Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.MobiDash.1.origin
Сетевая активность:
Подключается к:
- s####.####.com
- go####.####.hk
- sta####.####.com
- and####.####.com
- 7j####.####.com
- max####.com
- pu####.####.com
- m####.####.com
- c-h####.####.com
- m####.####.cn
Запросы HTTP GET:
- 7j####.####.com/tdata_fcN531
- m####.####.com/resource/quickdial/quickdial148.xml
- m####.####.cn/webapp/app/2016/07/01/14673609904576.png
- 7j####.####.com/tdata_ueq615
- m####.####.com/resource/searchengine/searchengine1.xml
- m####.####.com/resource/ad/ad2.json
- m####.####.com/trends/get_trends.php?country=####&language=####
- m####.####.com/resource/newnavigation/newnavigation1.html
- m####.####.com/mxbrowser/mtk_log.php?channelid=####&revision=####&version_code=####&language=####&country=####&imei=####&mac=####&url=####
- m####.####.com/resource/useragent/useragent1.xml
- m####.####.cn/webapp/app/2016/07/01/14673575999912.png
- m####.####.cn/webapp/app/2016/07/01/14673614143015.png
- 7j####.####.com/tdata_qiz011
- sta####.####.com/mx4/enc?keyid=####&data=####
- go####.####.hk/favicon.ico
- m####.####.cn/webapp/app/2016/07/01/14673575563029.png
- m####.####.com/attachment/backend/quickdial148/2014/05/23/14008315041350.png
- m####.####.cn/mxbrowser/resource/alertwindow/auto_fill.json
- s####.####.com/config/hz-hzv3.conf
- m####.####.com/mxbrowser/update.jsp?source_type=####&channelid=####&revision=####&version_code=####&language=####&country=####&update_version=####&ime...
- pu####.####.com/
- m####.####.cn/webapp/getapp.php?os=####&dev=####&apl=####&country=####&lang=####&nav=####&page=####&cv=####&offset=####
- and####.####.com/news/item?v=####&guid=####&id=####§ion_id=####&lang=####&country=####&type=####&from=####&channel=####
- m####.####.com/resource/topsites/topsites2.json
- 7j####.####.com/tdata_fvK585
- and####.####.com/image?id=####§ion_id=####&imgsize=####
- sta####.####.com/phone-1/online?imie=####&ver=####&lan=####&loc=####&pn=####&sys=####&devid=####&vv=####&ss=####&local_mac_address=####&android_id=###...
- m####.####.com/attachment/backend/quickdial148/2013/08/05/13756782260323.png
- m####.####.com/resource/addons/addons2.xml
- m####.####.com/attachment/backend/quickdial148/2015/03/13/14262166262128.png
- m####.####.cn/webapp/app/2016/07/01/14673575279029.png
- m####.####.cn/webapp/app/2016/07/01/14673576289628.png
- m####.####.com/attachment/backend/quickdial148/2014/04/24/13983206781827.png
- m####.####.com/attachment/backend/quickdial148/2013/08/05/13756782075749.png
- m####.####.cn/webapp/app/2016/07/01/14673617556530.png
- and####.####.com/news/channel?v=####&source_type=####&channelid=####&version_code=####&lang=####&country=####&local_version=####
- max####.com/mx/bug/post?deviceid=####&action=####&lang=####
- and####.####.com/news/customize?v=####&guid=####§ion_id=####&length=####&id=####&summary=####&version=####&order=####&country=####&lang=####
- m####.####.cn/webapp/app/2016/07/01/14673574979304.png
- go####.####.hk/complete/search?hl=####&client=####&q=####
- max####.com/mx/bug/post/?deviceid=####&action=####&lang=####
- and####.####.com/imgs/2017/02/26/-7718390199472145061_268x228.jpg
- m####.####.com/attachment/backend/quickdial148/2015/07/15/143694968133315200.png
Запросы HTTP POST:
- sta####.####.com/android/ueip
- m####.####.com/quickdialext/getexturl.php
- s####.####.com/api.htm?format=####&t=####
- c-h####.####.com/api.php?format=####&t=####
- s####.####.com/api.php?format=####&t=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/databases/jks.db-journal
- /data/data/####/files/init.pid
- /data/data/####/files/run.pid
- /sdcard/libs/com.getui.sdk.deviceId.db
- /data/data/####/files/newnavigation.html
- /data/data/####/files/google_hotword.txt
- /data/data/####/shared_prefs/####_preferences.xml
- /sdcard/system/tmp/local/tdata_fcN531
- /data/data/####/files/tdata_qiz011.jar
- /data/data/####/files/addons.xml
- /data/data/####/files/push.pid
- /data/data/####/databases/google_analytics_v2.db-journal
- /data/data/####/files/tdata_ueq615.tmp
- /data/data/####/files/gdaemon_20161017
- /sdcard/system/tmp/local/tdata_qiz011
- /data/data/####/databases/pushext.db-journal
- /data/data/####/app_app_apk/browsershared.dat.jar
- /data/data/####/shared_prefs/gx_sp.xml
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/files/tdata_fvK585
- /data/data/####/files/quickdial.xml
- /data/data/####/files/tdata_fcN531.jar
- /data/data/####/files/ad.json
- /data/data/####/databases/pushsdk.db-journal
- /sdcard/.quickdial/f2fa1aae5ead9f8b05742a383f3f9756
- /data/data/####/app_webIcons/WebpageIcons.db-journal
- /sdcard/libs/com.igexin.sdk.deviceId.db
- /data/data/####/code_cache/secondary-dexes/####-1.apk.classes815273588.zip
- /data/data/####/files/asdfg
- /data/data/####/databases/webview.db-journal
- /sdcard/MxBrowser/.autofill/auto_fill.json
- /data/data/####/databases/mxcommon.db-journal
- /data/data/####/shared_prefs/multidex.version.xml
- /data/data/####/shared_prefs/qd_rcmd.xml.bak
- /data/data/####/databases/pushg.db-journal
- /data/data/####/files/search_engine_identifier.xml
- /sdcard/.quickdial/5fc68b72e6d08a318a3adc0ecc16ff9a
- /sdcard/.quickdial/2d977976e4e819d755b2ef3113395748
- /sdcard/MxBrowser/Temp/356507059351895__4.5.10.5000__300020770100__en__US__4.3.1____20170126081134.zip
- /data/data/####/files/special_ua_websites.xml
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/files/ad.jsonen
- /data/data/####/databases/downloads.db-journal
- /sdcard/libs/####.db
- /data/data/####/files/en_US_quickdial_recommend1.json
- /data/data/####/databases/mxbrowser_default.db-journal
- /sdcard/libs/app.db
- /sdcard/.quickdial/604b9d1b0082ca5bfce1327d84f23262
- /sdcard/.quickdial/a92bca9d58799f6fb155d252e2c53934
- /sdcard/.quickdial/d63d81d5747290856e85e44547e74511
- /data/data/####/files/gaClientId
- /data/data/####/files/tdata_fvK585.jar
- /sdcard/system/tmp/local/tdata_fvK585
- /data/data/####/shared_prefs/####_stats.xml
- /data/data/####/cache/window_thumb/journal
- /data/data/####/databases/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/files/tdata_ueq615.jar
- /data/data/####/shared_prefs/qd_rcmd.xml
- /data/data/####/databases/increment.db-journal
- /data/data/####/files/tdata_qiz011.tmp
- /sdcard/.quickdial/a45435542cb98540278728d85f2e645f
- /sdcard/.quickdial/b0e70f1d4192b12f86363b06b0188ab2
- /data/data/####/files/topsites.json
- /sdcard/system/tmp/local/tdata_ueq615
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/gdaemon_20161017
Другие:
Может автоматически отправлять СМС-сообщения.
