Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.SmsSend.1867.origin
- Android.SmsSend.1875.origin
Сетевая активность:
Подключается к:
- ad####.com
- tra####.####.com
- 2####.####.155
- 6601####.####.click
- u####.com:7079
- allsite####.com
- google-####.com
- and####.####.com
- webmas####.####.com
- c####.####.com
- d####.####.com
- woo####.com
- gl####.####.com
- gl####.####.com:6566
- et####.com
- u####.com
- a####.####.com
Запросы HTTP GET:
- webmas####.####.com/ct/imgcount.php?a=####&s=####&t=####&p=####
- c####.####.com/rk/mikesapartment/faces/antonia2-300x200.jpg
- c####.####.com/rk/sneakysex/faces/melissamoore-300x200.jpg
- c####.####.com/rk/teenslovehugecocks/faces/khloekapri.jpg
- 6601####.####.click/proc.php?5d6d1d3####
- 6601####.####.click/?utm_term=####&clickverify=####
- c####.####.com/Rk/GLSubsite/Tour/assets/fonts/lato/latolatin-regular-webfont.ttf
- c####.####.com/Rk/RealityKingsCom/Tour/assets/img/RKLogo_verti.png
- google-####.com/analytics.js
- woo####.com/processurl20170307.js
- c####.####.com/rk/eurosexparties/faces/sharonlee2.jpg
- c####.####.com/rk/roundandbrown/faces/ravenwylde-300x200.jpg
- c####.####.com/rk/bignaturals/faces/mekolilly.jpg
- et####.com/events?app_id=####&eventName=####&saffCode=####&saffCodeType=####&saffDomain=####&snetworkCode=####&sconversionType=####&sconvertingPage=##...
- c####.####.com/rk/momslickteens/faces/brookehaze-300x200.jpg
- ad####.com/retarget?k=####
- 6601####.####.click/?utm_medium=####&utm_campaign=####&cid=####&1=####
- allsite####.com/3/main.htm?id=####&p=####&s=####
- c####.####.com/rk/eurosexparties/faces/sharonlee2-300x200.jpg
- c####.####.com/rk/teenslovehugecocks/faces/khloekapri-300x200.jpg
- c####.####.com/rk/milfhunter/faces/sarastclair2-300x200.jpg
- c####.####.com/Rk/RealityKingsCom/Tour/assets/img/icons/icon_firefox.png
- c####.####.com/rk/momslickteens/faces/alexisfawx-300x200.jpg
- c####.####.com/rk/momslickteens/faces/brookehaze.jpg
- c####.####.com/rk/firsttimeauditions/faces/alyssacole-300x200.jpg
- c####.####.com/rk/cumfiesta/faces/stoneylynn.jpg
- c####.####.com/rk/momsbangteens/faces/alexis3.jpg
- c####.####.com/Rk/RealityKingsCom/Tour/assets/js/common.min.340de6fe.js
- c####.####.com/rk/welivetogether/faces/selenasosa-300x200.jpg
- c####.####.com/rk/mikesapartment/faces/katyjayne-300x200.jpg
- c####.####.com/rk/welivetogether/faces/pressleycarter2.jpg
- c####.####.com/Rk/RealityKingsCom/Tour/assets/img/icons/icon_safari.png
- allsite####.com/tour/videos/
- c####.####.com/Rk/RealityKingsCom/Tour/assets/img/icons/icon_ie.png
- c####.####.com/rk/rkprime/faces/sierranicole.jpg
- c####.####.com/zexit/images/asacp.gif
- c####.####.com/rk/momslickteens/faces/alexisfawx.jpg
- c####.####.com/rk/streetblowjobs/faces/kandiquinn.jpg
- c####.####.com/Rk/RealityKingsCom/Tour/assets/css/styles.a8b7e21c.css
- c####.####.com/rk/welivetogether/faces/selenasosa.jpg
- c####.####.com/Rk/RealityKingsCom/Tour/assets/img/icons/icon_chrome.png
- google-####.com/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####&ul=####&de=####&dt=####&sd=####&sr=####&vp=####&je=####&_u=####&jid=####&cid=####...
- d####.####.com/d/33164576433fd4daa1?sub=####
- c####.####.com/Rk/RealityKingsCom/Tour/assets/js/tour.min.2e34c97c.js
- c####.####.com/rk/sneakysex/faces/melissamoore.jpg
- et####.com/guid?app_id=####&eventName=####&
- c####.####.com/Rk/GLSubsite/Tour/assets/fonts/lato/latolatin-bold-webfont.ttf
- c####.####.com/rk/rkprime/faces/angelsmalls2.jpg
- tra####.####.com/?p=####&media_type=####&click_id=####
- c####.####.com/zexit/images/rta.jpg
- c####.####.com/rk/firsttimeauditions/faces/alyssacole.jpg
- c####.####.com/rk/mikesapartment/faces/katyjayne.jpg
- c####.####.com/rk/cumfiesta/faces/stoneylynn-300x200.jpg
- c####.####.com/rk/milfhunter/faces/brookeberetta.jpg
- ad####.com/92520128/r/5a4b1645?affclick=####
- c####.####.com/rk/welivetogether/faces/pressleycarter2-300x200.jpg
- c####.####.com/rk/rkprime/faces/angelsmalls2-300x200.jpg
- c####.####.com/rk/roundandbrown/faces/charlierae.jpg
- c####.####.com/atlas/atlaslib.js
- c####.####.com/Rk/GLSubsite/Tour/assets/fonts/lato/latolatinlight-regular-webfont.ttf
- 2####.####.155/cm-tracker/cmreqrec.do?pid=####&sysuid=####&cid=####&publish_id=####
- c####.####.com/rk/milfhunter/faces/brookeberetta-300x200.jpg
- c####.####.com/rk/snapchat_wh.png
- a####.####.com/pool_link/1514/bmconv_20170401124747_99d8d9e9_4e7d_4a3e_88a5_eee7f09f7b7e?domain=####
- c####.####.com/rk/mikesapartment/faces/antonia2.jpg
- c####.####.com/rk/paysites-billers-wh.png
- c####.####.com/Rk/RealityKingsCom/Tour/assets/js/common.f591ca9b.js
- c####.####.com/rk/8thstreetlatinas/faces/alexisjane.jpg
- woo####.com/findbutton20161226.js
- c####.####.com/rk/8thstreetlatinas/faces/carmencaliente2.jpg
- c####.####.com/rk/momsbangteens/faces/alexis3-300x200.jpg
- c####.####.com/rk/roundandbrown/faces/charlierae-300x200.jpg
- gl####.####.com:6566/AdRedirect.aspx?offerid=####&cid=####&affid=####&aff_sub=####&aff_sub2=####&aff_sub3=####&aff_sub4=####
- d####.####.com/gw?url=####&vId=####&ef=####&ch=####&nid=####&sub=####
- c####.####.com/rk/cumfiesta/faces/emilymena-300x200.jpg
- c####.####.com/rk/rkprime/faces/sierranicole-300x200.jpg
- c####.####.com/rk/cumfiesta/faces/emilymena.jpg
- c####.####.com/rk/bignaturals/faces/stellacox.jpg
- woo####.com/simulationClickYes.js
- c####.####.com/Rk/RealityKingsCom/Tour/assets/img/RKlogo2.png
- c####.####.com/rk/bignaturals/faces/mekolilly-300x200.jpg
- c####.####.com/rk/8thstreetlatinas/faces/carmencaliente2-300x200.jpg
- c####.####.com/rk/streetblowjobs/faces/kandiquinn-300x200.jpg
- c####.####.com/rk/8thstreetlatinas/faces/alexisjane-300x200.jpg
- c####.####.com/rk/milfhunter/faces/sarastclair2.jpg
- c####.####.com/zexit/images/labeled.gif
- c####.####.com/rk/roundandbrown/faces/ravenwylde.jpg
- c####.####.com/rk/bignaturals/faces/stellacox-300x200.jpg
- c####.####.com/Rk/Base/Common/assets/img/loading.gif
- gl####.####.com/AdRedirect.aspx?offerid=####&cid=####&affid=####&aff_sub=####&aff_sub2=####&aff_sub3=####&aff_sub4=####
Запросы HTTP POST:
- and####.####.com/rqd/async
- u####.com/jsdk/sd.action?b=####&ca=####&ica=####&re=####
- u####.com:7079/jsdk/sd.action?b=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/cache/webviewCacheChromium/f_00002f
- /data/data/####/cache/webviewCacheChromium/f_00002e
- /data/data/####/cache/webviewCacheChromium/f_00002d
- /data/data/####/cache/webviewCacheChromium/f_00002c
- /data/data/####/cache/webviewCacheChromium/f_00002b
- /data/data/####/cache/webviewCacheChromium/f_00002a
- /data/data/####/cache/webviewCacheChromium/f_00003e
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /sdcard/commonsdk/processurl20170307.js
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/cache/webviewCacheChromium/f_000034
- /data/data/####/cache/webviewCacheChromium/f_000035
- /data/data/####/cache/webviewCacheChromium/f_000036
- /data/data/####/cache/webviewCacheChromium/f_000037
- /data/data/####/cache/webviewCacheChromium/f_000030
- /data/data/####/cache/webviewCacheChromium/f_000031
- /data/data/####/cache/webviewCacheChromium/f_000018
- /data/data/####/cache/webviewCacheChromium/f_000019
- /data/data/####/cache/webviewCacheChromium/f_000016
- /data/data/####/cache/webviewCacheChromium/f_000017
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/cache/webviewCacheChromium/f_000015
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/fileswapsdk/local/localCopy.data
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/cache/webviewCacheChromium/f_000038
- /data/data/####/fileswapsdk/local/170126074042576.dex
- /data/data/####/cache/webviewCacheChromium/f_000039
- /data/data/####/cache/webviewCacheChromium/f_000007
- /sdcard/commonsdk/simulationClickYes.js
- /data/data/####/databases/webview.db-journal
- /data/data/####/fileswapsdk/local/go.png
- /data/data/####/files/target.dex
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/cache/webviewCacheChromium/f_00003d
- /data/data/####/databases/bugly_db_-journal
- /data/data/####/shared_prefs/com.app.myth.comedyworld.preference.xml
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/f_00003a
- /data/data/####/cache/webviewCacheChromium/f_00003b
- /data/data/####/cache/webviewCacheChromium/f_00003c
- /data/data/####/cache/webviewCacheChromium/f_00001f
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/cache/webviewCacheChromium/f_00001d
- /data/data/####/cache/webviewCacheChromium/f_00001e
- /data/data/####/cache/webviewCacheChromium/f_00001b
- /data/data/####/cache/webviewCacheChromium/f_00001c
- /data/data/####/cache/webviewCacheChromium/f_000032
- /data/data/####/cache/webviewCacheChromium/f_00001a
- /data/data/####/cache/webviewCacheChromium/f_000027
- /data/data/####/cache/webviewCacheChromium/f_000026
- /data/data/####/cache/webviewCacheChromium/f_000025
- /data/data/####/cache/webviewCacheChromium/f_000024
- /data/data/####/cache/webviewCacheChromium/f_000023
- /data/data/####/cache/webviewCacheChromium/f_000022
- /data/data/####/cache/webviewCacheChromium/f_000021
- /data/data/####/cache/webviewCacheChromium/f_000020
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000029
- /data/data/####/cache/webviewCacheChromium/f_000028
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/files/security_info
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/cache/webviewCacheChromium/f_000033
- /data/data/####/files/local_crash_lock
- /sdcard/commonsdk/findbutton20161226.js
- /data/data/####/cache/webviewCacheChromium/index
Другие:
Запускает следующие shell-скрипты:
- /system/bin/sh -c getprop ro.genymotion.version
- /system/bin/sh -c getprop ro.secure
- /system/bin/sh -c getprop qemu.sf.fake_camera
- /system/bin/sh -c getprop androVM.vbox_dpi
- /system/bin/sh -c getprop gsm.sim.state
- /system/bin/sh -c getprop ro.board.platform
- /system/bin/sh -c getprop gsm.sim.state2
- /system/bin/sh -c getprop ro.debuggable
- /system/bin/sh -c type su
Может автоматически отправлять СМС-сообщения.
