Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Mixi.16.origin
Сетевая активность:
Подключается к:
- s####.####.com
- g####.####.com
- 1####.####.80
- p####.####.com
- i####.####.cc
- 1####.####.225
Запросы HTTP GET:
- p####.####.com/handao_img/newsp/member_35.jpg
- p####.####.com/handao_img/app_img/video/jpg/shikan000036.jpg
- p####.####.com/handao_img/app_img/video/jpg/shikan00007.jpg
- p####.####.com/handao_img/newsp/member_019.jpg
- p####.####.com/handao_img/newsp/member_9.jpg
- p####.####.com/json2/my.php?pay_Id=####&package=####&appid=####&v=####&c...
- p####.####.com/handao_img/newsp/member_28.jpg
- p####.####.com/handao_img/newsp/member_39.jpg
- p####.####.com/handao_img/newsp/member_2.jpg
- i####.####.cc/handao_img/app_img/pay_img/pay_huangjin_top2.png
- i####.####.cc/handao_img/app_img/pay_img/p_top3.png
- p####.####.com/handao_img/app_img/video/jpg/shikan37.jpg
- p####.####.com/handao_img/newsp/bo_05.jpg
- p####.####.com/handao_img/newsp/member_20.jpg
- s####.####.com/cr/sdk/170417/des_V17041703Aj1so32.zip
- p####.####.com/handao_img/newsp/member_33.jpg
- p####.####.com/handao_img/newsp/member_15.jpg
- i####.####.cc/handao_img/app_img/pay_img/p_top1.png
- i####.####.cc/handao_img/app_img/pay_img/p_top2.png
- p####.####.com/handao_img/newsp/member_12.jpg
- p####.####.com/handao_img/newsp/guan_1.jpg
- p####.####.com/handao_img/newsp/member_007.jpg
- p####.####.com/handao_img/newsp/member_47.jpg
- 1####.####.80/tools/hdus
- p####.####.com/handao_img/app_img/video/jpg/shikan30.jpg
- p####.####.com/handao_img/newsp/bo_1.jpg
- p####.####.com/handao_img/newsp/member_11.jpg
- p####.####.com/handao_img/newsp/member_34.jpg
- p####.####.com/handao_img/newsp/member_04.jpg
- p####.####.com/handao_img/newsp/member_21.jpg
- p####.####.com/handao_img/newsp/member_30.jpg
- g####.####.com/cr/sv/getGoFile?name=####
- p####.####.com/handao_img/newsp/member_37.jpg
- p####.####.com/json2/free.php?pay_Id=####&package=####&appid=####&imei=#...
- p####.####.com/json2/stat.php?pay_Id=####&package=####&appid=####&v=####...
- p####.####.com/json2/update.php?pay_Id=####&package=####&appid=####&v=##...
- p####.####.com/handao_img/newsp/member_16.jpg
- p####.####.com/json2/upstat.php?pay_Id=####&package=####&appid=####&v=##...
- p####.####.com/handao_img/newsp/member_3.jpg
- p####.####.com/handao_img/newsp/guan_9.jpg
- p####.####.com/handao_img/newsp/member_50.jpg
- s####.####.com/cr/sdk/170417/goplaysdk_statistics_all_1704171.dat
- p####.####.com/handao_img/newsp/guan_6.jpg
- p####.####.com/handao_img/newsp/bo_04.jpg
- p####.####.com/handao_img/newsp/member_44.jpg
- p####.####.com/handao_img/newsp/member_32.jpg
- p####.####.com/handao_img/newsp/member_01.jpg
- p####.####.com/handao_img/newsp/member_42.jpg
- p####.####.com/handao_img/newsp/zuan_4.jpg
- p####.####.com/handao_img/newsp/bo_21.jpg
- p####.####.com/handao_img/newsp/zuan_2.jpg
- g####.####.com/cr/sv/getRecord?eids=####&appKey=####&flag=####
Запросы HTTP POST:
- g####.####.com/cr/sv/getEPList
- 1####.####.225/dreport
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/picasso-cache/9c8218f4a8f54eea41eadf6bf68f26f6.0.tmp
- /data/data/####/cache/picasso-cache/a25f19ccc95093b1d77d835eff9aaf90.0.tmp
- /data/data/####/cache/picasso-cache/d12458ab3b6797f4f6c46fba58ab33d2.1.tmp
- /data/data/####/files/sbx2DB8520H4/5sbx2DB8520H46
- /data/data/####/cache/picasso-cache/84aa2768cbbe69a21976e749bddeb5b8.1.tmp
- /data/data/####/cache/picasso-cache/8b9065e22c1d89c7dd9be6e63b82a71d.1.tmp
- /data/data/####/cache/picasso-cache/aaa98c0eba21659a1e801051b5231bca.1.tmp
- /data/data/####/cache/picasso-cache/fbf3a8dfc51666bef27e0032a3c56cf5.0.tmp
- /data/data/####/cache/picasso-cache/48174572c1a3be52b0f32197f34442bb.1.tmp
- /data/data/####/cache/picasso-cache/0ac1dcc51ac4b17cebba263d20c94f31.0.tmp
- /data/data/####/cache/picasso-cache/c5d0fb0c7cb15a09966447edd5326dce.1.tmp
- /data/data/####/cache/picasso-cache/8a93cd63777c02ef629fb1dc28b6e478.1.tmp
- /data/data/####/cache/picasso-cache/d12458ab3b6797f4f6c46fba58ab33d2.0.tmp
- /data/data/####/cache/picasso-cache/5a36412509c7a104238fb53500d00a78.0.tmp
- /data/data/####/cache/picasso-cache/eec5f19f76a82759ba949fa5adcfb1c7.1.tmp
- /data/data/####/cache/picasso-cache/fbc4aa0373be5aac4d384edadb823156.0.tmp
- /data/data/####/files/1493729862169_V17041703Aj1so32.so
- /data/data/####/shared_prefs/####_preferences.xml.bak
- /data/data/####/databases/natobww.db-journal
- /data/data/####/shared_prefs/config.xml
- /data/data/####/cache/picasso-cache/245d1f3afe48dd0ee15f303704c59fda.0.tmp
- /data/data/####/cache/picasso-cache/db5800f7fd3f5909c9b4367ebd7f96f5.0.tmp
- /data/data/####/cache/picasso-cache/e0a1078b13700db471537f75fe9508d4.0.tmp
- /data/data/####/cache/picasso-cache/journal.tmp
- /data/data/####/cache/picasso-cache/22ada2e7a07d5a153cb42b643a88c5f5.1.tmp
- /data/data/####/cache/picasso-cache/50aaebac55b1fc78f10bcb013b0260b1.1.tmp
- /data/data/####/cache/picasso-cache/ae8604f1b4368ef268c822bf52dd25b0.0.tmp
- /data/data/####/cache/picasso-cache/4ab737c4920b824095441e5b70058f04.1.tmp
- /data/data/####/cache/picasso-cache/4fdf423c1938d8b6dad67a5b00fac0d9.0.tmp
- /data/data/####/cache/picasso-cache/026f4a8ce16a177b6db4cea205cfc6d6.1.tmp
- /data/data/####/files/hftJcw46N.jar
- /data/data/####/cache/picasso-cache/9c8218f4a8f54eea41eadf6bf68f26f6.1.tmp
- /data/data/####/cache/picasso-cache/8aee45755636010052aacb918b406860.1.tmp
- /data/data/####/cache/picasso-cache/c5b8a25692a8dc32d52bf9b130971368.1.tmp
- /data/data/####/cache/picasso-cache/1c94f7eed04d909911b0563b2130081d.0.tmp
- /data/data/####/cache/picasso-cache/4fdf423c1938d8b6dad67a5b00fac0d9.1.tmp
- /data/data/####/cache/picasso-cache/c5d0fb0c7cb15a09966447edd5326dce.0.tmp
- /data/data/####/cache/picasso-cache/a25f19ccc95093b1d77d835eff9aaf90.1.tmp
- /data/data/####/cache/picasso-cache/84aa2768cbbe69a21976e749bddeb5b8.0.tmp
- /data/data/####/cache/picasso-cache/551235d458f8a5283eba558f824d8ef2.0.tmp
- /data/data/####/cache/picasso-cache/5a36412509c7a104238fb53500d00a78.1.tmp
- /data/data/####/cache/picasso-cache/1926ed8785816b5ea6ea8999069fcf75.1.tmp
- /data/data/####/cache/picasso-cache/6a475d0d6d0bfd885afd64728604abef.1.tmp
- /data/data/####/cache/picasso-cache/34b3f2325333db14894644d7245bf0c3.0.tmp
- /data/data/####/cache/picasso-cache/d12077d6d9c68afdeb7bf99af509f68a.1.tmp
- /data/data/####/cache/picasso-cache/e6d19796064d7a9cd1df6d2b98a3633d.0.tmp
- /data/data/####/cache/picasso-cache/8b9065e22c1d89c7dd9be6e63b82a71d.0.tmp
- /data/data/####/cache/picasso-cache/0e2c612a13f2a13ac1b41de4debdfdc7.1.tmp
- /data/data/####/cache/picasso-cache/fbf3a8dfc51666bef27e0032a3c56cf5.1.tmp
- /data/data/####/cache/picasso-cache/026f4a8ce16a177b6db4cea205cfc6d6.0.tmp
- /data/data/####/cache/picasso-cache/98be570cbfd5aebb2d0531ab60c37d65.0.tmp
- /data/data/####/cache/picasso-cache/7827e166a060d28693cbcca26be0ecec.1.tmp
- /data/data/####/cache/picasso-cache/1c94f7eed04d909911b0563b2130081d.1.tmp
- /data/data/####/cache/picasso-cache/c5b8a25692a8dc32d52bf9b130971368.0.tmp
- /data/data/####/cache/picasso-cache/4ab737c4920b824095441e5b70058f04.0.tmp
- /data/data/####/ReadyHost.txt
- /data/data/####/cache/picasso-cache/7827e166a060d28693cbcca26be0ecec.0.tmp
- /data/data/####/cache/picasso-cache/0e2c612a13f2a13ac1b41de4debdfdc7.0.tmp
- /data/data/####/cache/picasso-cache/cd266ea2880f43a79c8f07a605fb91b3.1.tmp
- /data/data/####/cache/picasso-cache/e6d19796064d7a9cd1df6d2b98a3633d.1.tmp
- /data/data/####/cache/picasso-cache/551235d458f8a5283eba558f824d8ef2.1.tmp
- /data/data/####/files/23DB8520H32/####12x862
- /data/data/####/cache/picasso-cache/22ada2e7a07d5a153cb42b643a88c5f5.0.tmp
- /data/data/####/cache/picasso-cache/aaa98c0eba21659a1e801051b5231bca.0.tmp
- /data/data/####/cache/picasso-cache/062675b574a95905cea96aeb342d5718.0.tmp
- /data/data/####/cache/picasso-cache/8aee45755636010052aacb918b406860.0.tmp
- /data/data/####/cache/picasso-cache/d12077d6d9c68afdeb7bf99af509f68a.0.tmp
- /data/data/####/cache/picasso-cache/245d1f3afe48dd0ee15f303704c59fda.1.tmp
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/cache/picasso-cache/eec5f19f76a82759ba949fa5adcfb1c7.0.tmp
- /data/data/####/cache/picasso-cache/34b3f2325333db14894644d7245bf0c3.1.tmp
- /data/data/####/cache/picasso-cache/48174572c1a3be52b0f32197f34442bb.0.tmp
- /data/data/####/cache/picasso-cache/b6f57a7f3fbdafaacca650aa5167acad.0.tmp
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /data/data/####/app_file_dex/MasterControl.jar
- /data/data/####/cache/picasso-cache/6a475d0d6d0bfd885afd64728604abef.0.tmp
- /data/data/####/cache/picasso-cache/8a93cd63777c02ef629fb1dc28b6e478.0.tmp
- /data/data/####/cache/picasso-cache/062675b574a95905cea96aeb342d5718.1.tmp
- /data/data/####/cache/picasso-cache/50aaebac55b1fc78f10bcb013b0260b1.0.tmp
- /data/data/####/cache/picasso-cache/e0a1078b13700db471537f75fe9508d4.1.tmp
- /data/data/####/cache/picasso-cache/b6f57a7f3fbdafaacca650aa5167acad.1.tmp
- /data/data/####/cache/picasso-cache/db5800f7fd3f5909c9b4367ebd7f96f5.1.tmp
- /data/data/####/cache/picasso-cache/fbc4aa0373be5aac4d384edadb823156.1.tmp
- /data/data/####/PreExcuModsInfo.txt
- /data/data/####/cache/picasso-cache/98be570cbfd5aebb2d0531ab60c37d65.1.tmp
- /data/data/####/cache/picasso-cache/cd266ea2880f43a79c8f07a605fb91b3.0.tmp
- /data/data/####/cache/picasso-cache/ae8604f1b4368ef268c822bf52dd25b0.1.tmp
- /data/data/####/cache/picasso-cache/1926ed8785816b5ea6ea8999069fcf75.0.tmp
- /data/data/####/cache/picasso-cache/0ac1dcc51ac4b17cebba263d20c94f31.1.tmp
- /data/data/####/XmSmLockFile.txt
- /data/data/####/files/Android-x86112.jar
Присваивает атрибут 'исполняемый' для следующих файлов:
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Другие:
Запускает следующие shell-скрипты:
- sh /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- sh -c rm /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- getenforce
- /system/bin/dexopt --dex 27 86 40 23552 /data/data/####/files/hftJcw46N.jar 1251046254 1664476667 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/
- sh -c rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- /system/bin/dexopt --dex 27 43 40 226208 /data/data/####/app_file_dex/MasterControl.jar 1244887144 -736492987 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /syste
- /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h c48756b39e9e402ca3e1026d88799eaa /data/data/####/.syslib-
- rm /data/data/####/files/hftJcw46N.dex
- sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- sh -c rm -f /data/data/####/files/hftJcw46N.jar > /dev/null 2>&1
- rm -f /data/data/####/files/hftJcw46N.dex
- chmod 0771 /data/data/####/.syslib-
- sh -c rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- rm /data/data/####/files/hftJcw46N.jar
- rm /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /system/bin/dexopt --dex 27 83 40 66944 /data/data/####/files/Android-x86112.jar 1251052727 1662001824 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/frame
- sh -c /system/usr/toolbox rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- sh -c rm /data/data/####/files/hftJcw46N.dex > /dev/null 2>&1
- rm -f /data/data/####/files/hftJcw46N.jar
- rm -f /data/data/####/files/us.908GhK3z1XIE6J7u3B4nRKlfEI88s
Может автоматически отправлять СМС-сообщения.
