Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 10690133603: auto##1260414835##mpl_zhushou##log in with 360
Сетевая активность:
Подключается к:
- s####.####.com
- p####.####.cn
- t####.####.net
- s####.####.cn
- up####.####.cn
- p####.####.com
- sh####.####.com
- a####.####.cn
- api####.####.com
- zhu####.####.com
- b####.####.com
- m####.####.com
- m####.####.cn
Запросы HTTP GET:
- up####.####.cn/Iservice/Config?&hasApk=####&m=####&m2=####&md=####&sk=####&v=####&ch=####&fm=####&s_stream_app=####&re=####&nt=####&os=####&model=####...
- a####.####.cn/intf.php?method=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionname=####&appid=####&_token=####&apivers...
- up####.####.cn/AppStore/speed?&m=####&m2=####&v=####&nt=####&ch=####&re=####&intfurl=####&total=####&cnt=####&spd=####&server_ip=####&dnsct=####&suc=#...
- up####.####.cn//Weather/getPrCity?ft=####&pm=####&fm=####&m=####&s_stream_app=####&m2=####&v=####&re=####&nt=####&ch=####&os=####&model=####&sn=####&c...
- a####.####.cn/intf.php?method=####&devtype=####&m1=####&m2=####&_t=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionnam...
- s####.####.cn/gf/db320b212b9153095e73c3a29da3e1dd.so
- m####.####.cn/baohe/list?version=####&toid=####&pst=####&m=####&m2=####&v=####&md=####&br=####&os=####
- m####.####.com/cfg/appkey-cf6b551afe338f43
- sh####.####.com/150722/b4530a9a3e9b01a3bb353f32dd88db22/td.jar
- s####.####.com/market_zs?mid=####&model=####&brand=####&channel=####&osver=####&appver=####&type=####&action=####
- zhu####.####.com/mobile/jingxuan/getDianjingByType?type=####
- s####.####.cn/360baohe/c.html?para1=J####
- zhu####.####.com/mobile/app/listAllV2
- up####.####.cn/iservice/pluginStatus?&m=####&s_stream_app=####&m2=####&v=####&re=####&nt=####&ch=####&os=####&model=####&sn=####&cu=####&ca1=####&ca2=...
- up####.####.cn/AppStore/getIsUpdate?os=####&pname=####&m=####&s_stream_app=####&m2=####&v=####&re=####&nt=####&ch=####&model=####&sn=####&cu=####&ca1=...
- up####.####.cn/AppStore/getHotWordsIconsOfSearch?m=####&m2=####&md=####&sk=####&v=####&ch=####
- s####.####.cn/appstore/info.htm?method=####&m=####&m2=####&v=####&vn=####&re=####&ch=####&fm2=bGh####
- zhu####.####.com/mobile/appstore/getIsUpdate?ext=####&channel_id=####&vercode=####&sr=####&md5=####&pname=####&from=####&issys=####&toid=####&m=####&m...
- up####.####.cn/channel/getPlugInfoByPnames?&pnames=####&plugver=####&vn=####&m=####&s_stream_app=####&m2=####&v=####&re=####&nt=####&ch=####&os=####&m...
- up####.####.cn/html/life/index2.html
- up####.####.cn/inew/getRecomendApps?iszip=####&logo_type=####&deflate_field=####&apiversion=####&os=####&model=####&sn=####&cu=####&ca1=####&ca2=####&...
Запросы HTTP POST:
- api####.####.com/v3/log/init
- a####.####.cn/intf.php?check_update_key=####&qid=####&devtype=####&nettype=####&manufacturer=####&model=####&os=####&channel=####&v=####&v_hq=####&v_h...
- s####.####.com/pkl16.html
- b####.####.com/jiagu/t/infos
- t####.####.net/g/d
- p####.####.com/jiagu/msgs
- p####.####.cn/pstat/plog.php
- up####.####.cn/mintf/getAppsByPackNames?src=####&s_3pk=####&m=####&m2=####&ver=####&md=####&ppi=####&ch=####&fotime=####&silent=####&plugver=####&time...
- a####.####.cn/intf.php?qid=####&devtype=####&nettype=####&manufacturer=####&model=####&os=####&channel=####&v=####&v_hq=####&v_host=####&m2=####&auth_...
- m####.####.cn/getArea.php?token=####
- b####.####.com/jiagu/mark/upgrade
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/files/.jiagu.lock
- /data/data/####/files/Dual/dmss_v2.jar
- /sdcard/360downloads/360SecDownload/smconfg.json
- /data/data/####/.jiagu/libjiagu.so
- /data/data/####/shared_prefs/ludashiSP.xml
- /sdcard/LDSLog/NetErrorAnalysisLog/20170126_NetErrorAnalysis.log
- /data/data/####/shared_prefs/pref_longtime.xml
- /data/data/####/shared_prefs/pref_shorttime.xml
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/databases/new_downloads.db-journal
- /data/data/####/shared_prefs/weather_sharedPref.xml.bak
- /data/data/####/files/.jglogs/.log3
- /data/data/####/shared_prefs/jg_core_control.xml.bak
- /data/data/####/shared_prefs/BaoHe_only_pref.xml.bak
- /data/data/####/files/td1.jar
- /data/data/####/files/Dual/dmss_v2.jar.timestamp
- /data/data/####/cache/HttpCache/app_update_json
- /data/data/####/shared_prefs/MATSharedPreferences.xml
- /data/data/####/shared_prefs/sms_config.xml
- /data/data/####/databases/ignoreupdate_appinfo.db
- /data/data/####/files/td.lock
- /data/data/####/files/baohecachefileaV1
- /data/data/####/shared_prefs/zy_channel.xml
- /sdcard/360downloads/1485416480879.apk
- /sdcard/360downloads/1485416479810.apk
- /data/data/####/files/baohecachefileaV1.lock
- /data/data/####/shared_prefs/weather_sharedPref.xml
- /data/data/####/databases/_ire-journal
- /data/data/####/shared_prefs/BaoHe_only_pref.xml
- /data/data/####/shared_prefs/tdid.xml
- /data/data/####/files/permmgr/libsuonline.so
- /data/data/####/files/qihoo360_accounts_inuse.ini
- /data/data/####/files/.jglogs/.jg.ri
- /data/data/####/databases/account.db
- /data/data/####/shared_prefs/new_stat_feature.xml
- /data/data/####/files/baohecachefileaV2
- /sdcard/.tcookieid
- /data/data/####/cache/HttpCache/AB2A06C8E4A8BB62EFEAB178A3E12289
- /data/data/####/files/.jglogs/.jg.ac
- /data/data/####/files/permmgr/libsuonline.so1485416458287
- /data/data/####/filesfree_data_feed_back_log.txt
- /data/data/####/cache/HttpCache/app_update_params
- /data/data/####/shared_prefs/jg_core_control.xml
- /sdcard/Android/data/####/cache/locationCache/journal.tmp
- /data/data/####/databases/ludashi_appstore.db-journal
- /data/data/####/shared_prefs/user_center_feed.xml
- /data/data/####/databases/account.db-journal
- /sdcard/LDSLog/com.ludashi.daemon/20170126-074054-0.txt
- /data/data/####/files/TDtcagent.db
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/files/.jglogs/.jg.ic
- /data/data/####/shared_prefs/block_sdk.xml
- /data/data/####/cache/filemd5cachefile
- /data/data/####/shared_prefs/pref_shorttime.xml.bak
- /data/data/####/shared_prefs/strong_plugin_config_cache.xml
- /data/data/####/shared_prefs/strong_plugin_config_cache.xml.bak
- /data/data/####/files/baohecachefileaV2.lock
- /data/data/####/shared_prefs/permmgr.xml
- /data/data/####/shared_prefs/FloatWindowService.xml
- /data/data/####/files/TDtcagent.db-journal
- /data/data/####/cache/~tmp-19070512.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db-journal
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/.jiagu/libjiagu.so
Другие:
Использует специальную библиотеку для скрытия исполняемого байткода.
Может автоматически отправлять СМС-сообщения.
