Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.122.origin
Сетевая активность:
Подключается к:
- s####.####.com
- unio####.####.com
- useract####.####.com
- c####.####.com
- pi####.####.com
- statson####.####.com
- a####.####.com
Запросы HTTP GET:
- s####.####.com/chksdkupdate.php?sdkver=####&compver=####&mainver=####&ch...
- s####.####.com/pickoverlay.php?chid=####&cpmeta=####&vercode=####&ovid=#...
- s####.####.com/getdomain.php?chid=####&subchid=####&cpmeta=####&type=###...
- s####.####.com/picksingleapk.php?chid=####&imei=####&imsi=####&vercode=#...
- c####.####.com/vmupdate/pack/empty/empty/29000/vm_generic/102/-1/vm.zip
- c####.####.com/mainjarupdate/gamesdk/61520/empty102/102758/main.zip
- s####.####.com/picksdkgame.php?chid=####&imei=####&imsi=####&vercode=###...
- s####.####.com/gensdkuser.php?chid=####&cpmeta=####&vercode=####&md5=###...
- s####.####.com/chksdkupdate.php?sdkver=####&compver=####&mainver=####&ex...
Запросы HTTP POST:
- a####.####.com/rest/2.0/channel/4112453880257599905
- unio####.####.com/unionsdk/cs
- useract####.####.com/useraction/call
- statson####.####.com/pushlog_special
- unio####.####.com/unionsdk/getPictureAdvertising
- unio####.####.com/unionsdk/getPictureScreen
- pi####.####.com/mstat/report/?index=####
- unio####.####.com/unionsdk/getAdAfterExit
- a####.####.com/rest/2.0/channel/channel
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.platformcache/tmp/vm/kxqpplatform.jar.tmp
- /data/data/####/databases/downloads.db
- /data/media/obb/####/game_res/compVersion
- /sdcard/baidu/pushservice/files/apps
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/shared_prefs/excl_lb_lbmain.xml
- /data/data/####/files/account_deb6af019f_d3c2dfc519e371e3b4a4a006107e82a3
- /data/data/####/databases/wxop_tencent_analysis.db-journal
- /data/data/####/shared_prefs/excl_lb_kxqp.xml
- /data/data/####/shared_prefs/__Baidu_Stat_SDK_SendRem.xml.bak
- /data/data/####/shared_prefs/channelid.xml
- /data/data/####/shared_prefs/pst.xml
- /data/data/####/shared_prefs/excl_lb_chInfo.xml
- /data/data/####/.platformcache/tmp/main/lib_main/tmp.nD2382
- /data/data/####/shared_prefs/excl_lb_platform.xml.bak
- /data/data/####/apk/vm.zip.dload
- /data/data/####/.platformcache/tmp/main/lib_main/tmp.DZ2401
- /data/data/####/databases/pri_wxop_tencent_analysis.db-journal
- /data/data/####/shared_prefs/bids.xml
- /data/data/####/shared_prefs/excl_lb_soUpdate.xml
- /data/data/####/shared_prefs/.mta-wxop.xml
- /data/data/####/.platformcache/lbextjartag
- /data/data/####/.platformcache/tmp/main/lib_main/tmp.Cd2382
- /data/data/####/files/bdp_channel
- /data/data/####/shared_prefs/excl_lb_kxqpChannal.xml
- /data/data/####/shared_prefs/excl_lb_md5Info.xml
- /data/data/####/shared_prefs/####.self_push_sync.xml
- /data/data/####/.platformcache/tmp/main/lib_main/tmp.TV2291
- /data/data/####/apk/main.zip.dload
- /data/data/####/shared_prefs/com_dk_shared_preferences.xml
- /data/data/####/shared_prefs/pst.xml.bak
- /data/data/####/shared_prefs/.mta-wxop.xml.bak
- /sdcard/Tencent/mta/.mid.txt
- /data/data/####/shared_prefs/__Baidu_Stat_SDK_SendRem.xml
- /sdcard/duoku/sdk/cache/logoinfo_h5.txt
- /data/data/####/shared_prefs/bindcache.xml
- /data/data/####/databases/downloads.db-journal
- /sdcard/duoku/sdk/cache/adinfo.txt
- /data/data/####/.platformcache/tmp/main/main2.jar.tmp
- /data/data/####/databases/app.db
- /sdcard/baidu/.cuid
- /data/data/####/shared_prefs/excl_lb_platform.xml
- /data/data/####/.platformcache/tmp/main/lib_main/libapplypatch.so
- /data/data/####/databases/wxop_tencent_analysis.db
- /data/data/####/shared_prefs/excl_lb_domain.xml
- /sdcard/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44
- /data/data/####/shared_prefs/data_s.xml
- /data/data/####/.platformcache/tmp/main/lib_main/tmp.UL2269
- /data/data/####/shared_prefs/excl_lb_extractInfo.xml
- /data/data/####/shared_prefs/excl_lb_userInfo.xml
- /data/data/####/databases/pushstat_4.6.2.db
- /data/data/####/shared_prefs/com_dk_shared_preferences.xml.bak
- /data/data/####/shared_prefs/excl_lb_updateInfo.xml
- /data/data/####/databases/pushstat_4.6.2.db-journal
- /data/data/####/databases/app.db-journal
- /data/media/obb/####/game_res/mainVersion
- /data/data/####/databases/pri_wxop_tencent_analysis.db
- /sdcard/Sonnenblume/res.apk.u
- /data/data/####/shared_prefs/####.push_sync.xml
- /data/data/####/shared_prefs/excl_lb_gameInfo.xml
- /data/data/####/.platformcache/tmp/main/lib_main/tmp.IU2291
- /data/media/obb/####/game_res/conveying
- /sdcard/Sonnenblume/EE53AF5B170264468E95E783E26D76C2
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/.platformcache/tmp/main/lib_main/libapplypatch.so
- /data/data/####/apk/vm.zip.dload
- /data/data/####/apk/main.zip.dload
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- chmod 777 /data/data/####/apk/vm.zip.dload
- chmod 777 /data/data/####/apk
- chmod 755 /data/data/####/.platformcache/tmp/vm/kxqpplatform.jar
- /system/bin/dexopt --dex 27 42 40 338852 /storage/emulated/0/Sonnenblume/res.apk 1215983635 1264893488 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- chmod 777 /data/data/####/apk/main.zip.dload
- chmod 755 /data/data/####/.platformcache/tmp/main/main2.jar
- /system/bin/dexopt --dex 27 40 40 303340 /data/data/####/.platformcache/tmp/main/main2.jar 1219995874 -1921526145 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext
- /system/bin/dexopt --dex 27 62 40 338852 /storage/emulated/0/Sonnenblume/res.apk 1215983635 1264893488 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework.
Может автоматически отправлять СМС-сообщения.
