Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Triada.89.origin
- Android.Triada.186.origin
Сетевая активность:
Подключается к:
- a####.####.com:7901
- s####.####.com
- qiubai####.####.com
- h####.####.com
- af####.####.com
- p####.####.com
- b####.####.com:9230
- c####.####.com
- be####.####.com
- c####.####.com:8080
- w####.####.com
- f####.####.com
- qiushib####.com
- st####.####.com
- a####.####.com
- b####.####.com
Запросы HTTP GET:
- st####.####.com/images/newarticle/like@1.5.png?v=####
- qiubai####.####.com/watermark/dfc16d789ff02a1db9bdd1a08e1f560e.gif!/gifto/jpg
- f####.####.com/it/u=959100585,1197998252&fm=76
- qiubai####.####.com/watermark/be0f51cd76ae0e6bdcb6feae2c411247.gif!/gifto/jpg
- p####.####.com/system/avtnew/921/9214729/thumb/20170204230121.JPEG?imageVi####
- qiubai####.####.com/watermark/ef838cb463c30b85bfa7c09b7a48e50b.gif!/gifto/jpg
- af####.####.com/ex?a=####&ce=####&ec=####&sp=####&u=####&ds=####&cb=####<=####&pvid=####&cg=####&vps=####&_time=####
- p####.####.com/system/avtnew/2121/21210391/thumb/20160501150729.jpg?imageVi####
- st####.####.com/images/thumb/anony.png?v=####
- qiubai####.####.com/watermark/90e7a41160ac0ea2b69679e2b159c832.gif!/gifto/jpg
- s####.####.com/s.htm?cproid=####&t=####
- qiubai####.####.com/watermark/d872b974f3849f2cfa4fbd7b45bb4de6.gif
- p####.####.com/system/avtnew/2799/27990908/thumb/201610011832137.JPEG?imageVi####
- qiubai####.####.com/watermark/4ec9d30c627fe54f1a0bcb30d8362123.gif
- qiubai####.####.com/watermark/113d53b91ba1acc42070d3d89487a9b5.gif!/gifto/jpg
- st####.####.com/images/newarticle/sad@1.5x.png
- st####.####.com/images/newarticle/nearby_gender_female@1.5x.png
- qiushib####.com/gif/static/dist/js/app.min.js?v=####
- be####.####.com/2e4d96dca598a574c51b.js
- p####.####.com/system/avtnew/3113/31133782/thumb/20160206084916.jpg?imageVi####
- qiubai####.####.com/watermark/8d6539103e4f55864609b4fca1b5f124.gif!/gifto/jpg
- qiubai####.####.com/watermark/e817d8d711b82b0c56d636ad7af2cae0.gif!/gifto/jpg
- p####.####.com/ccim?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
- qiushib####.com/gif/5.html
- f####.####.com/it/u=3641423054,3467860450&fm=76
- st####.####.com/images/touch/colline.png?v=####
- st####.####.com/js/dist/touch/app.min.js?v=####
- qiubai####.####.com/watermark/ca79cdb42969121ec989c8aea99dcee9.gif!/gifto/jpg
- p####.####.com/kcnm?sz=####&pdbid=####&orderid=####&odid=####&rtbid=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=###...
- qiushib####.com/gif/5-24267.html
- c####.####.com/sync.htm?cproid=####
- a####.####.com/g/mm/afp-cdn/JS/w.js
- h####.####.com/hm.js?743362d####
- qiushib####.com/gif/static/dist/images/icon_index.png?v=####
- p####.####.com/ecim?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
- be####.####.com/id3a1ecf98f6c9f530db1c7582affa32f71bf3d41128ea38e01e382fd2e6ebd9ec.js
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####
- st####.####.com/images/qiushi/qiushi_iphone.png?v=####
- st####.####.com/images/newarticle/nearby_gender_male@1.5x.png
- qiushib####.com/
- st####.####.com/images/newarticle/cmt@1.5x.png
- be####.####.com/gf3a1ecf91feccff38db1c7582affa32f71bf3d41128ea38e01e382fd2e6ebd9ec.js
- qiubai####.####.com/watermark/d872b974f3849f2cfa4fbd7b45bb4de6.gif!/gifto/jpg
- qiubai####.####.com/watermark/a97474965215844d66dd1a43574916e2.gif!/gifto/jpg
- qiubai####.####.com/watermark/2693822a02aff2a85a5abb62eb345f41.gif!/gifto/jpg
- qiubai####.####.com/watermark/7d2cd4738002e9e9a27afd31ae9aa640.gif
- st####.####.com/images/cmt-god.png
- qiushib####.com/gif/static/dist/css/app.min.css?v=####
- st####.####.com/images/newarticle/laugh@1.5x.png
- qiushib####.com/gif/static/dist/images/right.png?v=####
- p####.####.com/kcnm?di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=####&dvi=####&dci=####&dpt=####&tsr=####&tpr=####&ti=####&ari=####&dbv=###...
- p####.####.com/ccim?sz=####&pdbid=####&orderid=####&odid=####&rtbid=####&rdid=####&dc=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=####&dtm=###...
- p####.####.com/sync_pos.htm?cproid=####&t=####
- qiubai####.####.com/watermark/dd38ac65d6c738d948bd8cae0c8a99e2.gif!/gifto/jpg
- p####.####.com/system/pictures/11866/118664877/medium/app118664877.jpg
- st####.####.com/js/src/touch/lingxi.js?v=####
- qiubai####.####.com/watermark/0b146cde4a22efd34c2e1b940054cef4.gif!/gifto/jpg
- qiubai####.####.com/watermark/e7fc7a39819c7885776426817dff5d72.gif!/gifto/jpg
- f####.####.com/it/u=3745356884,3826646265&fm=76
- p####.####.com/system/avtnew/2470/24703920/thumb/2016121319314817.JPEG?imageVi####
- qiushib####.com/gif/static/dist/images/icon_coll.png?v=####
- p####.####.com/system/avtnew/3274/32743195/thumb/2016100319363776.PNG?imageVi####
- f####.####.com/it/u=1265655567,1529096812&fm=76
- p####.####.com/system/avtnew/3093/30936317/thumb/201607272359376.JPEG?imageVi####
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####
- p####.####.com/ecim?sz=####&pdbid=####&orderid=####&odid=####&rtbid=####&rdid=####&dc=####&exps=####&di=####&dri=####&dis=####&dai=####&ps=####&dcb=##...
- qiubai####.####.com/watermark/59b257709641df42ae0a6d496b3b290c.gif!/gifto/jpg
- c####.####.com:8080/ads/promotion/ee48e7cc-d841-4048-94a5-67fbb8dd1209.png
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####
- qiushib####.com/gif/static/dist/images/left.png?v=####
- qiubai####.####.com/watermark/df15a4165f16e5a9c4aa4fda79f3209a.gif!/gifto/jpg
- qiushib####.com/gif/1-30420.html
- p####.####.com/system/avtnew/3235/32350954/thumb/2016110820070264.JPEG?imageVi####
- st####.####.com/css/dist/touch/app.min.css?v=####
- p####.####.com/sync_pos.htm?cproid=####
- c####.####.com/cpro/ui/noexpire/img/2.0.1/bd-logo4.png
- p####.####.com/system/avtnew/1259/12593187/thumb/2017020423143874.JPEG?imageVi####
- w####.####.com/adx.php?c=####
- qiubai####.####.com/watermark/2e6d51600429a5c047a4475f2a025620.gif!/gifto/jpg
- c####.####.com/cpro/ui/cm.js
- p####.####.com/system/avtnew/2789/27891366/thumb/20150424141629.jpg?imageVi####
- p####.####.com/system/avtnew/3350/33502120/thumb/2017030509504742.JPEG?imageVi####
- qiubai####.####.com/watermark/39e2a2a0ac50af63f66b5e971e115f22.gif!/gifto/jpg
- be####.####.com/zt3a1ecf98f7caf631db1c7582affa32f71bf3d41128ea38e01e382fd2e6ebd9ec.js
- qiushib####.com/gif/static/dist/images/logo-new.png?v=####
- st####.####.com/images/touch/logo-new.png?v=####
Запросы HTTP POST:
- a####.####.com/
- a####.####.com:7901/
- b####.####.com/
- b####.####.com:9230/
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/1218315073####.apk
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/cache/webviewCacheChromium/data_3
- /sdcard/.76761b91/eed88357/####/cache/image/http111cdn.abcdserver.com180801ads1promotion1ee48e7cc-d841-4048-94a5-67fbb8dd1209.png
- /data/data/####/cache/webviewCacheChromium/f_000018
- /data/data/####/cache/webviewCacheChromium/f_000019
- /data/data/####/cache/webviewCacheChromium/f_000016
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/cache/webviewCacheChromium/f_000015
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/cache/webviewCacheChromium/data_0
- /sdcard/.76761b91/65f4d34/9da3be8f92c0bbfd7a7d6d6ec0b3fad3_1019.9d
- /data/data/####/cache/job2109.temp
- /data/data/####/cache/job2095.temp
- /data/data/####/shared_prefs/global_timeout.xml
- /data/data/####/files/work_check_flag.cache
- /data/data/####/shared_prefs/global_timeouttimeoutlist.xml.bak
- /data/data/####/cache/job1019_2062815102.jar
- /data/data/####/cache/webviewCacheChromium/f_000017
- /data/data/####/shared_prefs/JoyConfig.xml
- /data/data/####/cache/webviewCacheChromium/f_00001a
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/shared_prefs/global_timeouttimeoutlist.xml
- /data/data/####/files/silencedownLoad_1011.cache
- /data/data/####/cache/job1019_1163163895.jar
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/files/0909011e07120f1971483870.jar
Другие:
Может автоматически отправлять СМС-сообщения.
