Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.455.origin
- Android.DownLoader.414.origin
Сетевая активность:
Подключается к:
- s####.####.com
- d####.####.cn
- p####.####.com
- d####.####.com
- 1####.####.131:8080
- 7w####.com
- a####.####.com
- 1####.####.214:8080
Запросы HTTP GET:
- 7w####.com/mobile/a/item/bubble/6r.9.png
- 7w####.com/mobile/a/item/bubble/3l.9.png
- 7w####.com/mobile/lunxun.json
- 7w####.com/mobile/a/item/bubble/7l.9.png
- 7w####.com/mbweb/vjv.jsp?platform=####
- 7w####.com/m/v/version.json?isManual=####&v=####&platId=####&subCode=####&channel=####&aid=####
- 7w####.com/mobile/a/item/bubble/3r.9.png
- 7w####.com/mobile/a/item/bubble/5l.9.png
- 7w####.com/mobile/a/item/player/player.json
- 7w####.com/mobile/a/item/bubble/1l.9.png
- 7w####.com/mobile/queryPushMsgs.json
- 7w####.com/mobile/a/item/bubble/0r.9.png
- 7w####.com/mobile/a/operating/config/operatingActivityTips.json
- 1####.####.131:8080/spotService/a.jsp?k=####
- 7w####.com/mobile/indexactconf.json
- 1####.####.214:8080/jfservice/a.jsp?k=####
- 7w####.com/mobile/a/item/bubble/4l.9.png
- 7w####.com/mobile/a/item/bubble/4r.9.png
- 7w####.com/mobile/a/item/bubble/7r.9.png
- 7w####.com/mobile/a/item/bubble/2r.9.png
- 7w####.com/mobile/a/item/bubble/bubble.json
- 7w####.com/m/s/setting.json?v=####&platId=####&subCode=####&channel=####&aid=####
- 7w####.com/mobile/a/item/bubble/5r.9.png
- 7w####.com/mobile/canUseEcamera.json
- 7w####.com/mobile/a/item/bubble/1r.9.png
- 7w####.com/mobile/a/item/bubble/6l.9.png
- 7w####.com/mobile/android/camera/config.json
- 7w####.com/mobile/a/item/bubble/0l.9.png
- 7w####.com/mobile/a/item/bubble/2l.9.png
Запросы HTTP POST:
- 7w####.com/mobile/serviceTime.json
- s####.####.com/pkl16.html
- a####.####.com/jiagu/t/infos
- p####.####.com/jiagu/msgs
- 7w####.com/mobile/openclient.json
- d####.####.cn/msp.do
- a####.####.com/ad-service/ad/mark
- d####.####.com/mobile.json
- a####.####.com/jiagu/mark/upgrade
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/files/.jiagu.lock
- /data/data/####/shared_prefs/a1356507059351895.xml
- /sdcard/Android/data/####/cache/uil-images/378903467
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/android/cordova.js
- /data/data/####/files/local_bt_share.json
- /data/data/####/databases/LOCAL_CACHE
- /data/data/####/cache/common/5gicjiirq9at2dy0z8uh13u8b
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wenbei.png
- /data/data/####/shared_prefs/i.xml
- /sdcard/iflyworkdir_test
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/dot.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/loading_m.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/switcher/switcher.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/arr_d.png
- /data/data/####/shared_prefs/jg_app_update_settings_random.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/no.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_1.png
- /data/data/####/shared_prefs/1001.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/no.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/on.png
- /data/data/####/databases/LOCAL_CACHE-journal
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/dot.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/ios/cordova_plugins.js
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/qa_ios.htm
- /data/data/####/cache/common/1leh01yhx71tljfv6sof8w4kk
- /data/data/####/databases/D356507059351895.db-journal
- /data/data/####/shared_prefs/5711933652ef69348ef699151bafab78.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/iq/index_ios.htm
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/util/cordovaDebug.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/off.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/tag.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.lazyload.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/util/common.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/idangerous.swiper-2.0.min.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/menu.png
- /data/data/####/cache/common/5folwok961rfonewky6rrah9p
- /data/data/####/files/01485415840197.jar
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/switcher/android/SwitchOption.js
- /data/data/####/files/vjv_ios.json
- /data/data/####/app_jgls/.log.ls
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/default_img.png
- /data/data/####/files/.jglogs/.jg.ri
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/style/xinshou.css
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/ios/cordova.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/script/iq.js
- /data/data/####/files/local_bt_ex.json
- /data/data/####/cache/common/6ap5ehev7v73xvwa1dtlqxt7f
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/shop/index_android.htm
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/star.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/commonAgent/CommonAgentOption.js
- /data/data/####/files/local_bt_data.json
- /sdcard/Android/data/####/cache/uil-images/1188250093.tmp
- /sdcard/Android/data/####/cache/uil-images/-1363906868
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/as.png
- /sdcard/Android/data/####/cache/uil-images/1312367176
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/http/HttpClient.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/widget/widget.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/dot.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/script/list.js
- /data/data/####/shared_prefs/c1356507059351895.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wd.png
- /data/data/####/cache/common/6bzkfb9xr8vhnxk3ndg7hdfeo
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/address.css
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/style/img_s/icon.png
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/shop/index_ios.htm
- /data/data/####/databases/LocalCache.sqlite3
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/list_android.htm
- /data/data/####/shared_prefs/CookiePrefsFile.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/arrow_r.png
- /sdcard/Android/data/####/cache/uil-images/-430443159
- /data/data/####/files/.jglogs/.jg.ac
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/close.png
- /data/data/####/shared_prefs/a1356507059351895.xml.bak
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/base.css
- /sdcard/Android/data/####/cache/uil-images/158195303
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/files/.jglogs/.jg.ic
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/xinshou/index_ios.htm
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/sc.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/script/qa.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.btmMenu.js
- /data/data/####/cache/common/1hdteqv9v0w7oxfed0k5fc4ub
- /data/data/####/shared_prefs/c1356507059351895.xml.bak
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/iq/index_android.htm
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/add.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/alert/alert.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.wapMobile.js
- /data/data/####/files/localZip.zip
- /data/data/####/.jiagu/libjiagu.so
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/share.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/close.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/xw.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/sec.css
- /data/data/####/files/vjv_android.json
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/script/shop.js
- /data/data/####/shared_prefs/UMS_SETTING.xml
- /data/data/####/shared_prefs/6505d1017b370a9fd3701fb595a82e03.xml.bak
- /data/data/####/files/config.json
- /data/data/####/shared_prefs/jg_core_setting.xml.bak
- /data/data/####/shared_prefs/update.auto.recorder.xml
- /data/data/####/cache/common/6m0xs2vwfaxm0yp9toxrh39r2
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/zsd/list.htm
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/list_ios.htm
- /sdcard/Android/data/####/cache/uil-images/1091659012
- /sdcard/Android/data/####/cache/uil-images/-1460497949
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/xinshou/index_android.htm
- /data/data/####/shared_prefs/CookiePrefsFile.xml.bak
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/gdTag.png
- /data/data/####/databases/a1.db-journal
- /data/data/####/shared_prefs/6505d1017b370a9fd3701fb595a82e03.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/jquery.wtBox.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_0.png
- /data/data/####/shared_prefs/i_ALL_fionf_pre356507059351895.xml.bak
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/script/xinshou.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/ios/cordova_plugins_v0.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/script/list.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/tips_0.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/version/Version.js
- /data/data/####/cache/common/cb8zunio1ck1cmnk1z93x7ys
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/dialog.png
- /data/data/####/shared_prefs/playerMapping.xml.bak
- /data/data/####/shared_prefs/b1356507059351895.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/common.css
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/shadow.png
- /data/data/####/app_jgls/.log.lock
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/arr_d.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/shop.css
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/list.css
- /data/data/####/cache/common/o22taq0w3x2tn4eif4xlq2tb
- /data/data/####/shared_prefs/playerMapping.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/commonAgent/CommonAgent.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/minus.png
- /data/data/####/shared_prefs/a1.xml
- /sdcard/Android/data/####/cache/uil-images/2025122721.tmp
- /data/data/####/shared_prefs/key_question_share_preferences_shoot_guide.xml
- /data/data/####/cache/common/27hhcce1zgqgp11z8rad1atty
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/slideRefresh.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/img_s/arr_u.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/loading_b.png
- /data/data/####/shared_prefs/i_ALL_fionf_pre356507059351895.xml
- /data/data/####/files/local_bt_sc.json
- /data/data/####/shared_prefs/jg_core_setting.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/arrow.png
- /sdcard/Android/data/####/cache/uil-images/1901005638.tmp
- /data/data/####/shared_prefs/b.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_final.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/shareIcn.png
- /sdcard/Android/data/####/cache/uil-images/282312386
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/yes.png
- /data/data/####/shared_prefs/UMS_SETTING.xml.bak
- /data/data/####/cache/common/3qtkbcrhnixdcaduujm86m39m
- /data/data/####/files/.jglogs/.log3
- /data/data/####/shared_prefs/userredrcd.xml
- /sdcard/Android/data/####/cache/uil-images/2121713802
- /sdcard/Android/data/####/cache/uil-images/503020550.tmp
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/arr_l.png
- /data/data/####/shared_prefs/12b4595813f48775b089bc59c0f97152.xml
- /data/data/####/files/version_ios.json
- /sdcard/Android/data/####/cache/uil-images/-651151323
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/android/cordova_plugins.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/wd.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/script/sec.js
- /sdcard/Android/data/####/cache/uil-images/-1239789785
- /sdcard/Android/data/####/cache/uil-images/-527034240
- /data/data/####/shared_prefs/com.iflytek.msc.xml
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/plugin/iscroll.js
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/sys/qa_android.htm
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/xinshou/style/img_s/yes.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/zsd/style/img_s/tips_1.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/jquery-2.0.2.min.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/android/cordova_plugins_v0.js
- /data/data/####/files/www.7wenta.com/mbweb/res/www/page/zsd/sec.htm
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/yes.png
- /data/data/####/files/version_android.json
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/img_s/xw_2.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/iq/style/iq.css
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/style/image/loading_s.png
- /data/data/####/files/01485415844474.jar
- /data/data/####/files/local_bt_pr.json
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/dataTransfer/DataTransfer.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wb.png
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/switcher/ios/SwitchOption.js
- /data/data/####/files/local_bt_ev.json
- /data/data/####/files/local_bt_uid.json
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/http/HttpOption.js
- /sdcard/msc/fc48d0141a53ec68a2cb1756d2017d5a/u.data
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/list.css
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/common/script/lib/cordova/plugins/dataTransfer/DataTransferOption.js
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/sys/style/qa.css
- /data/data/####/files/www.7wenta.com/mbweb/res/static/resource/qa/page/shop/style/img_s/wendou.png
Другие:
Запускает следующие shell-скрипты:
- ps
Использует специальную библиотеку для скрытия исполняемого байткода.
Может автоматически отправлять СМС-сообщения.
