Техническая информация
Вредоносные функции:
Загружает из Интернета следующие детектируемые угрозы:
- Android.Triada.120
- Android.DownLoader.329.origin
Сетевая активность:
Подключается к:
- ap####.####.com
- c####.####.la
- i####.####.com
- d####.####.com
- o####.####.com
- m4wx####.####.com:8080
- c####.####.com
- a####.####.la
- f####.####.com
- 1####.####.149:8080
- ucma####.####.com
- 1####.####.149
- a####.####.com
Запросы HTTP GET:
- ucma####.####.com/7e1a7870110ceadc4fdeccdd67cacab3/U0Bw/rb9XY/????-####
- i####.####.com/service/getIpInfo.php?ip=####
- f####.####.com/jlbb/article_2131393.efgh
- f####.####.com/jlbb/column_45696.efgh
- ucma####.####.com/072e1d37cd7c8ba4457899a369c092d4/W1z0/Huh9h/%E6%B7%AB%E6%AC%B2%E5%BD%B1%E9%99%A2.apk?sj=####
- c####.####.com/ip2city.asp
- f####.####.com/jlbb/column_39203.efgh
- 1####.####.149/app/updateversion?app=####&c=####
- f####.####.com/jlbb/column_39195.efgh
- f####.####.com/jlbb/column_39202.efgh
- f####.####.com/jlbb/column_45690.efgh
- ap####.####.com/mvideo/active!commitActive?sec=####&subPlatVer=####&rootType=####&iccid=####&netType=####&screenW=####&screenH=####&smsc=####&appid=##...
- f####.####.com/jlbb/column_39200.efgh
- d####.####.com/download/haixiu/haixiu_android-s210539_release.apk
- ap####.####.com/mvideo/pay!payLogUpload?sec=####&sequence=####&comPayType=####&netType=####&screenW=####&screenH=####&smsc=####&appid=####&appVer=####...
- f####.####.com/jlbb/column_45691.efgh
- f####.####.com/jlbb/column_45692.efgh
- f####.####.com/jlbb/column_39199.efgh
- m4wx####.####.com:8080/gl_my/c60041
- f####.####.com/jlbb/column_39198.efgh
- f####.####.com/jlbb/article_2131384.efgh
- c####.####.la/sdk_config.js
- f####.####.com/jlbb/article_2131388.efgh
- f####.####.com/jlbb/column_45689.efgh
- f####.####.com/jlbb/column_39197.efgh
- f####.####.com/jlbb/article_2131386.efgh
- f####.####.com/jlbb/column_39196.efgh
- ucma####.####.com/7e1a7870110ceadc4fdeccdd67cacab3/U0Bw/rb9XY/%E6%83%85%E6%AC%B2%E5%BD%B1%E9%99%A2-vcr
- f####.####.com/jlbb/column_39201.efgh
- f####.####.com/jlbb/column_45693.efgh
- f####.####.com/jlbb/column_45695.efgh
- f####.####.com/jlbb/article_2131394.efgh
- f####.####.com/jlbb/column_45694.efgh
Запросы HTTP POST:
- o####.####.com/v2/get_update_time
- 1####.####.149:8080/upload/api/getAppConfig.do
- o####.####.com/v2/check_config_update
- a####.####.com/app_logs
- c####.####.la/update.ashx
- a####.####.la/PayApi/Index?ts=####&rs=####&pid=####
- 1####.####.149/upload/api/getRootColumns.do
- 1####.####.149/upload/api/getColumnContent.do
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/shared_prefs/wanda.xml.bak
- /sdcard/Download/vcr
- /sdcard/Android/data/####/cache/mhzb_cache/4e71a62c0d396a99dfa9818e82d27139.0
- /data/data/####/databases/mhzb.db-journal
- /sdcard/Android/data/####/cache/mhzb_cache/aa78b86762426e3f75d5feaa39f44802.0
- /sdcard/cache/user_cache_kpsq
- /data/data/####/shared_prefs/device_id.xml.xml
- /data/data/####/shared_prefs/ju_conf.xml
- /sdcard/Android/data/####/cache/mhzb_cache/62a9dbfb359b943ba78e93f25a465f3a.0
- /data/data/####/shared_prefs/FssCommon.xml.bak
- /data/data/####/shared_prefs/updata_conf.xml
- /sdcard/Android/data/####/cache/mhzb_cache/journal.tmp
- /data/data/####/shared_prefs/shared_config.xml
- /sdcard/Android/data/####/cache/mhzb_cache/5ff552f0b849ba53351648690aff64a8.0
- /sdcard/Android/data/####/cache/mhzb_cache/8fa766de7d319b4c16d3f1e985388879.0
- /data/data/####/shared_prefs/umeng_general_config.xml
- /sdcard/Android/data/####/cache/mhzb_cache/2da2f726dfed743e3cc3e755369f288d.0
- /data/data/####/files/.imprint
- /sdcard/Android/data/####/cache/mhzb_cache/dd41c7c00af48876aa8e18cfa91ebcad.0
- /data/data/####/shared_prefs/FssCommon.xml
- /sdcard/Android/data/####/cache/mhzb_cache/6acd3376afd0aa9e655e9f245b499f60.0
- /sdcard/Android/data/####/cache/mhzb_cache/332b063cc2acdf493c7106cc121ee94f.0
- /sdcard/Android/data/####/cache/mhzb_cache/cd312ad30e4d3f9751d196102445f02b.0
- /sdcard/Android/data/####/cache/mhzb_cache/820a2fde2e575faaa597a5c5d051acd1.0
- /sdcard/Download/c60041
- /data/data/####/shared_prefs/wanda.xml
- /data/data/####/shared_prefs/shared_cache.xml
- /sdcard/Android/data/####/cache/mhzb_cache/e94d07969f00508f3b7712fdc383f68d.0
- /sdcard/Android/data/####/cache/mhzb_cache/12b9c3145239efa4fee0d4f87af08ee2.0
- /sdcard/Android/data/####/cache/mhzb_cache/ea6900505efe77f04064a5faf2236c46.0
- /sdcard/Android/data/####/cache/mhzb_cache/638043911602e78d12d29adc3f16c109.0
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml.bak
- /sdcard/Android/data/####/cache/mhzb_cache/adc0981b7ff93e3fce6ed1fb40b0b476.0
- /data/data/####/files/umeng_it.cache
- /sdcard/Android/data/####/cache/mhzb_cache/cf6d19bf17bc7e1b8d214b93e493ed4a.0
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /sdcard/Download/haixiu_androids210539_release
- /sdcard/####.start.times/####
- /sdcard/Android/data/####/cache/mhzb_cache/e184e803a8f848c2721a7b4ede9937b1.0
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
- /sdcard/Android/data/####/cache/mhzb_cache/70c3fb3223063ddd3f64ef4dcdbd1bca.0
- /sdcard/Android/data/####/cache/mhzb_cache/79a43964ec10de8d41675350d58dfaf1.0
- /sdcard/Android/data/####/cache/mhzb_cache/be80b6d9466b31b50ebb11fcb3c02305.0
- /sdcard/Android/data/####/cache/mhzb_cache/6849bbe9f2001ea129810c6c605fb021.0
Другие:
Может автоматически отправлять СМС-сообщения.
