Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 1069028900588: ##########hzlm
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.304.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.SmsSpy.527.origin
- Android.Triada.120
- Android.Packed.18605
Предлагает установить сторонние приложения.
Сетевая активность:
Подключается к:
- 1####.####.104:8025
- statis####.####.com
- i####.####.com
- 1####.####.104
- 0####.####.com
- q####.####.com
- r####.####.com
- l####.####.com
- cdn-st####.####.com
- m####.####.com
- st####.####.com
- a####.####.com
Запросы HTTP GET:
- q####.####.com//2017100/dd/GQ1092.apk
- r####.####.com/upload/haogame/20161011/15/1478849470255.png
- r####.####.com/upload/haogame/20170123/15/1487834893330.png
- r####.####.com/upload/haogame/20170022/14/1485065393909.png
- cdn-st####.####.com/doc/static/get_busi_config.html
- 1####.####.104:8025/m/umeng:56cfdc2567e58eb021002106/204/ArtKvPB6Z6bFL2gmiZ0IVd-OWey0aNoRE_DCvxswIGNj?s=MDUzN####&c=####&pm=####&sv=####&ov=####
- r####.####.com/upload/haogame/20161029/15/1480403517257.jpg
- r####.####.com/upload/haogame/20160813/14/1473749696423.png
- r####.####.com/upload/haogame/20170207/17/1488880657494.png
- st####.####.com/doc/static/welcome_adv.html
- i####.####.com/uploads/allimg/1703/13_170306173319_1.jpg
- st####.####.com/doc/static/banner_adv.html
- r####.####.com/upload/haogame/20170022/14/1485065679042.jpg
- a####.####.com/rest/api3.do?t=####&deviceId=####&imei=####&appKey=####&v=####&sign=####&data=####&api=####&imsi=####
- r####.####.com/upload/haogame/20170123/15/1487834860847.png
- 0####.####.com/mobile/20170306/20170306180906_4739a173cbefba10a301249660d8510b_1_mwpm_03200403.jpeg
- r####.####.com/upload/haogame/20170117/15/1487316092020.jpg
- st####.####.com/doc/static/channels.html
- r####.####.com/upload/haogame/20170117/13/1487310786365.jpg
- cdn-st####.####.com/doc/static/new_inner_adv.html
- r####.####.com/upload/haogame/20161011/17/1478857708248.png
- r####.####.com/upload/haogame/20161105/15/1480923530743.jpg
- st####.####.com/doc/static/hotRecommend_adv.html
- 0####.####.com/mobile/20170305/20170305073025_4454d664a5a502d22ca0fba8d9239bed_3_mwpm_03200403.jpeg
- a####.####.com/rest/api3.do?ttid=####&t=####&imei=####&appKey=####&v=####&sign=####&data=####&api=####&imsi=####
- a####.####.com/rest/api3.do?ttid=####&t=####&deviceId=####&imei=####&appKey=####&v=####&sign=####&data=####&api=####&imsi=####
- r####.####.com/upload/haogame/20170022/14/1485065454712.apk
- st####.####.com/doc/static/get_taojin.html
- r####.####.com/upload/haogame/20170123/15/1487834879492.png
- r####.####.com/upload/haogame/20170106/17/1486372466237.6.apk
- 0####.####.com/mobile/20170305/20170305073025_c3cd7f5a22cc5de860512024fba3abf5_1_mwpm_03200403.jpeg
- st####.####.com/doc/static/net_find.html
- st####.####.com/doc/static/news_adv.html
- r####.####.com/upload/haogame/20170115/17/1487152574749.png
- 0####.####.com/mobile/20170305/20170305073025_394094101296402188299928e8bed0c3_2_mwpm_03200403.jpeg
- st####.####.com/doc/static/special_adv.html
- a####.####.com/spdyip/?appkey=####&ttid=####&deviceId=####&imei=####&nt=####&app_version_code=####&apn=####&agoo_version_code=####&imsi=####
- i####.####.com/d/file/guoji10/2017-03-03/403a8b78b54cc0bb159556bc64002555.jpg
- r####.####.com/upload/haogame/20161007/15/1478505008788.png
- r####.####.com/upload/haogame/20170117/11/1487301718408.png
- a####.####.com/activeip/?appkey=####&ttid=####&deviceId=####&imei=####&nt=####&app_version_code=####&apn=####&agoo_version_code=####&imsi=####
- r####.####.com/upload/haogame/20161105/15/1480923476355.jpg
- 1####.####.104/m/umeng:56cfdc2567e58eb021002106/204/ArtKvPB6Z6bFL2gmiZ0IVd-OWey0aNoRE_DCvxswIGNj?s=MDUzN####&c=####&pm=####&sv=####&ov=####
Запросы HTTP POST:
- m####.####.com/v2/launch
- cdn-st####.####.com/doc/checkShieldAdv.htm
- st####.####.com/doc/static/netcontent.html
- m####.####.com/v2/register
- cdn-st####.####.com/doc/hdadvreport.htm
- statis####.####.com/statistics/init.json
- l####.####.com/sdk.php
- a####.####.com/app_logs
- cdn-st####.####.com/doc/adv_report.htm
- l####.####.com/offline_loc
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/picasso-cache/f243878e334fa5a512f03b20e023fcaa.0.tmp
- /data/data/####/databases/download.db
- /data/data/####/cache/picasso-cache/fedc93165c4aea4dd18de300f26ae1d4.0.tmp
- /data/data/####/shared_prefs/AGOO_HOST.xml
- /data/data/####/shared_prefs/Alvin2.xml
- /data/data/####/databases/MsgLogStore.db-journal
- /data/data/####/cache/picasso-cache/47a7c489fc0d707695c5f592069aea80.0.tmp
- /data/data/####/files/mobclick_agent_cached_####204
- /data/data/####/files/adinfo.txt
- /data/data/####/files/ofld/ofl_location.db-journal
- /data/data/####/shared_prefs/AppStore.xml.bak
- /data/data/####/cache/picasso-cache/c00f65700587a323a8eafdbce5f06f84.1.tmp
- /data/data/####/cache/picasso-cache/6e7c058f58cbe4f594e3172483f7f7d6.1.tmp
- /sdcard/.DataStorage/ContextData.xml
- /data/data/####/databases/MsgLogStore.db
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/cache/picasso-cache/985656caac94e95bff5dfbad499695ae.0.tmp
- /data/data/####/cache/picasso-cache/940de29a1c956b1f909e525e4e60be0a.0.tmp
- /data/data/####/shared_prefs/umeng_message_state.xml.bak
- /data/data/####/shared_prefs/PhoneUtil.xml
- /data/data/####/cache/picasso-cache/fedc93165c4aea4dd18de300f26ae1d4.1.tmp
- /data/data/####/cache/picasso-cache/c6e8c9dc7638d52f12e3e2ff5c5a8bff.1.tmp
- /data/data/####/cache/picasso-cache/7e5df7fbe066c59cb67b067e913e4759.1.tmp
- /data/data/####/databases/UmengLocalNotificationStore.db-journal
- /data/data/####/databases/wifi.db-journal
- /data/data/####/cache/picasso-cache/c00f65700587a323a8eafdbce5f06f84.0.tmp
- /data/data/####/cache/picasso-cache/50b3cd28e0aa9140c06f6df52e0df480.0.tmp
- /sdcard/baidu/tempdata/conlts.dat
- /sdcard/baidu/tempdata/ls.db
- /data/data/####/files/libcuid.so
- /data/data/####/files/ofld/ofl_statistics.db-journal
- /data/data/####/cache/picasso-cache/journal
- /data/data/####/shared_prefs/umeng_message_state.xml
- /data/data/####/cache/picasso-cache/7e5df7fbe066c59cb67b067e913e4759.0.tmp
- /data/data/####/cache/picasso-cache/42754be3d5a443a090371407edfe89f2.0.tmp
- /data/data/####/cache/picasso-cache/3c93c205b5f56f5b4ab78cff44527068.0.tmp
- /data/data/####/cache/picasso-cache/ee0e1402f60532d5bb038ba7806c339c.0.tmp
- /sdcard/.UTSystemConfig/Global/Alvin2.xml
- /data/data/####/cache/picasso-cache/940de29a1c956b1f909e525e4e60be0a.1.tmp
- /sdcard/downloadApk/成人电影.apk
- /data/data/####/cache/picasso-cache/8fbeeb71e9d850fb6af8481f0ce75aa3.0.tmp
- /data/data/####/cache/picasso-cache/7a45f4ae67bc3d9f8050c56ec5f82bb7.0.tmp
- /data/data/####/files/lldt/firll.dat
- /data/data/####/files/ofld/ofl.config
- /data/data/####/files/ofld/ofl_location.db
- /data/data/####/cache/picasso-cache/985656caac94e95bff5dfbad499695ae.1.tmp
- /data/data/####/files/umeng_it.cache
- /data/data/####/cache/picasso-cache/1929f5c2cc82928a0d989ab91f11fcac.1.tmp
- /data/data/####/cache/picasso-cache/42754be3d5a443a090371407edfe89f2.1.tmp
- /data/data/####/cache/picasso-cache/ee0e1402f60532d5bb038ba7806c339c.1.tmp
- /data/data/####/cache/picasso-cache/3db75dc082a9b85ad955a916b686d301.1.tmp
- /data/data/####/databases/hot_download.db-journal
- /sdcard/.android/mobclick_agent_cache/####/flowadd
- /data/data/####/files/agoo.pid
- /sdcard/downloadApk/夜色空间.apk
- /data/data/####/cache/picasso-cache/50b3cd28e0aa9140c06f6df52e0df480.1.tmp
- /sdcard/baidu/tempdata/ls.db-journal
- /sdcard/backups/.SystemConfig/.cuid2
- /data/data/####/shared_prefs/AGOO_CONNECT.xml
- /data/data/####/cache/picasso-cache/b5a1072cfea06f17fe5658e65eaadcd3.1.tmp
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/cache/picasso-cache/0305e52925adbc55aee87913a78ae2aa.0.tmp
- /data/data/####/cache/picasso-cache/693b5c5afba4b5f0fd4dd212a9b3da64.0.tmp
- /data/data/####/cache/picasso-cache/3601746f20cc985a7ed6a26368d6be76.0.tmp
- /data/data/####/shared_prefs/AppStore.xml
- /data/data/####/cache/picasso-cache/0305e52925adbc55aee87913a78ae2aa.1.tmp
- /data/data/####/cache/picasso-cache/38f62e0f23514cfa09d82fc2562a31b3.0.tmp
- /data/data/####/databases/download.db-journal
- /data/data/####/cache/picasso-cache/693b5c5afba4b5f0fd4dd212a9b3da64.1.tmp
- /data/data/####/cache/picasso-cache/b5a1072cfea06f17fe5658e65eaadcd3.0.tmp
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/files/title
- /data/data/####/cache/picasso-cache/3c93c205b5f56f5b4ab78cff44527068.1.tmp
- /sdcard/test.0
- /sdcard/baidu/tempdata/ller.dat
- /data/data/####/cache/picasso-cache/ee60defbc9218e39f220d1fcd981d8ad.1.tmp
- /data/data/####/files/DaemonServer
- /data/data/####/cache/picasso-cache/47a7c489fc0d707695c5f592069aea80.1.tmp
- /data/data/####/cache/picasso-cache/ee60defbc9218e39f220d1fcd981d8ad.0.tmp
- /data/data/####/cache/picasso-cache/f243878e334fa5a512f03b20e023fcaa.1.tmp
- /data/data/####/cache/picasso-cache/3601746f20cc985a7ed6a26368d6be76.1.tmp
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/cache/picasso-cache/7a45f4ae67bc3d9f8050c56ec5f82bb7.1.tmp
- /data/data/####/cache/picasso-cache/c6e8c9dc7638d52f12e3e2ff5c5a8bff.0.tmp
- /data/data/####/databases/wsUL1uCdKvjD-journal
- /data/data/####/files/.imprint
- /data/data/####/databases/jqIqJYOT3JpT-journal
- /data/data/####/shared_prefs/ContextData.xml
- /data/data/####/cache/picasso-cache/1929f5c2cc82928a0d989ab91f11fcac.0.tmp
- /data/data/####/cache/picasso-cache/6e7c058f58cbe4f594e3172483f7f7d6.0.tmp
- /data/data/####/shared_prefs/syezon_agent_online_setting_####.xml
- /data/data/####/files/ofld/ofl_statistics.db
- /data/data/####/databases/webview.db-journal
- /data/data/####/databases/hot_download.db
- /data/data/####/cache/picasso-cache/38f62e0f23514cfa09d82fc2562a31b3.1.tmp
- /sdcard/downloadApk/精典影音.apk
- /sdcard/backups/.SystemConfig/.cuid
- /data/data/####/cache/picasso-cache/3db75dc082a9b85ad955a916b686d301.0.tmp
- /data/data/####/cache/picasso-cache/8fbeeb71e9d850fb6af8481f0ce75aa3.1.tmp
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/DaemonServer
Другие:
Запускает следующие shell-скрипты:
- getprop
- ps
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- df
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- getprop ro.product.cpu.abi
- cat /sys/class/net/wlan0/address
- /data/data/com.gjlixkl.hklcc/app_bin/daemon -p com.gjlixkl.hklcc -s com.ij.rn.c.a -t 300
- service list
Может автоматически отправлять СМС-сообщения.
