Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.304.origin
Сетевая активность:
Подключается к:
- c####.####.com
- 1####.####.221
- p####.####.com
- i####.####.cc
Запросы HTTP GET:
- p####.####.com/handao_img/newsp/member_35.jpg
- p####.####.com/handao_img/newsp/member_019.jpg
- p####.####.com/handao_img/newsp/member_9.jpg
- p####.####.com/json2/my.php?pay_Id=####&package=####&appid=####&v=####&c...
- p####.####.com/handao_img/newsp/member_28.jpg
- p####.####.com/handao_img/newsp/member_39.jpg
- p####.####.com/handao_img/newsp/member_2.jpg
- i####.####.cc/handao_img/app_img/pay_img/pay_huangjin_top2.png
- i####.####.cc/handao_img/app_img/pay_img/p_top3.png
- p####.####.com/handao_img/app_img/video/jpg/shikan37.jpg
- c####.####.com/ip2city.asp
- p####.####.com/handao_img/newsp/bo_05.jpg
- 1####.####.221/tools/hdus
- p####.####.com/handao_img/newsp/member_20.jpg
- p####.####.com/handao_img/newsp/member_33.jpg
- p####.####.com/handao_img/newsp/member_15.jpg
- i####.####.cc/handao_img/app_img/pay_img/p_top1.png
- i####.####.cc/handao_img/app_img/pay_img/p_top2.png
- p####.####.com/handao_img/newsp/member_12.jpg
- p####.####.com/handao_img/newsp/guan_1.jpg
- p####.####.com/handao_img/app_img/video/jpg/shikan1.jpg
- p####.####.com/handao_img/newsp/member_007.jpg
- p####.####.com/handao_img/newsp/member_47.jpg
- p####.####.com/handao_img/newsp/zuan_1.jpg
- p####.####.com/handao_img/newsp/bo_1.jpg
- p####.####.com/handao_img/newsp/member_11.jpg
- p####.####.com/handao_img/newsp/member_34.jpg
- p####.####.com/handao_img/newsp/member_04.jpg
- p####.####.com/handao_img/newsp/member_21.jpg
- p####.####.com/handao_img/newsp/member_30.jpg
- p####.####.com/json2/free.php?pay_Id=####&package=####&appid=####&imei=#...
- p####.####.com/json2/stat.php?pay_Id=####&package=####&appid=####&v=####...
- p####.####.com/json2/update.php?pay_Id=####&package=####&appid=####&v=##...
- p####.####.com/handao_img/newsp/member_16.jpg
- p####.####.com/json2/upstat.php?pay_Id=####&package=####&appid=####&v=##...
- p####.####.com/handao_img/newsp/member_3.jpg
- p####.####.com/handao_img/newsp/guan_9.jpg
- p####.####.com/handao_img/newsp/member_50.jpg
- p####.####.com/handao_img/newsp/member_37.jpg
- p####.####.com/handao_img/newsp/guan_6.jpg
- p####.####.com/handao_img/newsp/bo_04.jpg
- p####.####.com/handao_img/newsp/member_44.jpg
- p####.####.com/handao_img/newsp/member_32.jpg
- p####.####.com/handao_img/newsp/member_01.jpg
- p####.####.com/handao_img/newsp/member_42.jpg
- p####.####.com/handao_img/newsp/zuan_4.jpg
- p####.####.com/handao_img/newsp/guan_2.jpg
- p####.####.com/handao_img/newsp/bo_21.jpg
- p####.####.com/handao_img/newsp/zuan_2.jpg
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/picasso-cache/9c8218f4a8f54eea41eadf6bf68f26f6.0.tmp
- /data/data/####/cache/picasso-cache/a25f19ccc95093b1d77d835eff9aaf90.0.tmp
- /data/data/####/cache/picasso-cache/d12458ab3b6797f4f6c46fba58ab33d2.1.tmp
- /data/data/####/cache/picasso-cache/84aa2768cbbe69a21976e749bddeb5b8.1.tmp
- /data/data/####/cache/picasso-cache/8b9065e22c1d89c7dd9be6e63b82a71d.1.tmp
- /data/data/####/cache/picasso-cache/aaa98c0eba21659a1e801051b5231bca.1.tmp
- /data/data/####/.hdus
- /data/data/####/cache/picasso-cache/0ac1dcc51ac4b17cebba263d20c94f31.0.tmp
- /data/data/####/cache/picasso-cache/c5d0fb0c7cb15a09966447edd5326dce.1.tmp
- /data/data/####/cache/picasso-cache/8a93cd63777c02ef629fb1dc28b6e478.1.tmp
- /data/data/####/cache/picasso-cache/d12458ab3b6797f4f6c46fba58ab33d2.0.tmp
- /data/data/####/cache/picasso-cache/5a36412509c7a104238fb53500d00a78.0.tmp
- /data/data/####/cache/picasso-cache/eec5f19f76a82759ba949fa5adcfb1c7.1.tmp
- /data/data/####/cache/picasso-cache/fbc4aa0373be5aac4d384edadb823156.0.tmp
- /data/data/####/databases/webview.db-journal
- /data/data/####/databases/natobww.db-journal
- /data/data/####/shared_prefs/config.xml
- /data/data/####/cache/picasso-cache/245d1f3afe48dd0ee15f303704c59fda.0.tmp
- /data/data/####/cache/picasso-cache/db5800f7fd3f5909c9b4367ebd7f96f5.0.tmp
- /data/data/####/cache/picasso-cache/e0a1078b13700db471537f75fe9508d4.0.tmp
- /data/data/####/cache/picasso-cache/b6d94747347188558577e093d615f4ee.0.tmp
- /data/data/####/cache/picasso-cache/22ada2e7a07d5a153cb42b643a88c5f5.1.tmp
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/cache/picasso-cache/50aaebac55b1fc78f10bcb013b0260b1.1.tmp
- /data/data/####/cache/picasso-cache/ae8604f1b4368ef268c822bf52dd25b0.0.tmp
- /data/data/####/shared_prefs/config.xml.bak
- /data/data/####/cache/picasso-cache/4ab737c4920b824095441e5b70058f04.1.tmp
- /data/data/####/cache/picasso-cache/50aaebac55b1fc78f10bcb013b0260b1.0.tmp
- /data/data/####/cache/picasso-cache/026f4a8ce16a177b6db4cea205cfc6d6.1.tmp
- /data/data/####/cache/picasso-cache/9c8218f4a8f54eea41eadf6bf68f26f6.1.tmp
- /data/data/####/libus.lock
- /data/data/####/cache/picasso-cache/8aee45755636010052aacb918b406860.1.tmp
- /data/data/####/cache/picasso-cache/c5b8a25692a8dc32d52bf9b130971368.1.tmp
- /data/data/####/cache/picasso-cache/1c94f7eed04d909911b0563b2130081d.0.tmp
- /data/data/####/cache/picasso-cache/6ffd16d8219262b659b6de0f7f3b4cd2.0.tmp
- /sdcard/cfba883dfdf288abe9ade3fd56a71b85/p_top2.png
- /data/data/####/cache/picasso-cache/c5d0fb0c7cb15a09966447edd5326dce.0.tmp
- /data/data/####/cache/picasso-cache/a25f19ccc95093b1d77d835eff9aaf90.1.tmp
- /sdcard/cfba883dfdf288abe9ade3fd56a71b85/p_top1.png
- /data/data/####/cache/picasso-cache/6ffd16d8219262b659b6de0f7f3b4cd2.1.tmp
- /data/data/####/cache/picasso-cache/84aa2768cbbe69a21976e749bddeb5b8.0.tmp
- /data/data/####/cache/picasso-cache/551235d458f8a5283eba558f824d8ef2.0.tmp
- /data/data/####/cache/picasso-cache/5a36412509c7a104238fb53500d00a78.1.tmp
- /data/data/####/cache/picasso-cache/1926ed8785816b5ea6ea8999069fcf75.1.tmp
- /data/data/####/cache/picasso-cache/6a475d0d6d0bfd885afd64728604abef.1.tmp
- /data/data/####/cache/picasso-cache/34b3f2325333db14894644d7245bf0c3.0.tmp
- /data/data/####/cache/picasso-cache/d12077d6d9c68afdeb7bf99af509f68a.1.tmp
- /data/data/####/cache/picasso-cache/e6d19796064d7a9cd1df6d2b98a3633d.0.tmp
- /data/data/####/shared_prefs/googlesdk.xml
- /data/data/####/cache/picasso-cache/8b9065e22c1d89c7dd9be6e63b82a71d.0.tmp
- /data/data/####/cache/picasso-cache/96dacb89d7bc919c1863d6251be6229c.0.tmp
- /data/data/####/cache/picasso-cache/0e2c612a13f2a13ac1b41de4debdfdc7.1.tmp
- /data/data/####/cache/picasso-cache/026f4a8ce16a177b6db4cea205cfc6d6.0.tmp
- /data/data/####/cache/picasso-cache/98be570cbfd5aebb2d0531ab60c37d65.0.tmp
- /data/data/####/cache/picasso-cache/7827e166a060d28693cbcca26be0ecec.1.tmp
- /data/data/####/cache/picasso-cache/1c94f7eed04d909911b0563b2130081d.1.tmp
- /data/data/####/cache/picasso-cache/c5b8a25692a8dc32d52bf9b130971368.0.tmp
- /data/data/####/cache/picasso-cache/22ada2e7a07d5a153cb42b643a88c5f5.0.tmp
- /data/data/####/cache/picasso-cache/7827e166a060d28693cbcca26be0ecec.0.tmp
- /sdcard/cfba883dfdf288abe9ade3fd56a71b85/pay_huangjin_top2.png
- /data/data/####/cache/picasso-cache/0e2c612a13f2a13ac1b41de4debdfdc7.0.tmp
- /data/data/####/cache/picasso-cache/cd266ea2880f43a79c8f07a605fb91b3.1.tmp
- /data/data/####/cache/picasso-cache/e6d19796064d7a9cd1df6d2b98a3633d.1.tmp
- /data/data/####/cache/picasso-cache/96dacb89d7bc919c1863d6251be6229c.1.tmp
- /data/data/####/cache/picasso-cache/551235d458f8a5283eba558f824d8ef2.1.tmp
- /sdcard/cfba883dfdf288abe9ade3fd56a71b85/p_top3.png
- /data/data/####/cache/picasso-cache/4ab737c4920b824095441e5b70058f04.0.tmp
- /data/data/####/cache/picasso-cache/aaa98c0eba21659a1e801051b5231bca.0.tmp
- /data/data/####/cache/picasso-cache/062675b574a95905cea96aeb342d5718.0.tmp
- /data/data/####/cache/picasso-cache/8aee45755636010052aacb918b406860.0.tmp
- /data/data/####/cache/picasso-cache/d12077d6d9c68afdeb7bf99af509f68a.0.tmp
- /data/data/####/cache/picasso-cache/245d1f3afe48dd0ee15f303704c59fda.1.tmp
- /data/data/####/cache/picasso-cache/eec5f19f76a82759ba949fa5adcfb1c7.0.tmp
- /data/data/####/cache/picasso-cache/34b3f2325333db14894644d7245bf0c3.1.tmp
- /data/data/####/cache/picasso-cache/b6f57a7f3fbdafaacca650aa5167acad.0.tmp
- /data/data/####/cache/picasso-cache/6a475d0d6d0bfd885afd64728604abef.0.tmp
- /data/data/####/cache/picasso-cache/8a93cd63777c02ef629fb1dc28b6e478.0.tmp
- /data/data/####/cache/picasso-cache/1926ed8785816b5ea6ea8999069fcf75.0.tmp
- /data/data/####/cache/picasso-cache/e0a1078b13700db471537f75fe9508d4.1.tmp
- /data/data/####/cache/picasso-cache/b6f57a7f3fbdafaacca650aa5167acad.1.tmp
- /data/data/####/files/fknix.apk
- /data/data/####/cache/picasso-cache/db5800f7fd3f5909c9b4367ebd7f96f5.1.tmp
- /data/data/####/cache/picasso-cache/fbc4aa0373be5aac4d384edadb823156.1.tmp
- /data/data/####/cache/picasso-cache/b6d94747347188558577e093d615f4ee.1.tmp
- /data/data/####/cache/picasso-cache/98be570cbfd5aebb2d0531ab60c37d65.1.tmp
- /data/data/####/cache/picasso-cache/cd266ea2880f43a79c8f07a605fb91b3.0.tmp
- /data/data/####/cache/picasso-cache/ae8604f1b4368ef268c822bf52dd25b0.1.tmp
- /data/data/####/cache/picasso-cache/062675b574a95905cea96aeb342d5718.1.tmp
- /data/data/####/cache/picasso-cache/0ac1dcc51ac4b17cebba263d20c94f31.1.tmp
- /data/data/####/shared_prefs/sp.store.xml
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/.hdus
Другие:
Запускает следующие shell-скрипты:
- /data/data/####/app_bin/daemon -p #### -s com.octz.jl.b.a -t 300
Может автоматически отправлять СМС-сообщения.
