Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.543.origin
Сетевая активность:
Подключается к:
- c####.####.com
- p####.####.top
- o####.####.com
- p####.####.com
- a####.####.com
Запросы HTTP GET:
- c####.####.com/707_280_9_02111467a744aa28.jpg?imageMo####
- c####.####.com/707_280_2_98737a760601f00c.jpg?imageMo####
- c####.####.com/707_280_7_6fea87ef46f7d48e.jpg?imageMo####
- c####.####.com/707_280_4_31b678a0a4acbcac.jpg?imageMo####
- c####.####.com/12059_ccover_hp_4aa1fc230ed9204b.jpg?imageVi####
- c####.####.com/11867_ccover_hp_ea0a2d27c414b488.jpg?imageVi####
- c####.####.com/707_272_acover_1216945afdfcff18.jpg?imageVi####
- c####.####.com/707_280_15_488cde8894721b02.jpg?imageMo####
- c####.####.com/sfile/201704/27/all/cp_V2.7.7.txt
- c####.####.com/707_282_acover_dffc9ce853feb073.jpg?imageVi####
- c####.####.com/11300_ccover_hp_ee520113c2579dde.jpg?imageVi####
- c####.####.com/11235_ccover_hp_9cd211c841b163bc.jpg?imageVi####
- c####.####.com/707_280_12_b4b2e8ab6e6fdbba.jpg?imageMo####
- c####.####.com/707_278_acover_f079830428c5c6f2.jpg?imageVi####
- c####.####.com/707_280_14_b7039a6212bbf0e1.jpg?imageMo####
- c####.####.com/707_281_acover_dfe4d56155030aa2.jpg?imageVi####
- c####.####.com/707_277_acover_dd8c209a845f01f7.jpg?imageVi####
- c####.####.com/11379_ccover_hp_a0fd128bc2a508cd.jpg?imageVi####
- c####.####.com/707_273_acover_1b442e5b24ac882a.jpg?imageVi####
- c####.####.com/707_274_acover_a3b27b736accabb1.jpg?imageVi####
- c####.####.com/707_280_5_c95af80836809d5a.jpg?imageMo####
- c####.####.com/11154_ccover_hp_d010e497eea45505.jpg?imageVi####
- c####.####.com/707_279_acover_cdb9bfa560255372.jpg?imageVi####
- c####.####.com/707_280_8_5a07680ce0b3856c.jpg?imageMo####
- c####.####.com/707_271_acover_abeb53e7d17a83c3.jpg?imageVi####
- c####.####.com/707_276_acover_de579b87c100843c.jpg?imageVi####
- c####.####.com/707_280_1_ae06ce7c0e0ae23c.jpg?imageMo####
- c####.####.com/707_280_11_37e5e9bdcf567bbd.jpg?imageMo####
- c####.####.com/707_280_10_0cd6431ebc16d5ee.jpg?imageMo####
- c####.####.com/707_275_acover_4c57e6ff44bdb57b.jpg?imageVi####
- c####.####.com/707_280_3_332d434f55eda82c.jpg?imageMo####
- c####.####.com/707_280_acover_e8b0d06296cac8c8.jpg?imageVi####
- c####.####.com/707_280_6_ba25c6b6d9e83384.jpg?imageMo####
- c####.####.com/707_280_13_39a2340156b301fe.jpg?imageMo####
- c####.####.com/707_ccover_a8b163b888d2a2b0.jpg?imageVi####
Запросы HTTP POST:
- a####.####.com/errconf
- o####.####.com/v2/check_config_update
- p####.####.com/epinfo
- p####.####.top/jzbdt/uci/t/c
- a####.####.com/log4
- a####.####.com/conf4
- p####.####.com/getextinfo
- p####.####.com/handshake
- o####.####.com/v2/get_update_time
- p####.####.com/homepage
- p####.####.top/jzbdt/jgo/ot
- p####.####.top/jzbdt/ydio/kwbe/ainq
- p####.####.com/getcomments2
- a####.####.com/app_logs
- p####.####.com/comicdetail
- p####.####.com/splashinfo
- a####.####.com/snsconf
- p####.####.com/categorylist
- p####.####.top/jzbdt/xozxf/hw/vgqnn
- p####.####.top/jzbdt/vczs/uht/wzoy
- a####.####.com/conn
- p####.####.top/jzbdt/t/gersh/ko
- p####.####.top/sdf/q
- a####.####.com/data2
- p####.####.top/jzbdt/ut/jgbz
- p####.####.com/syncextinfo
Изменения в файловой системе:
Создает следующие файлы:
- /sdcard/Android/data/####/cache/uil-images/6yeo9wsq55oks5z5es1vfompa.0.tmp
- /sdcard/Android/data/####/cache/uil-images/2akeea5pcmiz4ex1b1vo5tzbg.0.tmp
- /sdcard/Android/data/####/cache/uil-images/1b5qk73e8dyunr1xwh8p9g29r.0.tmp
- /data/data/####/shared_prefs/Alvin2.xml
- /data/data/####/databases/ThrowalbeLog.db-journal
- /sdcard/Android/data/####/cache/uil-images/gq88p6mpzswo6u5qsov1sce1.0.tmp
- /data/data/####/databases/icomico_db-journal
- /data/data/####/databases/sharesdk.db-journal
- /data/data/####/shared_prefs/ICOMICO_PREFERENCE.xml.bak
- /sdcard/Android/data/####/cache/uil-images/2mqs1hfqw6kcbypshg246ea6m.downtmp.downtmp
- /data/data/####/shared_prefs/umeng_general_config.xml
- /sdcard/Android/data/####/cache/uil-images/uex9uq9szscw4b9ihwmlz5s6.0.tmp
- /sdcard/Android/data/####/cache/uil-images/6er1pbyux3ds5leb7wv057c5u.0.tmp
- /sdcard/Android/data/####/cache/uil-images/1gj60xw7kzplsezhcnldstyex.0.tmp
- /sdcard/Android/data/####/cache/splah/d299263f0afd175368d357bd91a3c12b.downtmp
- /sdcard/Android/data/####/cache/uil-images/5ndkjvnr2p5qvtfu8kvmqbla2.0.tmp
- /data/data/####/databases/t_u.db-journal
- /sdcard/Android/data/####/cache/uil-images/665dnbz46m5d97rhgiy69alvf.0.tmp
- /sdcard/.DataStorage/ContextData.xml
- /sdcard/Android/data/####/cache/uil-images/3feolclsd24zvcfho45jzucly.0.tmp
- /sdcard/Android/data/####/cache/uil-images/4ascqy10isawm1tp6r3g299e2.0.tmp
- /sdcard/Android/data/####/cache/uil-images/230m4bonv80s2tgcnlmip0qhc.downtmp.downtmp
- /data/data/####/app_jgls/.log.ls
- /data/data/####/shared_prefs/ICOMICO_PREFERENCE.xml
- /data/data/####/shared_prefs/wv.xml
- /sdcard/Android/data/####/cache/uil-images/2gdxiec5arxq49xm76cpyux9z.0.tmp
- /sdcard/ShareSDK/####/cache/####/.lock
- /sdcard/Android/data/####/cache/uil-images/iejhd8n2pfuzlnrxe0j7mld5.0.tmp
- /sdcard/Android/data/####/cache/uil-images/1hc1yo7zqzltokjktrfc8icm0.0.tmp
- /sdcard/Android/data/####/cache/uil-images/hmekfbbq0dt5ydomkh24tofm.0
- /sdcard/Android/data/####/cache/uil-images/5197sp3tid32961oukxj6uo6e.downtmp
- /sdcard/Android/data/####/cache/uil-images/uejqthvny2z9009cbwxrf3rm.0.tmp
- /sdcard/Android/data/####/cache/uil-images/4c4lk5lcx9q6grbenve7yftlg.0.tmp
- /sdcard/Android/data/####/cache/uil-images/6tefx3w2blwb21u1knhh5ya2v.downtmp.downtmp
- /sdcard/Android/data/####/cache/uil-images/4mscy42ww0jqyn9f2fu7y29c9.0.tmp
- /sdcard/Android/data/####/cache/splah/e3b8df53e30e49f5fb99ab4e1fb3ca6e.downtmp
- /sdcard/Android/data/####/cache/uil-images/1cxkp02n7mbybnr38w2pczdfk.0.tmp
- /sdcard/Android/data/####/cache/uil-images/5nj5tb63tixcbbyr4xbjud6jr.0.tmp
- /data/data/####/shared_prefs/umeng_message_state.xml
- /sdcard/Android/data/####/cache/uil-images/1gbtfr2je8tyz517exfyf3gdo.0.tmp
- /sdcard/Android/data/####/cache/splah/41c59dcbcb253866a38b5c632d60aec9.downtmp
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
- /sdcard/.UTSystemConfig/Global/Alvin2.xml
- /sdcard/Android/data/####/cache/uil-images/2mqs1hfqw6kcbypshg246ea6m.0.tmp
- /sdcard/Android/data/####/cache/uil-images/6tz8csu4ebydlhayuubcpto8s.0.tmp
- /data/data/####/shared_prefs/dsi.xml
- /sdcard/Android/data/####/cache/uil-images/424967r4pljx5kia702xsnh90.0.tmp
- /sdcard/Android/data/####/cache/splah/0f2201cecb7e4daffb3075fd69c29c89.downtmp
- /sdcard/Android/data/####/files/Download/V2.7.7.txt
- /data/data/####/shared_prefs/sfe.xml.bak
- /sdcard/Android/data/####/cache/uil-images/66vwrhldh9t5eca0i10c1h0yb.0.tmp
- /data/data/####/files/umeng_it.cache
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/files/.jglogs/.jg.ic
- /sdcard/ShareSDK/.ba
- /sdcard/Android/data/####/cache/splah/4c10c46b8dbcc6f9563c6d2f2be0fc42.downtmp
- /sdcard/Android/data/####/cache/uil-images/230m4bonv80s2tgcnlmip0qhc.0.tmp
- /sdcard/Android/data/####/cache/uil-images/3ycfu2f671gxo3bgiucfgqqhw.0.tmp
- /sdcard/Android/data/####/cache/uil-images/5lxoenifvr7m2x033pja0e1dm.0
- /data/data/####/files/mobclick_agent_cached_####554
- /data/data/####/.jiagu/libjiagu.so
- /data/data/####/shared_prefs/mob_sdk_exception_1.xml
- /sdcard/Android/data/####/cache/uil-images/2vt9tb2ssokw8pk288peyok9q.0
- /sdcard/Android/data/####/cache/uil-images/6hlllarqpcyqzggu868bjku71.0.tmp
- /data/data/####/shared_prefs/share_sdk_1.xml.bak
- /sdcard/Android/data/####/cache/splah/864487f71d5508c8f33a790e20170915.downtmp
- /data/data/####/shared_prefs/AppStore.xml.bak
- /sdcard/Android/data/.nomedia
- /data/data/####/shared_prefs/kr.xml
- /data/data/####/files/hl.jar
- /data/data/####/shared_prefs/share_sdk_1.xml
- /sdcard/Android/data/####/cache/splah/0801ec2715060e120f81bc745dfbedc4.downtmp
- /data/data/####/shared_prefs/AppStore.xml
- /data/data/####/shared_prefs/sfe.xml
- /sdcard/Android/data/####/cache/splah/e66c9f07df54a8d60477f7b8cd203026.downtmp
- /sdcard/Android/data/####/cache/uil-images/ygiklle6mraa68ezrbj3nq5r.0.tmp
- /sdcard/Android/data/####/cache/uil-images/2bshuvsj8yvzx4hrknjrbjge8.downtmp.downtmp
- /sdcard/Android/data/####/cache/uil-images/2bshuvsj8yvzx4hrknjrbjge8.0.tmp
- /sdcard/Android/data/####/cache/uil-images/2akeea5pcmiz4ex1b1vo5tzbg.downtmp.downtmp
- /sdcard/Android/data/####/cache/uil-images/1lmw4jixj3kyfh4m2gsfq8470.0
- /sdcard/Android/data/####/cache/uil-images/3zl3x8kyc853kxb7e7dsu9ocq.0.tmp
- /data/data/####/app_jgls/.log.lock
- /sdcard/Android/data/####/cache/uil-images/5pdo00nj64btom2qjsnxn9jeb.0.tmp
- /data/data/####/files/ie.jar
- /sdcard/Android/data/####/cache/uil-images/216t710chssfjwml79oo1zlmf.0.tmp
- /sdcard/Android/data/####/cache/uil-images/6ly0txo8cmnwhel42i4ax5tft.0.tmp
- /sdcard/Android/data/####/cache/uil-images/6tefx3w2blwb21u1knhh5ya2v.0.tmp
- /sdcard/ShareSDK/.dk
- /sdcard/Android/data/####/cache/uil-images/57t7qq9w5peino10p7rxpj0qg.0.tmp
- /sdcard/Android/data/####/cache/uil-images/5ztozpx7vyf1rdxg9bfehowhk.0.tmp
- /sdcard/Android/data/####/cache/uil-images/5nvlk24hjmpdypag7zhvt6b0e.0.tmp
- /sdcard/Android/data/####/cache/uil-images/5grzw8ljrfkl7i5zmvmo5tp08.0.tmp
- /sdcard/Android/data/####/cache/uil-images/6qi6ssvql9izuaq54r7wuv54q.0.tmp
- /sdcard/Android/data/####/cache/uil-images/6tz8csu4ebydlhayuubcpto8s.downtmp.downtmp
- /sdcard/Android/data/####/cache/uil-images/1uba65bawv4pmz4tnpcsay7b.0.tmp
- /data/data/####/shared_prefs/kr.xml.bak
- /sdcard/Android/data/####/cache/uil-images/vnboibjujnh5pbb8ihcqiu7u.0.tmp
- /data/data/####/files/.imprint
- /sdcard/Android/data/####/cache/uil-images/7eg3g1bmb6t1kxz630uwtxfwz.0.tmp
- /sdcard/Android/data/####/cache/splah/2cf6a5d70fd99147b587b8861d173147.downtmp
- /sdcard/Android/data/####/cache/uil-images/665dnbz46m5d97rhgiy69alvf.downtmp.downtmp
- /data/data/####/shared_prefs/ContextData.xml
- /sdcard/Android/data/####/cache/uil-images/6vr2xl21cljvxs2r6na8awkxm.0.tmp
- /sdcard/Android/data/####/cache/uil-images/3sijk5a6dvyfserdth40ozssq.downtmp.downtmp
- /sdcard/Android/data/####/cache/uil-images/5nvlk24hjmpdypag7zhvt6b0e.downtmp.downtmp
- /sdcard/Android/data/####/cache/uil-images/57pbhbq3contl11acncdegzyk.0.tmp
- /data/data/####/shared_prefs/mob_sdk_exception_1.xml.bak
- /sdcard/Android/data/####/cache/splah/e0b22b33743fe11101346908c9e3ee9c.downtmp
- /sdcard/Android/data/####/cache/uil-images/5197sp3tid32961oukxj6uo6e.0
- /data/data/####/shared_prefs/umeng_general_config.xml.bak
- /sdcard/Android/data/####/cache/uil-images/6hlllarqpcyqzggu868bjku71.downtmp.downtmp
- /data/data/####/shared_prefs/wv.xml.bak
- /sdcard/Android/data/####/cache/uil-images/3ycfu2f671gxo3bgiucfgqqhw.downtmp.downtmp
- /sdcard/Android/data/####/cache/uil-images/journal.tmp
- /sdcard/Android/data/####/cache/uil-images/3sijk5a6dvyfserdth40ozssq.0.tmp
- /sdcard/Android/data/####/cache/uil-images/5197sp3tid32961oukxj6uo6e.downtmp.downtmp
Другие:
Запускает следующие shell-скрипты:
- /system/bin/dexopt --dex 27 46 40 215232 /data/data/####/files/ie.jar 1251701515 1539328792 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/fram
- chmod 755 /data/data/####/.jiagu/libjiagu.so
- /system/bin/dexopt --dex 27 86 40 215232 /data/data/####/files/hl.jar 1251701515 1539328792 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/fram
Использует специальную библиотеку для скрытия исполняемого байткода.
Может автоматически отправлять СМС-сообщения.
