Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 10690133603: auto##620224035##mpl_zhushou##log in with 360
Сетевая активность:
Подключается к:
- s####.####.cn
- p####.####.com
- a####.####.cn
- p####.####.cn
- e####.####.cn
- recom####.####.cn
- pro####.####.cn
- m####.####.cn
Запросы HTTP GET:
- recom####.####.cn/AppStore/getIsUpdate?ext=####&pname=####&sr=####&mysrc=####&toid=####&sa=####&inma=####&isnle=####&issys=####&vid=####&pid=####&rtru...
- p####.####.com/t0174e1b9dfb8d509ad.png
- p####.####.com/t01ced0ff4fd1878202.png
- p####.####.com/t011fdef7e6c629aae8.png
- recom####.####.cn/iservice/appJar?v=####&jvn=####&jvc=####
- recom####.####.cn/toolsManger/list?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=####&r...
- p####.####.com/t01d8fec838c8a07e6b.png
- recom####.####.cn/inew/getRecomendApps?iszip=####&logo_type=####&deflate_field=####&bannertype=####&apiversion=####&ch=####&prepage=####&curpage=####&...
- recom####.####.cn/Iservice/ServerConfig?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=#...
- p####.####.com/t01587cc94edac12f66.png
- p####.####.com/t012a5f059f883e3e13.jpg
- p####.####.com/t01c9bc76933ae20906.png
- p####.####.com/t017ef1ea0543be9357.png
- p####.####.com/t01e4ecf5a8cd7034c2.png
- p####.####.com/dr/160_160_/t012baf9104bb719772.png
- recom####.####.cn/AppPrivMap/getPrivMap?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=#...
- recom####.####.cn/iservice/pluginStatus?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=#...
- s####.####.cn/appstore/info.htm?method=####&m=####&m2=####&v=####&vn=####&re=####&ch=####&fm2=cHN####
- p####.####.com/dr/160_160_/t0140d85dfbe285c4f7.png
- a####.####.cn/intf.php?method=####&devtype=####&m1=####&m2=####&_t=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionnam...
- p####.####.com/dr/160_160_/t017b7cd94334cd52b8.png
- m####.####.cn/baohe/list?version=####&toid=####&pst=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=...
- p####.####.com/t012c1acd3a20f1fa3f.png
- recom####.####.cn/webviewjs/domainlist?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=##...
- p####.####.com/t01d26871321e707634.png
- p####.####.com/dr/160_160_/t011cfe40ab6b7abd9d.png
- p####.####.com/t017fff687f1e6f54ae.png
- p####.####.com/t01f570f167020c5813.png
- p####.####.com/t0108ddf5075c87e201.png
- recom####.####.cn/AppStore/getHotWordsIconsOfSearch?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&...
- pro####.####.cn/profile/setting/getsetting?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCoun...
- p####.####.com/t0178ff2af4ad379317.png
- a####.####.cn/intf.php?method=####&model=####&sdkversioncode=####&sdkversionname=####&versioncode=####&versionname=####&appid=####&_token=####&apivers...
- p####.####.com/t0168d2584fc040d0f7.png
- p####.####.com/t01a3c7eb268649be0c.png
- p####.####.com/t01676ba402c6fa8849.png
- p####.####.com/t018a41a243925d4f4a.jpg
- p####.####.com/t01cb3e5cc97fa58864.png
- recom####.####.cn/Iservice/FailOver?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCount=####&...
- p####.####.com/t0102d47914cbfccdba.png
- p####.####.com/dr/160_160_/t018f8e95a01bcfb383.png
- p####.####.com/dr/160_160_/t01517cc260548a09af.png
- s####.####.cn/ak/3416a75f4cea9109507cacd8e2f2aefc.html?m2=####
- p####.####.com/t01e77cd0609442f25a.png
- p####.####.com/t01bd5ec18a2a2e5521.jpg
- p####.####.com/t010bbfcd7eddfc5d07.jpg
- p####.####.com/t01a3551aceb4a806b1.png
- p####.####.com/t01d6e53443b95ac0f9.png
- p####.####.com/dr/160_160_/t01312696d79fceec36.png
- p####.####.com/t019169456d0336b6b5.png
Запросы HTTP POST:
- recom####.####.cn/mintf/getAppsByPackNames?src=####&&silent=####&plugver=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####...
- recom####.####.cn/mintf/getAppsByPackNames?src=####&&silent=####&fotime=####&plugver=####&os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2...
- p####.####.cn/pstat/plog.php
- p####.####.cn/update/update.php
- recom####.####.cn/NecessaryInstalled/appList?os=####&vc=####&v=####&md=####&sn=####&cpu=####&ca1=####&ca2=####&m=####&m2=####&ch=####&ppi=####&startCo...
- e####.####.cn/b/pv?&st=####&m2=####&model=####&mid=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl
- /sdcard/Android/data/####/cache/image/731360594.tmp
- /sdcard/Android/data/####/cache/image/-821624669
- /sdcard/Android/data/####/cache/image/704698247
- /data/data/####/localApkInfo.json
- /data/data/####/shared_prefs/PermissionMap.xml
- /sdcard/Android/data/####/cache/image/-1579746312.tmp
- /sdcard/Android/data/####/cache/image/-1553899368.tmp
- /sdcard/Android/data/####/cache/image/567236562
- /data/data/####/databases/download5.db-journal
- /sdcard/Android/data/####/cache/image/825433186.tmp
- /data/data/####/shared_prefs/crash.xml.bak
- /data/data/####/files/rooter.jar
- /sdcard/Android/data/####/cache/image/-1026232003
- /data/data/####/shared_prefs/LifeHelper.xml.bak
- /data/data/####/shared_prefs/BaoHe_only_pref.xml.bak
- /sdcard/Android/data/####/cache/image/-518795179
- /sdcard/Android/data/####/cache/image/-1095180712.tmp
- /data/data/####/files/Dual/dmss_v2.jar.timestamp
- /data/data/####/databases/new_downloads.db
- /sdcard/Android/data/####/cache/http/9686861751188906008
- /data/data/####/files/libsuav_nopie.so
- /data/data/####/files/libsucore.so
- /data/data/####/shared_prefs/save_myself_config.xml
- /sdcard/Android/data/####/cache/image/371441325.tmp
- /data/data/####/shared_prefs/clear_shortcut.xml
- /sdcard/Android/data/.nomedia
- /sdcard/Android/data/####/cache/image/656189775
- /data/data/####/databases/filelist.db-journal
- /sdcard/360Log/downloadLog_main
- /sdcard/Android/data/####/cache/image/659698630.tmp
- /data/data/####/shared_prefs/battery.xml
- /sdcard/Android/data/####/cache/image/806568357.tmp
- /sdcard/Android/data/####/cache/image/258849006
- /sdcard/Android/data/####/cache/image/977782793
- /data/data/####/shared_prefs/BaoHe_only_pref.xml
- /sdcard/Android/data/####/cache/image/1673240487
- /data/data/####/files/personal_center_setting_new
- /sdcard/Android/data/####/cache/http/1607566229-2013122881
- /sdcard/Android/data/####/cache/image/1825161705
- /sdcard/Android/data/####/cache/image/98392381
- /sdcard/Android/data/####/cache/http/1793661006-1910426701
- /sdcard/Android/data/####/cache/image/-1225991932
- /data/data/####/files/temp.tmp~
- /sdcard/Android/data/####/cache/image/1871213410.tmp
- /sdcard/Android/data/####/cache/image/794529492.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db
- /data/data/####/databases/360appstoreFavorites.db
- /sdcard/Android/data/####/cache/image/320215476
- /sdcard/Android/data/####/cache/image/318736770.tmp
- /data/data/####/shared_prefs/LifeHelper.xml
- /data/data/####/shared_prefs/event_config.xml
- /sdcard/Android/data/####/cache/image/-1818404637.tmp
- /data/data/####/databases/account.db-journal
- /sdcard/Android/data/####/cache/image/-348332201.tmp
- /data/data/####/shared_prefs/share_data.xml.bak
- /sdcard/Android/data/####/cache/image/1434325965.tmp
- /sdcard/Android/data/####/cache/image/-1326999678.tmp
- /sdcard/Android/data/####/cache/image/1421495150
- /data/data/####/files/pluginconfigcache
- /sdcard/Android/data/####/cache/image/861701609.tmp
- /data/data/####/shared_prefs/crash.xml
- /data/data/####/databases/360appstoreInstallHistory.db
- /sdcard/Android/data/####/cache/image/-1977987135.tmp
- /data/data/####/filesfree_data_feed_back_log.txt
- /data/data/####/shared_prefs/PermissionMap.xml.bak
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/files/Dual/dmss_v2.jar
- /data/data/####/databases/360appstoreInstallHistory.db-journal
- /data/data/####/databases/360appstoreFavorites.db-journal
- /data/data/####/shared_prefs/battery.xml.bak
- /sdcard/Android/data/####/cache/http/-368045730-2013122881
- /data/data/####/databases/new_downloads.db-journal
- /data/data/####/shared_prefs/share_data.xml
- /sdcard/temp.tmp~
- /sdcard/Android/data/####/cache/image/-1916877888.tmp
- /sdcard/Android/data/####/cache/image/-1925743381.tmp
- /sdcard/Android/data/####/cache/image/1986323417.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db-journal
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/libsuav_nopie.so
- /data/data/####/files/libsucore.so
Другие:
Запускает следующие shell-скрипты:
- su
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 106.120.160.207
Использует повышенные привилегии.
Может автоматически отправлять СМС-сообщения.
