Техническая информация
Вредоносные функции:
Отправляет СМС-сообщения:
- 10690133603: auto##498485778##mpl_zhushou##log in with 360
Сетевая активность:
Подключается к:
- sh####.####.com
- go####.com
- go####.nl
- g####.####.cn
- r####.####.com
- ope####.####.cn
- s####.####.cn
- p####.####.com
- a####.####.cn
- p####.####.cn
- e####.####.cn
- pro####.####.cn
- m####.####.com
- 1####.####.235
- m####.####.cn
Запросы HTTP GET:
- m####.####.cn/baohe/list?version=####&toid=####&pst=####&os=####&vc=####...
- go####.com/
- p####.####.com/t019f8ef4eda051d287.png
- p####.####.com/t01f0e8461043ed5732.jpg
- ope####.####.cn/AppStore/getIsUpdate?ext=####&pname=####&sr=####&mysrc=#...
- r####.####.com/360baohe/download.php?resurl=####&m=####&m2=####&nt=####&...
- s####.####.cn/sdkv2/city?u=####&sign=####&version=####&news_sdk_version=...
- p####.####.com/t01d2af2f2573758023.png
- p####.####.com/t01f06bfb4f39f8c5aa.png
- p####.####.com/t012d84c0b2d7e714d2.png
- go####.nl/?gfe_rd=####&ei=####
- ope####.####.cn/Iservice/AppDetail?s_stream_app=####&market_id=####&sort...
- p####.####.com/dr/160_160_/t01c26458c936994fe9.png
- p####.####.com/dr/160_160_/t01f9b42c0addddd698.png
- ope####.####.cn/Iservice/FailOver?os=####&vc=####&v=####&md=####&sn=####...
- p####.####.com/t01112e7da307b0b111.png
- a####.####.cn/intf.php?method=####&devtype=####&m1=####&m2=####&_t=####&...
- ope####.####.cn/AppPrivMap/getPrivMap?os=####&vc=####&v=####&md=####&sn=...
- ope####.####.cn/iservice/pluginStatus?os=####&vc=####&v=####&md=####&sn=...
- s####.####.cn/appstore/info.htm?method=####&os=####&vc=####&v=####&md=##...
- ope####.####.cn/Iservice/ServerConfig?os=####&vc=####&v=####&md=####&sn=...
- p####.####.com/t01bfbeb667453952d0.png
- p####.####.com/dr/160_160_/t01d55467ceef4aa4b7.png
- p####.####.com/t01e89d596cefabd546.png
- p####.####.com/dr/160_160_/t017f7a3707598102dc.png
- pro####.####.cn/profile/setting/getsetting?os=####&vc=####&v=####&md=###...
- p####.####.com/t01060ff6858f728079.png
- p####.####.com/dr/160_160_/t01d7532f5d01620a4a.png
- p####.####.com/bdm/174_174_/t0103288d3fc399c27c.png
- p####.####.com/t01fd6315e0ed6c48f0.png
- p####.####.com/t01ec2257514457c152.png
- p####.####.com/t01baac50dc662ce2e5.jpg
- p####.####.com/dr/160_160_/t016f776afe01afc9d9.png
- 1####.####.235/index.html
- s####.####.cn/info_flow/s.html?uid=####&sign=####&version=####&sdkv=####...
- p####.####.com/dr/160_160_/t015c4921e0d6642c4f.png
- ope####.####.cn/html/data/save_uninstall.json
- ope####.####.cn/AppStore/getHotWordsIconsOfSearch?pos=####&os=####&vc=##...
- p####.####.com/t0137f8a614d03fc14f.png
- p####.####.com/t01bed22d225a375da4.png
- p####.####.com/dr/160_160_/t01a8ab679cdd6baa2f.png
- m####.####.com/cfg/appkey-cf6b551afe338f43
- p####.####.com/dr/160_160_/t0114ed55f8f3034f29.png
- p####.####.com/t01a7cbf5ab2df855f3.jpg
- s####.####.cn/sdkv2/tabs?u=####&sign=####&version=####&news_sdk_version=...
- p####.####.com/t0197baaf57ac9e8a3e.jpg
- p####.####.com/t0180e9262f0b036868.png
- p####.####.com/t0109de1dda678f0969.png
- p####.####.com/t01f73c59673f25b28d.png
- p####.####.com/t01656c8b102705e16b.png
- ope####.####.cn/home/index?from=####&ch=####&prepage=####&curpage=####&p...
- ope####.####.cn/Cloud/getSoConf?name=####&so_ver=####&os=####&vc=####&v=...
- ope####.####.cn/toolsManger/list?ch2=####&os=####&vc=####&v=####&md=####...
- p####.####.com/t019835fc5f7e74c787.png
- g####.####.cn/sdkv2/local?u=####&sign=####&version=####&news_sdk_version...
- p####.####.com/t012c6745b6d4af4be8.png
- p####.####.com/t01a362a049573708ae.png
- p####.####.com/t019785eadf1943f632.png
- p####.####.com/t01b0ceb13f1b361fb3.png
- p####.####.com/t0129a001ff66b08bec.jpg
- s####.####.cn/sdkv2/place?u=####&sign=####&version=####&market=####&news...
- a####.####.cn/intf.php?method=####&model=####&sdkversioncode=####&sdkver...
- sh####.####.com/161226/fdfd489a2beac3a3abcbe1c6441d7c76/libimagepipeline...
- p####.####.com/t018ab16a7212d6d58a.jpg
- p####.####.com/dr/160_160_/t01a20ad6e9dad7cb89.png
- ope####.####.cn/Iservice/GetIndexHeader?iszip=####&logo_type=####&deflat...
- p####.####.com/t01bb6912aca33f6f96.png
- s####.####.cn/360baohe/c.html?para=####
- s####.####.cn/ak/3416a75f4cea9109507cacd8e2f2aefc.html?m2=####
- p####.####.com/t01db769efd91ecfc11.jpg
- p####.####.com/bdm/174_174_/t0162c349580727347e.png
Запросы HTTP POST:
- p####.####.cn/pstat/plog.php
- ope####.####.cn/mintf/getAppsByPackNames?src=####&AndroidID=####&silent=...
- p####.####.cn/update/update.php?p=####
- e####.####.cn/b/pv?&st=####&m2=####&model=####&mid=####
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/shared_prefs/crash.xml
- /data/data/####/shared_prefs/PermissionMap.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/6/zxIqOBjGm6cc9dqfMUuQNJuPpOo.-1801574185.tmp
- /sdcard/360Log/downloadLog_delegate
- /data/data/####/databases/new_downloads.db
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/11/c7RqsoO4htxcsUkMFGKh6zBehDY.-1209094193.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/82/9cP0MrA14QDSgWUb6rS-uAx-txY.1516540736.tmp
- /data/data/####/shared_prefs/news_local_config.xml
- /data/data/####/files/uninstallRetainJson
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/59/pvAUvPj0z51CuSBNK4KrYO2n_zM.-1766889697.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/46/b3DzHjSB3wJyt5cS1U93OrdkrAI.-2013530034.tmp
- /data/data/####/shared_prefs/multidex.version.xml
- /sdcard/Android/data/####/cache/http/-817817207-522214990
- /data/data/####/files/dir_uninstallretain_pic/pic_5.png
- /data/data/####/files/dir_uninstallretain_pic/pic_6.png
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/66/_-s0qF20KHQgU_0LghRZ4-Pk-Zs.295475938.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/4/PzcoEpvenO_OViPsFOtPotSwOv8.241894321.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/90/LEfSiMEdDpuaXaQ8O9Pl31jIXn4.-888698266.tmp
- /data/data/####/files/personal_center_setting_new
- /data/data/####/files/dir_uninstallretain_pic/pic_4.png
- /data/data/####/shared_prefs/share_data.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/69/4wvO9-Df0BaSYX_mRuqhKSGnoGw.-767309184.tmp
- /data/data/####/shared_prefs/face_detect_local_pref.xml
- /data/data/####/localApkInfo.json
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/86/mOzsMzyosdyWKBAJFAxb-99xHnQ.1453041237.tmp
- /sdcard/360Log/downloadLog_statMan
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/98/AyOBn90hwk_kbeaMsDKZ0Ee9p04.-1677223871.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/45/-jwIVVtU2W51uN0fCVOhDGseey0.-355664367.tmp
- /sdcard/Android/data/####/cache/http/18642064921463400949
- /data/data/####/files/imagepipelineappstore_2.so
- /data/data/####/shared_prefs/clear_shortcut.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/34/zYU1VG1awpsxBZsNgvKjayocr8c.-1192716163.tmp
- /sdcard/360Log/downloadLog_main
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/94/sXFMfhYfI-xwlAp4KPAfH6_0yNo.61063773.tmp
- /data/data/####/shared_prefs/battery.xml
- /data/data/####/files/dir_uninstallretain_pic/pic_2.png
- /data/data/####/files/dir_uninstallretain_pic/pic_3.png
- /sdcard/.sfp/.sfp
- /data/data/####/shared_prefs/game_redirect.xml
- /data/data/####/file_prefs/battery/freezer
- /data/data/####/shared_prefs/connect_config.xml
- /data/data/####/shared_prefs/antihijack_config.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/89/wP-iIUoT1cSQF9nhL02UwsDIzYg.-1093178266.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db
- /data/data/####/shared_prefs/news_sdk_status.xml
- /data/data/####/files/dir_uninstallretain_pic/pic_8.png
- /sdcard/360/newssdk/push/journal.tmp
- /data/data/####/cache/360Download/so_imagepipelineappstore_2.apk.temp
- /data/data/####/shared_prefs/MATSharedPreferences.xml
- /data/data/####/code_cache/secondary-dexes/####-1.apk.classes-437675573.zip
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/89/j-35LUkYwvgy0j0y0dx1KRKxJb8.1572862898.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/37/13lwHQXk-fUN6Rp9HLrRj8Fdr4o.142278293.tmp
- /sdcard/temp.tmp~
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/40/xHxlAKKQ-ThORE0N7SBD9_r1qBw.-99014329.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/79/ujJLMldTEQzRUO6933b8HDZPXio.660793382.tmp
- /data/data/####/files/sllak/core/finalcore.jar
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/56/KvxDJfvV912XI_DxzSjF_BJeCVY.1663271231.tmp
- /sdcard/Android/data/.nomedia
- /data/data/####/shared_prefs/sdk_config.xml
- /data/data/####/databases/filelist.db-journal
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/90/8Pyr9S9YJ4qHA1JEljxS_tkiMAQ.-345795650.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_1.png
- /data/data/####/databases/update_history.db
- /data/data/####/shared_prefs/float_win_config.xml
- /data/data/####/files/dir_uninstallretain_pic/pic_9.png
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/67/HLAONGZQ0Uu4TCnvtDXTGMK440o.948001797.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/90/OWeIKWxI2kwbgIoJ1rxe78TD6k8.-496076940.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/37/LrItDoQYRn223CQ5Bj-fr3rFO_k.-1512962087.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/42/cg3q1eYhqE6RTeaUycjykmsyjdc.-138814005.tmp
- /sdcard/360/newssdk/push/d5bfb6f7386625ad061dc9894b276ac7.0.tmp
- /data/data/####/databases/new_downloads.db-journal
- /data/data/####/databases/account.db-journal
- /data/data/####/databases/update_history.db-journal
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/70/jyUFhRr1WbKgQC3YVBfFjEIGpi8.598696944.tmp
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/50/k0eBOvmqb1WALr3sXl5Cwsfn0yY.1898872505.tmp
- /data/data/####/shared_prefs/save_myself_config.xml
- /sdcard/Android/data/####/cache/.nomedia
- /data/data/####/files/sllak/opt/2162/finalcore.jar
- /sdcard/360Log/downloadLog_p2p
- /data/data/####/downloadStat.json
- /sdcard/360/newssdk/push/e6a11230b333ae44a2e1cdcab52acb37.0.tmp
- /sdcard/Android/data/####/cache/http/-313892945-2109603726
- /data/data/####/databases/download5.db-journal
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/98/4A9HNo6HYqd03kbNuSvucgDaNo0.-2080023852.tmp
- /data/data/####/cache/360Download/so_imagepipelineappstore_2.apk.temp!
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/31/vK-tiqdXFJfGVzlgOj2yYXO4DdU.324333819.tmp
- /sdcard/360/newssdk/.nomedia
- /sdcard/.testf
- /data/data/####/shared_prefs/auth_guide_config_sdk.xml
- /data/data/####/files/360/sdk/persistence/data/Y29tLnFpaG9vLmFwcHN0b3Jl
- /data/data/####/databases/_ire-journal
- /data/data/####/shared_prefs/BaoHe_only_pref.xml
- /sdcard/Android/data/####/cache/http/-9842321261528781007
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/27/L87d3em5VhMT2SUZ7qKdABRMGLI.2098615217.tmp
- /data/data/####/databases/account.db
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/83/0BtQdfdlkzJ85FnDp_BawRNGtok.-771024512.tmp
- /data/data/####/files/dir_uninstallretain_pic/pic_7.png
- /data/data/####/shared_prefs/news_sdk_location.xml
- /data/data/####/shared_prefs/event_config.xml
- /data/data/####/shared_prefs/share_data_####;download.xml
- /data/data/####/files/pluginconfigcache
- /data/data/####/shared_prefs/share_data_####;critical.xml
- /sdcard/Android/data/####/cache/image/image_cache/v2.ols100.1/20/QxKQSml6b62MT4hTphkYnzSynKE.1381228597.tmp
- /data/data/####/databases/ignoreupdate_appinfo.db-journal
Другие:
Запускает следующие shell-скрипты:
- ps
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 111.13.66.125
- app_process /system/bin com.android.commands.pm.Pm list packages
- app_process / ####.rootcommand.persistent.CoreDaemon --nice-name=####_CoreDaemon --daemon
- /system/bin/dexopt --dex 27 40 40 3312172 /data/data/####/code_cache/secondary-dexes/####-1.apk.classes2.zip 1248299398 1564323779 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.ja
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.88
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 106.120.160.207
- cat /proc/version
- pm list packages
- /system/bin/sh
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 182.118.31.99
- /system/bin/dexopt --dex 27 58 40 194836 /data/data/####/files/sllak/opt/2162/finalcore.jar 1244492490 -678905042 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /sy
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 221.130.199.208
- /system/bin/ping -i 0.5 -s 56 -w 10 -c 10 111.13.65.243
Может автоматически отправлять СМС-сообщения.
