Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 12114: HZSY#####
Отправляет данные получаемых СМС-сообщений на удалённый хост.
Сетевая активность:
Подключается к:
- sdku####.####.com
- mo####.####.com
- dynami####.####.com
- v####.####.cn
- 1####.####.com
- mmy####.####.com
- i####.####.cn
- vide####.####.cn
- priceru####.####.com
Запросы HTTP GET:
- 1####.####.com/ic.asp
- vide####.####.cn/20170330/01608e6e-cb95-4ab8-8496-4719cd96faad-20170330....
- vide####.####.cn/20170318/bc18eea1-de23-43ab-a656-8da400b3af8e-oba00312j...
- mmy####.####.com/mmys-cps/rdContent.service?deviceId=####&uuid=####&imei...
- vide####.####.cn/20170328/336dd91d-1570-40fc-ace4-600c066d1e15-2.jpg
- vide####.####.cn/TOUXIANGS89.png
- vide####.####.cn/TOUXIANGS73.png
- i####.####.cn/iplookup/iplookup.php?format=####
- mmy####.####.com/mmys-cps/videoDtl.service?id=####&rv=####&deviceId=####...
- vide####.####.cn/TOUXIANGS83.png
- vide####.####.cn/20170327/6f33fd96-77ca-4494-9022-0913d90315da-20.jpg
- v####.####.cn/20170320/78e43e9f-2df9-4f17-9897-ac21fb0c25d9-(ADN-086)_20...
- vide####.####.cn/20170315/66fbc03c-255d-496e-aa89-a47b0492f63c-vip7.jpg
- mmy####.####.com/mmys-cps/barrage3.service?videoId=####&deviceId=####&uu...
- vide####.####.cn/TOUXIANGS96.png
- mmy####.####.com/mmys-cps/styleTopChlVideo.service?pageNo=####&pageSize=...
- vide####.####.cn/20170330/78ff2c88-9fa0-4648-9830-9ceb59565dc5-1.jpg
- vide####.####.cn/20170330/79d3429e-0570-4080-be32-a4706f81daef-%E6%AF%8D...
- priceru####.####.com/price-rule-cmp/rule/matchRule?version=####&deviceId...
- vide####.####.cn/20170317/bf739e2a-c8dc-42ca-b101-b019fd57f9fe-%E4%B8%80...
- vide####.####.cn/TOUXIANGS72.png
- vide####.####.cn/20170320/f4347756-4037-466e-90ca-ae70ffd57478-(ADN-086)...
- vide####.####.cn/TOUXIANGS100.png
- vide####.####.cn/20170315/967b23fb-6845-4554-bf8c-409121f4c844-vip51.jpg
- vide####.####.cn/TOUXIANGS102.png
- mmy####.####.com/mmys-cps/runConfig.service?deviceId=####&imei=####&imsi...
- vide####.####.cn/20170317/62911c63-a7b8-4c15-bbae-908df8f834a6-%E7%8C%A5...
- vide####.####.cn/hao155.jpg
- vide####.####.cn/20170315/d686c714-d2ca-4182-a3cd-d7e11cc74e46-vip5.jpg
- vide####.####.cn/tou2100.jpg
- mmy####.####.com/mmys-cps/videoComment2.service?videoId=####&deviceId=##...
- vide####.####.cn/TOUXIANGS109.png
- mmy####.####.com/mmys-cps/vdtRmdVideoList.service?showStyle=####&id=####...
- vide####.####.cn/20170410/a00d0e6e-c832-4f2a-876f-a96e5d55400c-14.jpg
- vide####.####.cn/20170408/007f6d6a-92d8-433f-a429-dff1cdbedc64-%E6%B7%AB...
- vide####.####.cn/TOUXIANGS105.png
- vide####.####.cn/TOUXIANGS104.png
- vide####.####.cn/TOUXIANGS94.png
- vide####.####.cn/20170315/1eba8cc2-cfeb-4de8-a789-344e6146b31d-vip4.jpg
- vide####.####.cn/20170401/8396cc95-5eb5-43ee-8689-2f10a751ca11-%E5%81%B7...
- vide####.####.cn/20170315/e883699e-1b25-4a28-ac4b-4344aaffa2c6-%E4%BC%9A...
- vide####.####.cn/20170315/53ebf8d8-1667-4c99-a8c1-1b035c32ee6e-vip41%20(...
- vide####.####.cn/20170408/4b6f1c99-b003-4631-aadf-4356c6318fff-%E5%90%8C...
- vide####.####.cn/TOUXIANGS98.png
- vide####.####.cn/hao156.jpg
- vide####.####.cn/TOUXIANGS62.png
- vide####.####.cn/20170324/ae5a831c-e53e-44e4-b97f-1ed5238f1a63-12.jpg
- vide####.####.cn/TOUXIANGS84.png
- vide####.####.cn/20170317/9f638fff-74b3-41f7-8230-b9b4ef514e6c-%E5%B1%88...
- mmy####.####.com/mmys-cps/bannerInfo.service?showStyle=####&deviceId=###...
Запросы HTTP POST:
- mmy####.####.com/mmys-cps/userActivation.service?deviceId=####&uuid=####...
- mo####.####.com/mobile-service/getImsiMobilePhone.json
- mmy####.####.com/mmys-cps/lookVideoStat.service?videoId=####&isRmd=####&...
- dynami####.####.com/dynamicpay//getSyFormalChannels.json?
- mmy####.####.com/mmys-cps/userVisit.service?deviceId=####&uuid=####&imei...
- sdku####.####.com/sdk-update/sdkUpdateCdnUpload.json
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/picasso-cache/c961b1a573c90f02b0fb30f3046932c9.1.tmp
- /data/data/####/cache/picasso-cache/65d9626ab213a981ef750404a4165eea.1.tmp
- /data/data/####/cache/picasso-cache/8c49b0c0dc44a4ec0cf2d7c3b54d848c.1.tmp
- /data/data/####/cache/picasso-cache/790a66c69af8a1e09b7bf0a851f4dfba.1.tmp
- /data/data/####/cache/picasso-cache/e5528fa4f32403eae612fd314226195a.1.tmp
- /data/data/####/cache/picasso-cache/a6213fd5faccb13b505167ad47ba38c4.0.tmp
- /data/data/####/cache/picasso-cache/21d0f6d3069b0c612621b8a2ea1c7ba2.1.tmp
- /data/data/####/cache/picasso-cache/248946480dcf3f89d45628d178f3b063.1.tmp
- /data/data/####/cache/picasso-cache/885da13da7af7a1da90668f4ba59caaf.0.tmp
- /data/data/####/cache/picasso-cache/8168471b42ecde06258407577f0ad2fe.0.tmp
- /data/data/####/cache/picasso-cache/076b49aa60ab5dda4c4f56c76733c91a.0.tmp
- /data/data/####/shared_prefs/uuid.xml
- /data/data/####/cache/picasso-cache/790a66c69af8a1e09b7bf0a851f4dfba.0.tmp
- /data/data/####/cache/picasso-cache/afc8dfea0c9b36158cecca800c17bcbb.0.tmp
- /data/data/####/cache/picasso-cache/91016616547aeb8030de6b87e5b38092.0.tmp
- /data/data/####/cache/picasso-cache/5bfa06e5f7a328c12ce80e54797b4259.1.tmp
- /data/data/####/cache/picasso-cache/a6213fd5faccb13b505167ad47ba38c4.1.tmp
- /data/data/####/cache/picasso-cache/4044409b2bc4756598dbd8f8a0dce694.1.tmp
- /data/data/####/cache/picasso-cache/ce7be7bd97d3c93bca5b892645dc962a.0.tmp
- /data/data/####/databases/webview.db-journal
- /data/data/####/shared_prefs/p_config.xml
- /data/data/####/cache/picasso-cache/e5528fa4f32403eae612fd314226195a.0.tmp
- /data/data/####/files/gaClientId
- /data/data/####/databases/sy_video_data_cache-journal
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/databases/statistics_db
- /data/data/####/cache/picasso-cache/c8f6800f50b1513f4b2385de2b451af0.1.tmp
- /data/data/####/cache/picasso-cache/c61d9a7b9b083a1134fca84391192b6c.0.tmp
- /data/data/####/cache/picasso-cache/c961b1a573c90f02b0fb30f3046932c9.0.tmp
- /data/data/####/cache/picasso-cache/3d4260f7766897a1ecddf15683fa808d.0.tmp
- /data/data/####/shared_prefs/ds_configer.xml
- /data/data/####/cache/picasso-cache/0b8aeea99196414b0c151d137dfd20f7.1.tmp
- /data/data/####/cache/picasso-cache/598623e0c172cf73527c49c51213aa51.0.tmp
- /data/data/####/cache/picasso-cache/8d03a2e27efe4218750d4f88bc0fa90e.1.tmp
- /data/data/####/cache/picasso-cache/885da13da7af7a1da90668f4ba59caaf.1.tmp
- /data/data/####/cache/picasso-cache/e87ad411997489cbc86dea8c579aa696.1
- /data/data/####/cache/picasso-cache/aca48d1db211e070befd09d917282e1e.0.tmp
- /data/data/####/cache/picasso-cache/c61d9a7b9b083a1134fca84391192b6c.1.tmp
- /data/data/####/cache/picasso-cache/d1f214ed9d60504a47f3844ec93ba7d7.0.tmp
- /data/data/####/cache/picasso-cache/97870d9624b52d8352288146d49c29c3.1
- /data/data/####/cache/picasso-cache/30f0fca5aa496be77c960622d126067d.0.tmp
- /data/data/####/cache/picasso-cache/5bfa06e5f7a328c12ce80e54797b4259.0.tmp
- /data/data/####/cache/picasso-cache/6f721c777fce06e49b72c1b46e740571.0.tmp
- /data/data/####/cache/picasso-cache/c8f6800f50b1513f4b2385de2b451af0.0.tmp
- /data/data/####/cache/picasso-cache/b0f7d00fe72fae6eff5a8b18b1bca0c4.0.tmp
- /data/data/####/cache/picasso-cache/d1f214ed9d60504a47f3844ec93ba7d7.1.tmp
- /data/data/####/cache/picasso-cache/30f0fca5aa496be77c960622d126067d.1.tmp
- /data/data/####/cache/picasso-cache/91016616547aeb8030de6b87e5b38092.1.tmp
- /data/data/####/cache/picasso-cache/21d0f6d3069b0c612621b8a2ea1c7ba2.0.tmp
- /data/data/####/cache/picasso-cache/3d4260f7766897a1ecddf15683fa808d.1.tmp
- /data/data/####/cache/picasso-cache/ce7be7bd97d3c93bca5b892645dc962a.1.tmp
- /data/data/####/cache/picasso-cache/6134d992660c09eb1c9586ad7a410737.0.tmp
- /data/data/####/cache/picasso-cache/0637344c710410e040bb0f19edc3bc13.0.tmp
- /data/data/####/cache/picasso-cache/b09b8a0f4391a9315a82b8ea9321517a.1.tmp
- /data/data/####/cache/picasso-cache/248946480dcf3f89d45628d178f3b063.0.tmp
- /data/data/####/cache/picasso-cache/3c71285d82ac8ff6e8d77b9ecd4f10f3.1.tmp
- /data/data/####/cache/picasso-cache/8d03a2e27efe4218750d4f88bc0fa90e.0.tmp
- /data/data/####/cache/picasso-cache/6134d992660c09eb1c9586ad7a410737.1.tmp
- /data/data/####/cache/picasso-cache/598623e0c172cf73527c49c51213aa51.1.tmp
- /data/data/####/cache/picasso-cache/afc8dfea0c9b36158cecca800c17bcbb.1.tmp
- /data/data/####/cache/picasso-cache/475f4a44a89e00d9a9edb21acc4bb510.0.tmp
- /data/data/####/cache/picasso-cache/40622aa3f733e33bd39f81820b7d399f.1.tmp
- /data/data/####/databases/upgrade_app-journal
- /data/data/####/databases/statistics_db-journal
- /data/data/####/cache/picasso-cache/0b8aeea99196414b0c151d137dfd20f7.0.tmp
- /data/data/####/cache/picasso-cache/b0f7d00fe72fae6eff5a8b18b1bca0c4.1.tmp
- /data/data/####/shared_prefs/free_click_count.xml
- /data/data/####/cache/picasso-cache/4044409b2bc4756598dbd8f8a0dce694.0.tmp
- /data/data/####/cache/picasso-cache/3c71285d82ac8ff6e8d77b9ecd4f10f3.0.tmp
- /data/data/####/databases/google_analytics_v2.db-journal
- /data/data/####/cache/picasso-cache/8c49b0c0dc44a4ec0cf2d7c3b54d848c.0.tmp
- /data/data/####/cache/picasso-cache/aca48d1db211e070befd09d917282e1e.1.tmp
- /data/data/####/cache/picasso-cache/40622aa3f733e33bd39f81820b7d399f.0.tmp
- /data/data/####/cache/picasso-cache/ee68cfaf945ea870854f7b06868e4d0a.0.tmp
- /data/data/####/cache/picasso-cache/42c2ff54c2522f1ae2e881f539303435.0.tmp
- /data/data/####/cache/picasso-cache/97870d9624b52d8352288146d49c29c3.0.tmp
- /data/data/####/cache/picasso-cache/b09b8a0f4391a9315a82b8ea9321517a.0.tmp
- /data/data/####/cache/picasso-cache/076b49aa60ab5dda4c4f56c76733c91a.1.tmp
- /data/data/####/shared_prefs/time.xml
- /data/data/####/databases/sy_pay_record-journal
- /data/data/####/cache/picasso-cache/ca275ac682847a4c4b40d4110860c5e4.1.tmp
- /data/data/####/cache/picasso-cache/8168471b42ecde06258407577f0ad2fe.1.tmp
- /data/data/####/cache/picasso-cache/e87ad411997489cbc86dea8c579aa696.0.tmp
- /data/data/####/cache/picasso-cache/ee68cfaf945ea870854f7b06868e4d0a.1.tmp
- /sdcard/SYPAYFILENAME/CACHE/SMSCACHE/ISDELSMS
- /data/data/####/cache/picasso-cache/475f4a44a89e00d9a9edb21acc4bb510.1.tmp
- /data/data/####/cache/picasso-cache/0637344c710410e040bb0f19edc3bc13.1.tmp
- /data/data/####/databases/recommend_app-journal
- /data/data/####/cache/picasso-cache/65d9626ab213a981ef750404a4165eea.0.tmp
- /data/data/####/cache/picasso-cache/42c2ff54c2522f1ae2e881f539303435.1.tmp
- /data/data/####/cache/picasso-cache/6f721c777fce06e49b72c1b46e740571.1.tmp
- /data/data/####/cache/picasso-cache/ca275ac682847a4c4b40d4110860c5e4.0.tmp
Другие:
Может автоматически отправлять СМС-сообщения.
