Android.Packed.19352

Техническая информация

Вредоносные функции:

Загружает на исполнение код следующих детектируемых угроз:

Android.DownLoader.511.origin

Сетевая активность:

Подключается к:

n####.####.cn
1####.####.67
googl####.####.net
c####.####.org
o####.####.com
w####.####.cn
w####.com
wumi####.####.cn
a####.####.com

Запросы HTTP GET:

googl####.####.net/mads/static/mad/sdk/native/sdk-core-v40.appcache
c####.####.org/strategy/dev_root2
wumi####.####.cn/site_images/c/iodlDgj5.tc_466,315.jpg?i=####&m=####
c####.####.org/strategy/sul18
c####.####.org/strategy/symlink-adbd
c####.####.org/strategy/dev_root
w####.com/app/mobile/image/iodlDgj5.tc_466,315?i=####
c####.####.org/strategy/larger4.3
c####.####.org/strategy/UnknownDev
googl####.####.net/mads/static/mad/sdk/native/sdk-core-v40.html
w####.com/app/mobile/image/xpRtGp7u.tc_466,315?i=####
wumi####.####.cn/site_images/c/xpRtGp7u.tc_466,315.jpg?i=####&m=####
googl####.####.net/mads/static/mad/sdk/native/canary/sdk-core-v40-impl.js
googl####.####.net/mads/static/mad/sdk/native/production/sdk-core-v40-impl.js
w####.com/app/mobile/auto/site/items?obSiteId=####&ord=####&obCateId=####
c####.####.org/strategy/loss_4.3
googl####.####.net/mads/static/mad/sdk/native/sdk-core-v40.js

Запросы HTTP POST:

w####.####.cn/ct/k/eeks
1####.####.67/log/interface.html
n####.####.cn/ct/ytj/eqip
n####.####.cn/ct/g/exv
n####.####.cn/ct/ooh/m
o####.####.com/check_config_update
a####.####.com/app_logs
n####.####.cn/ct/tby/uozof/vsa
1####.####.67/strategy/interface.html

Изменения в файловой системе:

Создает следующие файлы:

/data/data/####/movie/gab2.mp4
/data/data/####/movie/cbc3.mp4
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/device.db
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/pidof
/data/data/####/movie/cba1.mp4
/data/data/####/app_e2ad7501-9ecd-494c-a060-3fcf7f3217d5/eh.jar
/data/data/####/movie/baa4.mp4
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/ddexe
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/fileWork
/data/data/####/movie/dbb1.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/su
/data/data/####/movie/fbe2.mp4
/data/data/####/movie/dac2.mp4
/data/data/####/cache/webviewCacheChromium/data_2
/data/data/####/cache/webviewCacheChromium/data_1
/data/data/####/cache/webviewCacheChromium/data_0
/data/data/####/movie/had1.mp4
/data/data/####/movie/iaa4.mp4
/data/data/####/databases/webviewCookiesChromium.db-journal
/data/data/####/movie/abc1.mp4
/data/data/####/movie/gad2.mp4
/data/data/####/movie/fce2.mp4
/data/data/####/movie/gba1.mp4
/data/data/####/movie/aaa2.mp4
/data/data/####/movie/fba1.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/ddexe
/data/data/####/shared_prefs/umeng_general_config.xml
/data/data/####/databases/collect.db-journal
/data/data/####/movie/cba3.mp4
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/debuggerd
/data/data/####/movie/fbb3.mp4
/data/data/####/app_subox/1740c449fc10be62df60ba0f18696c9f
/data/data/####/movie/dac3.mp4
/data/data/####/movie/dab2.mp4
/data/data/####/movie/eaa3.mp4
/data/data/####/movie/haa1.mp4
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/root3
/data/data/####/movie/gae3.mp4
/data/data/####/movie/acd1.mp4
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/toolbox
/data/data/####/movie/fca1.mp4
/data/data/####/movie/aac1.mp4
/data/data/####/movie/dbc2.mp4
/data/data/####/movie/eba3.mp4
/data/data/####/movie/aca3.mp4
/data/data/####/movie/gad1.mp4
/data/data/####/movie/dab1.mp4
/data/data/####/movie/eba1.mp4
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/install-recovery.sh
/data/data/####/movie/gab1.mp4
/data/data/####/movie/fbb2.mp4
/data/data/####/movie/bac3.mp4
/data/data/####/movie/dad3.mp4
/data/data/####/movie/dbd2.mp4
/data/data/####/movie/dbd1.mp4
/data/data/####/movie/eac3.mp4
/data/data/####/files/dg.jar
/data/data/####/movie/gbd2.mp4
/data/data/####/movie/gaa3.mp4
/data/data/####/cache/webviewCacheChromium/index
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/wsroot.sh
/data/data/####/movie/dca3.mp4
/data/data/####/movie/fae5.mp4
/data/data/####/movie/abb1.mp4
/data/data/####/files/SUBOXLOG_
/data/data/####/movie/ebd1.mp4
/data/data/####/movie/fae6.mp4
/data/data/####/movie/fca3.mp4
/data/data/####/movie/aab2.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/fileWork
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/fileWork
/data/data/####/movie/dca1.mp4
/data/data/####/movie/aaa1.mp4
/data/data/####/movie/ebb1.mp4
/data/data/####/movie/had4.mp4
/data/data/####/movie/bac2.mp4
/data/data/####/movie/dac1.mp4
/data/data/####/cache/webviewCacheChromium/data_3
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/fileWork
/data/data/####/movie/aaa22.mp4
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/debuggerd
/data/data/####/databases/exercises_data.db
/data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/toolbox
/data/data/####/movie/cbd1.mp4
/data/data/####/movie/aad1.mp4
/data/data/####/app_subox_download/1e8907db-28bf-4119-850d-c7a580ec9906
/data/data/####/movie/fab2.mp4
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/su
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/wsroot.sh
/data/data/####/shared_prefs/dsi.xml
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/su
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/supolicy
/data/data/####/movie/ebe1.mp4
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/install-recovery.sh
/data/data/####/movie/dbc1.mp4
/data/data/####/movie/dad1.mp4
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/supolicy
/data/data/####/movie/eab2.mp4
/data/data/####/movie/dad2.mp4
/data/data/####/movie/fbe1.mp4
/data/data/####/movie/aac3.mp4
/data/data/####/app_subox/b18a021d11a3004d25017230b681476b
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/wsroot.sh
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/Matrix
/data/data/####/movie/fcb2.mp4
/data/data/####/cache/webviewCacheChromium/f_000001
/data/data/####/movie/faa1.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/install-recovery.sh
/data/data/####/movie/fce4.mp4
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/supolicy
/data/data/####/movie/gae1.mp4
/data/data/####/movie/aba2.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/Matrix
/data/data/####/movie/daa2.mp4
/data/data/####/movie/cbc2.mp4
/data/data/####/movie/fae1.mp4
/data/data/####/movie/aca1.mp4
/data/data/####/movie/aba1.mp4
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/pidof
/data/data/####/movie/fce3.mp4
/data/data/####/movie/iaa3.mp4
/data/data/####/movie/caa4.mp4
/data/data/####/app_subox/32edd79a240b5f1e461d069caab1ec3e
/data/data/####/movie/cab3.mp4
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/ddexe
/data/data/####/app_subox/8b6f263391259b7a8e5f58ee71852ca8
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/pidof
/data/data/####/movie/fca2.mp4
/data/data/####/movie/aab1.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/wsroot.sh
/data/data/####/movie/baa3.mp4
/data/data/####/movie/cac3.mp4
/data/data/####/movie/ebc2.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/debuggerd
/data/data/####/movie/eae3.mp4
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/ddexe
/data/data/####/movie/cab2.mp4
/data/data/####/movie/fcc1.mp4
/data/data/####/movie/gaa2.mp4
/data/data/####/movie/caa1.mp4
/data/data/####/app_subox_download/d7c3d3e2-2940-42ef-b593-214f3576c48d
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/Matrix
/data/data/####/cache/webviewCacheChromium/f_000002
/data/data/####/movie/dba2.mp4
/data/data/####/shared_prefs/kr.xml
/data/data/####/movie/iaa2.mp4
/data/data/####/movie/ead2.mp4
/data/data/####/movie/abc2.mp4
/data/data/####/movie/ead1.mp4
/data/data/####/movie/gbc1.mp4
/data/data/####/movie/had2.mp4
/data/data/####/movie/aab3.mp4
/data/data/####/app_subox_download/ee55bf60-496b-4c11-85c0-4865fffb0efd
/data/data/####/movie/eae2.mp4
/data/data/####/movie/fbb1.mp4
/data/data/####/app_subox_download/e5a1739d-5774-4633-bddc-b451d6f7629a
/data/data/####/movie/cbe1.mp4
/data/data/####/movie/gbd1.mp4
/data/data/####/movie/caa3.mp4
/data/data/####/movie/ebc1.mp4
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/toolbox
/data/data/####/app_subox_download/a9b604fd-8b85-4e1e-ae99-d4b63b9bb9a2
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/toolbox
/data/data/####/movie/abc3.mp4
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/wsroot.sh
/data/data/####/movie/hab2.mp4
/data/data/####/files/umeng_it.cache
/data/data/####/app_subox_download/2f9b8368-be22-4a47-8153-2b1d8a99d59b
/data/data/####/movie/gae2.mp4
/data/data/####/movie/fbe3.mp4
/data/data/####/movie/gad3.mp4
/data/data/####/movie/baa1.mp4
/data/data/####/movie/dab3.mp4
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/debuggerd
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/supolicy
/data/data/####/movie/acc3.mp4
/data/data/####/movie/fae3.mp4
/data/data/####/movie/fae4.mp4
/data/data/####/movie/fac2.mp4
/data/data/####/databases/collect.db
/data/data/####/movie/had3.mp4
/data/data/####/movie/eaa1.mp4
/data/data/####/movie/eac2.mp4
/data/data/####/movie/bac1.mp4
/data/data/####/movie/cac1.mp4
/data/data/####/movie/fae2.mp4
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/pidof
/data/data/####/movie/daa3.mp4
/data/data/####/movie/eac1.mp4
/data/data/####/movie/fcb1.mp4
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/debuggerd
/data/data/####/databases/t_u.db-journal
/data/data/####/movie/cba2.mp4
/data/data/####/app_anonymous_files/anonymous_core.so
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/su
/data/data/####/movie/aac2.mp4
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/Matrix
/data/data/####/movie/dcc1.mp4
/data/data/####/movie/iaa5.mp4
/data/data/####/databases/exercises_data.db-journal
/data/data/####/movie/iaa1.mp4
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/toolbox
/data/data/####/movie/bab2.mp4
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/su
/data/data/####/movie/baa2.mp4
/data/data/####/shared_prefs/kr.xml.bak
/data/data/####/movie/cbb2.mp4
/data/data/####/movie/dbc3.mp4
/data/data/####/movie/aaa3.mp4
/data/data/####/movie/cac2.mp4
/data/data/####/files/.imprint
/data/data/####/databases/webview.db-journal
/data/data/####/movie/cbd2.mp4
/data/data/####/cache/ApplicationCache.db-journal
/data/data/####/movie/cbc1.mp4
/data/data/####/movie/dba1.mp4
/data/data/####/movie/eab1.mp4
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/fileWork
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/install-recovery.sh
/data/data/####/movie/eba2.mp4
/data/data/####/movie/gab3.mp4
/data/data/####/movie/gaa1.mp4
/data/data/####/movie/dca2.mp4
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/Matrix
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/install-recovery.sh
/data/data/####/movie/fac1.mp4
/data/data/####/movie/hab1.mp4
/data/data/####/movie/bab1.mp4
/data/data/####/movie/abd1.mp4
/data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml.bak
/data/data/####/movie/caa5.mp4
/data/data/####/movie/cab1.mp4
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/supolicy
/data/data/####/movie/acc1.mp4
/data/data/####/movie/aca2.mp4
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/pidof
/data/data/####/movie/abb2.mp4
/data/data/####/movie/cbb3.mp4
/data/data/####/movie/eaa2.mp4
/data/data/####/shared_prefs/umeng_general_config.xml.bak
/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/ddexe
/data/data/####/movie/bab3.mp4
/data/data/####/movie/cbb1.mp4
/data/data/####/movie/acc2.mp4
/data/data/####/movie/daa1.mp4
/data/data/####/movie/eae1.mp4
/data/data/####/app_subox/b0141e478b25af7c40a8cca8de6c4708
/data/data/####/movie/cbe2.mp4
/data/data/####/movie/fce1.mp4
/data/data/####/movie/fab1.mp4
/data/data/####/movie/aba3.mp4
/data/data/####/cache/ads1961962704.jar

Присваивает атрибут 'исполняемый' для следующих файлов:

/data/data/####/app_7c090056-0c50-4350-b061-112c825be2b3/Matrix
/data/data/####/app_2187d715-1619-4511-b729-a0bccb632149/Matrix
/data/data/####/app_f8ddaf7e-bdf1-449e-91b0-4b21bc592329/Matrix
/data/data/####/app_596d8ac7-2950-4f1c-a8be-b82a7dccf630/Matrix
/data/data/####/app_bbed9a27-c3ce-416e-b62b-b5d7b470d9d0/Matrix

Другие:

Запускает следующие shell-скрипты:

Может автоматически отправлять СМС-сообщения.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней