tpr=####&dis...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&par=####&chi=####&dis...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&par=####&cmi=####&ti=...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&par=####&pcs=####&tcn...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&psr=####&tpr=####&dis...
- pos.b####.com/s?hei=####&wid=####&di=####<u=####&tlm=####&dtm=####&cec...
- pos.b####.com/sync_pos.htm?cproid=####
- pos.b####.com/sync_pos.htm?cproid=####&t=####
- pos.b####.com/vcam?conwid=####&conhei=####&rdid=####&dc=####&di=####&dri...
- pos.b####.com/vcam?di=####&dri=####&dis=####&dai=####&ps=####&enu=####&d...
- pos.b####.com/zcnm?conwid=####&conhei=####&rdid=####&dc=####&di=####&dri...
- q.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
- s####.jom####.com/static/api/css/select_share.css?v=####
- s####.jom####.com/static/api/css/share_popup.css?v=####
- s####.jom####.com/static/api/css/share_style0_16.css?v=####
- s####.jom####.com/static/api/img/share/icons_0_16.png?v=####
- s####.jom####.com/static/api/img/share/selectshare_close.png?v=####
- s####.jom####.com/static/api/img/share/share-search-icon.png
- s####.jom####.com/static/api/js/base/tangram.js?v=####
- s####.jom####.com/static/api/js/component/partners.js?v=####
- s####.jom####.com/static/api/js/share.js?v=89860593.js?cdnversion=####
- s####.jom####.com/static/api/js/share/api_base.js
- s####.jom####.com/static/api/js/share/image_api.js
- s####.jom####.com/static/api/js/share/select_api.js
- s####.jom####.com/static/api/js/share/share_api.js?v=####
- s####.jom####.com/static/api/js/trans/logger.js?v=####
- s####.jom####.com/static/api/js/view/image_view.js
- s####.jom####.com/static/api/js/view/select_view.js?v=####
- s####.jom####.com/static/api/js/view/share_view.js?v=####
- s####.jom####.com/static/api/js/view/view_base.js
- s####.jom####.com/v.gif
- s####.tc.qq.com/open/js/jweixin-1.0.0.js
- s.c####.b####.com/s.htm?cproid=####&t=####
- up####.mnw.cn.####.com/
- up####.mnw.cn.####.com//2017/1016/1508121972975.jpg
- up####.mnw.cn.####.com/2017/0925/1506300453487.jpg
- up####.mnw.cn.####.com/2017/0925/1506300699294.jpg
- up####.mnw.cn.####.com/2017/0925/1506301693116.jpg
- up####.mnw.cn.####.com/2017/0928/1506558287395.jpg
- up####.mnw.cn.####.com/2017/0929/1506677121337.jpg
- up####.mnw.cn.####.com/2017/0929/1506677302101.jpg
- up####.mnw.cn.####.com/2017/1017/1508212547705.jpg
- up####.mnw.cn.####.com/2017/1121/1511230766464.jpg
- up####.mnw.cn.####.com/2017/1225/1514195994905.jpg
- up####.mnw.cn.####.com/2018/0109/1515479781703.jpg
- up####.mnw.cn.####.com/2018/0414/thumb_120_70_1523677467966.jpg
- up####.mnw.cn.####.com/2018/0420/1524186959931.jpg
- up####.mnw.cn.####.com/2018/0421/1524289457553.jpg
- up####.mnw.cn.####.com/2018/0422/1524359020112.jpg
- up####.mnw.cn.####.com/2018/0422/1524391034220.png
- up####.mnw.cn.####.com/2018/0423/1524446378358.jpg
- up####.mnw.cn.####.com/2018/0423/1524450722856.jpg
- up####.mnw.cn.####.com/2018/0424/1524528706980.jpg
- up####.mnw.cn.####.com/2018/0424/1524531394567.jpg
- up####.mnw.cn.####.com/2018/0424/1524533466969.jpg
- up####.mnw.cn.####.com/2018/0424/1524533486288.jpg
- up####.mnw.cn.####.com/2018/0424/1524535901720.jpg
- up####.mnw.cn.####.com/2018/0424/1524539426810.jpg
- up####.mnw.cn.####.com/2018/0424/1524539979144.jpg
- up####.mnw.cn.####.com/2018/0424/1524539979532.jpg
- up####.mnw.cn.####.com/2018/0424/1524539979665.jpg
- up####.mnw.cn.####.com/2018/0424/1524539979729.jpg
- up####.mnw.cn.####.com/2018/0424/1524539979756.jpg
- up####.mnw.cn.####.com/2018/0424/1524549563102.jpg
- up####.mnw.cn.####.com/2018/0424/1524566248619.jpg
- up####.mnw.cn.####.com/2018/0425/1524613827567.jpg
- up####.mnw.cn.####.com/2018/0425/1524613831526.jpg
- up####.mnw.cn.####.com/2018/0425/1524613838213.jpg
- up####.mnw.cn.####.com/2018/0425/1524613844206.jpg
- up####.mnw.cn.####.com/2018/0425/1524613851624.jpg
- up####.mnw.cn.####.com/2018/0425/1524616207891.jpg
- up####.mnw.cn.####.com/2018/0425/1524616634214.jpg
- up####.mnw.cn.####.com/2018/0425/1524617633702.jpg
- up####.mnw.cn.####.com/2018/0425/1524617689444.jpg
- up####.mnw.cn.####.com/2018/0425/1524617710561.jpg
- up####.mnw.cn.####.com/2018/0425/1524617729655.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139111.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139189.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139197.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139238.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139280.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139320.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139333.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139341.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139477.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139496.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139513.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139566.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139736.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139744.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139810.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139842.jpg
- up####.mnw.cn.####.com/2018/0425/1524618139920.jpg
- up####.mnw.cn.####.com/2018/0425/1524618352247.jpg
- up####.mnw.cn.####.com/2018/0425/1524618380129.jpg
- up####.mnw.cn.####.com/2018/0425/1524618400700.jpg
- up####.mnw.cn.####.com/2018/0425/1524618711351.jpg
- up####.mnw.cn.####.com/2018/0425/1524618729589.jpg
- up####.mnw.cn.####.com/2018/0425/1524619927752.jpg
- up####.mnw.cn.####.com/2018/0425/1524619946233.jpg
- up####.mnw.cn.####.com/2018/0425/1524621863672.jpg
- up####.mnw.cn.####.com/2018/0425/1524625243829.jpg
- up####.mnw.cn.####.com/2018/0425/1524625986507.png
- up####.mnw.cn.####.com/2018/0425/1524627437685.jpeg
- up####.mnw.cn.####.com/2018/0425/1524628035421.jpg
- up####.mnw.cn.####.com/2018/0425/1524628119334.jpg
- up####.mnw.cn.####.com/2018/0425/1524628745947.jpg
- up####.mnw.cn.####.com/2018/0425/1524639569977.jpg
- up####.mnw.cn.####.com/2018/0425/1524640376690.jpg
- up####.mnw.cn.####.com/2018/0425/1524640378340.jpg
- up####.mnw.cn.####.com/2018/0425/1524640382977.jpg
- up####.mnw.cn.####.com/2018/0425/1524640389840.jpg
- up####.mnw.cn.####.com/2018/0425/1524640821924.jpg
- up####.mnw.cn.####.com/2018/0425/1524641953306.jpg
- up####.mnw.cn.####.com/2018/0425/1524644169579.jpg
- up####.mnw.cn.####.com/2018/0425/1524644196881.jpg
- up####.mnw.cn.####.com/2018/0425/thumb_120_70_1524644169579.jpg
- up####.mnw.cn.####.com/ad/baidu/20B5L.js
- up####.mnw.cn.####.com/edu/
- up####.mnw.cn.####.com/js/config.js
- up####.mnw.cn.####.com/news/
- up####.mnw.cn.####.com/news/fj/1984132.html
- up####.mnw.cn.####.com/news/top/1984135.html
- up####.mnw.cn.####.com/news/world/
- up####.mnw.cn.####.com/quanzhou/licheng/1983561.html
- up####.mnw.cn.####.com/style/flip.js
- up####.mnw.cn.####.com/style/logo.jpg
- up####.mnw.cn.####.com/style/menu.png
- up####.mnw.cn.####.com/style/more.jpg
- up####.mnw.cn.####.com/style/ser.jpg
- up####.mnw.cn.####.com/style/wap_2016.css
- up####.mnw.cn.####.com/style/wap_2017.css?v=####
- up####.mnw.cn.####.com/wap/style/css/content.css?v=####
- up####.mnw.cn.####.com/wap/style/images/logo.png
- up####.mnw.cn.####.com/wap/style/images/menu.png
- up####.mnw.cn.####.com/wap/style/js/baseFontSize.js
- wap.n.sh####.com/sdk/c.js?appid=####
- wap.n.sh####.com/tcbox?service=####&action=####&data=####
- wn.pos.b####.com/adx.php?c=####
- www.ta####.com/
- z####.b####.com/customer_search/api/rs?sid=####&plate_url=####&t=####
- z.c####.com/stat.htm?id=####&r=####&lg=####&ntime=####&cnzz_eid=####&sho...
- zha####.b####.com/api/customsearch/click?logid=0&version=0&prod_id=rp&pl...
- zha####.b####.com/cse/search?s=####&loc=####&width=####&isIframe=####&re...
- zha####.b####.com/static/css/mobileDefault.css?v=####
- zha####.b####.com/static/img/cse.gif?url=http://so.mnw.cn/cse/search?s=#...
- zha####.b####.com/static/img/fdj3.png
- zha####.b####.com/static/img/remove.gif
- zha####.b####.com/static/js/baidu-ajax.js
- zha####.b####.com/static/js/jquery-1.7.2.min.js
- zha####.b####.com/static/js/statistic.js
Запросы HTTP POST:
- plg.abcdse####.com:7901/pl/config
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/3129362.jar
- /data/data/####/3129419.jar
- /data/data/####/3129436.jar
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/f_000001
- /data/data/####/f_000002
- /data/data/####/f_000003
- /data/data/####/f_000004
- /data/data/####/f_000005
- /data/data/####/f_000006
- /data/data/####/f_000007
- /data/data/####/f_000008
- /data/data/####/f_000009
- /data/data/####/f_00000a
- /data/data/####/f_00000b
- /data/data/####/f_00000c
- /data/data/####/f_00000d
- /data/data/####/f_00000e
- /data/data/####/f_00000f
- /data/data/####/f_000010
- /data/data/####/f_000011
- /data/data/####/f_000012
- /data/data/####/f_000013
- /data/data/####/f_000014
- /data/data/####/f_000015
- /data/data/####/f_000016
- /data/data/####/f_000017
- /data/data/####/f_000018
- /data/data/####/f_000019
- /data/data/####/f_00001a
- /data/data/####/f_00001b
- /data/data/####/f_00001c
- /data/data/####/f_00001d
- /data/data/####/f_00001e
- /data/data/####/f_00001f
- /data/data/####/f_000020
- /data/data/####/f_000021
- /data/data/####/f_000022
- /data/data/####/f_000023
- /data/data/####/f_000024
- /data/data/####/f_000025
- /data/data/####/f_000026
- /data/data/####/f_000027
- /data/data/####/f_000028
- /data/data/####/f_000029
- /data/data/####/f_00002a
- /data/data/####/f_00002b
- /data/data/####/f_00002c
- /data/data/####/f_00002d
- /data/data/####/f_00002e
- /data/data/####/f_00002f
- /data/data/####/f_000030
- /data/data/####/f_000031
- /data/data/####/f_000032
- /data/data/####/f_000033
- /data/data/####/f_000034
- /data/data/####/f_000035
- /data/data/####/f_000036
- /data/data/####/f_000037
- /data/data/####/f_000038
- /data/data/####/f_000039
- /data/data/####/f_00003a
- /data/data/####/f_00003b
- /data/data/####/f_00003c
- /data/data/####/f_00003d
- /data/data/####/f_00003e
- /data/data/####/f_00003f
- /data/data/####/f_000040
- /data/data/####/f_000041
- /data/data/####/f_000042
- /data/data/####/f_000043
- /data/data/####/f_000044
- /data/data/####/f_000045
- /data/data/####/f_000046
- /data/data/####/f_000047
- /data/data/####/f_000048
- /data/data/####/f_000049
- /data/data/####/f_00004a
- /data/data/####/f_00004b
- /data/data/####/f_00004c
- /data/data/####/f_00004d
- /data/data/####/f_00004e
- /data/data/####/f_00004f
- /data/data/####/f_000050
- /data/data/####/f_000051
- /data/data/####/f_000052
- /data/data/####/f_000053
- /data/data/####/f_000054
- /data/data/####/f_000055
- /data/data/####/f_000056
- /data/data/####/f_000057
- /data/data/####/f_000058
- /data/data/####/f_000059
- /data/data/####/f_00005a
- /data/data/####/f_00005b
- /data/data/####/f_00005c
- /data/data/####/f_00005d
- /data/data/####/f_00005e
- /data/data/####/f_00005f
- /data/data/####/f_000060
- /data/data/####/f_000061
- /data/data/####/f_000062
- /data/data/####/f_000063
- /data/data/####/f_000064
- /data/data/####/f_000065
- /data/data/####/f_000066
- /data/data/####/f_000067
- /data/data/####/f_000068
- /data/data/####/f_000069
- /data/data/####/f_000069 (deleted)
- /data/data/####/f_00006a
- /data/data/####/f_00006a (deleted)
- /data/data/####/f_00006b
- /data/data/####/f_00006b (deleted)
- /data/data/####/f_00006c
- /data/data/####/f_00006d
- /data/data/####/f_00006e
- /data/data/####/f_00006f
- /data/data/####/f_000070
- /data/data/####/f_000071
- /data/data/####/f_000072
- /data/data/####/f_000073
- /data/data/####/f_000074
- /data/data/####/f_000075
- /data/data/####/f_000076
- /data/data/####/f_000077
- /data/data/####/f_000078
- /data/data/####/f_000079
- /data/data/####/f_00007a
- /data/data/####/f_00007b
- /data/data/####/f_00007c
- /data/data/####/index
- /data/data/####/monitor.so
- /data/data/####/web1.jar
- /data/data/####/web2035.temp
- /data/data/####/web2035.temp (deleted)
- /data/data/####/web2092.temp
- /data/data/####/web2109.temp
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/media/####/79a2520f22b9e1526ff93176029603b8_1.79
- /data/media/####/cfg.xml
- /data/media/####/plcfg.xml
- /data/media/####/webadlist.xml
- /data/media/####/webinfo.xml
Другие:
Загружает динамические библиотеки:
- monitor
Использует следующие алгоритмы для шифрования данных:
- DES-ECB-NoPadding
Использует следующие алгоритмы для расшифровки данных:
- DES-ECB-NoPadding
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Отрисовывает собственные окна поверх других приложений.
