Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.455.origin
- Android.DownLoader.414.origin
Сетевая активность:
Подключается к:
- s####.####.com
- j####.####.com
- 4####.####.100:9014
- imgc####.####.com
- 4####.####.100
- 7x####.####.com
- o####.####.com
- 1####.####.131:8080
- qzones####.####.cn
Запросы HTTP GET:
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/js/lib/require.js
- 1####.####.131:8080/spotService/a.jsp?k=####
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/js-release/2016092...
- 4####.####.100/gcfg/?p=####
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/splash.appcache
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/images/tsa_ad_logo...
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/splash.html
- 7x####.####.com/dadishu.png
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/images/ad_logo.png
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/images/icon-ad.png
- imgc####.####.com/qzone/biz/gdt/mod/android/AndroidAllInOne/proguard/his...
- qzones####.####.cn/qzone/biz/gdt/mob/sdk/v2/android02/images/tsa_logo.png
- 4####.####.100:9014/plugin/?pn=####&v=####&d=####
Запросы HTTP POST:
- s####.####.com/activate
- s####.####.com/msg
- j####.####.com/4462l
- o####.####.com/check_config_update
- j####.####.com/6295k
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/app_e_qq_com_setting/sdkCloudSetting.sig
- /data/data/####/app_e_qq_com_setting/sdkCloudSetting.cfg
- /data/data/####/shared_prefs/DataPopularizeInstall.xml
- /data/data/####/app_e_qq_com_setting/gdt_suid
- /sdcard/Download/cc4df.dat
- /data/data/####/app_e_qq_com_plugin/update_lc
- /data/data/####/cache/webviewCacheChromium/data_3
- /sdcard/tbslog/tbslog.txt
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
- /data/data/####/shared_prefs/iAlive.xml
- /data/data/####/databases/db_log
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/shared_prefs/_w-1130894494.xml.bak
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/shared_prefs/6d5c0.xml
- /data/data/####/shared_prefs/DataPopularizeDesktop.xml
- /data/data/####/shared_prefs/i.xml
- /data/data/####/shared_prefs/c1356507059351895.xml.bak
- /data/data/####/shared_prefs/_w-1130894494.xml
- /data/data/####/shared_prefs/DataConfig.xml
- /data/data/####/app_tbs/share/core_info
- /data/data/####/databases/a1.db-journal
- /data/data/####/shared_prefs/c1356507059351895.xml
- /data/data/####/shared_prefs/mobclick_agent_state_####.xml
- /sdcard/Android/data/####/cache/gdtadmobwebcache/ApplicationCache.db-journal
- /data/data/####/app_e_qq_com_plugin/gdt_plugin.jar.sig
- /data/data/####/app_tbs/core_private/tbslock.txt
- /data/data/####/files/5352892z.jar
- /data/data/####/shared_prefs/1000.xml
- /data/data/####/shared_prefs/DataPopularizeGPCover.xml
- /data/data/####/shared_prefs/PopularizeService.xml
- /data/data/####/shared_prefs/gamedata.xml
- /data/data/####/shared_prefs/b1356507059351895.xml
- /data/data/####/databases/db_log-journal
- /data/data/####/shared_prefs/DataPopularizeCoverInstall.xml
- /data/data/####/app_e_qq_com_setting/devCloudSetting.sig
- /data/data/####/databases/webview.db-journal
- /data/data/####/app_e_qq_com_plugin/gdt_plugin.jar
- /data/data/####/shared_prefs/a1356507059351895.xml
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/shared_prefs/a1356507059351895.xml.bak
- /data/data/####/app_tbs/core_private/debug.conf
- /data/data/####/shared_prefs/a1.xml
- /data/data/####/shared_prefs/DataPopularizeDownlaod.xml
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/shared_prefs/createNotification.xml
- /data/data/####/app_e_qq_com_setting/devCloudSetting.cfg
- /data/data/####/shared_prefs/i_ALL_fionf_pre356507059351895.xml
- /data/data/####/files/02000200.jar
- /data/data/####/app_tbs/core_private/tbscoreinstall.txt
- /data/data/####/shared_prefs/DataPopularizeAPKInfo.xml
- /sdcard/Android/data/####/cache/gdtadmobwebcache/ApplicationCache.db
- /data/data/####/files/com.hpggpia.jar
- /data/data/####/shared_prefs/DataPopularizeNotification.xml
- /data/data/####/files/00100100.jar
Другие:
Запускает следующие shell-скрипты:
- /data/data/####/lib/libwatchDog.so 2166 #### com.umeng.common.load.PopularizeService
- getprop ro.product.cpu.abi
Может автоматически отправлять СМС-сообщения.
