Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 10691009: @8test3#####_####_null-1216312
Сетевая активность:
Подключается к:
- 1####.####.151:8080
- u####.####.com
- h####.####.com
- p####.####.com
- 4####.####.232:8081
- c####.####.com
- d####.####.com
- w####.####.com
- j####.####.net
- 1####.####.167
- m####.####.com
- 1####.####.171
Запросы HTTP GET:
- m####.####.com/data/avatar/0/1/9/11r51464489454_32.jpg
- m####.####.com/data/gggo/1512/13/566d11b5cfb83.jpg
- m####.####.com/showgp/get_tieinfo/id/40/platform/1
- m####.####.com/static/css/mobile_v2/item.css?v=####
- m####.####.com/static/images/mobile/icon_back.png
- m####.####.com/static/js/mobile_v2/layer/need/layer.css
- m####.####.com/data/share/2016/06/f2/262003576fc4976408e_m.jpg
- m####.####.com/static/css/mobile_v2/base.css?v=####
- m####.####.com/data/game/images/2016/08/57b26debe099f.jpg
- m####.####.com/data/avatar/a/e/c/n1i1458213429_32.jpg
- m####.####.com/data/static/819be947638520e22761f489a5ff66e9.js?v=####
- m####.####.com/data/item_cate/2015/12/56762ea27182f.jpg
- m####.####.com/data/avatar/c/f/d/m3t1454231679_32.jpg
- m####.####.com/static/css/mobile_v2/images/small_icon.png
- m####.####.com/data/avatar/7/6/8/12ua1471483629_32.jpg
- m####.####.com/data/avatar/3/8/6/14u11486301266_64.jpg
- m####.####.com/static/css/mobile_v2/images/logo_new.png
- m####.####.com/static/images/mobile/icon_home.png
- m####.####.com/static/js/jquery/swiper/swiper.jquery.min.js
- u####.####.com/es7e50c7dcf6cefe3b9f4923daf2ad67bf05.js
- j####.####.net/vs.php?id=####&892####
- m####.####.com/static/images/mobile/user_face.png
- m####.####.com/static/css/mobile_v2/style_v2.css?v=####
- m####.####.com/data/share/2017/05/76/031939769a19bdf99fb17a.jpg
- m####.####.com/data/share/2016/08/1f/18195457b5a1fb840a4_m.jpg
- m####.####.com/data/avatar/e/2/3/13oa1477918881_32.jpg
- m####.####.com/index.php?m=####&a=####&id=####
- m####.####.com/data/avatar/3/8/6/14u11486301266_32.jpg
- m####.####.com/data/share/2017/04/b7/042048b7b69d8526d3ec08_m.jpg
- m####.####.com/data/avatar/2/0/b/156k1488435694_32.jpg
- m####.####.com/data/share/2016/11/ae/021200581964e694a04_m.jpg
- c####.####.com/cpro/ui/pr.js
- m####.####.com/static/js/mobile_v2/zepto.min.1.1.6.js
- m####.####.com/data/share/2017/04/c9/282251c996360092af3862_m.jpg
- u####.####.com/pg3a1ece91f1c9f439db0b7ddfeff332e641f7c4113aec7fe1103c.js
- m####.####.com/data/share/2016/08/c6/15132157b15140623d7_m.jpg
- m####.####.com/data/share/2017/05/c9/041151c935c4a67a6d35e6_m.jpg
- m####.####.com/data/share/2017/05/ea/012103eaf0edba998b0161_m.jpg
- h####.####.com/hm.js?97e30f1####
- m####.####.com/data/share/2016/04/6a/202245571795f32d007_m.jpg
- w####.####.com/adx.php?c=####
- m####.####.com/data/avatar/7/2/6/15jm1490363506_32.jpg
- m####.####.com/data/item_cate/2015/12/56762f42ca045.jpg
- m####.####.com/data/share/2017/05/76/031939769a19bdf99fb17a_m.jpg
- m####.####.com/data/share/2017/05/8b/0310098b63f96f9b65be9b_m.jpg
- m####.####.com/static/js/jquery/swiper/swiper.min.css
- m####.####.com/data/item_cate/2015/12/56762e8fd5781.jpg
- m####.####.com/data/share/2017/05/f9/031712f9ae4956b96f9138_m.jpg
- m####.####.com/static/js/mobile_v2/zepto.cookie.min.js
- m####.####.com/data/avatar/b/4/f/12gf1468507242_32.jpg
- m####.####.com/static/images/mobile/icon_search.png
- m####.####.com/data/item_cate/2017/01/586a075d454c2.jpg
- m####.####.com/data/share/2016/01/eb/31172556add3178eb30_m.jpg
- m####.####.com/data/share/2017/05/8e/0313068ec3856703079539_m.jpg
- m####.####.com/static/js/mobile_v2/show_fudong.js
- m####.####.com/static/js/mobile_v2/layer/layer.js?v=####
- m####.####.com/data/share/2016/11/68/02112458195c78acc1e_m.jpg
- m####.####.com/data/share/2016/07/58/150848578832e9bd2d4_m.jpg
- m####.####.com/data/share/2017/04/2c/3018062c749d3537a19f5b_m.jpg
- m####.####.com/share-568047.html
- m####.####.com/data/gggo/1512/13/566d11cfbf947.jpg
- m####.####.com/data/item_cate/2015/12/56762f0dce540.jpg
- m####.####.com/static/css/mobile_v2/images/g_loading.gif
- m####.####.com/data/share/2017/05/30/03134530bbfacbf83082f9_m.jpg
- h####.####.com/hm.gif?bs=####&cc=####&ck=####&cl=####&ds=####&ep=####&et...
- m####.####.com/static/css/mobile_v2/images/icon_small.png
- m####.####.com/data/share/2016/07/e3/181439578c79a9b36d5_m.jpg
- h####.####.com/hm.gif?bs=####&cc=####&ck=####&cl=####&ds=####&et=####&ja...
- m####.####.com/data/item_cate/2015/12/56762ec925fb4.jpg
- m####.####.com/cate-12.html
- m####.####.com/data/share/2017/05/14/04132714c5b9ca6cc94bd0_m.jpg
- m####.####.com/data/share/2017/05/26/0312032696a4264c781f9f_m.jpg
- c####.####.com/sync.htm?cproid=####
- m####.####.com/data/share/2017/02/e7/282109e76e7280414c5a1f_m.jpg
- m####.####.com/static/images/mobile/icon_menu.png
- p####.####.com/s?pss=####&ti=####&ps=####&drs=####&cfv=####&cpl=####&chi...
- m####.####.com/data/share/2017/05/f0/021915f0a59004ee708e69_m.jpg
- m####.####.com/data/share/2017/04/94/201245945eaad082b389e8_m.jpg
- d####.####.com/js/dm.js
- m####.####.com/data/avatar/9/7/f/15jk1490363456_32.jpg
- m####.####.com/data/share/2017/02/d9/241330d95cb5f685bb678b_m.jpg
- m####.####.com/data/item_cate/2015/12/56762e74d2dac.jpg
- m####.####.com/data/static/9157c7b36ac464a0fab8b0dbbfe17a60.js?v=####
- m####.####.com/item/tgo/id/568047
- m####.####.com/data/share/2016/01/e3/31172356add280a0fa6_m.jpg
Запросы HTTP POST:
- 1####.####.171/BusiService/@intf@/i0001
- 1####.####.171/BusiService/@intf@/i0002
- 1####.####.171/BusiService/@intf@/i0003
- 4####.####.232:8081/logic/absloginfo?imei=####&imsi=####&message=####
- 1####.####.167/astrolinkSDK/info/getUpIp
- 1####.####.151:8080/astrolinkSDK/info/getUpUrlInfo
- 1####.####.171/BusiService/@intf@/i2001
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/shared_prefs/fjds923sf_data.xml.bak
- /data/data/####/shared_prefs/setting.xml
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/files/sdk.jar
- /data/data/####/shared_prefs/abs.xml
- /data/data/####/shared_prefs/STORE_MAIN.xml
- /data/data/####/shared_prefs/fjds923sf_data.xml
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/databases/d_aosd56dg
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/shared_prefs/1154|account_file.xml
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /data/data/####/databases/webview.db-journal
- /data/data/####/shared_prefs/sp_haoapp.xml
- /data/data/####/shared_prefs/abs.xml.bak
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/databases/d_aosd56dg-journal
Другие:
Запускает следующие shell-скрипты:
- /system/bin/dexopt --dex 27 84 40 369588 /data/data/####/files/sdk.jar 1235054598 1648083090 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/framework
Может автоматически отправлять СМС-сообщения.
