Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.43.origin
- Android.Triada.109.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Packed.16380
Сетевая активность:
Подключается к:
- a####.####.com:7901
- m####.####.net
- m####.####.net:5688
- 2####.####.123
- g####.####.net
- g####.####.net:8080
- aexcep####.####.com:8012
- a####.####.com:8011
- d####.####.net:8080
- 1####.####.174:8081
- and####.####.com
- d####.####.com
- d####.####.net:6677
- up####.####.com:8900
- d####.####.com:8080
- aexcep####.####.com
- d####.####.net
- 1####.####.174
- t####.####.cn
- 2####.####.123:95
- a####.####.com
Запросы HTTP GET:
- d####.####.com/appstore/img/4658f135ff3e4c82a700c4abac8b7076.jpg
- d####.####.com/appstore/img/05ac657d7e5d4aeabef29fb7ba71a548.png
- 1####.####.174/tone/ef2f295d-b679-459c-94d2-9f4a678c0010.jpg
- 1####.####.174/tone/cde608aa-4acc-483c-a997-1686b76cd614.jpg
- d####.####.com/appstore/img/1b3e00ab08a7472fb873e62099d6b9f1.png
- d####.####.net:8080/appstore/pri/f0588a13717440ebae371f719f014be9.apk
- 1####.####.174/tone/75a2f415-6073-4f39-a7af-16ddbe5ed9cc.jpg
- 1####.####.174/tone/28ba93db-30f5-4de8-9d9e-a611e20cb259.jpg
- d####.####.com/appstore/img/4ba8ca2d111349ce89c9355f45c20173.png
- 1####.####.174/tone/668a0543-b99e-445d-b105-520ff6d03b34.jpg
- d####.####.com/appstore/img/a7be2ff79ce14647a5f2c6729be55b57.png
- d####.####.com/appstore/img/e69cbf34c30e47648627b06d8805d90c.png
- d####.####.com/appstore/img/f1529b5d9f7f46eda4d75ecfcb614222.png
- 1####.####.174/tone/d03b56ef-f735-4ded-b09c-9ca896f83325.jpg
- d####.####.com/appstore/img/d22f08474b634c59b262ed2f5161f3f3.png
- 1####.####.174/tone/4ee10b07-92c6-47c3-ab14-153a409bd9aa.jpg
- 1####.####.174/tone/23e91c0d-9b62-493d-ad43-d18fc0510977.jpg
- d####.####.com/appstore/img/a43addd284844dd784c0ad0125934f68.png
- d####.####.com/appstore/img/7e72d076c1ec49c19a7cb0a85940f137.png
- 1####.####.174/tone/2b637236-3281-4ab2-a374-c172a7167539.jpg
- d####.####.com/appstore/img/56c7074b86ac4901bd2b2d4efc05e336.png
- 1####.####.174/tone/f55308ed-a558-428e-a0eb-1cd86d2ac0f2.png
- 1####.####.174/tone/18657545-3753-4895-a7e6-02d7cde12da1.jpg
- 1####.####.174/tone/e1a566ff-8b20-4bd7-8f5f-4b32d9b065af.jpg
- d####.####.com/appstore/img/74aa287eb6e441e795c345a5716cc22f.png
- d####.####.com/appstore/img/fc84fb7c72b84e39b6e461f85f40567f.png
- t####.####.cn/public/ringmaker01/n16/2016/12/2016%E5%B9%B412%E6%9C%8812%E6%97%A514%E7%82%B903%E5%88%86%E7%B4%A7%E6%80%A5%E5%86%85%E5%AE%B9%E5%87%86%E5...
- d####.####.com/appstore/img/656c8fc67b60429489bce747bb82dcfd.png
- d####.####.com/appstore/img/e780edf9a30742469921af970289f5a6.png
- 1####.####.174/tone/2ecd18d0-e002-4f75-831e-8a258e8d5776.jpg
- d####.####.com:8080/appstore/img/a7be2ff79ce14647a5f2c6729be55b57.png
Запросы HTTP POST:
- 1####.####.174/Other/ApkUpd?ts=####&sig=QTI####
- 2####.####.123/sdkServer/1.0/user/query
- a####.####.com:7901/
- 1####.####.174/home/BannerSitf?ts=####&sig=ODF####
- 1####.####.174/home/dataList?ts=####&sig=NDg####
- g####.####.net:8080/migusdk/tl/initcttl
- 2####.####.123/sdkServer/1.0/crbt/open/check
- 2####.####.123/sdkServer/1.0/cp/query
- a####.####.com:8011/rqd/async
- g####.####.net/migusdk/verification/checkSdkUpdate
- up####.####.com:8900/
- 1####.####.174/User/PlayTotal?ts=####&sig=Mjg####
- aexcep####.####.com:8012/rqd/async
- m####.####.net:5688/
- and####.####.com/rqd/async
- d####.####.net/
- a####.####.com/
- d####.####.net:6677/
- 1####.####.174/Other/Splash?ts=####&sig=QUQ####
- 1####.####.174/home/dataList?ts=####&sig=MTY####
- 1####.####.174/home/banner?ts=####&sig=NjY####
- 2####.####.123:95/sdkServer/checksmsinitreturn
- 2####.####.123/sdkServer/1.0/crbt/querymonth
- g####.####.net/migusdk/tl/initcttl
- 1####.####.174/User/PlayTotal?ts=####&sig=RkU####
- 1####.####.174:8081/User/AppActive?ts=####&sig=Njg####
- m####.####.net/
- aexcep####.####.com/rqd/async
- 2####.####.123/sdkServer/checksmsinitreturn
Изменения в файловой системе:
Создает следующие файлы:
- /sdcard/.4d02db8e14/com.xend.app/abc/com.xend.app_r1.app
- /data/data/####/shared_prefs/JPushSA_Config.xml.bak
- /data/data/####/shared_prefs/ad_config.xml.bak
- /data/data/####/shared_prefs/ResidentSharedPreferencesUtils.xml
- /data/data/####/cache/picasso-cache/9916005433c107257b2baec1c6a851b8.1.tmp
- /sdcard/Qxtimes/db/.QxTimes_ring.db
- /data/data/####/cache/picasso-cache/2c92187e1f256569b36164e8651cbeb4.0.tmp
- /sdcard/.4d02db8e14/.fsks
- /sdcard/.4d02db8e14/dd/ad/f1529b5d9f7f46eda4d75ecfcb614222
- /data/data/####/databases/####.Resident.db-journal
- /data/data/####/cache/picasso-cache/18777794389831d89c01424eb284db60.1.tmp
- /sdcard/.4d02db8e14/float/a43addd284844dd784c0ad0125934f68.dt
- /sdcard/.4d02db8e14/float/4ba8ca2d111349ce89c9355f45c20173.dt
- /data/data/####/shared_prefs/ad_config.xml
- /data/data/####/cache/picasso-cache/18777794389831d89c01424eb284db60.0.tmp
- /data/data/####/shared_prefs/umeng_general_config.xml
- /sdcard/Qxtimes/ring/volley/4k2uh23pz507crm2w51i2ebqn
- /sdcard/Qxtimes/ring/volley/4x9j3hfa7swz1n3m1uo72qfbz
- /data/data/####/cache/volley/26266098-806473434
- /data/data/####/shared_prefs/initdata.xml
- /sdcard/Qxtimes/ring/volley/4yc1yrvbkg37etxjs1r7eb67l
- /data/data/####/cache/picasso-cache/d754001ed742bb794194b783428c9449.0.tmp
- /data/data/####/databases/MF_STATS-journal
- /data/data/####/cache/picasso-cache/2d0108504e3902a558b3b9561c90cc0a.1
- /data/data/####/databases/webview.db-journal
- /data/data/####/shared_prefs/biosConfig.xml.bak
- /data/data/####/cache/picasso-cache/5452c025aa02c378026cf7f9fee02c4c.1.tmp
- /data/data/####/shared_prefs/indion.xml.bak
- /data/data/####/shared_prefs/com.qxtimes.library.music.tools.SharedPreferencesUtils.xml
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/shared_prefs/biosConfig.xml
- /data/data/####/cache/volley/26243065436699287
- /data/data/####/shared_prefs/indion.xml
- /sdcard/Qxtimes/ring/volley/6r9j7sucs9hsacbrqu3yff4mc
- /data/data/####/app_lib/libmiguED.so
- /data/data/####/cache/picasso-cache/222fd8a2f2ab7a6d9c2368298a386d1f.0.tmp
- /data/data/####/cache/picasso-cache/61fb29432fb7a803a500b86f493c0d0f.1.tmp
- /sdcard/storage/emulated/0null/63frthmzn1jsd6z3nfdgg5se9
- /data/data/####/cache/picasso-cache/7767cf18f4ba89029ddc312ed630dc61.1.tmp
- /data/data/####/cache/picasso-cache/d252ef5911f4ea31c90db4f9ba88e014.0
- /data/data/####/databases/####.Resident.db
- /data/data/####/cache/picasso-cache/770ab7a398c149d529b964a6ab0f692d.0.tmp
- /sdcard/.4d02db8e14/float/1b3e00ab08a7472fb873e62099d6b9f1.dt
- /data/data/####/cache/picasso-cache/6e3d56544d6aea8c338e047255331a87.1
- /sdcard/.4d02db8e14/float/74aa287eb6e441e795c345a5716cc22f.dt
- /data/data/####/shared_prefs/null.xml
- /sdcard/.4d02db8e14/float/fc84fb7c72b84e39b6e461f85f40567f.dt
- /sdcard/.4d02db8e14/com.xend.app/abc/com.xend.app_r1.tmp
- /data/data/####/cache/picasso-cache/8fc4d63271be8acc3e080dee4d55da36.1
- /data/data/####/cache/picasso-cache/5bc08853dc100171f897ccb42ec54747.1.tmp
- /data/data/####/cache/picasso-cache/d252ef5911f4ea31c90db4f9ba88e014.1.tmp
- /data/data/####/cache/picasso-cache/48244ac0e5063e087c6cdbfb0d5b53e4.1
- /data/data/####/cache/picasso-cache/d42a7df06fc7add9cd14c913762efbb1.0.tmp
- /data/data/####/cache/volley/1782677563-256917458
- /data/data/####/cache/picasso-cache/222fd8a2f2ab7a6d9c2368298a386d1f.1.tmp
- /data/data/####/databases/MF_CFG-journal
- /data/data/####/cache/picasso-cache/d252ef5911f4ea31c90db4f9ba88e014.0.tmp
- /data/data/####/files/1074341804.jar
- /data/data/####/cache/picasso-cache/ee00181c6555bb223f412899e59aa80f.1
- /data/data/####/cache/volley/1825826790243454526
- /data/data/####/cache/volley/1782681455-1504035793
- /data/data/####/databases/####.Resident2.db
- /data/data/####/databases/MF_SQdb-journal
- /data/data/####/files/Od66LvvLadlTLE.apk
- /data/data/####/cache/picasso-cache/8f5853f0979919065a26488e54ba6d71.0.tmp
- /data/data/####/cache/picasso-cache/5bc08853dc100171f897ccb42ec54747.0.tmp
- /sdcard/.4d02db8e14/info/a7be2ff79ce14647a5f2c6729be55b57
- /data/data/####/cache/picasso-cache/6e3d56544d6aea8c338e047255331a87.0.tmp
- /data/data/####/databases/####.Resident2.db-journal
- /data/data/####/files/native_record_lock
- /sdcard/.acterr
- /sdcard/.4d02db8e14/float/e780edf9a30742469921af970289f5a6.dt
- /data/data/####/cache/picasso-cache/ab7554653c6e173f9d789420d216ccf2.0.tmp
- /data/data/####/cache/volley/1782677715-1510846379
- /data/data/####/cache/volley/-443010724-204286111
- /data/data/####/cache/picasso-cache/9916005433c107257b2baec1c6a851b8.0.tmp
- /sdcard/.4d02db8e14/float/7e72d076c1ec49c19a7cb0a85940f137.dt
- /data/data/####/app_bEdlTm3/B8aN.jLLl.so
- /data/data/####/files/mobclick_agent_cached_####319
- /sdcard/.5db94267/8c3f9afc/ps/ShtLXdt.xml
- /data/data/####/cache/volley/-1627618719-2071572083
- /data/data/####/files/sdk_prefs
- /data/data/####/cache/picasso-cache/2c92187e1f256569b36164e8651cbeb4.1.tmp
- /data/data/####/files/MiguPay.Sdk20.Lib_12002201_7D87E2D891FE96952B9709B25057AE45_AE200.dat
- /data/data/####/databases/cc/cc.db-journal
- /data/data/####/cache/picasso-cache/3b474b1c4f2b073b0460b3b92e6a57a4.0.tmp
- /data/data/####/shared_prefs/initdata.xml.bak
- /data/data/####/cache/picasso-cache/9685f3fcce74bedc5103bccc1f608104.0.tmp
- /data/data/####/shared_prefs/JPushSA_Config.xml
- /data/data/####/jacruntime.dex
- /data/data/####/files/85c34627379/4b8bdd19-ed19-4f5d-801c-c70a67b6cda8.zip
- /data/data/####/databases/com_ex_dsp.db-journal
- /sdcard/.4d02db8e14/dd/ad/05ac657d7e5d4aeabef29fb7ba71a548
- /data/data/####/files/part
- /data/data/####/cache/picasso-cache/9685f3fcce74bedc5103bccc1f608104.1.tmp
- /data/data/####/files/mg20css.dat
- /sdcard/.4d02db8e14/float/e69cbf34c30e47648627b06d8805d90c.dt
- /data/data/####/cache/picasso-cache/177a537ff056ac351574f2ea6ba28ffb.0.tmp
- /sdcard/Qxtimes/ring/volley/2v79k7rla3iyi7jag96uc3bct
- /data/data/####/files/mg20irid.dat
- /data/data/####/databases/MF_ENH-journal
- /data/data/####/cache/volley/-1142792331138242818
- /data/data/####/files/myfvu.jar
- /sdcard/.4d02db8e14/.init
- /data/data/####/cache/picasso-cache/3b474b1c4f2b073b0460b3b92e6a57a4.1
- /data/data/####/files/look
- /data/data/####/files/tmp/mg20dss.dat
- /data/data/####/cache/picasso-cache/2d0108504e3902a558b3b9561c90cc0a.0.tmp
- /data/data/####/files/IRDETO
- /data/data/####/cache/volley/-5797241241620797736
- /data/data/####/mix.dex
- /data/data/####/cache/volley/1782678973-2031467902
- /data/data/####/cache/picasso-cache/8f5853f0979919065a26488e54ba6d71.1.tmp
- /data/data/####/files/mg20dss.dat
- /data/data/####/files/appsdkmg0_.jar
- /data/data/####/databases/cc/cc.db
- /data/data/####/cache/picasso-cache/48244ac0e5063e087c6cdbfb0d5b53e4.0.tmp
- /data/data/####/files/tmp/mg20css.dat
- /sdcard/.4d02db8e14/float/d22f08474b634c59b262ed2f5161f3f3.dt
- /data/data/####/.rom799020924.jar
- /sdcard/.4d02db8e14/dd/ad/4658f135ff3e4c82a700c4abac8b7076
- /sdcard/Qxtimes/db/.QxTimes_ring.db-journal
- /data/data/####/cache/picasso-cache/5452c025aa02c378026cf7f9fee02c4c.0.tmp
- /data/data/####/cache/picasso-cache/7767cf18f4ba89029ddc312ed630dc61.0.tmp
- /data/data/####/cache/picasso-cache/177a537ff056ac351574f2ea6ba28ffb.1
- /sdcard/.4d02db8e14/dd/ad/a7be2ff79ce14647a5f2c6729be55b57
- /data/data/####/cache/picasso-cache/ee00181c6555bb223f412899e59aa80f.0.tmp
- /data/data/####/.rom2114154784.jar
- /data/data/####/cache/picasso-cache/8fc4d63271be8acc3e080dee4d55da36.0.tmp
- /sdcard/.4d02db8e14/dd/ad/656c8fc67b60429489bce747bb82dcfd
- /data/data/####/shared_prefs/cn.jpush.preferences.v2.xml
- /data/data/####/cache/picasso-cache/ab7554653c6e173f9d789420d216ccf2.1.tmp
- /data/data/####/cache/picasso-cache/61fb29432fb7a803a500b86f493c0d0f.0.tmp
- /data/data/####/files/jpush_stat_cache.json
- /data/data/####/files/tmp/MiguPay.Sdk20.Lib_12002201_7D87E2D891FE96952B9709B25057AE45_AE200.dat
- /sdcard/.4d02db8e14/ficon/56c7074b86ac4901bd2b2d4efc05e336.dt
- /data/data/####/cache/picasso-cache/770ab7a398c149d529b964a6ab0f692d.1
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/cache/volley/1782726508-929127946
- /data/data/####/tx_shell/libshella-2.8.2.so
- /sdcard/.4d02db8e14/float/a7be2ff79ce14647a5f2c6729be55b57.dt
- /data/data/####/cache/picasso-cache/d42a7df06fc7add9cd14c913762efbb1.1.tmp
- /data/data/####/cache/picasso-cache/d754001ed742bb794194b783428c9449.1.tmp
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/tx_shell/libshella-2.8.2.so
- /data/data/####/files/look
- /data/data/####/files/part
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop ro.aa.romver
- logcat -d -v threadtime
- /system/bin/sh -c getprop ro.build.fingerprint
- /system/bin/sh -c getprop ro.vivo.os.build.display.id
- /system/bin/sh -c getprop ro.lewa.version
- /system/bin/sh -c getprop ro.build.nubia.rom.name
- /system/bin/sh -c getprop ro.miui.ui.version.name
- /system/bin/sh -c getprop ro.build.version.opporom
- /system/bin/sh -c getprop ro.build.tyd.kbstyle_version
- sh
- /system/bin/sh -c getprop ro.build.rom.id
- /system/bin/sh -c getprop ro.gn.gnromvernumber
- /system/bin/sh -c getprop ro.build.version.emui
- /system/bin/sh -c getprop ro.lenovo.series
- /system/bin/sh -c getprop ro.meizu.product.model
Использует специальную библиотеку для скрытия исполняемого байткода.
Может автоматически отправлять СМС-сообщения.
