Техническая информация
Вредоносные функции:
Устанавливает свой пароль на экран блокировки.
Сетевая активность:
Подключается к:
- pack1####.####.com
- u####.####.com
- i####.####.com
- t####.####.net
- a####.####.net
- p####.####.com
- f####.####.com
- m####.####.com
- a####.####.com
Запросы HTTP GET:
- a####.####.net/rec/4_row_apps.json
- f####.####.com/thumbnail/PNG/l62/AppStore/0370a49f-f287-4737-bbee-463ac2566ac0
- f####.####.com/thumbnail/PNG/l62/AppStore/37ccd1cc-0448-4b86-a1b9-ed1cbcce5f3a
- a####.####.net/wx/web/imgs/jc.json
- f####.####.com/thumbnail/PNG/l62/AppStore/0c3005fbc6b0d88e72f5dd5606d46087a8142e391
- p####.####.com/origin/2564/3470196332
- t####.####.net/themes/img/s/2/2619
- t####.####.net/themes/img/s/2/2618
- f####.####.com/thumbnail/PNG/l62/AppStore/03dd342f4461b9c563fef2af003916ae8cf40cda2
- f####.####.com/thumbnail/PNG/l62/AppStore/bd2f79cd-a572-4841-9aa3-19378a951a57
- t####.####.net/themes/img/s/2/2613
- t####.####.net/themes/img/s/2/2612
- t####.####.net/themes/img/s/2/2611
- t####.####.net/themes/img/s/2/2610
- t####.####.net/themes/img/s/2/2617
- t####.####.net/themes/img/s/2/2616
- t####.####.net/themes/img/s/2/2615
- t####.####.net/themes/img/s/2/2614
- t####.####.net/themes/img/s/3/2606
- f####.####.com/thumbnail/PNG/l62/AppStore/20deadb7-05b6-445e-b5c5-d86de19ca68c
- f####.####.com/thumbnail/PNG/l62/AppStore/0cf83e42b9f9742ec0db4a0843bb6e5b5f7997e52
- pack1####.####.com/72x72.png
- f####.####.com/thumbnail/PNG/l62/AppStore/f63f3070-3b17-4272-a77a-d8790fa5ac89
- f####.####.com/thumbnail/PNG/l62/AppStore/5eaf018d-dad9-49e7-976e-626277aef648
- u####.####.com/rest/api3.do?ttid=####&t=####&deviceId=####&imei=####&appKey=####&v=####&sign=####&data=####&api=####&imsi=####
- u####.####.com/activeip/?agoo_apn=####&app_version_code=####&agoo_network=####&agoo_version_code=####
- a####.####.net/wx/web/imgs/mt.json
- a####.####.net/wx/web/imgs/fl.json
- f####.####.com/thumbnail/PNG/l62/AppStore/d274a14f-e42c-4d94-8cef-4173c5f5cd0f
- f####.####.com/thumbnail/PNG/l114/AppStore/07d4cc4a7478f445829fee7f8ef0eb937ff151232
- t####.####.net/themes/img/s/2/2604
- t####.####.net/themes/img/s/2/2605
- f####.####.com/thumbnail/PNG/l62/AppStore/01c2ba555d1c5450a281e63e05e71320072f4e5de
- t####.####.net/themes/img/s/2/2607
- f####.####.com/thumbnail/PNG/l62/AppStore/c804185c-af50-4a90-81c0-0bff1b459f7b
- u####.####.com/rest/api3.do?ttid=####&t=####&imei=####&appKey=####&v=####&sign=####&data=####&api=####&imsi=####
- t####.####.net/themes/img/s/2/2609
- i####.####.com/mms/icon/v1/1/d8/57501e3bbf919436044c85467e6f0d81_68_68.png
- t####.####.net/themes/json/main.json
- f####.####.com/thumbnail/PNG/l62/AppStore/0e7244013b8189b10662c65e31e8fa9818540895d
- t####.####.net/themes/json/460/0.json
- a####.####.net/wx/web/imgs/li.json
- f####.####.com/thumbnail/PNG/l62/AppStore/9bd6973f-04f0-4655-a10e-ac7b7cedcbac
Запросы HTTP POST:
- m####.####.com/register
- a####.####.com/app_logs
- m####.####.com/launch
Изменения в файловой системе:
Создает следующие файлы:
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2616.0.tmp
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2610.0.tmp
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2605.0.tmp
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvZDI3NGExNGYtZTQyYy00ZDk0LThjZWYtNDE3M2M1ZjVjZDBm
- /data/data/####/files/json/wx_imgs/mt.json
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMDFjMmJhNTU1ZDFjNTQ1MGEyODFlNjNlMDVlNzEzMjAwNzJmNGU1ZGU=
- /data/data/####/files/json/wx_imgs/jc.json
- /data/data/####/files/json/theme-main.json
- /data/data/####/shared_prefs/AGOO_HOST.xml
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMGNmODNlNDJiOWY5NzQyZWMwZGI0YTA4NDNiYjZlNWI1Zjc5OTdlNTI=
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMDNkZDM0MmY0NDYxYjljNTYzZmVmMmFmMDAzOTE2YWU4Y2Y0MGNkYTI=
- /data/data/####/shared_prefs/Alvin2.xml
- /data/data/####/databases/####.theme.db-journal
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sMTE0L0FwcFN0b3JlLzA3ZDRjYzRhNzQ3OGY0NDU4MjlmZWU3ZjhlZjBlYjkzN2ZmMTUxMjMy
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvYzgwNDE4NWMtYWY1MC00YTkwLTgxYzAtMGJmZjFiNDU5Zjdi
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2604.0.tmp
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2615.0.tmp
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMjBkZWFkYjctMDViNi00NDVlLWI1YzUtZDg2ZGUxOWNhNjhj
- /data/data/####/shared_prefs/main.xml
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvYmQyZjc5Y2QtYTU3Mi00ODQxLTlhYTMtMTkzNzhhOTUxYTU3
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMDM3MGE0OWYtZjI4Ny00NzM3LWJiZWUtNDYzYWMyNTY2YWMw
- /data/data/####/databases/####.theme.db
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2609.0.tmp
- /data/data/####/shared_prefs/umeng_general_config.xml
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMGU3MjQ0MDEzYjgxODliMTA2NjJjNjVlMzFlOGZhOTgxODU0MDg5NWQ=
- /data/data/####/shared_prefs/AppStore.xml
- /sdcard/Android/data/####/files/themes/.img_cache/s-3-2606.0.tmp
- /data/data/####/files/mobclick_agent_cached_####410910
- /data/data/####/shared_prefs/main.xml.bak
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvNWVhZjAxOGQtZGFkOS00OWU3LTk3NmUtNjI2Mjc3YWVmNjQ4
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvOWJkNjk3M2YtMDRmMC00NjU1LWExMGUtYWM3YjdjZWRjYmFj
- /data/data/####/shared_prefs/AppStore.xml.bak
- /data/data/####/files/json/wx_imgs/fl.json
- /data/data/####/shared_prefs/ContextData.xml
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2611.0.tmp
- /sdcard/iooly/.local_theme_preview_cache/journal.tmp
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL3AwLnBzdGF0cC5jb20vb3JpZ2luLzI1NjQvMzQ3MDE5NjMzMg==
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2607.0.tmp
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2612.0.tmp
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMGMzMDA1ZmJjNmIwZDg4ZTcyZjVkZDU2MDZkNDYwODdhODE0MmUzOTE=
- /sdcard/.DataStorage/ContextData.xml
- /data/data/####/files/recommend/4_row_apps.json
- /sdcard/Android/data/####/files/themes/.img_cache/journal.tmp
- /data/data/####/files/.imprint
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvZjYzZjMwNzAtM2IxNy00MjcyLWE3N2EtZDg3OTBmYTVhYzg5
- /sdcard/.UTSystemConfig/Global/Alvin2.xml
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ZpbGUubWFya2V0LnhpYW9taS5jb20vdGh1bWJuYWlsL1BORy9sNjIvQXBwU3RvcmUvMzdjY2QxY2MtMDQ0OC00Yjg2LWExYjktZWQxY2JjY2U1ZjNh
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL2ltZy53ZGppbWcuY29tL21tcy9pY29uL3YxLzEvZDgvNTc1MDFlM2JiZjkxOTQzNjA0NGM4NTQ2N2U2ZjBkODFfNjhfNjgucG5n
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2613.0.tmp
- /data/data/####/files/umeng_it.cache
- /data/data/####/files/json/wx_imgs/li.json
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2619.0.tmp
- /data/data/####/files/json/theme-list-page460-0.json
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2618.0.tmp
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /sdcard/iooly/.image_cache/.row_app_icons/aHR0cDovL3BhY2sxNDMwMy5xaW5pdWRuLmNvbS83Mng3Mi5wbmcg
- /data/data/####/shared_prefs/umeng_message_state.xml
- /data/data/####/databases/MsgLogStore.db-journal
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2617.0.tmp
- /sdcard/Android/data/####/files/themes/.img_cache/s-2-2614.0.tmp
Другие:
Запускает следующие shell-скрипты:
- sh
Может автоматически отправлять СМС-сообщения.
