Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.455.origin
- Android.DownLoader.348.origin
Сетевая активность:
Подключается к:
- c####.####.com
- m####.####.com
- a####.####.com
- h####.####.com
- i####.####.com
Запросы HTTP GET:
- c####.####.com/it/u=1834468579,3157651676&fm=20
- a####.####.com/adapp_static/clientconfig/img/hot.png
- m####.####.com/video?static=####&mtj_cuid=####&mtj_timestamp=####
- c####.####.com/video/pic/item/b3119313b07eca806b815c43982397dda0448389.jpg
- a####.####.com/adnativeindex/?version=####&mtj_cuid=####&mtj_timestamp=####
- a####.####.com/adapp_static/clientconfig/img/tvshow_home.png
- c####.####.com/it/u=3204917301,4029652681&fm=20
- a####.####.com/adapp_static/clientconfig/img/tvplay_home.png
- a####.####.com/adapp_static/clientconfig/img/yuanchuang.png
- a####.####.com/adapp_static/clientconfig/img/amuse.png
- a####.####.com/adapp_static/clientconfig/img/tvplay.png
- c####.####.com/video/pic/item/08f790529822720e3e7fd34472cb0a46f31fabde.jpg
- a####.####.com/adnativeindex/?req=####&version=####&mtj_cuid=####&mtj_timestamp=####
- a####.####.com/adapp_static/clientconfig/img/comic.png
- c####.####.com/it/u=111785332,2830703965&fm=20
- a####.####.com/adapp_static/clientconfig/img/ranking.png
- a####.####.com/adapp_static/clientconfig/img/movie.png
- c####.####.com/it/u=3101249441,1797692952&fm=20
- c####.####.com/video/pic/item/bd315c6034a85edf1960cb8440540923dc5475ac.jpg
- c####.####.com/video/pic/item/8435e5dde71190ef0ce8a061c71b9d16fdfa6078.jpg
- c####.####.com/video/pic/item/4b90f603738da977c260b095b951f8198718e3c5.jpg
- c####.####.com/it/u=664026309,977822197&fm=20
- c####.####.com/it/u=2153243314,154913709&fm=20
- c####.####.com/video/pic/item/730e0cf3d7ca7bcb3e22f791b7096b63f624a836.jpg
- c####.####.com/video/pic/item/e7cd7b899e510fb35ccec832d033c895d0430cbb.jpg
- a####.####.com/adapp_static/clientconfig/img/comic_home.png
- a####.####.com/adapp_static/clientconfig/img/sport.png
- c####.####.com/it/u=3691567151,3569947713&fm=20
- c####.####.com/it/u=4169292969,291351244&fm=20
- c####.####.com/video/pic/item/8694a4c27d1ed21bd7fdea40a46eddc451da3f5b.jpg
- c####.####.com/video/pic/item/5882b2b7d0a20cf482147e797f094b36adaf9994.jpg
- c####.####.com/video/pic/item/d31b0ef41bd5ad6ea0f9014e88cb39dbb6fd3c15.jpg
- a####.####.com/adapp_static/clientconfig/img/music.png
- a####.####.com/adapp_static/clientconfig/img/yule.png
- a####.####.com/adapp_static/clientconfig/img/home.png
- c####.####.com/it/u=2035335663,1178987307&fm=20
- c####.####.com/it/u=345282297,3377854367&fm=20
- c####.####.com/video/pic/item/dbb44aed2e738bd4b74e838fa88b87d6277ff924.jpg
- a####.####.com/adapp_static/clientconfig/img/info.png
- c####.####.com/it/u=486972129,3341243867&fm=20
- c####.####.com/video/pic/item/902397dda144ad345938d620d9a20cf430ad8595.jpg
- c####.####.com/video/pic/item/4afbfbedab64034fd8c1bba1a6c379310a551d0c.jpg
- c####.####.com/video/pic/item/0eb30f2442a7d933b0bcb9d4a44bd11373f00104.jpg
- a####.####.com/adapp_static/clientconfig/img/tvshow.png
- a####.####.com/adapp_static/clientconfig/img/yingyin.png
- c####.####.com/video/pic/item/c2cec3fdfc0392456c9bdea88e94a4c27d1e256e.gif
- c####.####.com/video/pic/item/8b82b9014a90f603bf2b99e63012b31bb151edfc.jpg
- a####.####.com/adapp_static/clientconfig/img/movie_home.png
- c####.####.com/it/u=259645576,4151477067&fm=20
Запросы HTTP POST:
- a####.####.com/utf8_data/android_channel/start_logo.js/?appname=####&channel=####&verCode=####&verName=####&dpi=####&mtj_cuid=####&mtj_timestamp=####
- a####.####.com/postlog/?app=####
- a####.####.com/adapp_static/clientconfig/json/nav_3.6.json/?appname=####&channel=####&verCode=####&verName=####&mtj_cuid=####&mtj_timestamp=####
- h####.####.com/app.gif
- i####.####.com/r?qt=####&ap=####&os=####&ak=####
- m####.####.com/open/iasdk?cuid=####&cua=####&cut=####&sdfrom=####&lcid=####
- a####.####.com/adapp_static/clientconfig/json/cfg.json/?appname=####&channel=####&verCode=####&verName=####&mtj_cuid=####&mtj_timestamp=####
Изменения в файловой системе:
Создает следующие файлы:
- /sdcard/baidu/videooem2/cache/70i0h1a2odbn2whxrbkqjfusz
- /sdcard/baidu/videooem2/cache/ch7r3dz31slxni8jrlw5rdbm
- /data/data/####/files/md5.tmp
- /sdcard/baidu/videooem2/cache/41sbsdgv2a5aezq4m2jzrcehi
- /sdcard/baidu/videooem2/cache/1j1kmfg3wn23offdjotay2un7
- /sdcard/baidu/videooem2/cache/s7koxsr46sqzgrn9baip89w3
- /sdcard/baidu/videooem2/log/217c39209e515c8780d9c2dd7b1a7fc8.log
- /sdcard/baidu/videooem2/cache/40vu3e5pds038f1xnrkaa1b4j
- /sdcard/baidu/videooem2/cache/7grx8yv4ltyuwjpi154ku2r7p
- /sdcard/baidu/videooem2/cache/3ylgc5gm470d5nm5c5u8e229m
- /sdcard/baidu/videooem2/cache/5fvy8ir1z1ys8bvjylpjjsnpl
- /sdcard/baidu/videooem2/cache/5s1pea9cds5ica21byfwj6105
- /sdcard/baidu/videooem2/cache/1jw3rvmmtb0in9slocq5f321w
- /sdcard/baidu/videooem2/cache/6qajaj06xp130gmd5n1zqc8h6
- /data/data/####/files/splash.tmp
- /data/data/####/shared_prefs/pst.xml
- /sdcard/baidu/videooem2/cache/h1rcik8a9ly1gt240xrlzhx7
- /sdcard/baidu/videooem2/cache/73z1ojjwt7og9k13wxov0eu7s
- /data/data/####/shared_prefs/itrategy_io_356507059351895.xml.bak
- /data/data/####/shared_prefs/i_fionf_pre356507059351895.xml.bak
- /sdcard/baidu/videooem2/cache/pmwuaj7bj7ateeavr7ht6p3r
- /sdcard/baidu/videooem2/cache/4wk5e5qbskhrv5epexlm5qvj3
- /data/data/####/shared_prefs/coni_io_356507059351895.xml
- /data/data/####/shared_prefs/i.xml
- /sdcard/baidu/videooem2/cache/5uhvztwjtihzgvxy337cn8eii
- /sdcard/baidu/videooem2/cache/63299nz36fpbvohrzr573yvl5
- /data/data/####/shared_prefs/bids.xml
- /sdcard/baidu/Common/.uuid
- /sdcard/baidu/videooem2/cache/.nomedia
- /sdcard/baidu/.cuid
- /sdcard/baidu/videooem2/cache/4ab17d0jm810wqsf4e5ejhqqi
- /sdcard/baidu/videooem2/cache/5s6u2sin39ub5pum5t7ldhpk0
- /sdcard/baidu/videooem2/cache/2kiodqcf9bwdk67ro06ut0hdk
- /sdcard/baidu/videooem2/cache/5bhbkz9l0qy0j8abaozv1qh26
- /data/data/####/shared_prefs/application.xml
- /sdcard/baidu/videooem2/cache/2sxj28wmt5vzuahkteemv59ui
- /sdcard/baidu/videooem2/cache/6803sjpahito5f61mejqglqea
- /sdcard/baidu/videooem2/cache/2bwp6feh4avo1ljv9lpfj6u5c
- /sdcard/baidu/videooem2/cache/1rf6wa73ids4jqlghvs6le4nc
- /data/data/####/shared_prefs/bdvideo.xml
- /data/data/####/shared_prefs/bdvideo.xml.bak
- /sdcard/baidu/videooem2/.nomedia
- /sdcard/baidu/videooem2/cache/4ry4q625rvvbs8qq30t3hox1
- /sdcard/baidu/videooem2/cache/32xi0iatfynda7ekqoxsme35i
- /data/data/####/shared_prefs/itrategy_io_356507059351895.xml
- /sdcard/baidu/videooem2/cache/5x0rf029el3uwfluwnol1zeyc
- /sdcard/baidu/videooem2/cache/4vldx0dpmow5qcdw8kcrima81
- /data/data/####/files/14854234724549.jar
- /sdcard/baidu/videooem2/log/5981cd73fb14a73bbdf22071ec4413e0.log
- /data/data/####/databases/E_ID356507059351895.db-journal
- /sdcard/baidu/videooem2/cache/19qacu6wfwx5s3y9fnwrdwapk
- /sdcard/baidu/videooem2/cache/1jin1b6sxuv0amcczx2kc9v19
- /data/data/####/shared_prefs/####.push_sync.xml
- /sdcard/baidu/videooem2/cache/3k95x2pl7r21tkw8ktv3j20pr
- /sdcard/baidu/videooem2/cache/1r4qkeciagpmywy0y8tfnjbeg
- /sdcard/baidu/videooem2/cache/2480giutm0mbh3ed7gtumz950
- /data/data/####/shared_prefs/i_fionf_pre356507059351895.xml
- /data/data/####/shared_prefs/iappInfo_io_356507059351895.xml.bak
- /data/data/####/files/__local_stat_cache.json
- /data/data/####/files/__local_last_session.json
- /sdcard/baidu/videooem2/cache/1ahdlml7sxktzzipx02uxjt9t
- /data/data/####/shared_prefs/coni_io_356507059351895.xml.bak
- /data/data/####/shared_prefs/iappInfo_io_356507059351895.xml
- /data/data/####/files/14854234721730.jar
- /data/data/####/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
- /sdcard/baidu/videooem2/cache/2rusrs1bdseghsi0dvmf1nx1m
- /sdcard/baidu/videooem2/cache/36a503meyn6rpqggpanf891ln
- /sdcard/baidu/videooem2/cache/6d0dcruisiirxjcn3emwkpxav
- /sdcard/baidu/videooem2/cache/7eklfaruhmmg44222f4et9nb1
- /sdcard/baidu/videooem2/cache/3m8n5yf2g8rols9uvcoo7o0hd
- /sdcard/baidu/videooem2/cache/10fvlvp0g38x6tupj15mb9ipz
- /sdcard/baidu/videooem2/cache/3uar9mqirk3e7j9d7miaintg9
- /data/data/####/databases/bdplayer_database-journal
- /data/data/####/shared_prefs/####.pref_vslib_info.xml
- /sdcard/baidu/videooem2/cache/1rxp6uz4e35xi9m59ibfm402t
- /sdcard/baidu/videooem2/cache/84xsrwc5besokk9cm8nintv5
- /data/data/####/databases/db_d.db-journal
Другие:
Запускает следующие shell-скрипты:
- mount
Может автоматически отправлять СМС-сообщения.
