Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 10690133603: auto##137972199##mpl_zhushou##log in with 360
Сетевая активность:
Подключается к:
- sh####.####.com
- g####.####.cn
- go####.nl
- go####.com
- 1####.####.154
- ope####.####.cn
- p####.####.com
- s####.####.cn
- a####.####.cn
- p####.####.cn
- pro####.####.cn
- m####.####.com
- r####.####.com
- m####.####.cn
Запросы HTTP GET:
- p####.####.com/dr/160_160_/t01b7b3c3d304056beb.png
- g####.####.cn/sdkv2/local?u=####&sign=####&version=####&news_sdk_version=####&device=####&f=####&sdkv=####&tabsv=####&market=####&enc=####
- p####.####.com/t01542351724d49438a.png
- p####.####.com/t01189b7e916d73e558.png
- a####.####.cn/intf.php?method=####&devtype=####&m1=####&m2=####&_t=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionnam...
- p####.####.com/t01c3341759777dd697.png
- p####.####.com/t01651c770f85df9ef3.png
- s####.####.cn/info_flow/s.html?uid=####&sign=####&version=####&sdkv=####&sv=####&device=####&t=####&act=####&net=####
- p####.####.com/t01f06bfb4f39f8c5aa.png
- go####.nl/?gfe_rd=####&ei=####
- p####.####.com/dr/160_160_/t0197d8f2570ac2ebd4.png
- p####.####.com/dr/160_160_/t01d7ba4f1b488506b9.png
- p####.####.com/dr/160_160_/t010dd5187e07943b33.png
- p####.####.com/t0138c2ecdf81c51dae.jpg
- ope####.####.cn/Inew/newBanner/?ad=####&tm=####&from=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi...
- p####.####.com/t011606e352b2221891.jpg
- p####.####.com/t01ff1e9b2f7f759896.jpg
- p####.####.com/dr/160_160_/t01e9826276ce49f273.png
- p####.####.com/t01fd6315e0ed6c48f0.png
- p####.####.com/dr/160_160_/t0197513adbf2a581d6.png
- ope####.####.cn/iservice/pluginStatus?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=###...
- go####.com/
- ope####.####.cn/AppPrivMap/getPrivMap?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=###...
- ope####.####.cn/Iservice/FailOver?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=####&re...
- p####.####.com/t01ac4bbeb3a6e9e7f2.png
- ope####.####.cn/AppStore/getHotWordsIconsOfSearch?pos=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&pp...
- p####.####.com/dr/160_160_/t012e47f04d24c3016c.png
- r####.####.com/360baohe/download.php?resurl=####&m=####&m2=####&nt=####&snt=####&ntt=####&sntt=####&isWifi=####&isData=####&isMeter=####&canUseDataNet...
- p####.####.com/dr/160_160_/t011a3b4fef8f52bef0.png
- p####.####.com/dr/160_160_/t014ab1f65d6e0c989c.png
- p####.####.com/t01fb864e87d80b62bd.png
- sh####.####.com/161226/fdfd489a2beac3a3abcbe1c6441d7c76/libimagepipeline.so
- ope####.####.cn/toolsManger/list?ch2=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount...
- p####.####.com/t01faf7f720426f1e25.jpg
- s####.####.cn/sdkv2/tabs?u=####&sign=####&version=####&news_sdk_version=####&device=####&sdkv=####&tabsv=####&market=####
- p####.####.com/t016e77925e59827432.png
- p####.####.com/t019eb8c2991ffe9470.png
- m####.####.com/cfg/appkey-cf6b551afe338f43
- p####.####.com/dr/160_160_/t01054f77f3d5b51bfe.png
- s####.####.cn/sdkv2/city?u=####&sign=####&version=####&news_sdk_version=####&device=####&sdkv=####&tabsv=####&market=####&c=####
- ope####.####.cn/Iservice/AppDetail?s_stream_app=####&market_id=####&sort=####&pname=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=...
- p####.####.com/t01bed22d225a375da4.png
- p####.####.com/t019f8ef4eda051d287.png
- p####.####.com/dr/160_160_/t01187fe8bdf5d44a07.png
- p####.####.com/dr/160_160_/t01fe6f32c1d3478617.png
- s####.####.cn/360baohe/c.html?para=Jm####
- p####.####.com/dr/160_160_/t015084369b3aba887b.png
- p####.####.com/dr/160_160_/t01fa9368d44b4c943f.png
- p####.####.com/t0180e9262f0b036868.png
- p####.####.com/t01e89d596cefabd546.png
- p####.####.com/dr/160_160_/t01cb4f6ef118924184.png
- s####.####.cn/sdkv2/place?u=####&sign=####&version=####&market=####&news_sdk_version=####&performance=####&sdkv=####&f=####
- p####.####.com/t01656c8b102705e16b.png
- p####.####.com/t01d5958938e1bf874a.png
- ope####.####.cn//app/rank?from=####&type=####&prepage=####&curpage=####&page=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=...
- a####.####.cn/intf.php?method=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionname=####&appid=####&_token=####&apivers...
- p####.####.com/t0136e4464f280cb490.png
- 1####.####.154/index.html
- p####.####.com/t01b0ceb13f1b361fb3.png
- ope####.####.cn/HuajiaoCtl/getZsSwitch?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=##...
- p####.####.com/dr/160_160_/t01c2303688612285cd.png
- p####.####.com/dr/160_160_/t01bfdf26d8799979d2.png
- pro####.####.cn/profile/setting/getsetting?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCoun...
- p####.####.com/dr/160_160_/t01d67880b208bcc39a.png
- ope####.####.cn/Iservice/GetIndexHeader?iszip=####&logo_type=####&deflate_field=####&bannertype=####&apiversion=####&prepage=####&curpage=####&os=####...
- ope####.####.cn/html/data/save_uninstall.json
- ope####.####.cn/Iservice/ServerConfig?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=###...
- ope####.####.cn/Cloud/getSoConf?name=####&so_ver=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=###...
- p####.####.com/dr/160_160_/t0118aa42938cb4ba9a.png
- p####.####.com/t01bb6912aca33f6f96.png
- m####.####.cn/baohe/list?version=####&toid=####&pst=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=...
- s####.####.cn/ak/3416a75f4cea9109507cacd8e2f2aefc.html?m2=####
- ope####.####.cn/AppStore/getIsUpdate?ext=####&pname=####&sr=####&mysrc=####&toid=####&sa=####&inma=####&launcher=####&rom=####&AndroidID=####&isnle=##...
Запросы HTTP POST:
- ope####.####.cn/mintf/getAppsByPackNames?src=####&AndroidID=####&silent=####&plugver=####&callFrom=####&os=####&vc=####&v=####&md=####&sn=####&cpu=###...
- p####.####.cn/update/update.php?p=####
- p####.####.cn/pstat/plog.php
- ope####.####.cn/CloudControl/Tui?last_tui_pname=####&last_tui_pname_index=####&last_tui_msg_index=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####...
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/shared_prefs/crash.xml
- /data/data/####/shared_prefs/PermissionMap.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/37/9Le-_CGStkOe4ekWp24cL4WWj4E.655667504.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/51/2fJeanpUhazMF-4s--wXkzzt334.-674596277.tmp
- /data/data/####/shared_prefs/share_data_####:download.xml.bak
- /data/data/####/code_cache/secondary-dexes/####-1.apk.classes-912724023.zip
- /sdcard/360Log/downloadLog_delegate
- /data/data/####/databases/new_downloads.db
- /data/data/####/shared_prefs/news_local_config.xml
- /data/data/####/files/uninstallRetainJson
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/98/wFWFW60GCtSoW0d_n-KPuwbuoVo.220762468.tmp
- /data/data/####/shared_prefs/antihijack_config.xml.bak
- /data/data/####/shared_prefs/multidex.version.xml
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/shared_prefs/festival.xml
- /data/data/####/files/dir_uninstallretain_pic/pic_5.png
- /data/data/####/files/dir_uninstallretain_pic/pic_6.png
- /data/data/####/shared_prefs/event_config.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/27/zje9oebqLchUyZ-Q_HaUeWW8MR0.-1662236432.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/70/zD0Xf1A2713Vowrmp-5iUY6CvP0.-1951127866.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/54/QvoYGHdELO82LlU6uxAZS7w52s8.-269428753.tmp
- /data/data/####/shared_prefs/antihijack_config.xml
- /data/data/####/shared_prefs/sdk_config.xml.bak
- /data/data/####/files/dir_skin/FD2892F1D04E451735702ACB642DCFC6
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/68/eIcb1fz_v2_NoCAGICXZKV3R-FU.1956724659.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_4.png
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/35/1-ZEKz1KhZ0onN09SUEiiFVSjVM.323649668.tmp
- /data/data/####/shared_prefs/share_data.xml
- /data/data/####/files/sllak/core/finalcore.jar
- /data/data/####/shared_prefs/face_detect_local_pref.xml
- /data/data/####/files/temp.tmp~
- /data/data/####/localApkInfo.json
- /data/data/####/shared_prefs/share_data_####:download.xml
- /data/data/####/files/dir_skin/DC318FD7CB64831D2D2904518B6240F4
- /sdcard/Android/data/####/cache/http/1864206492-1738959434
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/43/IFrVUoeCnIcnvfMefAb9nC0952o.-679428383.tmp
- /data/data/####/databases/new_downloads.db-journal
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/26/GT3J2JIR53ErsGeV1tylPqVqKes.1905168335.tmp
- /sdcard/360Log/downloadLog_statMan
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/12/F-qXJBdOP6Krc8Dv5vPyv1VWoog.-97624417.tmp
- /data/data/####/files/imagepipelineappstore_2.so
- /data/data/####/shared_prefs/clear_shortcut.xml
- /sdcard/360Log/downloadLog_main
- /data/data/####/shared_prefs/battery.xml
- /data/data/####/files/dir_uninstallretain_pic/pic_2.png
- /data/data/####/files/dir_uninstallretain_pic/pic_3.png
- /sdcard/.sfp/.sfp
- /data/data/####/shared_prefs/game_redirect.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/65/XklYyxTFGDEB9MF4R7BMYsq1R3I.985033615.tmp
- /data/data/####/file_prefs/battery/freezer
- /data/data/####/shared_prefs/connect_config.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/58/8sXwhR50CU7ztnoYiZGM9ZGamq4.-1381115695.tmp
- /data/data/####/files/personal_center_setting_new
- /data/data/####/databases/ignoreupdate_appinfo.db
- /sdcard/Android/data/.nomedia
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/85/f5jrW-dl5bEa2WwPJOwvr_4lIjY.-1460551592.tmp
- /data/data/####/shared_prefs/news_sdk_status.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/52/dzIbiPc8ane1yyHpandVKWcci1c.-2022036191.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_8.png
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/76/Xj114-7QqBOHVOs8B_wDas1NmPA.457089725.tmp
- /data/data/####/shared_prefs/MATSharedPreferences.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/52/Bw3zBHSYX2bl6lKmQj0fJAcnH2w.1258235431.tmp
- /sdcard/Android/data/####/cache/http/-3138929451138905139
- /sdcard/temp.tmp~
- /data/data/####/shared_prefs/crash.xml.bak
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/93/dDqL8h-mx3GMAaevhUEWszyltfI.1512081660.tmp
- /data/data/####/files/sllak/opt/2101/finalcore.jar
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/25/WAvtcmFMyxDJAkJE65C4Jtz-Bpg.1915508295.tmp
- /data/data/####/shared_prefs/float_win_config.xml.bak
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/96/CHyRGHhOrri6mncoBaUhguqh8VI.-1027208439.tmp
- /data/data/####/shared_prefs/sdk_config.xml
- /data/data/####/databases/filelist.db-journal
- /data/data/####/files/dir_uninstallretain_pic/pic_1.png
- /data/data/####/databases/update_history.db
- /data/data/####/shared_prefs/float_win_config.xml
- /data/data/####/files/dir_skin/23E475295A5E8FCA474A0C41388B3219
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/47/g2GIQWPZaNRp1KYNwfCVVf1eZ_Q.1839586208.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/96/eYLvelYyUKi2FkwyDuW9MNCdEJY.-34665297.tmp
- /data/data/####/databases/account.db-journal
- /data/data/####/databases/update_history.db-journal
- /data/data/####/shared_prefs/news_sdk_status.xml.bak
- /data/data/####/shared_prefs/save_myself_config.xml
- /data/data/####/files/dir_uninstallretain_pic/pic_9.png
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/84/GjWpgFpoZdoBNJgwBcfS5obudz8.-1601684797.tmp
- /data/data/####/downloadStat.json
- /data/data/####/cache/360Download/so_imagepipelineappstore_2.apk.temp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/35/Rq9RFEP4fLrKRNiB83XvaMLzU5M.-108932978.tmp
- /data/data/####/file_prefs/festival/festival_setting
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/81/WwCkOwfSlAiKkp2FDgs83o5Djxg.2106159830.tmp
- /data/data/####/databases/download5.db-journal
- /data/data/####/shared_prefs/share_data_####:critical.xml
- /data/data/####/cache/360Download/so_imagepipelineappstore_2.apk.temp!
- /data/data/####/shared_prefs/connect_config.xml.bak
- /data/data/####/shared_prefs/BaoHe_only_pref.xml.bak
- /sdcard/.testf
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/45/VzMsbKDibzNwMEcjSj_eyqv0mLU.1219525290.tmp
- /data/data/####/shared_prefs/auth_guide_config_sdk.xml
- /data/data/####/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl
- /data/data/####/databases/_ire-journal
- /data/data/####/shared_prefs/BaoHe_only_pref.xml
- /sdcard/360Log/downloadLog_p2p
- /data/data/####/shared_prefs/PermissionMap.xml.bak
- /data/data/####/databases/account.db
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/56/NHpux-0FsMUSvL8W6LUHJwfiRoI.-935060688.tmp
- /data/data/####/shared_prefs/share_data_####:critical.xml.bak
- /data/data/####/files/dir_uninstallretain_pic/pic_7.png
- /data/data/####/shared_prefs/news_sdk_location.xml
- /data/data/####/shared_prefs/share_data.xml.bak
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/46/tdbn8OghXNPXjssQ_Wv3L_H9T40.-917804670.tmp
- /data/data/####/files/pluginconfigcache
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/47/vbswXPgCImmBtuBvU4NoS0kx0bA.1025350885.tmp
- /sdcard/Android/data/####/cache/http/-984232126482322576
- /data/data/####/shared_prefs/MATSharedPreferences.xml.bak
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/49/ZeHu1bNWc_vE08SoA3VSeux8bS4.154201661.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db-journal
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 106.120.160.203
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 182.118.31.99
- pm list packages
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.208
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 125.88.193.217
Может автоматически отправлять СМС-сообщения.
