Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 1069099903306: ####
Отправляет данные получаемых СМС-сообщений на удалённый хост.
Сетевая активность:
Подключается к:
- amap####.####.com
- api####.####.com
- vid####.####.com
- a####.####.com
- pa####.####.com
Запросы HTTP GET:
- a####.####.com/video/apk/00/00/2c7d61a6-0f2b-4236-8633-0af5fdf5c10b.jpg
- a####.####.com/video/apk/00/00/49ccb3e9-fe76-413e-a985-3264875e0568.png
- a####.####.com/video/apk/00/00/451e6352-b24a-4006-b96d-5ff1d8710085.jpg
- a####.####.com/video/apk/00/00/de11f804-30bd-499d-9e28-359f02cdd28a.png
- a####.####.com/video/apk/00/00/b7eb8d45-4a8b-4443-b724-bd10f53577c6.png
- a####.####.com/video/apk/00/00/a6b7a623-d814-46b2-900e-88d274ee4450.png
- a####.####.com/video/apk/00/00/65caf1c4-d9e3-4c26-8877-ca0efe2c8700.jpg
- a####.####.com/video/apk/00/00/33527fc9-0476-4ba5-9054-84b9c0cae14a.png
- a####.####.com/video/apk/00/00/a6624f1a-9ee4-4f12-8016-578719ef468d.png
- a####.####.com/video/apk/00/00/a192c7df-4440-4b5a-8e09-0e3e4d757168.png
- a####.####.com/video/apk/00/00/032b63f5-6aa3-407f-9e17-8b491110dc5a.png
- vid####.####.com/js/common.js
- a####.####.com/video/apk/00/00/778f063a-4413-4838-8f58-ba1893f574cb.png
- a####.####.com/video/apk/00/00/cd59483d-c17a-4326-b18e-8655b8bea21e.jpg
- a####.####.com/video/apk/00/00/afa03c56-6338-4afc-8a7e-9bbe7e02f42f.jpg
- a####.####.com/video/apk/00/00/04a8ecb1-6f95-409b-87e8-b54f9bb6c725.png
- a####.####.com/video/apk/00/00/25a7ac4b-1164-4bba-a999-edb3002f3371.png
- vid####.####.com/css/index.css
- vid####.####.com/css/common.css
- amap####.####.com/sdkcoor/android/x86/libJni_wgs2gcj.so
- a####.####.com/video/apk/00/00/8b4f0183-9f18-4976-a2ac-a0ec9e9633fe.png
- vid####.####.com/js/jquery-1.8.3.min.js
- a####.####.com/video/apk/00/00/782daf37-a1b0-4a05-b515-4565da65d2bf.png
- a####.####.com/video/apk/00/00/ccc56a6f-5940-4f96-8e0e-ad1e9fcea0c1.png
- vid####.####.com/images/vip.png
- a####.####.com/video/apk/00/00/bde2b41c-e0a8-4777-9805-47427f3c0f94.png
- a####.####.com/video/apk/00/00/feb79337-c73c-4c3c-8111-552bc91b0a3a.png
- vid####.####.com/images/1.jpg
- a####.####.com/video/apk/00/00/21d6dcb3-0e57-4a4b-bddb-89ed0471db61.png
- a####.####.com/video/apk/00/00/ea711007-d8ee-4d79-9316-fb36f44ec761.jpg
- a####.####.com/video/apk/00/00/88993f67-54be-4e84-b2a1-628fabcb7e77.png
- a####.####.com/video/apk/00/00/796308ad-ff56-409f-995d-04f67500dd74.jpg
- vid####.####.com/index.html
- a####.####.com/video/apk/00/00/0f204774-19fd-4a66-9678-95639b491c88.png
- vid####.####.com/css/swiper.min.css
- a####.####.com/video/apk/00/00/c3be9b8c-8b65-4389-ada9-a6b544a16deb.png
- vid####.####.com/images/bar.png
- a####.####.com/video/apk/00/00/14f29dd5-f56b-4e31-a8f7-2528f14fdc74.png
- vid####.####.com/video-msc/f_101_10_1.service?typeId=####&area=####&m17=####&m9=####&m16=####&m15=####&m14=####&m5=####&m6=####&m7=####&m18=####&m8=##...
- vid####.####.com/images/point.png
- a####.####.com/video/apk/00/00/b309983a-a5c4-4ff9-8b89-6609942dda86.png
- a####.####.com/video/apk/00/00/d29bc828-318e-4fcc-8041-3da721846878.png
- a####.####.com/video/apk/00/00/477de22b-ced1-4b49-823f-145360404d46.png
- a####.####.com/video/apk/00/00/d5ad1ac9-9f26-43a1-9b40-ad2dcbb82c02.png
- vid####.####.com/js/swiper.min.js
- a####.####.com/video/apk/00/00/8b45fb43-845e-452c-85f1-8b3aed733a27.png
- a####.####.com/video/apk/00/00/13d23a5d-2e03-449d-bf88-1b3fe63aaeca.png
- vid####.####.com/images/more.png
- a####.####.com/video/apk/00/00/0556abe5-fe5d-4e05-8625-4d05bab1338f.png
- vid####.####.com/images/selection-selected.png
- a####.####.com/video/apk/00/00/916ecc15-2ed9-48a6-a1ca-9744532baae7.png
- a####.####.com/video/apk/00/00/79a00830-4664-4b8c-9f56-89e0b5dad12c.jpg
- vid####.####.com/video-msc/f_104_10_1.service?area=####&m17=####&m9=####&m16=####&m15=####&m14=####&m5=####&m6=####&m7=####&m18=####&m8=####&m1=####&m...
- a####.####.com/video/apk/00/00/c39e89e2-2e38-4b6a-b46a-42e54c4c9ebd.png
- a####.####.com/video/apk/00/00/f6947547-d9f5-4a21-a95f-bb3fc4ba59dd.png
- a####.####.com/video/apk/00/00/7d61461a-e9c7-482c-8a1d-689ec020e520.png
- vid####.####.com/js/base.js
Запросы HTTP POST:
- api####.####.com/v3/log/init
- pa####.####.com/pay-sms-access//uploadOpenPayOrderResult.json?
- pa####.####.com/mobile-service/getOpenImsiMobilePhone.json
- pa####.####.com/pay-sms-access//uploadSmsDetailInfo.json?
- pa####.####.com/pay-data-collect/collectAppStartUserData.json
- pa####.####.com/pay-data-collect/uploadChannelNormalData.json
- pa####.####.com/pay-sms-access//getAccessPayChannel.json
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/databases/dynamicamapfile.db-journal
- /data/data/####/files/libso/tempfile
- /data/data/####/databases/db
- /data/data/####/app_plugin_dir/com.souying.tools.sms/1.0_1/base-1.apk
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/cache/webviewCacheChromium/f_00002a
- /data/data/####/cache/1485418699344.apk
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/cache/1485418698924.apk
- /data/data/####/cache/1485418699588.apk
- /data/data/####/cache/1485418699432.apk
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000026
- /data/data/####/cache/webviewCacheChromium/f_000025
- /data/data/####/cache/webviewCacheChromium/f_000024
- /data/data/####/cache/webviewCacheChromium/f_000023
- /data/data/####/cache/webviewCacheChromium/f_000022
- /data/data/####/cache/webviewCacheChromium/f_000021
- /data/data/####/cache/webviewCacheChromium/f_000020
- /data/data/####/cache/webviewCacheChromium/f_000029
- /data/data/####/cache/webviewCacheChromium/f_000028
- /data/data/####/app_apCoreplugn/sm.apk
- /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/dalvik-cache/base-1.dex
- /data/data/####/app_plugin_dir/com.souying.syhy/1.0_1/base-1.apk
- /data/data/####/app_apCoreplugn/ZIP/res-20161010-NewServer.bin
- /data/data/####/app_apCoreplugn/sn.apk
- /data/data/####/app_apCoreplugn/smaip.apk
- /data/data/####/shared_prefs/plugins.serviceMapping.xml
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/cache/1485418699145.apk
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/app_plugin_dir/com.souying.pay.plugin.ui/1.0_1/base-1.apk
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/app_apCoreplugn/smt.apk
- /data/data/####/app_plugin_dir/com.souying.net/1.0_1/base-1.apk
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/shared_prefs/com.souying.pay.xml
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/files/mobclick_agent_cached_####1001
- /data/data/####/databases/recordInfo-journal
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/app_apCoreplugn/shy.apk
- /data/data/####/shared_prefs/com.souying.pay.plugmain_p_config.xml
- /data/data/####/cache/webviewCacheChromium/f_000018
- /data/data/####/cache/webviewCacheChromium/f_000019
- /data/data/####/cache/webviewCacheChromium/f_000016
- /data/data/####/cache/webviewCacheChromium/f_000017
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/cache/webviewCacheChromium/f_000015
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /sdcard/Android/data/.nomedia
- /data/data/####/databases/cc/cc.db-journal
- /data/data/####/shared_prefs/plugins.installed.xml
- /data/data/####/app_plugin_dir/com.souying.pay.plugin.ui/1.0_1/dalvik-cache/base-1.dex
- /data/data/####/cache/1485418699243.apk
- /data/data/####/app_plugin_dir/com.souying.syhy/1.0_1/dalvik-cache/base-1.dex
- /data/data/####/databases/com.souying.pay.plugmain_sy_pay_record-journal
- /data/data/####/cache/webviewCacheChromium/f_00001f
- /data/data/####/cache/webviewCacheChromium/f_00001d
- /data/data/####/cache/webviewCacheChromium/f_00001e
- /data/data/####/cache/webviewCacheChromium/f_00001b
- /data/data/####/cache/webviewCacheChromium/f_00001c
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/app_apCoreplugn/sui.apk
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/shared_prefs/sy_pay_config.xml
- /data/data/####/shared_prefs/appinfos.xml
- /data/data/####/databases/db-journal
- /data/data/####/databases/social_ad_db-journal
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/shared_prefs/sy_pay_config.xml.bak
- /data/data/####/databases/cc/cc.db
- /data/data/####/app_plugin_dir/com.souying.tools.sms/1.0_1/dalvik-cache/base-1.dex
- /data/data/####/databases/dynamicamapfile.db
- /data/data/####/app_plugin_dir/com.souying.pay.plugmain/1.0_100/base-1.apk
- /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/base-1.apk
- /data/data/####/app_plugin_dir/com.souying.net/1.0_1/dalvik-cache/base-1.dex
- /data/data/####/cache/webviewCacheChromium/f_00001a
- /data/data/####/cache/webviewCacheChromium/f_000027
- /data/data/####/files/libso/libwgs2gcj.so
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/app_plugin_dir/com.souying.sysms/1.0_1/dalvik-cache/base-1.dex
Другие:
Запускает следующие shell-скрипты:
- cat /proc/version
Может автоматически отправлять СМС-сообщения.
