Android.SmsSend.18152

Техническая информация

Вредоносные функции:

Отправляет СМС-сообщения:

106584211: 5fd3bec6c0a86a604280229052337725本条免费短信用于快速登录，请勿修改

Сетевая активность:

Подключается к:

s####.####.com
2####.####.233:14000
7j####.####.com
le####.####.cn
obf0c####.####.com
w####.####.com
haoh####.cn
imga####.####.cn
f####.####.cn
haoh####.cn:8080
a####.####.com
2####.####.233:8080

Запросы HTTP GET:

imga####.####.cn/ledu/bookimg/201606/10173.jpg@!leduimg
imga####.####.cn/upload/2017-04/2017042510492818194.jpg@!leduimg
imga####.####.cn/upload/2016-12/2016121222305785611.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/1942.jpg@!leduimg
imga####.####.cn/upload/2016-10/2016102517470110621.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/486.jpg@!leduimg
imga####.####.cn/upload/2016-10/2016102120404114788.jpg@!leduimg
imga####.####.cn/upload/2016-12/2016121918554627242.jpg@!leduimg
obf0c####.####.com/visenvt9_9_20160808104730.zip
imga####.####.cn/ledu/app/v2ui/mt_06.png
imga####.####.cn/ledu/newname/10997.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/9417.jpg@!leduimg
imga####.####.cn/upload/2016-10/2016102120403314017.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/6478.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/12708.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/10103.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/10566.jpg@!leduimg
imga####.####.cn/upload/2016-10/2016102517415794698.jpg@!leduimg
imga####.####.cn/ledu/app/v2ui/baidu_book.png
imga####.####.cn/ledu/bookimg/201606/11165.jpg@!leduimg
imga####.####.cn/upload/2017-03/2017030316202712052.jpg@!leduzt
7j####.####.com/tdata_gbU702
imga####.####.cn/upload/2016-12/2016122119200642012.jpg@!leduimg
imga####.####.cn/upload/2016-12/2016122119200718741.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/11997.jpg@!leduimg
imga####.####.cn/upload/2016-10/2016101912113219011.jpg@!leduimg
imga####.####.cn/upload/2017-03/2017030318274513645.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/7896.jpg@!leduimg
imga####.####.cn/upload/2016-12/2016122119181335042.jpg@!leduimg
w####.####.com/r/p/myspacedata.jsp?vt=####
imga####.####.cn/upload/2017-01/2017013023455532633.jpg@!leduzt
w####.####.com/sso/p/logindata.jsp?e_l=####&purl=####
imga####.####.cn/ledu/bookimg/201606/12964.jpg@!leduimg
imga####.####.cn/upload/2016-08/2016081718133313490.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/10912.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/10569.jpg@!leduimg
imga####.####.cn/upload/2017-01/2017011812225112117.jpg@!leduimg
imga####.####.cn/upload/2017-04/2017040714163760796.jpg@!leduzt
imga####.####.cn/upload/2017-03/2017030918572465135.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/4151.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/3304.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/11067.jpg@!leduimg
imga####.####.cn/upload/2017-01/2017011812225514161.jpg@!leduimg
f####.####.cn/pic/file/2015-04/20150404_splash.jpg
imga####.####.cn/ledu/bookimg/201606/11659.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/11893.jpg@!leduimg
imga####.####.cn/ledu/newname/13036.jpg@!leduimg
imga####.####.cn/upload/2016-12/2016121918554517370.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/5393.jpg@!leduimg
imga####.####.cn/upload/2016-12/2016122119200728838.jpg@!leduimg
f####.####.cn/pic/file/2016-01/201601221308269379.jpg
f####.####.cn/asset/ycqh.zip
imga####.####.cn/ledu/app/v2ui/mt_01.png
imga####.####.cn/upload/2016-11/2016110918364612842.jpg@!leduimg
imga####.####.cn/ledu/app/v2ui/mt_02.png
imga####.####.cn/ledu/bookimg/201606/1754.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/12734.jpg@!leduimg
imga####.####.cn/upload/2016-12/2016122119182334308.jpg@!leduimg
7j####.####.com/tdata_OSo290
imga####.####.cn/upload/2017-01/2017011812225846183.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/13034.jpg@!leduimg
imga####.####.cn/ledu/bookimg/201606/10534.jpg@!leduimg
imga####.####.cn/ledu/newname/13037.jpg@!leduimg
imga####.####.cn/upload/2017-04/2017042610591821269.jpg@!leduimg
imga####.####.cn/upload/2017-04/2017040714155721022.jpg@!leduzt

Запросы HTTP POST:

le####.####.cn/SCService.asmx
le####.####.cn/UserService.asmx
a####.####.com/rest/2.0/channel/4127396575989328013
haoh####.cn/asg/portal.do
2####.####.233:8080/
le####.####.cn/BookService.asmx
le####.####.cn/PushService.asmx
2####.####.233:14000/
s####.####.com/api.php?format=####&t=####
a####.####.com/app_logs
a####.####.com/rest/2.0/channel/channel
haoh####.cn:8080/asg/portal.do

Изменения в файловой системе:

Создает следующие файлы:

/sdcard/####/imagecache/574176521.tmp
/sdcard/####/imagecache/881123949.tmp
/sdcard/####/imagecache/-1752859090.tmp
/sdcard/####/cache/indexdata/booktablist/listtype=endbook&tabtype=buy&pageindex=1.dat
/sdcard/####/imagecache/-1424794323.tmp
/data/data/####/shared_prefs/Cookies250026699187743.xml
/sdcard/####/imagecache/1107974354.tmp
/sdcard/####/cache/indexdata/commonpage/listtype=rankindex.dat
/data/data/####/files/init.pid
/sdcard/####/imagecache/1593274134.tmp
/sdcard/####/imagecache/280594472.tmp
/data/data/####/shared_prefs/umeng_general_config.xml
/sdcard/####/cache/setting/settings/uploadphoneinfo.dat
/sdcard/####/cache/book/7896/1274581.dat
/sdcard/####/imagecache/233227133.tmp
/sdcard/####/cache/indexdata/commonpage/listtype=bookshelftab2.dat
/sdcard/####/imagecache/415123909.tmp
/sdcard/####/cache/book/7896/1274576.dat
/data/data/####/databases/pushg.db-journal
/sdcard/####/imagecache/1964999064.tmp
/sdcard/####/imagecache/1597891739.tmp
/sdcard/####/imagecache/1594197655.tmp
/sdcard/####/font/ycqh.ttf
/data/data/####/databases/webview.db-journal
/data/data/####/shared_prefs/device_id.xml
/sdcard/####/cache/book/7896/1274588.dat
/sdcard/####/cache/indexdata/commonpage/listtype=index&clienttype=&clientpara=.dat
/data/data/####/databases/increment.db-journal
/data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
/sdcard/.system/confv9/visen.conf
/sdcard/####/imagecache/-1020060119.tmp
/sdcard/####/cache/book/7896/1274579.dat
/sdcard/####/cache/book/7896/1274573.dat
/data/data/####/files/tdata_gbU702.tmp
/sdcard/system/tmp/local/tdata_OSo290
/sdcard/####/imagecache/345094130.tmp
/sdcard/####/imagecache/-686254400.tmp
/sdcard/####/imagecache/574760616.tmp
/data/data/####/files/tdata_OSo290.jar
/sdcard/####/cache/book/7896/1274578.dat
/sdcard/.ishugui/.log/reqlog.txt
/data/data/####/databases/pri_tpush_tencent_analysis.db_####;xg_service_v2-journal
/sdcard/####/cache/book/7896/1274580.dat
/sdcard/####/cache/book/7896/1274589.dat
/sdcard/####/cache/book/7896/1274585.dat
/sdcard/####/imagecache/1655418314
/sdcard/####/imagecache/1937487982.tmp
/sdcard/####/cache/indexdata/commonpage/listtype=discover.dat
/sdcard/####/cache/book/7896/1274574.dat
/data/data/####/databases/tmpd8.db-journal
/sdcard/####/imagecache/-458096818.tmp
/sdcard/####/cache/book/7896/1274586.dat
/sdcard/####/imagecache/831248513.tmp
/sdcard/####/splash/20150404_splash.jpg
/sdcard/libs/####.db
/sdcard/####/imagecache/-1299763594.tmp
/data/data/####/shared_prefs/conf_sp_name.xml
/data/data/####/shared_prefs/.tpns.xml.xml
/sdcard/####/imagecache/1532334055.tmp
/sdcard/####/imagecache/-852059084.tmp
/sdcard/.ishugui/payerr.txt
/data/data/####/databases/intercept_pad.db-journal
/data/data/####/shared_prefs/bindcache.xml
/sdcard/####/imagecache/-1837373038.tmp
/sdcard/####/imagecache/-89379286.tmp
/sdcard/####/cache/book/7896/1274577.dat
/sdcard/####/cache/book/7896/1274587.dat
/sdcard/.system/confv9/visen.conf.temp
/sdcard/####/imagecache/-77803122.tmp
/data/data/####/files/umeng_it.cache
/sdcard/####/imagecache/-1352642157.tmp
/data/data/####/shared_prefs/####.push_sync.xml
/sdcard/####/imagecache/82266242.tmp
/sdcard/####/imagecache/-1666285313.tmp
/data/data/####/files/tdata_OSo290.tmp
/data/data/####/files/tdata_gbU702.jar
/data/data/####/shared_prefs/ishugui.shareInfo.xml
/data/data/####/files/push.pid
/sdcard/####/imagecache/-1974772693.tmp
/data/data/####/databases/pushsdk.db-journal
/sdcard/####/imagecache/-2068242796.tmp
/sdcard/####/cache/book/7896/1274583.dat
/sdcard/####/imagecache/1909394924.tmp
/sdcard/####/cache/book/7896/chapterlist.dat
/data/data/####/databases/ishugui.db-journal
/sdcard/####/cache/indexdata/commonpage/listtype=index.dat
/sdcard/####/imagecache/-553934806.tmp
/sdcard/####/imagecache/-1649627793.tmp
/sdcard/.system/confv9/visen.conf.mark
/sdcard/####/imagecache/-1821182252.tmp
/sdcard/tencent/mta/.mid.txt
/sdcard/####/imagecache/-1957754430.tmp
/sdcard/####/font/ycqh.zip
/sdcard/####/cache/book/7896/1274591.dat
/sdcard/####/cache/indexdata/commonpage/listtype=usercenter.dat
/sdcard/####/imagecache/-1760189169.tmp
/sdcard/####/cache/push/banner/bannerdefault.dat
/sdcard/system/tmp/local/tdata_gbU702
/sdcard/baidu/pushservice/files/apps
/sdcard/####/imagecache/-1652002315.tmp
/sdcard/####/imagecache/325332301.tmp
/data/data/####/files/gdaemon_20151105
/sdcard/####/imagecache/313300278.tmp
/sdcard/####/imagecache/-204363741.tmp
/data/data/####/shared_prefs/####.xml
/data/data/####/files/run.pid
/sdcard/####/imagecache/-1802638745.tmp
/sdcard/####/imagecache/-1802954990.tmp
/sdcard/####/cache/setting/settings/fromscheme.dat
/sdcard/####/imagecache/-1834087029.tmp
/sdcard/####/imagecache/989449419.tmp
/sdcard/####/cache/book/7896/1274575.dat
/sdcard/libs/com.getui.sdk.deviceId.db
/sdcard/####/cache/setting/_defaultpayinfo.dat
/data/data/####/shared_prefs/####_preferences.xml
/sdcard/####/imagecache/2010883341.tmp
/data/data/####/shared_prefs/pst.xml
/data/data/####/databases/pushext.db-journal
/sdcard/####/imagecache/1347478213.tmp
/sdcard/####/cache/indexdata/commonpage/listtype=classindex.dat
/sdcard/####/cache/search/_search.dat
/sdcard/libs/com.igexin.sdk.deviceId.db
/sdcard/####/imagecache/-187272250.tmp
/sdcard/####/cache/book/7896/1274584.dat
/data/data/####/files/.imprint
/sdcard/baidu/pushservice/database/pushstat_4.5.6.db-journal
/sdcard/####/imagecache/-594937911.tmp
/sdcard/####/imagecache/861578442.tmp
/sdcard/####/imagecache/-1423189487.tmp
/sdcard/.system/confv9/visen.conf.out.temp
/sdcard/####/imagecache/-1857965923.tmp
/sdcard/####/imagecache/1697828718.tmp
/sdcard/####/imagecache/-638815040.tmp
/sdcard/libs/app.db
/sdcard/####/cache/book/7896/1274590.dat
/data/data/####/databases/tpush_tencent_analysis.db_####;xg_service_v2-journal
/sdcard/####/imagecache/1217503118.tmp
/data/data/####/databases/LeDu.db
/sdcard/baidu/.cuid
/sdcard/####/imagecache/1948787944.tmp
/sdcard/baidu/pushservice/database/pushstat_4.5.6.db
/data/data/####/shared_prefs/ledu.xml
/sdcard/####/imagecache/-1661851398
/data/data/####/shared_prefs/umeng_general_config.xml.bak
/data/data/####/databases/LeDu.db-journal
/sdcard/####/cache/book/7896/1274582.dat
/sdcard/baidu/pushservice/files/.info
/sdcard/####/imagecache/-239039290.tmp

Присваивает атрибут 'исполняемый' для следующих файлов:

/data/data/####/files/gdaemon_20151105

Другие:

Запускает следующие shell-скрипты:

sh /data/data/####/files/gdaemon_20151105 0 ####/com.igexin.sdk.PushService 24583 300 0
/data/data/####/files/gdaemon_20151105 0 ####/com.igexin.sdk.PushService 24583 300 0
/system/bin/dexopt --dex 27 51 40 251912 /data/data/####/files/tdata_OSo290.jar 1216894454 1156506672 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework
/system/bin/dexopt --dex 27 52 40 377248 /data/data/####/files/tdata_gbU702.jar 1227781912 -399381558 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework
sh /data/data/####/lib/libtpnsWatchdog.so ####,2100152575; 55037 203.205.128.130 [{ idx :0, ts :%d, et :2000, si :0, ui : #### , ky : Axg%lu , mid : 0 , ev :{ ov : 18 , sr : 600*752 , md : Generic Android-x86 , lg : en ,
sh /data/data/####/lib/libtpnsWatchdog.so ####,2100152575;####,2100152575; 55037 203.205.128.130 [{ idx :0, ts :%d, et :2000, si :0, ui : #### , ky : Axg%lu , mid : 4e3e9110b42d842c413bb46dbc273a0c01b71a8b ,
chmod 700 /data/data/####/files/gdaemon_20151105

Может автоматически отправлять СМС-сообщения.

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней