Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.336.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Backdoor.336.origin
Сетевая активность:
Подключается к:
- onei####.com
- im####.####.com
- gaming####.com
- i####.####.com
- first####.com
- google-####.com
- c####.####.net
- a####.####.net
- w####.####.org
- c####.####.com
- bsm####.####.com
- s####.####.in
- n####.####.hk
- me####.####.in
- l####.####.com
- baiduli####.####.org
- st####.####.com
- a####.####.com
- pag####.####.com
Запросы HTTP GET:
- baiduli####.####.org/aff_c?offer_id=####&aff_id=####&aff_sub=####&aff_su...
- n####.####.hk//v1/articles/93a51da267f2417b80a2a73183e5f6e2inen/d8a8dcb4...
- im####.####.com/2017/04/Coal-Mining-norms.jpg
- n####.####.hk/v1/articles/93a51da267f2417b80a2a73183e5f6e2inen/content?i...
- a####.####.net/call/v2/ad/click?ads_id=####&aff_id=####&ak_id=####&local...
- bsm####.####.com/_media/bs/img/article/2017-01/17/full/1484649000-9052.jpg
- first####.com/wp-content/uploads/2017/04/Dortmund-dejected.jpg
- w####.####.org/aff_c?offer_id=####&aff_id=####&aff_sub=####&source=####&...
- l####.####.com/-ibwxguTlRiLcKAmIuv2yu50pSE0DqRsc8wyoN2bTrpkMy8ycCyAUlzCg...
- i####.####.com/thumb/msid-58225140,width-310,resizemode-4,imglength-3419...
- a####.####.net/stat/v2/request?aff_id=####&ak_id=####&local=####&from_sd...
- i####.####.com/thumb/msid-58285949,width-310,resizemode-4,imglength-1849...
- l####.####.com/S0p-qRJO5f4T-gaHLctER08TybE7PDCO64N8JC2CTwmxMTxSrzRB5rbGD...
- i####.####.com/thumb/msid-58265208,width-310,resizemode-4,imglength-4845...
- gaming####.com/wp-content/uploads/2017/02/Zelda-Breath-of-the-Wild-EDGE....
- a####.####.net/stat/v2/imp?aff_id=####&ak_id=####&local=####&from_sdk=##...
- n####.####.hk/css/content.css
- google-####.com/r/collect?v=####&_v=####&a=####&t=####&_s=####&dl=####&u...
- n####.####.hk/v1/categories?channel=####&country=####
- me####.####.in/indiatoday/images/stories//2017April/railways-mos_0421170...
- i####.####.com/thumb/msid-58216279,width-310,resizemode-4,imglength-4970...
- n####.####.hk/css/img/icons_sprite.png
- n####.####.hk/js/content.js
- im####.####.com/2017/04/mayawati-7591.jpg
- bsm####.####.com/_media/bs/img/article/2016-08/29/full/1472453488-8484.jpg
- a####.####.com/transaction/post_click?offer_id=####&aff_id=####&aff_sub=...
- n####.####.hk/v1/articles?limit=####&offset=####&channel=####&topics=###...
- st####.####.com/sites/default/files/2017/04/21/567700-arantxa-sanchez-2-...
- google-####.com/analytics.js
- im####.####.com/images/2017/apr/21virat-watson-abd.jpg
- i####.####.com/thumb/msid-58267063,width-310,resizemode-4,imglength-1278...
- l####.####.com/bQTVz-4bl6xJbpoXXuOy9r5PXn8_SCC6Ui0ILeKZuYygT7q0DQfUeghqV...
- a####.####.net/applnk/826227844?src_section_id=####
- pag####.####.com/pagead/js/adsbygoogle.js
- im####.####.com/2017/04/honda.jpg
- pag####.####.com/pagead/js/r20170417/r20170110/show_ads_impl.js
- c####.####.com/cdown/finalname.apk
- n####.####.hk/v1/articles/93a51da267f2417b80a2a73183e5f6e2inen/related?c...
- first####.com/wp-content/uploads/2017/04/NITISH-RANA-380.jpg
- im####.####.com/2016/04/live-cricket-score-rcb-vs-srh-2.jpg
- s####.####.in/wp-content/uploads/2017/04/micromax-bharat-2-made-official...
- l####.####.com/rJv_i6FM1R7a6ygBvDoL3fyHhV29vC3oPnliDdOTVN2WbyPpLYSpeQ39w...
- first####.com/wp-content/uploads/2017/04/Rohit-Maxwell-Sportzpics-380.jpg
- baiduli####.####.org/aff_r?offer_id=####&aff_id=####&url=####&urlauth=####
- c####.####.net/aff_track?offer_id=####&affiliate_id=####&gaid=####&devic...
- i####.####.com/thumb/msid-58286730,width-210,imglength-74565,resizemode-...
- c####.####.com/csdk/tcl-fc_1.txt
- w####.####.org/aff_r?offer_id=####&aff_id=####&url=####&urlauth=####
- a####.####.net/call/v2/ad/click_callback?ads_id=####&aff_id=####&ak_id=#...
- c####.####.net/aff_c?offer_id=####&affiliate_id=####&gaid=####&device_id...
- onei####.com/img/2017/04/xrohitsharma-21-1492714178.jpg.pagespeed.ic.T7c...
- im####.####.com/2017/03/exam-759.jpg
- first####.com/wp-content/uploads/2017/03/nawazsharif_reuters.jpg
- i####.####.com/i/2016-10/asma-assad-afp_650x400_51476820668.jpg
Запросы HTTP POST:
- a####.####.net/scene/v2/recommend
- a####.####.net/native/v2/recommend
- a####.####.com/oversea_adjust_and_download_write_redis/notify/download/app
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/picasso-cache/d3b7a66339a47e0df312c8378b790b30.0.tmp
- /data/data/####/shared_prefs/sharedpreferences_batmobi_ad_clicks_offers.xml
- /data/data/####/cache/picasso-cache/2c6e0fb4076ce7023d1ebd10612e1462.0.tmp
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/cache/picasso-cache/00f96e1ce6ff9cc246c81ae3e24b98f4.1.tmp
- /data/data/####/files/.help/.abc.apk
- /data/data/####/cache/picasso-cache/8bd2382b09db6fcec800b715c31c1db5.0.tmp
- /data/data/####/cache/picasso-cache/5de52db715a097ee82726b7036d4b491.1.tmp
- /data/data/####/cache/picasso-cache/94a62b29e50083850b623e21ac4f27d2.1.tmp
- /data/data/####/cache/picasso-cache/0c164e072f905bfb251daf361e9686f8.1.tmp
- /data/data/####/shared_prefs/multidex.version.xml
- /data/data/####/cache/picasso-cache/5e5d4126999b02215a4795134cd3620f.0.tmp
- /data/data/####/cache/picasso-cache/8059c232be6db88ec0c6260acdaa91dc.0.tmp
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/picasso-cache/1f817aec503b8bc2de8e8d1c230a2358.0.tmp
- /data/data/####/cache/picasso-cache/724f26d72e6a492d690625179d539634.1.tmp
- /data/data/####/shared_prefs/sharedpreferences_batmobi_offers.xml
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/cache/picasso-cache/5de52db715a097ee82726b7036d4b491.0.tmp
- /data/data/####/cache/picasso-cache/5db225c7cb5c9ecbc26e915428876337.0.tmp
- /data/data/####/cache/660475332.png
- /data/data/####/shared_prefs/sharedpreferences_batmobi_ad_clicks.xml
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/cache/picasso-cache/dd0fa0d3d10f5a92e02e5c791b67a9d4.1.tmp
- /data/data/####/cache/picasso-cache/3b342e3cdc4cfe4225398a6f35ad8cb3.1.tmp
- /data/data/####/cache/picasso-cache/00f96e1ce6ff9cc246c81ae3e24b98f4.0.tmp
- /data/data/####/cache/picasso-cache/d3b7a66339a47e0df312c8378b790b30.1.tmp
- /data/data/####/cache/picasso-cache/c735b832a46293180dabacdd8b26b232.1.tmp
- /data/data/####/cache/picasso-cache/2c6e0fb4076ce7023d1ebd10612e1462.1.tmp
- /data/data/####/cache/picasso-cache/e794aaca5fe6bb8d8d289e90e8ec7651.0.tmp
- /data/data/####/cache/picasso-cache/3b342e3cdc4cfe4225398a6f35ad8cb3.0.tmp
- /data/data/####/cache/picasso-cache/d624b9e4ebab1ef11469f9da4a9b0c0c.0.tmp
- /data/data/####/cache/picasso-cache/0c164e072f905bfb251daf361e9686f8.0.tmp
- /data/data/####/cache/picasso-cache/dd0fa0d3d10f5a92e02e5c791b67a9d4.0.tmp
- /data/data/####/cache/picasso-cache/5e5d4126999b02215a4795134cd3620f.1.tmp
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/picasso-cache/e090ce738d88ae830c844f9948068528.0.tmp
- /data/data/####/cache/picasso-cache/8059c232be6db88ec0c6260acdaa91dc.1.tmp
- /data/data/####/cache/picasso-cache/0bf24c86d0541c1c10c5315b1bdc7f14.1.tmp
- /data/data/####/cache/picasso-cache/d624b9e4ebab1ef11469f9da4a9b0c0c.1.tmp
- /data/data/####/cache/picasso-cache/3d87b0404dbac1d8d43f4cbf09ad038e.0.tmp
- /data/data/####/cache/picasso-cache/724f26d72e6a492d690625179d539634.0.tmp
- /data/data/####/cache/picasso-cache/06414aa2eb89fc07a03bcc1c75457a47.0.tmp
- /data/data/####/cache/picasso-cache/e090ce738d88ae830c844f9948068528.1.tmp
- /data/data/####/cache/picasso-cache/7ea4129f3bbd20fbe4ada7f201c9a4c3.0.tmp
- /data/data/####/cache/picasso-cache/e5d233e67f52e1e2008366cdff5b349f.0.tmp
- /data/data/####/cache/picasso-cache/b17e8a4acd5e3c88d240965adde008b9.1.tmp
- /data/data/####/shared_prefs/sharedpreferences_batmobi_ad_marketurl.xml
- /data/data/####/cache/1875139290.png
- /data/data/####/cache/picasso-cache/8690220785b3ead348082695052d207b.0.tmp
- /data/data/####/cache/814023658.png
- /data/data/####/cache/picasso-cache/4e6d9b4791b44c346365aee6bfd72741.0.tmp
- /data/data/####/cache/picasso-cache/7ea4129f3bbd20fbe4ada7f201c9a4c3.1.tmp
- /data/data/####/cache/picasso-cache/bdcc85c96e1fdde8af6ade98f814e58d.1.tmp
- /data/data/####/cache/picasso-cache/72ce19dd0f03743cf9486ff746676a1f.1.tmp
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/cache/picasso-cache/79b99b02dafcfade59799c85dcc6faef.0.tmp
- /data/data/####/cache/picasso-cache/c735b832a46293180dabacdd8b26b232.0.tmp
- /data/data/####/cache/picasso-cache/d46c9916c4cc12bb0163302676aa15a2.0.tmp
- /data/data/####/cache/picasso-cache/4e6d9b4791b44c346365aee6bfd72741.1.tmp
- /data/data/####/cache/picasso-cache/e794aaca5fe6bb8d8d289e90e8ec7651.1.tmp
- /data/data/####/databases/bat_statistics.db-journal
- /data/data/####/cache/picasso-cache/e5d233e67f52e1e2008366cdff5b349f.1.tmp
- /data/data/####/shared_prefs/sharedpreferences_batmobi_settings.xml
- /data/data/####/cache/picasso-cache/72ce19dd0f03743cf9486ff746676a1f.0.tmp
- /data/data/####/cache/picasso-cache/41fe3f02bd2350309a62f79dcffe8730.1.tmp
- /data/data/####/cache/-133676762.png
- /data/data/####/cache/picasso-cache/3d87b0404dbac1d8d43f4cbf09ad038e.1.tmp
- /data/data/####/cache/picasso-cache/94a62b29e50083850b623e21ac4f27d2.0.tmp
- /data/data/####/cache/picasso-cache/06414aa2eb89fc07a03bcc1c75457a47.1.tmp
- /data/data/####/cache/picasso-cache/8bd2382b09db6fcec800b715c31c1db5.1.tmp
- /data/data/####/cache/picasso-cache/41fe3f02bd2350309a62f79dcffe8730.0.tmp
- /data/data/####/cache/picasso-cache/ebf9c254d0dc17bf9d3273d12f5695a2.1.tmp
- /data/data/####/cache/picasso-cache/5db225c7cb5c9ecbc26e915428876337.1.tmp
- /data/data/####/cache/picasso-cache/b17e8a4acd5e3c88d240965adde008b9.0.tmp
- /data/data/####/cache/picasso-cache/2d6fcadd54c35bed30da877183f6c5c2.0.tmp
- /data/data/####/cache/picasso-cache/0bf24c86d0541c1c10c5315b1bdc7f14.0.tmp
- /data/data/####/cache/picasso-cache/8690220785b3ead348082695052d207b.1.tmp
- /data/data/####/cache/picasso-cache/79b99b02dafcfade59799c85dcc6faef.1.tmp
- /data/data/####/cache/picasso-cache/ebf9c254d0dc17bf9d3273d12f5695a2.0.tmp
- /data/data/####/cache/picasso-cache/d46c9916c4cc12bb0163302676aa15a2.1.tmp
- /data/data/####/cache/picasso-cache/2d6fcadd54c35bed30da877183f6c5c2.1.tmp
- /data/data/####/cache/picasso-cache/bdcc85c96e1fdde8af6ade98f814e58d.0.tmp
- /data/data/####/files/.help/.abc.dex
- /data/data/####/cache/picasso-cache/1f817aec503b8bc2de8e8d1c230a2358.1.tmp
Другие:
Запускает следующие shell-скрипты:
- /data/data/####/app_bin/daemon -p #### -s tyhnbgvfcdesijk.koljngvfcdnhbgtyg.mknjyhmhgfrdecxfgb.service.SAdjvhyfgyuvdffdsfPSer -t 120
Может автоматически отправлять СМС-сообщения.
