Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Tool.SMSSend.76.origin
Сетевая активность:
Подключается к:
- m####.####.com
- i####.####.cn
- 1####.####.97
- h####.####.com
- pag####.####.com
Запросы HTTP GET:
- m####.####.com/pic/zjpic/15/140262.jpg?x-oss-process=####
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&su=####&v=####&...
- m####.####.com/pic/zjpic/14/135840.jpg?x-oss-process=####
- m####.####.com/static/js/9kubdgw.js
- m####.####.com/geshou/147.htm
- m####.####.com/static/images/top.png
- m####.####.com/pic/zjpic/5/41793.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/1/143.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/4/38548.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/4/37370.jpg?x-oss-process=####
- m####.####.com/9kuimg/zhuanji/20170321/451ebf3f78c32902.jpg?x-oss-process=####
- m####.####.com/static/images/play_btn.png
- m####.####.com/taoge/804.htm
- m####.####.com/static/js/jquery.cookie.js
- m####.####.com/pic/gstx/2/11000.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/4/38757.jpg?x-oss-process=####
- m####.####.com/9kuimg/zhuanji/20170321/0b6871157a1630a6.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/1/1352.jpg?x-oss-process=####
- m####.####.com/pic/gstx/5/46502.jpg?x-oss-process=####
- h####.####.com/hm.js?141f152####
- m####.####.com/pic/gstx/1/147.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/14/139527.jpg?x-oss-process=####
- 1####.####.97/mp32.9ku.com/upload/2016/08/16/853148.m4a
- m####.####.com/i/bang/bang_jingdian_1.png
- m####.####.com/static/images/searchBtn1.png
- m####.####.com/9kuimg/geshou/20160521/871465a95f3d001d.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/5/41555.jpg?x-oss-process=####
- m####.####.com/static/images/downBtn.png
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####<=####&nv=####&rnd=####&si=####&st=####&su=####&v=####&lv=####&...
- m####.####.com/static/js/jquery.jplayer.lyric.js
- m####.####.com/static/js/player.js
- m####.####.com/
- m####.####.com/static/images/pause_btn.png
- m####.####.com/9kuimg/zhuanji/20170321/80f3b0c823ece3ca.jpg?x-oss-process=####
- m####.####.com/static/images/line1.png
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&tt=####
- m####.####.com/pic/zjpic/14/137679.jpg?x-oss-process=####
- m####.####.com/9kuimg/zhuanji/20160817/bc687c944c53ae97.jpg?x-oss-process=####
- m####.####.com/static/images/playBtn.png
- m####.####.com/pic/zjpic/4/38848.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/14/139840.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/4/38887.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/5/41673.jpg?x-oss-process=####
- m####.####.com/9kuimg/zhuanji/20170321/dd0ec6ff15a14a6f.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/5/41795.jpg?x-oss-process=####
- i####.####.cn/iplookup/iplookup.php?format=####
- m####.####.com/pic/zjpic/15/141677.jpg?x-oss-process=####
- m####.####.com/images/no-small-avatar.png
- m####.####.com/pic/zjpic/4/39196.jpg?x-oss-process=####
- m####.####.com/9kuimg/zhuanji/20151124/3c684be1ff907ec9.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/15/141353.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/3/28160.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/5/41937.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/1/1269.jpg?x-oss-process=####
- pag####.####.com/pagead/js/adsbygoogle.js
- m####.####.com/pic/zjpic/5/41383.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/4/36175.jpg?x-oss-process=####
- m####.####.com/static/js/9ku.js
- m####.####.com/static/js/jquery.jplayer.min.js
- m####.####.com/9kuimg/taoge/20160603/8c5b274f2e50cf21.jpg
- m####.####.com/static/style/base.css
- m####.####.com/pic/zjpic/4/31571.jpg?x-oss-process=####
- m####.####.com/static/js/jquery.js
- m####.####.com/static/images/showLrc.png
- m####.####.com/static/js/TouchSlide.1.1.js
- m####.####.com/9kuimg/taoge/20160525/e82b0392e647572a.jpg
- m####.####.com/pic/zjpic/5/45236.jpg?x-oss-process=####
- m####.####.com/9kuimg/taoge/20160818/3bdacb72244e1362.jpg
- m####.####.com/pic/zjpic/15/140261.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/15/141351.jpg?x-oss-process=####
- m####.####.com/9kuimg/newtj/20160628/cc689d298a689b28.jpg?x-oss-process=####
- m####.####.com/static/images/titLine.png
- m####.####.com/pic/zjpic/4/38917.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/4/39805.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/14/139735.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/5/46679.jpg?x-oss-process=####
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####&u=####
- m####.####.com/9kuimg/zhuanji/20170321/99a9777ab815e0cb.jpg?x-oss-process=####
- m####.####.com/9kuimg/zhuanji/20160816/7b8442308dd188ce.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/4/34135.jpg?x-oss-process=####
- m####.####.com/static/images/logoBack.png
- m####.####.com/9kuimg/newtj/20160628/49383153812227d8.jpg?x-oss-process=####
- m####.####.com/static/js/base.js
- m####.####.com/upload/2016/08/16/853148.m4a
- h####.####.com/hm.gif?cc=####&ck=####&cl=####&ds=####&ep=####&et=####&ja=####&ln=####&lo=####&nv=####&rnd=####&si=####&st=####&v=####&lv=####
- pag####.####.com/pagead/js/r20170315/r20170110/show_ads_impl.js
- m####.####.com/pic/zjpic/15/140177.jpg?x-oss-process=####
- m####.####.com/9kuimg/zhuanji/20160816/2e1c0189f7abb0c3.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/3/29682.jpg?x-oss-process=####
- m####.####.com/pic/zjpic/15/142807.jpg?x-oss-process=####
- m####.####.com/pic/gstx/2/12014.jpg?x-oss-process=####
- m####.####.com/play/853148.htm
- m####.####.com/pic/zjpic/4/38838.jpg?x-oss-process=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/files/dex/hhh.jar
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/shared_prefs/WebViewSettings.xml
- /data/data/####/shared_prefs/setting.xml
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/index
Другие:
Может автоматически отправлять СМС-сообщения.
