Android.SmsSend.16940

Техническая информация

Вредоносные функции:

Отправляет СМС-сообщения:

54999818: YMN SDK503ED 6Y

Сетевая активность:

Подключается к:

s####.####.com
lan####.net
woo####.com:7079
n####.####.cn
i####.####.com
xt####.####.com
d####.####.cn
a####.####.cn
s####.####.cn
and####.####.com
1####.net
woo####.com
gl####.####.com
gl####.####.com:6566
i####.####.cn
be####.####.cn

Запросы HTTP GET:

n####.####.cn/games/70dd2c41/20170315/16.gif
1####.net/webmail-static/images/vip.com/down_arrow.png
s####.####.cn/css/79/index2016/v0510/index.css
n####.####.cn/sports/transform/20170315/gssd-fychtth0531692.jpg
n####.####.cn/tech/20170315/IVZR-fychtth0086748.gif
n####.####.cn/news/transform/20170315/R5LD-fychtth0405905.png
d####.####.cn/home/2014/1030/hxjzg103.jpg
s####.####.cn/imp/imp/deal/1b/1c/0/c3860408163313c99a8a75bebac_p24_mk24.jpg
d####.####.cn/litong/zhitou/sinaads/demo/jiliang/chezhan201611/monbox_chezhan.js
n####.####.cn/news/transform/20170315/Mx42-fychtth0314778.png
i####.####.cn/sinaauto/2016/sinahome/chooseCars.js
i####.####.cn/js/user_panel_homepage.js
d####.####.cn/dy/deco/2014/0923/guoqing2014/sina_101_2014_html_bg.jpg
d####.####.cn/home/2017/0315/U21P30DT20170315214916.jpg
d####.####.cn/dy/deco/2013/0329/logo/LOGO_1x.png
n####.####.cn/sports/transform/20170315/_Prs-fychtth0378398.jpg
s####.####.com/imp/imp/deal/ae/16/3/3bfeb5c6a67222bc60433d3018e_p24_mk24.jpg
d####.####.cn/d1images/sinaads_entry/sinaads_entry_index.js
s####.####.cn/js/79/2013/0717/fix.js
d####.####.cn/home/main/index2013/0403/icon.png
d####.####.cn/home/2014/1030/jb5.jpg
n####.####.cn/auto/transform/20170227/H4GG-fyavvsk3669984.jpg
lan####.net/demo.php
d####.####.cn/litong/zhitou/sinaads/release/sinaads.js
n####.####.cn/auto/transform/20170310/gYx3-fychttf8931442.jpg
n####.####.cn/auto/transform/20170306/Tw3n-fycaahm6346924.jpg
d####.####.cn/home/main/blk/d.gif
n####.####.cn/public_column/20170316/1_IV-fychtth0796233.jpg
n####.####.cn/eladies/20170316/nAMN-fychtth0777861.jpg
n####.####.cn/auto/transform/20170310/G3sU-fychhus0414522.jpg
i####.####.cn/js/jq172.js
d####.####.cn/unipro/pub/suda_m_v629.js
1####.net/webmail-static/images/vip.com/vip_mail_logo.png
xt####.####.com/%7B%22pd%22%3A%22-.-TOMMAIL-.-%22%2C%22su%22%3A%22http%3A%2F%2Fxtrack.tomonline-inc.com%2F%22%2C%22cn%22%3A%22at_oviwm%22%2C%22categor...
n####.####.cn/news/643213b9/20170228/sina_01201642_2017_bg.js?2017030####
s####.####.cn/
n####.####.cn/default/transform/20170314/o_Pr-fychttf9761918.jpg
d####.####.cn/home/main/index2013/0719/bg2.png
i####.####.com/imp/56b452177f800212b3d8ce007fc418f9_os29f8d1.jpg
n####.####.cn/default/1e20c22f/20170314/WangShangYouHaiXinXiJuBaoZhuanQu.jpg
d####.####.cn/home/2017/0314/U996P30DT20170314095851.jpg
1####.net/webmail-static/js/lib/track/track.js
d####.####.cn/litong/zhitou/sinaads/demo/wanglt/sinaIndexAD/sinaAD_slide01.js
d####.####.cn/dy/deco/2013/0305/d.gif
1####.net/webmail-static/js/lib/sea.js
i####.####.cn/newchart/small/t/sh000001.gif
d####.####.cn/home/2017/0313/U996P30DT20170313100310.jpg
n####.####.cn/sports/20170315/VIcK-fychtth0163420.jpg
i####.####.cn/js/outlogin_layer.js
n####.####.cn/news/20161214/WCVU-fxypunk6627147.jpg
1####.net/
n####.####.cn/auto/transform/20170315/rP4P-fychtth0531742.jpg
n####.####.cn/news/643213b9/20170228/2017_02_28.jpg
be####.####.cn/data.html?1485415####
1####.net/webmail-static/images/vip.com/04banner.jpg
n####.####.cn/public_column/20170316/MCxs-fychtth0792983.jpg
d####.####.cn/dy/deco/2013/0321/bg1px.png
i####.####.cn/iplookup/iplookup.php?format=####
d####.####.cn/home/2017/0315/U8327P30DT20170315095829.jpg
n####.####.cn/video/20170316/8Lqn-fychtth0751402.jpg
n####.####.cn/news/643213b9/20170228/phbut_11.png
1####.net/webmail-static/js/vip.com/jquery.js
lan####.net/apk.php
n####.####.cn/ent/js/lib/jquery-3.1.1.min.js
be####.####.cn/h.js
n####.####.cn/ent/20170316/d5mu-fychtth0763970.jpg
n####.####.cn/games/70dd2c41/20170315/19.jpg
d####.####.cn/home/2017/0313/U996P30DT20170313101249.jpg
n####.####.cn/auto/transform/20170227/Fjsj-fyavvsk3668102.jpg
be####.####.cn/a.gif?V=####&CI=####&PI=####&UI=####&MT=####&EX=####&gUid_14####
n####.####.cn/news/20170310/5zJI-fychttf8914187.jpg
d####.####.cn/cha/images/c.gif
gl####.####.com:6566/AdRedirect.aspx?offerid=####&cid=####&affid=####&aff_sub=####&aff_sub2=####&aff_sub3=####&aff_sub4=####
n####.####.cn/default/1e20c22f/20161223/titlejbicon.png
d####.####.cn/home/2017/0314/U2284P30DT20170314100904.jpg
1####.net/webmail-static/css/vip.com/tom_vip_login.css
n####.####.cn/ent/transform/20170316/p_cU-fychtth0738785.jpg
n####.####.cn/tech/transform/20170315/Ztgo-fychtth0054254.png
n####.####.cn/news/20170316/YMRC-fychtth0789905.jpg
d####.####.cn/litong/zhitou/sinaads/demo/wanglt/sinaIndexAD/edu_ad_change.js
a####.####.cn/get_ad_list/PG_514AC419D66F33?callback=####
n####.####.cn/auto/transform/20170313/ZIIb-fychhuq4207375.jpg
be####.####.cn/ckctl.html
n####.####.cn/auto/transform/20170310/EqPQ-fychhuq3643040.jpg
d####.####.cn/home/main/index2013/0509/bkjb.png
n####.####.cn/news/20170302/TarY-fycapec0070461.jpg
n####.####.cn/sports/transform/20170314/Y0lR-fychttf9637874.jpg
i####.####.cn/js/ssologin.js
n####.####.cn/ent/20170316/7HOS-fychtth0841428.jpg
n####.####.cn/www/index/12377app.png
1####.net/webmail/login/index.action
gl####.####.com/AdRedirect.aspx?offerid=####&cid=####&affid=####&aff_sub=####&aff_sub2=####&aff_sub3=####&aff_sub4=####
n####.####.cn/auto/transform/20170306/hv_A-fycaafp2064175.jpg

Запросы HTTP POST:

and####.####.com/rqd/async
woo####.com/jsdk/ss.action?b=####
woo####.com:7079/jsdk/ss.action?b=####

Изменения в файловой системе:

Создает следующие файлы:

/data/data/####/shared_prefs/com.hyjt.app.spf_wap_413.xml
/data/data/####/databases/bugly_db_-journal
/data/data/####/cache/webviewCacheChromium/f_00000a
/data/data/####/cache/webviewCacheChromium/f_00000c
/data/data/####/cache/webviewCacheChromium/f_00000b
/data/data/####/cache/webviewCacheChromium/f_00000e
/data/data/####/cache/webviewCacheChromium/f_00000d
/data/data/####/cache/webviewCacheChromium/f_00000f
/data/data/####/cache/webviewCacheChromium/data_3
/data/data/####/cache/webviewCacheChromium/data_2
/data/data/####/cache/webviewCacheChromium/data_1
/data/data/####/cache/webviewCacheChromium/data_0
/data/data/####/cache/webviewCacheChromium/f_000012
/data/data/####/cache/webviewCacheChromium/f_000013
/data/data/####/cache/webviewCacheChromium/f_000010
/data/data/####/cache/webviewCacheChromium/f_000011
/data/data/####/databases/webviewCookiesChromium.db-journal
/sdcard/SexVideo/20170126.txt
/data/data/####/shared_prefs/com.hyjt.app.android.india.preferrence.xml
/data/data/####/shared_prefs/com.hyjt.app.android.india.preferrence.xml.bak
/data/data/####/databases/webview.db-journal
/data/data/####/cache/webviewCacheChromium/f_000008
/data/data/####/cache/webviewCacheChromium/f_000001
/data/data/####/cache/webviewCacheChromium/f_000003
/data/data/####/cache/webviewCacheChromium/f_000002
/data/data/####/cache/webviewCacheChromium/f_000005
/data/data/####/cache/webviewCacheChromium/f_000004
/data/data/####/cache/webviewCacheChromium/f_000007
/data/data/####/cache/webviewCacheChromium/f_000006
/data/data/####/cache/webviewCacheChromium/f_000009
/data/data/####/files/security_info
/data/data/####/cache/webviewCacheChromium/f_000014
/data/data/####/files/local_crash_lock
/data/data/####/cache/webviewCacheChromium/index

Другие:

Запускает следующие shell-скрипты:

/system/bin/sh -c getprop ro.genymotion.version
/system/bin/sh -c getprop ro.secure
/system/bin/sh -c getprop qemu.sf.fake_camera
/system/bin/sh -c getprop androVM.vbox_dpi
/system/bin/sh -c getprop gsm.sim.state
/system/bin/sh -c getprop ro.board.platform
/system/bin/sh -c getprop gsm.sim.state2
/system/bin/sh -c getprop ro.debuggable
/system/bin/sh -c type su

Может автоматически отправлять СМС-сообщения.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней