Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.451.origin
- Android.SmsSend.1848.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.SmsSend.13758
Предлагает установить сторонние приложения.
Сетевая активность:
Подключается к:
- s####.####.com
- t####.####.com
- c####.####.com:13006
- v####.####.com
- imgc####.####.com
- i####.####.com
- o####.####.com
- p####.####.com
- n####.####.com:16020
- 7j####.####.com
- c####.####.com
- up####.####.com:30001
- w####.####.com
- p####.####.cn
- l####.####.com
- m####.####.com
- c-h####.####.com
- bala####.####.cn
- a####.####.com
- h####.####.com
Запросы HTTP GET:
- o####.####.com/toolbox/ef314e85-8422-4a95-ace8-2b3dd7cd562f.png
- o####.####.com/toolbox/2b6785a1-0e50-4185-a098-d3fefca865f3.png
- i####.####.com/d/file/news/wenhua/2017-03-22/191d0003b860859a246c.jpg
- i####.####.com/d/file/news/wenhua/2017-03-22/18a4000d5e8ad496a200.jpg
- o####.####.com/toolbox/9ae8743a-26d9-4bf2-8051-40adcbb50f18.png
- 7j####.####.com/tdata_dVs968
- h####.####.com/js/app/swiper-3.4.0.jquery.min.js
- o####.####.com/toolbox/cd48c074-0a29-41a9-be20-ae3f7da2c54b.png
- o####.####.com/toolbox/d0e74b91-d690-4b88-9964-f6bb8d42d647.png
- h####.####.com/js/app/angular.min.js
- h####.####.com/index.manifest
- s####.####.com/config/hz-hzv3.conf
- o####.####.com/toolbox/1d559a00-e14e-4299-b29e-4a59c0dc696f.png
- h####.####.com/upload/img/Hdpi1491029356917.jpg
- o####.####.com/toolbox/d4881377-7d90-484c-bb9b-67751adc5fd0.png
- o####.####.com/toolbox/990071df-d07e-4dd8-a0d4-2c217f88572d.png
- h####.####.com/tb/apps?1485415####
- h####.####.com/upload/img/Hdpi1490685843944.jpg
- bala####.####.cn/com.fgjsd.fghrt_tzl.apk
- i####.####.com/d/file/news/wenhua/2017-03-22/191d0004ab37131b8b0c.jpg
- 7j####.####.com/tdata_IPu439
- n####.####.com:16020/api/com.ibox.flashlight/360/0/3.1.1
- h####.####.com/upload/img/Hdpi1480919683230.png
- i####.####.com/d/file/news/wenhua/2017-03-22/19230003e1eed281a161.jpg
- c####.####.com/service/game/outGlitter.do
- o####.####.com/toolbox/a4786a82-376a-4f44-b1aa-68d26f64f54f.png
- i####.####.com/d/file/news/wenhua/2017-03-22/19250003ba7d4e0ce869.jpg
- i####.####.com/d/file/news/wenhua/2017-03-22/18a3000aa465d3042501.jpg
- h####.####.com/js/app/ng-infinite-scroll.js
- h####.####.com/img/finder.png
- i####.####.com/d/file/news/wenhua/2017-03-22/191d0005bd81dcb64eb2.jpg
- o####.####.com/toolbox/d3811d77-241a-4753-a082-0e552eba86c1.jpg
- h####.####.com/upload/img/Hdpi1491029363581.jpg
- h####.####.com/css/global.css
- o####.####.com/toolbox/a3403d5e-6a77-438b-b1cd-9f6d340a219a.png
- o####.####.com/toolbox/8e5049b9-0c58-4ad1-aa4c-03c14d6b1636.png
- h####.####.com/views/content.html
- h####.####.com/css/swiper-3.4.0.min.css
- o####.####.com/toolbox/0b16f230-5b39-4bdd-8ac6-3e024b5ad20d.png
- o####.####.com/toolbox/c6ba23d7-e5be-46d5-b9ea-750eaa753fc6.png
- o####.####.com/toolbox/d9a17076-d240-45be-a092-8ca1dbec0f81.png
- o####.####.com/toolbox/d1e66c05-958a-49e6-be5e-c1c164171c17.png
- h####.####.com/js/app/api.service.js
- o####.####.com/toolbox/aaf8d4df-9722-4fc3-ab3b-e2b2ed876739.png
- bala####.####.cn/com.shiyi.bkby_tzl.apk
- h####.####.com/js/app/ng-infinite-scroll.min.js
- 7j####.####.com/tdata_eXr759
- o####.####.com/toolbox/7ce625b0-659e-44fd-9c19-c3cf23ac7c2c.png
- h####.####.com/img/mask.png
- h####.####.com/js/app/config.js
- o####.####.com/toolbox/15a069e3-d07a-4a86-be64-2db58c1befdc.png
- o####.####.com/toolbox/6d04791a-eb84-4e5f-be02-13a9c4085982.png
- o####.####.com/toolbox/b914c4a3-71b8-4df6-bc00-dbd7d22e43c4.png
- h####.####.com/js/app/directive.js
- m####.####.com/gdt_mview.fcg?datatype=####&posid=####&count=####&r=####&adposcount=####&ext=####
- o####.####.com/toolbox/3adbfdd5-1a21-4b1e-bdb5-d99f6773e7fc.png
- h####.####.com/views/index.html
- h####.####.com/upload/img/Hdpi1488338103963.png
- o####.####.com/toolbox/a16b6a2f-3b90-484e-9a27-2aef6c163afd.png
- o####.####.com/toolbox/5faf8bc1-8302-442e-8986-3137597431ae.png
- o####.####.com/toolbox/abcf30bf-9e85-4982-867c-1ff32b654c5e.png
- i####.####.com/d/file/news/wenhua/2017-03-22/199b000bec3be324f351.jpg
- c####.####.com/jquery/1.11.1/jquery.min.js
- o####.####.com/toolbox/0a56943a-a027-4421-8c27-e09cd2251c43.png
- t####.####.com/1.0/config/query?auth_ver=####&appkey=####&nonce=####&model=####&is=####&signmd5=####&op=####&vendor=####&locale=####&pkg=####&tk=####&...
- o####.####.com/toolbox/ae416748-7773-49ad-9baf-23b07aa6c9b3.png
- o####.####.com/toolbox/44068e6f-6287-4692-ab20-304f87c539b6.png
- o####.####.com/toolbox/a0acb8a5-d760-43b9-a917-0a3a82548fd7.png
- o####.####.com/toolbox/fbf327a3-6db4-4721-9d2a-c91ee36c00ac.png
- o####.####.com/toolbox/b83c6b13-b3b2-4dbd-b58c-92650819fe6a.png
- 7j####.####.com/tdata_dRv079
- o####.####.com/toolbox/76f45a30-22b9-43e4-91d8-e757912e8c02.png
- h####.####.com/upload/img/Hdpi1485240803839.jpg
- c####.####.com:13006/server/dadata?packageName=####&channel=####&version=####&
- o####.####.com/toolbox/bfda30ae-8e50-4742-a078-472a0129a53a.png
- o####.####.com/toolbox/95aeda39-3135-4d48-a933-d484100f6770.png
- h####.####.com/upload/img/Hdpi1485169290894.png
- p####.####.cn/gdt/0/transformer_8854671520324282529_149.jpg/0?ck=####
- h####.####.com/js/app/bluebird.min.js
- h####.####.com/js/app/controller.js
- o####.####.com/toolbox/14db5675-4df0-4d17-9ebc-b709897fae95.jpg
- h####.####.com/js/app/ocLazyLoad.js
- c####.####.com/service/appConfigArray.do?pkg=####&
- o####.####.com/toolbox/d74e8e64-8afa-4e65-8f3d-b7898d1959e3.png
- h####.####.com/js/app/filter.js
- o####.####.com/toolbox/edd7ac05-bf14-4126-9a1f-d7439e3988e0.png
- h####.####.com/index.html
- o####.####.com/toolbox/e169a69b-41e3-487f-a6e1-04e6fac1e3c7.png
- h####.####.com/upload/img/Hdpi1490685633599.jpg
- o####.####.com/toolbox/5b199753-9b35-4243-8590-d7763f184f2c.png
- h####.####.com/js/app/app.js
- imgc####.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his/release/plugin.dex-543.jar
- p####.####.com/cityjson
- o####.####.com/toolbox/5fd3f864-bf9a-417c-acf1-dfed702b262a.png
- h####.####.com/js/app/jquery1.7.js
- h####.####.com/upload/img/Hdpi1480919559244.png
- h####.####.com/
- h####.####.com/upload/img/Hdpi1491029370411.jpg
- o####.####.com/toolbox/89e838d5-a6ba-4295-a326-faad99b4a94c.png
- h####.####.com/js/app/angular-utf8-base64.js
- o####.####.com/toolbox/a82e7dfe-d54a-4eca-86cc-086da3097bc7.png
- h####.####.com/img/back.png
- h####.####.com/js/app/angular-ui-router.js
- c####.####.com//service/customConfig.do?code=####&pkg=####&
- i####.####.com/d/file/news/wenhua/2017-03-22/19220002d2b077834fdf.jpg
- o####.####.com/toolbox/a282566c-8cc2-406f-a8e3-160b867ecdca.png
- o####.####.com/toolbox/243b18b4-6793-4605-b5c4-62f6526f184a.png
- h####.####.com/index2.html
- w####.####.com/
- i####.####.com/d/file/news/wenhua/2017-03-22/1923000270ca55b80f20.jpg
- o####.####.com/toolbox/4035abcd-9b89-4a36-a0d4-bd915b32130d.png
- o####.####.com/toolbox/f99ad5d6-86af-476d-8f6c-fbcbac3cf149.jpg
- h####.####.com/tb/bikanAPI/api/23_json.php?qid=####&endkey=####&type=####&pageSize=####&Thu%20J####
Запросы HTTP POST:
- c####.####.com/service/customGridSql.do
- s####.####.com/api.htm?format=####&t=####
- s####.####.com/pkl16.html
- a####.####.com/jiagu/t/infos
- h####.####.com/tb/data?1485415####
- p####.####.com/jiagu/msgs
- up####.####.com:30001/config
- p####.####.com/api/tokens?tk=####&sv=####
- p####.####.com/api/data?token=####&tk=####&sv=####
- a####.####.com/ad-service/ad/mark
- s####.####.com/api.php?format=####&t=####
- v####.####.com/gdt_stats.fcg
- l####.####.com/ajax?c=####&k=####
- l####.####.com/ajax?c=####&v=####&k=####
- a####.####.com/app_logs
- s####.####.com/activate
- h####.####.com/tb/thirdAPI/xianguo?1485415####
- c-h####.####.com/api.php?format=####&t=####
- a####.####.com/jiagu/mark/upgrade
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/files/.jiagu.lock
- /sdcard/Android/data/####/cache/uil-images/journal
- /data/data/####/app_e_qq_com_setting/gdt_suid
- /data/data/####/files/init.pid
- /sdcard/IBOX/data/ExitGlitterData.data
- /sdcard/.com.fgjsd.fghrt/game_res/conveying
- /sdcard/.fp_search_lock
- /data/data/####/databases/GDTSDK.db
- /data/data/####/databases/cc.db
- /sdcard/system/tmp/local/tdata_IPu439
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /sdcard/.fp_cache/.NEWSPRINTER/.FP_HTML
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /sdcard/.userReturn
- /data/data/####/shared_prefs/tbs_download_config.xml.bak
- /data/data/####/databases/GDTSDK.db-journal
- /sdcard/system/tmp/local/tdata_eXr759
- /data/data/####/databases/z-journal
- /data/data/####/shared_prefs/jg_app_update_settings_random.xml
- /sdcard/IBOX/.nomedia
- /data/data/####/shared_prefs/umeng_general_config.xml
- /data/data/####/files/.umeng/exchangeIdentity.json
- /data/data/####/files/init_c1.pid
- /data/data/####/databases/pushg.db-journal
- /data/data/####/files/tdata_dRv079
- /data/data/####/files/exid.dat
- /sdcard/IBOX/cd48c074-0a29-41a9-be20-ae3f7da2c54b.png
- /sdcard/libs/####.db
- /data/data/####/databases/webview.db-journal
- /data/data/####/app_e_qq_com_plugin/gdt_plugin.tmp.sig
- /sdcard/IBOX/switch
- /data/data/####/app_jgls/.log.ls
- /data/data/####/files/.jglogs/.jg.ri
- /sdcard/IBOX/data/NotificationAppConfig_Local.data
- /data/data/####/files/tdata_IPu439
- /sdcard/IBOX/0a56943a-a027-4421-8c27-e09cd2251c43.png
- /data/data/####/files/analytics-logs/####_2017_01_26_07.p0.tar
- /data/data/####/shared_prefs/netstate.xml
- /sdcard/IBOX/0a56943a-a027-4421-8c27-e09cd2251c43.png.tmp
- /data/data/####/files/run.pid
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /sdcard/.icon_profile_lock
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /sdcard/.fp_cache/.FP_STATUS
- /data/data/####/app_e_qq_com_plugin/update_lc
- /data/data/####/files/gdaemon_20161017
- /sdcard/.com.fgjsd.fghrt/game_res/savedch
- /data/data/####/shared_prefs/DianxinDXB.xml
- /data/data/####/shared_prefs/version_compat.xml
- /data/data/####/shared_prefs/icon_mark_info.xml
- /data/data/####/databases/xUtils.db-journal
- /data/data/####/databases/tmpd8.db-journal
- /sdcard/system/tmp/local/tdata_dRv079
- /data/data/####/files/tdata_eXr759
- /data/data/####/shared_prefs/com.dot.footprint.kvp_cache.xml
- /sdcard/IBOX/NotificationAppConfig_Local
- /sdcard/IBOX/aeb66b61e19656473b9db61e3f7ee22b.jpg.tmp
- /data/data/####/databases/sk-journal
- /data/data/####/app_tbs/core_private/tbscoreinstall.txt
- /data/data/####/files/analytics-logs/####_2017_01_26_07.p0.gz
- /data/data/####/databases/cc.db-journal
- /data/data/####/app_e_qq_com_plugin/gdt_plugin.tmp
- /data/data/####/databases/filedownloader-journal
- /data/data/####/files/.jglogs/.jg.ac
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/shared_prefs/i.xml
- /data/data/####/shared_prefs/com.dot.analytics.DotAnalytics_storedPreferences.xml.bak
- /sdcard/libs/app.db
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /sdcard/IBOX/d4881377-7d90-484c-bb9b-67751adc5fd0.png
- /data/data/####/files/umeng_it.cache
- /sdcard/IBOX/b83c6b13-b3b2-4dbd-b58c-92650819fe6a.png.tmp
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/files/.jglogs/.jg.ic
- /sdcard/.fp_cache/.SEARCHPRINTER/.FP_KEYWORDS_2017-01-26
- /data/data/####/databases/d-journal
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/databases/sk
- /data/data/####/files/tdata_IPu439.jar
- /data/data/####/shared_prefs/com.dot.footprint.version_code.xml
- /sdcard/.com.fgjsd.fghrt/game_res/verinfo.cfg
- /data/data/####/shared_prefs/tbs_download_config.xml
- /sdcard/.fp_pull_lock
- /data/data/####/app_e_qq_com_setting/sdkCloudSetting.cfg
- /data/data/####/files/push.pid
- /data/data/####/.jiagu/libjiagu.so
- /data/data/####/databases/pushsdk.db-journal
- /data/data/####/databases/ua.db
- /data/data/####/databases/i-journal
- /data/data/####/shared_prefs/jg_core_setting.xml.bak
- /data/data/####/app_tbs/share/core_info
- /data/data/####/databases/d
- /data/data/####/files/tdata_dVs968.jar
- /sdcard/.fp_cache/.SEARCHPRINTER/.FP_SEARCHBASE
- /sdcard/IBOX/5faf8bc1-8302-442e-8986-3137597431ae.png.tmp
- /data/data/####/shared_prefs/icon_build_events.xml
- /data/data/####/databases/i
- /sdcard/IBOX/data/switch.data
- /data/data/####/databases/filedownloader
- /data/data/####/app_e_qq_com_plugin/gdt_plugin.jar.sig
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/databases/z
- /data/data/####/shared_prefs/tbs_download_stat.xml
- /data/data/####/shared_prefs/dotools_config.xml
- /sdcard/IBOX/download/com.shiyi.bkby_151.apk.tmp
- /data/data/####/files/analytics-logs/####.p0.log
- /sdcard/IBOX/aeb66b61e19656473b9db61e3f7ee22b.jpg
- /data/data/####/app_jgls/.log.lock
- /sdcard/IBOX/download/com.fgjsd.fghrt_1.apk.tmp
- /data/data/####/app_e_qq_com_plugin/gdt_plugin.jar
- /sdcard/.fp_news_lock
- /sdcard/IBOX/NotificationAppConfig_Net
- /sdcard/IBOX/data/iboxapps.data
- /sdcard/system/tmp/local/tdata_dVs968
- /data/data/####/databases/jks.db-journal
- /data/data/####/shared_prefs/jg_core_setting.xml
- /sdcard/IBOX/iboxapps
- /sdcard/IBOX/5faf8bc1-8302-442e-8986-3137597431ae.png
- /data/data/####/app_e_qq_com_setting/devCloudSetting.sig
- /data/data/####/shared_prefs/rt.xml
- /data/data/####/app_e_qq_com_setting/sdkCloudSetting.sig
- /data/data/####/files/tdata_dVs968
- /sdcard/libs/com.getui.sdk.deviceId.db
- /sdcard/.fp_cache/.NEWSPRINTER/.FP_NEWSPRINTER
- /data/data/####/files/.jglogs/.log3
- /data/data/####/shared_prefs/com.dot.analytics.DotAnalytics_storedPreferences.xml
- /data/data/####/shared_prefs/h.xml
- /data/data/####/shared_prefs/icon_mark_info.xml.bak
- /data/data/####/databases/al_events.db-journal
- /data/data/####/databases/ua.db-journal
- /sdcard/IBOX/cd48c074-0a29-41a9-be20-ae3f7da2c54b.png.tmp
- /data/data/####/app_e_qq_com_setting/devCloudSetting.cfg
- /data/data/####/databases/pushext.db-journal
- /data/data/####/files/userSessions
- /sdcard/libs/com.igexin.sdk.deviceId.db
- /data/data/####/files/.imprint
- /sdcard/.fp_cache/.FOOTBASE/.FP_FOOTBASE
- /data/data/####/shared_prefs/utils.xml
- /data/data/####/app_appcache/ApplicationCache.db-journal
- /sdcard/.com.fgjsd.fghrt/game_res/compVersion
- /sdcard/IBOX/d4881377-7d90-484c-bb9b-67751adc5fd0.png.tmp
- /data/data/####/files/tdata_eXr759.jar
- /data/data/####/app_tbs/core_private/tbslock.txt
- /data/data/####/shared_prefs/com.dot.footprint.events_cache.xml
- /sdcard/libs/####.bin
- /data/data/####/shared_prefs/d.xml
- /data/data/####/app_tbs/core_private/debug.conf
- /sdcard/IBOX/b83c6b13-b3b2-4dbd-b58c-92650819fe6a.png
- /data/data/####/shared_prefs/icon_profile_list.xml
- /data/data/####/files/tdata_dRv079.jar
- /data/data/####/shared_prefs/dotools_config.xml.bak
- /sdcard/IBOX/ExitGlitterData
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /data/data/####/files/analytics-logs/####_2017_01_26_07.1.p0.log
- /sdcard/Android/data/####/cache/uil-images/journal.tmp
- /sdcard/IBOX/data/NotificationAppConfig_Net.data
- /data/data/####/shared_prefs/version_compat.xml.bak
- /data/data/####/shared_prefs/getui_sp.xml
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/gdaemon_20161017
- /data/data/####/.jiagu/libjiagu.so
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- chmod 755 /data/data/com.fgjsd.fghrt/.platformcache/main.jar
- chmod 755 /data/data/com.fgjsd.fghrt/.platformcache/kxqpplatform.jar
Использует специальную библиотеку для скрытия исполняемого байткода.
Может автоматически отправлять СМС-сообщения.
