Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.304.origin
Сетевая активность:
Подключается к:
- android####.####.com
- y####.####.com
- h####.####.com
- 1####.####.184
- l####.####.cn
- a####.####.cn
- w####.####.com
- api####.####.com
- res####.####.com
- i####.####.cn
- a####.####.com
- a####.####.com:443
Запросы HTTP GET:
- android####.####.com/fs08/2016/10/26/1/110_0deabe44f162934e4de5790dcd81c89b_con.png
- android####.####.com/fs08/2017/02/27/11/109_b1dd3b568bb2ae518eb1116f347ab768_con.png
- a####.####.cn/fs08/2016/12/08/3/47cd2d99e6126d7f59d9458cad5e9943.jpg
- android####.####.com/fs08/2017/02/27/2/109_1902dc5d93afd6f0288dc7d134c0fc4d_con.png
- android####.####.com/fs08/2017/02/23/3/110_1467c9aecb949b95e9a0f3027a129a96_con.png
- android####.####.com//fs08/2017/02/27/7/109_a4aa92c3cdd56601239262bcb4a39d83_234x360.jpg
- android####.####.com/fs08/2017/02/27/11/109_6e59448ecaedd67ea792353279d1bf3b_con.png
- android####.####.com/fs08/2017/02/27/0/109_abd4bec228c28e3009454d85d27a04ff_con.png
- a####.####.cn/fs08/2016/12/20/10/1812cf33159a9614704a0f26112221dd.jpg
- a####.####.cn/uploadfile/android/poster/images/2015/1226/201512261451142269398.png
- android####.####.com/fs08/2017/02/27/0/109_e8ad3c747a3405dc2aaf15aad76f622b_con.png
- a####.####.cn/fs08/2017/02/23/11/4ad237a54e7d61162842d84db5ecbfbd.jpg
- a####.####.cn/uploadfile/android/poster/images/2015/1226/201512261451142207752.png
- i####.####.cn/n/pp/15/4Vb3788A-0UK302PSf
- a####.####.cn/uploadfile/android/poster/images/2015/1226/201512261451142222055.png
- a####.####.cn/fs08/2017/02/27/11/7e8e47071bf98b460f4251c341d1df7f.png
- android####.####.com/fs08/2017/02/27/8/109_07885bbf1fb4a9570e737e9539af77ec_con.png
- y####.####.com/m/um.htm?c=####
- android####.####.com/fs08/2017/02/08/2/1_0e90a2882c9c9e090ee34c76f4ec9efb_con.png
- android####.####.com//fs08/2017/02/27/8/109_d29946d460eb763ec94cfed77c56143e_234x360.jpg
- a####.####.cn/fs08/2017/02/18/3/c05e49a22981492b192bdd0ba3de1102.jpg
- android####.####.com/fs08/2017/02/27/5/109_da0c68aa71c150cc4cdcef51fa16bcea_con.png
- a####.####.cn/uploadfile/android/poster/images/2015/1226/201512261451142194927.png
- i####.####.cn/n/pp/17/edfb9a7f25bea98c5588bf4535865ce9f
- a####.####.cn/fs08/2017/02/20/7/3f6ab6a34e0bc0e334ec95e83ccdfaa2.jpg
- a####.####.com/rest/abtest?logid=####&ak=####&av=####&c=####&v=####&s=####&d=####&sv=####&p=####&t=####&u=####&is=####
- android####.####.com/fs08/2017/02/27/5/109_1d0f8c71db4246716c9b6ff3e2acf320_con.png
- android####.####.com//fs08/2017/02/27/5/109_7197655e403612dfd1c2f753a8021dd1_234x360.jpg
- android####.####.com/fs08/2016/12/17/7/115_a031d3d2750af45d4f22a2ec90155a80_con.png
- android####.####.com/fs08/2017/02/27/5/109_ac883cdec0f30ca29c62df3585e502a9_con.png
- android####.####.com//fs08/2017/02/27/0/109_85a2ad5b2878ff3e89e953e2f6048fd4_234x360.jpg
- android####.####.com/fs08/2017/02/27/9/109_854398e5c221a153d9d70df6f40421ea_con.png
- a####.####.cn/fs08/2017/02/27/7/86a72fe70db38cc63418d3c2958482cb.jpg
- android####.####.com/fs08/2017/02/16/10/110_1734a9d9098e9d39e6b687871d3a65f5_con.png
- android####.####.com/fs08/2017/02/22/0/110_94dac96d6c7b8048adf052d683b30915_con.png
- a####.####.cn/uploadfile/android/poster/images/2015/1226/201512261451142255239.png
- android####.####.com/fs08/2017/02/27/1/112_488248ca999a3869fc2297c1ad96a656.png
- android####.####.com//fs08/2017/02/27/3/109_e429d75c2c72c4b320cf374993e45733_234x360.jpg
Запросы HTTP POST:
- l####.####.cn/api/log.getSecurityId
- l####.####.cn/api/resource.gift.getInstalledGift
- l####.####.cn/api/op.ad.getAds
- l####.####.cn/api/op.rec.app.getOneKeyInstallRecAppList
- l####.####.cn/api/jfb.getJfbAppDetail
- l####.####.cn/api/resource.app.getType
- l####.####.cn/api/op.ad.getAdses
- h####.####.com/utdid_pp_helper/get_aid/?auth[token]=####&type=####&id=####&aid=VS2####
- l####.####.cn/api/op.config.list
- l####.####.cn/api/jfb.listJfbAreaApp
- l####.####.cn/api/op.rec.app.checkUpdate
- a####.####.com/rest/gc?dd=####&nsgs=####&ak=####&av=####&c=####&v=####&s=####&d=####&sv=####&p=####&t=####&u=####&is=####
- l####.####.cn/api/jfb.getJfbAppExtInfo
- w####.####.com/api/update.do
- a####.####.com/rest/sur?ak=####&av=####&c=####&v=####&s=####&d=####&sv=####&p=####&t=####&u=####&is=####
- l####.####.cn/api/resource.app.checkUpdateV1
- a####.####.com:443/amdc/mobileDispatch
- api####.####.com/v3/log/init
- 1####.####.184/interface/negotiate
- y####.####.com/saveWb.json
- l####.####.cn/api/op.collection.getListByTimeRange
- l####.####.cn/api/behavior.score.getScore
- l####.####.cn/api/log.upload
- l####.####.cn/api/combine
- l####.####.cn/api/op.task.getLatestAvailableActivityId
- a####.####.com/amdc/mobileDispatch
- res####.####.com/v3/fastconnect?
- l####.####.cn/api/log.setPromoter
- l####.####.cn/api/op.rtb.getAds
- h####.####.com/utdid_pp_helper/get_aid/?auth[token]=####&type=####&id=####&aid=####
- 1####.####.184/interface/data
- l####.####.cn/api/puid.getId
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/files/wastat/wa/sv/21qfsgpsnbodf_1485415294976002106.wa
- /data/data/####/shared_prefs/UTMCLog-1675177402.xml
- /data/data/####/shared_prefs/app_setting_prefs.xml
- /sdcard/Android/data/####/cache/disk/temp/8c8a1463d864c204a2cc102e91dc7249.0
- /data/data/####/shared_prefs/Alvin2.xml
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.meminfo
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.uptime
- /sdcard/Android/data/####/cache/disk/image/f546f0f6b802722f8c0e46dd53a60bd6.0
- /data/data/####/files/wastat/wa/sv/22rgthqtocpeg_1485415326443002106.wa
- /data/data/####/cache/tmp-1847835108.tmp
- /data/data/####/databases/accs.db-journal
- /data/data/####/databases/pp_db_2-journal
- /data/data/####/files/1d77ea041509fe06.lock
- /sdcard/.DataStorage/ContextData.xml
- /data/data/####/files/wastat/wa/sv/16iuxkV1_1485415298663002106.wa
- /sdcard/Android/data/####/cache/disk/image/c49335c9ea0dc371be9e6048421e0bb8.0
- /data/data/####/files/230OOp11
- /data/data/####/databases/webview.db-journal
- /data/data/####/files/wastat/wa/sv/5/59vxwr2x0_1485415315469002106.wa
- /sdcard/Android/data/####/cache/disk/temp/7193c0f289bd09ae9462293bbbfff95f.0
- /data/data/####/amodel/b
- /sdcard/Android/data/####/cache/disk/image/eff1e876fb9f2a142be89a190d4e00d7.0
- /sdcard/Android/data/####/cache/disk/image/51c129557e48297233f3e04b3a30f349.0
- /data/data/####/shared_prefs/UTMCConf-1675177402.xml
- /data/data/####/shared_prefs/share_data.xml
- /data/data/####/crashsdk/tags/ECIVRESPP1TNATSISSA0PP0MOC.bb
- /data/data/####/files/wastat/wa/lo
- /data/data/####/files/0a231bd8575dcf72.txt
- /sdcard/Android/data/####/cache/disk/temp/c82577278f0957169ad54a7dce576e49.t
- /sdcard/Android/data/####/cache/disk/image/aab47ea8e83b650a699d0d9e164f0775.0
- /sdcard/Android/data/####/cache/disk/image/0cf180ae3af2878c8fa69d6b30bb7024.0
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.start
- /data/data/####/shared_prefs/downloader_pref.xml
- /sdcard/Android/data/####/cache/disk/image/4c40822477be9c5d641761526385ea51.0
- /data/data/####/shared_prefs/config_1.xml
- /sdcard/Android/data/####/cache/disk/temp/23ea9efa3b17e3eeb61b15df2b3fc228.0
- /sdcard/Android/data/####/cache/disk/temp/54abad93c875d12496f5b335824c3d32.t
- /sdcard/.system/gifnoc.ini
- /data/data/####/shared_prefs/OfJbkLdFbPOMbGyP.xml.bak
- /sdcard/.UTSystemConfig/Global/Alvin2.xml
- /sdcard/Android/data/####/cache/disk/image/74ae9b3a3d16f2d4478f9e9b0c4364f2.0
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.ff
- /sdcard/Android/data/####/cache/disk/image/149484539846780904b63771431a99e4.0
- /data/data/####/shared_prefs/googlesdk.xml.bak
- /data/data/####/files/wastat/wa/sv/27wlymvythujl_1485415301600002106.wa
- /sdcard/Android/data/####/cache/disk/image/b66f958c16308581e69f1cdc099834e3.0
- /sdcard/.system/ProfileData
- /data/data/####/files/wastat/wa/sv/1/17mvyjlk_1485415324389002106.wa
- /data/data/####/shared_prefs/UTCommon.xml.bak
- /sdcard/Android/data/####/cache/disk/image/7e7fd46ce10ff9a1dbff4657a8a8c599.0
- /data/data/####/shared_prefs/config_1.xml.bak
- /sdcard/Android/data/####/cache/disk/image/208b6f5810c3376048181bd0ff3c56a1.0
- /data/data/####/files/wastat/wa/sv/15uwtHtwj_1485415298662002106.wa
- /data/data/####/files/permission.json
- /sdcard/Android/data/####/cache/disk/image/21d37532300e1b00543bfdfc6b5c0cd5.0
- /data/data/####/files/49814c4f5ac2f2f9.lock
- /data/data/####/shared_prefs/UTMCLog-189253699.xml
- /sdcard/Android/data/####/cache/disk/image/f46baa50eeebb6835ee915809260f63d.0
- /data/data/####/shared_prefs/share_data.xml.bak
- /data/data/####/files/beanfile/ZGlzY292ZXJfdGFiX2JlYW4=
- /data/data/####/files/wastat/wa/sv/21qfsgpsnbodf_1485415298498002306.wa
- /sdcard/Android/data/####/cache/disk/image/b48e8f4ff3908fa4991ad21bd4260136.0
- /data/data/####/shared_prefs/SGMANAGER_DATA.xml.bak
- /data/data/####/shared_prefs/googlesdk.xml
- /sdcard/Android/data/####/cache/disk/image/e501cf414d96afc00e0adb178055a1aa.n
- /data/data/####/files/wastat/wa/sv/1/12eqtgRx_1485415316190002106.wa
- /data/data/####/files/cyjzd.apk
- /data/data/####/crashsdk/tags/unique
- /data/data/####/files/sp.lock
- /data/data/####/databases/WaValue.db-journal
- /sdcard/Android/data/.nomedia
- /data/data/####/shared_prefs/UTMCConf-189253699.xml
- /data/data/####/files/wastat/wa/sv/53prqlwru_1485415324385002106.wa
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.pid
- /sdcard/Android/data/####/cache/disk/temp/230234920bdbcad2df5d5ccc335e214b.t
- /data/data/####/files/wastat/wa/sv/44w2wxiq_1485415324386002106.wa
- /sdcard/Android/data/####/cache/disk/temp/fa2c834f41f8b0a2869dd4f70374e08b.t
- /data/data/####/files/libsecuritysdkx-3.1.45.so.tmp
- /sdcard/Android/data/####/cache/disk/temp/155d7a7b182a7933ef0e56d34f4126a1.0
- /data/data/####/files/wastat/wa/sv/53prqlwru_1485415298660002106.wa
- /sdcard/Android/data/####/cache/disk/temp/96591cf4b0d8ede59104be5e35968b7c.0
- /data/data/####/files/release.ini
- /sdcard/Android/data/####/cache/disk/temp/827a1b14d73eae2e5841a1070fb1b528.t
- /sdcard/Android/data/####/cache/disk/image/198ed559a79f0d726be2fe3ec168ce70.0
- /data/data/####/shared_prefs/ffc1d42b1ca5e3db2657d00b91997f6a.xml
- /data/data/####/files/wastat/wa/sv/2/21qfsgpsnbodf_1485415315470002106.wa
- /data/data/####/files/wastat/wa/sv/2/25ujwktwrfshj_1485415324387002106.wa
- /sdcard/Android/data/####/cache/disk/image/32143f9c8b2231e89017c08246b9ee2d.0
- /data/data/####/files/wastat/wa/sv/21qfsgpsnbodf_1485415298786002121.wa
- /data/data/####/files/wastat/wa/sv/28xmznwzuivkm_1485415326163002106.wa
- /data/data/####/files/DaemonServer
- /sdcard/.com.taobao.dp/6c709c11d2d46a7b
- /sdcard/.UTSystemConfig/Global/Alvin2.xml.bak
- /data/data/####/shared_prefs/SGMANAGER_DATA.xml
- /data/data/####/files/wastat/wa/sv/18kwzmX3_1485415301601002106.wa
- /sdcard/Android/data/####/cache/disk/image/e2d49f307b5f165678d18e5a72da52ef.0
- /data/data/####/files/wastat/wa/sv/1/16iuxkV1_1485415324388002106.wa
- /data/data/####/shared_prefs/ACCS_SDK.xml
- /data/data/####/files/wastat/wa/sv/21qfsgpsnbodf_1485415326318002106.wa
- /sdcard/Android/data/####/cache/disk/image/9836b6e41b4b6092030e5c774ace5233.0
- /sdcard/Android/data/####/cache/newlocationCache/journal
- /sdcard/Android/data/####/cache/disk/temp/58678f0c2ba1789234b35d82298ad11e.t
- /data/data/####/files/wastat/wa/sv/19lx0nY4_1485415326164002106.wa
- /sdcard/Android/data/####/cache/disk/image/8105ca44dbf5c5d2fe495b8d5551d2c6.0
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.time
- /data/data/####/databases/pp_http_db-journal
- /sdcard/Android/data/####/cache/newlocationCache/journal.tmp
- /sdcard/.com.taobao.dp/dd7893586a493dc3
- /data/data/####/files/wastat/wa/sv/24tivjsvqergi_1485415326847002106.wa
- /data/data/####/shared_prefs/4758eab57875cdf40fe7d21ca8afb18d.xml
- /data/data/####/files/wastat/wa/sv/52oqpkvqt_1485415298015002106.wa
- /data/data/####/files/wastat/wa/sv/21qfsgpsnbodf_1485415299837002153.wa
- /data/data/####/shared_prefs/OfJbkLdFbPOMbGyP.xml
- /data/data/####/databases/db_downloader-journal
- /data/data/####/shared_prefs/ContextData.xml
- /sdcard/.system/new_flag
- /data/data/####/files/wastat/wa/sv/24tivjsvqergi_1485415298661002106.wa
- /sdcard/Android/data/####/cache/disk/image/2085fde52a5ecf508321010d90cb0963.0
- /data/data/####/shared_prefs/UTCommon.xml
- /sdcard/Android/data/####/cache/disk/journal.1
- /data/data/####/files/agoo.pid
- /data/data/####/shared_prefs/last_known_location.xml
- /data/data/####/files/wastat/wa/sv/23shuirupdqfh_1485415326724002106.wa
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.ps
- /sdcard/.com.taobao.dp/hid.dat
- /data/data/####/crashsdk/tags/TNATSISSA0PP0MOC.bb
- /data/data/####/files/wastat/wa/sv/21qfsgpsnbodf_1485415299734002183.wa
- /sdcard/Android/data/####/cache/disk/image/bbf39050e175e3dd649e2a040dc510ca.0
- /data/data/####/HasStarted
- /sdcard/Android/data/####/cache/disk/temp/bce30f1eebdc9ad180d092127235d3c0.0
- /data/data/####/shared_prefs/ACCS_COOKIE.xml
- /sdcard/Android/data/####/cache/disk/image/76ced36a7addce3c1548c5fc9d354976.0
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/49814c4f5ac2f2f9.lock
- /data/data/####/amodel/b
- /data/data/####/files/1d77ea041509fe06.lock
- /data/data/####/files/DaemonServer
Другие:
Может автоматически отправлять СМС-сообщения.
