Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Mixi.5.origin
- Android.Triada.1
Сетевая активность:
Подключается к:
- v####.####.com
- yaochao####.com
- i####.####.com
- d####.####.com
- w####.####.com:10081
- st####.####.net
- ust####.####.com
- w####.####.com
- wi####.####.com
- m####.####.com
- mim####.####.com
- a####.####.com
Запросы HTTP GET:
- i####.####.com/wap/2017_5_9_20_45_15_4794_320x579.jpg
- i####.####.com/q80/wap/2017_4_19_13_50_36_6372.jpg
- mim####.####.com/wap/2017_5_12_11_12_3_964_320x500.jpg
- i####.####.com/wap/2017_5_10_18_5_47_5183_320x579.jpg
- mim####.####.com/wap/2017_5_10_16_0_17_872_320x579.jpg
- i####.####.com/wap/2017_4_12_14_45_12_3759_640x80.jpg
- d####.####.com/dis/dis.aspx?p=####&cb=####&ref=####&sc_r=####&sc_d=####&...
- i####.####.com/wap/2017_4_25_20_4_2_2123_320x579.jpg
- i####.####.com/q80/wap/2017_4_20_14_27_59_481.jpg
- i####.####.com/Content/H5/img/msg3.png
- i####.####.com/wap/2017_5_10_18_3_55_5068_320x579.jpg
- i####.####.com/wap/2017_5_8_16_6_43_5491_320x500.jpg
- i####.####.com/wap/2017_5_5_14_54_58_4835_640x350.jpg
- m####.####.com/favicon.ico
- i####.####.com/q80/wap/2017_4_16_10_15_42_8079.jpg
- i####.####.com/Content/H5/img/download1.png
- i####.####.com/wap/2017_5_5_15_48_27_1171_320x500.jpg
- i####.####.com/wap/2017_5_9_15_59_16_2296_320x579.jpg
- i####.####.com/Content/H5/img/pcsite1.png
- i####.####.com/wap/2017_5_12_16_36_23_7593_640x402.jpg
- mim####.####.com/wap/2017_5_8_17_0_52_98_320x579.jpg
- i####.####.com/wap/2017_5_5_15_51_36_9835_320x500.jpg
- wi####.####.com/event?a=####&v=####&p0=####&p1=####&p2=####&p3=####&adce...
- m####.####.com/Content/H5/img/loading-slide.jpg
- i####.####.com/wap/2017_5_5_15_49_12_2670_640x350.jpg
- mim####.####.com/wap/2017_5_10_18_11_35_118_320x579.jpg
- ust####.####.com/g2/jrV10
- i####.####.com/wap/2017_5_9_16_0_18_6093_320x579.jpg
- i####.####.com/wap/2017_5_12_11_11_34_9016_640x350.jpg
- i####.####.com/wap/2017_4_28_17_54_7_3321_320x579.jpg
- i####.####.com/Content/H5/css/css.css?v####
- i####.####.com/q80/wap/2017_4_16_10_15_14_6262.jpg
- i####.####.com/wap/2017_5_9_20_37_57_1050_320x579.jpg
- i####.####.com/wap/2017_5_10_18_6_38_5299_320x579.jpg
- i####.####.com/wap/2017_5_12_11_9_38_4746_640x350.jpg
- i####.####.com/q80/wap/2017_4_19_13_52_11_2685.jpg
- i####.####.com/q80/wap/2017_4_10_10_18_26_6970.jpg
- i####.####.com/wap/2017_5_12_16_35_23_8501_640x402.jpg
- i####.####.com/wap/2017_2_13_17_30_22_1512_640x80.jpg
- i####.####.com/Content/H5/img/search2.png
- i####.####.com/q80/wap/2017_4_10_10_18_16_8932.jpg
- i####.####.com/wap/2017_5_9_21_35_0_2546_320x579.jpg
- i####.####.com/wap/2017_5_12_16_36_10_7355_640x402.jpg
- mim####.####.com/wap/2017_5_12_11_12_21_727_640x350.jpg
- mim####.####.com/wap/2017_5_12_16_35_11_462_640x402.jpg
- i####.####.com/content/html5v3/images/see-all.jpg
- i####.####.com/wap/2017_5_9_15_56_45_8108_320x579.jpg
- i####.####.com/wap/2017_5_10_18_2_44_4175_320x579.jpg
- i####.####.com/q80/wap/2017_4_10_10_18_41_8849.jpg
- m####.####.com/m/index/.mvc?source=####&SourceSunInfo=####
- i####.####.com/Content/H5/js/h5trace.min.js?v####
- i####.####.com/wap/2017_5_12_15_1_29_3304_320x579.jpg
- i####.####.com/Content/H5/css/swiper.min.css
- m####.####.com/Content/H5/js/zepto.min.js
- i####.####.com/wap/2017_5_5_17_42_53_5892_320x579.jpg
- i####.####.com/wap/2017_5_15_11_28_37_5438_320x579.jpg
- i####.####.com/wap/2017_5_10_15_59_50_2501_320x579.jpg
- i####.####.com/wap/2017_5_12_11_10_24_5618_320x500.jpg
- i####.####.com/Content/H5/img/weixin1.png
- i####.####.com/Content/H5/js/swiper.min.js
- i####.####.com/wap/2017_3_9_17_12_51_6054_640x80.jpg
- i####.####.com/q80/wap/2017_4_10_10_19_59_2131.jpg
- i####.####.com/wap/2017_5_12_15_1_39_9146_320x579.jpg
- i####.####.com/wap/2017_5_12_16_35_34_6157_640x402.jpg
- i####.####.com/wap/2017_4_25_20_4_39_9948_320x579.jpg
- i####.####.com/wap/2017_5_9_15_59_53_7471_320x579.jpg
- yaochao####.com/backinfo/01jiJ140infos
- i####.####.com/wap/2017_5_12_11_12_12_5829_320x500.jpg
- i####.####.com/Content/H5/js/zepto.min.js
- v####.####.com/waprender.ashx?version=####&requestid=####&parentrequesti...
- i####.####.com/wap/2017_4_21_21_27_23_3543_320x579.jpg
- i####.####.com/wap/2017_5_12_16_44_2_3201_320x500.jpg
- m####.####.com/channel/index/979?guid=####
- i####.####.com/wap/2017_5_9_20_42_56_4029_320x579.jpg
- i####.####.com/wap/2017_5_12_11_11_19_2921_320x500.jpg
- i####.####.com/oms/2017_5_3_11_30_49_2957_624x692.jpg
- i####.####.com/wap/2017_5_9_15_48_40_1787_320x500.jpg
- i####.####.com/wap/2017_4_6_18_56_42_7847_640x80.jpg
- m####.####.com/Content/Html5V3/images/jiazai.gif
- i####.####.com/wap/2017_5_11_10_29_34_5179_320x579.jpg
- i####.####.com/q80/wap/2017_4_10_10_18_49_3364.jpg
- mim####.####.com/wap/2017_5_9_15_53_22_275_320x500.jpg
- i####.####.com/wap/2017_5_9_15_55_23_8643_640x350.jpg
- mim####.####.com/wap/2017_2_28_15_31_22_130_640x80.jpg
- v####.####.com/wapvisit.ashx?version=####&requestid=####&parentrequestid...
- i####.####.com/wap/2017_5_9_16_0_28_3595_320x579.jpg
- yaochao####.com/backinfo/tiyri01jiJ140
- i####.####.com/wap/2017_5_12_16_35_0_7090_640x402.jpg
- st####.####.net/js/ld/ld.js
- i####.####.com/wap/2017_5_15_11_29_28_5380_320x579.jpg
- i####.####.com/wap/2017_5_10_18_7_25_8785_320x579.jpg
- i####.####.com/wap/2017_5_12_16_26_1_3600_320x500.jpg
- m####.####.com/User/RetrieveStep1
- i####.####.com/wap/2017_5_12_16_36_40_9548_640x402.jpg
- m####.####.com/User/GetVerityCode?r=####
- i####.####.com/q80/wap/2017_4_20_14_27_28_1248.jpg
- i####.####.com/Content/H5/img/help1.png
- i####.####.com/wap/2017_5_11_15_28_51_5503_320x579.jpg
- i####.####.com/wap/2017_5_11_15_29_1_6362_320x579.jpg
- i####.####.com/wap/2017_5_9_15_48_56_9626_320x500.jpg
- i####.####.com/wap/2017_1_6_13_40_21_6804_640x50.jpg
- i####.####.com/wap/2017_5_12_16_35_44_8722_640x402.jpg
- i####.####.com/wap/2017_5_5_19_12_38_6104_320x579.jpg
- i####.####.com/content/html5v3/images/ret-top.jpg
- i####.####.com/wap/2017_5_9_15_51_2_2301_320x500.jpg
- i####.####.com/wap/2017_5_16_9_19_47_3632_320x500.jpg
- i####.####.com/q80/wap/2017_4_19_13_52_40_9311.jpg
- i####.####.com/wap/2017_5_10_18_3_0_7384_320x579.jpg
- i####.####.com/wap/2017_5_12_16_35_58_8407_640x402.jpg
- m####.####.com/shoppingCar/GetShoppingCarts
- i####.####.com/wap/2017_5_12_11_9_52_3246_320x500.jpg
- i####.####.com/wap/2017_5_5_15_48_38_8847_320x500.jpg
- m####.####.com/Content/H5/img/navBgimgNew.png
Запросы HTTP POST:
- a####.####.com/V2/ReportAction
- w####.####.com/OsService/OsStrategy
- w####.####.com:10081/OsService/OsStrategy
- a####.####.com/V2/GetAD
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/cache/webviewCacheChromium/f_00002f
- /data/data/####/cache/webviewCacheChromium/f_00002e
- /data/data/####/cache/webviewCacheChromium/f_00002d
- /data/data/####/cache/webviewCacheChromium/f_00002c
- /data/data/####/cache/webviewCacheChromium/f_00002b
- /data/data/####/cache/webviewCacheChromium/f_00002a
- /data/data/####/shared_prefs/mobclick_agent_header_####.xml
- /data/data/####/cache/webviewCacheChromium/data_3
- /data/data/####/cache/webviewCacheChromium/data_2
- /data/data/####/cache/webviewCacheChromium/data_1
- /data/data/####/cache/webviewCacheChromium/data_0
- /data/data/####/databases/webviewCookiesChromium.db-journal
- /data/data/####/shared_prefs/c.ojsh.ogn.hugs.i.Iri.xml
- /data/data/####/databases/checkurl-journal
- /data/data/####/shared_prefs/xapcinfo.xml
- /data/data/####/cache/uaxj
- /data/data/####/databases/webview.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000026
- /data/data/####/cache/webviewCacheChromium/f_000025
- /data/data/####/cache/webviewCacheChromium/f_000024
- /data/data/####/cache/webviewCacheChromium/f_000023
- /data/data/####/cache/webviewCacheChromium/f_000022
- /data/data/####/cache/webviewCacheChromium/f_000021
- /data/data/####/cache/webviewCacheChromium/f_000020
- /data/data/####/cache/webviewCacheChromium/f_000029
- /data/data/####/cache/webviewCacheChromium/f_000028
- /data/data/####/files/v
- /data/data/####/shared_prefs/globalParamFile.xml
- /data/data/####/files/tiyri
- /data/data/####/shared_prefs/mobclick_agent_online_setting_####.xml
- /data/data/####/app_aty/classes.jar
- /data/data/####/files/searchengines/engines_1.xml
- /data/data/####/cache/webviewCacheChromium/index
- /data/data/####/files/yhyq.jar
- /data/data/####/cache/deu
- /data/data/####/cache/webviewCacheChromium/f_00000a
- /data/data/####/cache/webviewCacheChromium/f_00000c
- /data/data/####/cache/webviewCacheChromium/f_00000b
- /data/data/####/cache/webviewCacheChromium/f_00000e
- /data/data/####/cache/webviewCacheChromium/f_00000d
- /data/data/####/cache/webviewCacheChromium/f_00000f
- /data/data/####/files/quickbookmarks/taobao.com.png
- /data/data/####/cache/webviewCacheChromium/f_000035
- /data/data/####/cache/webviewCacheChromium/f_000036
- /data/data/####/cache/webviewCacheChromium/f_000037
- /data/data/####/cache/webviewCacheChromium/f_000030
- /data/data/####/cache/webviewCacheChromium/f_000031
- /data/data/####/cache/webviewCacheChromium/f_000032
- /data/data/####/cache/webviewCacheChromium/f_000033
- /data/data/####/cache/webviewCacheChromium/f_000049
- /data/data/####/cache/webviewCacheChromium/f_000038
- /data/data/####/cache/webviewCacheChromium/f_000039
- /data/data/####/databases/toolkit.db-journal
- /data/data/####/cache/webviewCacheChromium/f_00003d
- /data/data/####/cache/webviewCacheChromium/f_00003e
- /data/data/####/cache/webviewCacheChromium/f_00003f
- /data/data/####/cache/webviewCacheChromium/f_00003a
- /data/data/####/cache/webviewCacheChromium/f_00003b
- /data/data/####/cache/webviewCacheChromium/f_00003c
- /data/data/####/files/tiyritiyri
- /data/data/####/cache/webviewCacheChromium/f_000009
- /data/data/####/cache/webviewCacheChromium/f_000008
- /data/data/####/cache/webviewCacheChromium/f_000001
- /data/data/####/cache/webviewCacheChromium/f_000003
- /data/data/####/cache/webviewCacheChromium/f_000002
- /data/data/####/cache/webviewCacheChromium/f_000005
- /data/data/####/cache/webviewCacheChromium/f_000004
- /data/data/####/cache/webviewCacheChromium/f_000007
- /data/data/####/cache/webviewCacheChromium/f_000006
- /sdcard/Download/browser.ini
- /sdcard/llc/log/20170502AdRequest
- /data/data/####/shared_prefs/BrowserSettings.xml
- /data/data/####/files/mc
- /data/data/####/databases/browser.db-journal
- /data/data/####/files/1493728890819_31719o_pack.so
- /data/data/####/files/init.jar
- /data/data/####/files/searchengines/yicha.png
- /data/data/####/cache/webviewCacheChromium/f_000018
- /data/data/####/cache/webviewCacheChromium/f_000019
- /data/data/####/cache/webviewCacheChromium/f_000016
- /data/data/####/cache/webviewCacheChromium/f_000017
- /data/data/####/cache/webviewCacheChromium/f_000014
- /data/data/####/cache/webviewCacheChromium/f_000015
- /data/data/####/cache/webviewCacheChromium/f_000012
- /data/data/####/cache/webviewCacheChromium/f_000013
- /data/data/####/cache/webviewCacheChromium/f_000010
- /data/data/####/cache/webviewCacheChromium/f_000011
- /data/data/####/files/mobclick_agent_cached_####
- /data/data/####/shared_prefs/mobclick_agent_state_####.xml
- /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /data/data/####/files/searchengines/yisou.png
- /data/data/####/files/quickbookmarks/sina.com.cn.png
- /data/data/####/cache/webviewCacheChromium/f_00001f
- /data/data/####/cache/webviewCacheChromium/f_00001d
- /data/data/####/files/searchengines/taobao.png
- /data/data/####/cache/webviewCacheChromium/f_00001b
- /data/data/####/cache/webviewCacheChromium/f_00001c
- /data/data/####/cache/webviewCacheChromium/f_00001a
- /data/data/####/cache/webviewCacheChromium/f_000034
- /data/data/####/databases/webviewCookiesChromiumPrivate.db-journal
- /data/data/####/cache/01jiJ140infos01jiJ140infos
- /data/data/####/files/searchengines/baidu.png
- /data/data/####/shared_prefs/BrowserSettings.xml.bak
- /data/data/####/shared_prefs/####_preferences.xml
- /data/data/####/cache/webviewCacheChromium/f_00004a
- /data/data/####/cache/webviewCacheChromium/f_00004b
- /data/data/####/files/init
- /data/data/####/files/quickbookmarks/163.com.png
- /data/data/####/files/mc.db
- /data/data/####/app_appcache/ApplicationCache.db-journal
- /data/data/####/cache/webviewCacheChromium/f_00001e
- /data/data/####/files/quickbookmarks/youku.com.png
- /data/data/####/cache/webviewCacheChromium/f_000048
- /data/data/####/cache/webviewCacheChromium/f_000042
- /data/data/####/cache/webviewCacheChromium/f_000045
- /data/data/####/cache/webviewCacheChromium/f_000044
- /data/data/####/cache/webviewCacheChromium/f_000047
- /data/data/####/cache/webviewCacheChromium/f_000046
- /data/data/####/cache/webviewCacheChromium/f_000041
- /data/data/####/cache/webviewCacheChromium/f_000040
- /data/data/####/cache/webviewCacheChromium/f_000043
- /data/data/####/files/1839jrhftJcw46N.jar
- /data/data/####/app_icons/WebpageIcons.db-journal
- /data/data/####/cache/webviewCacheChromium/f_000027
- /data/data/####/files/quickbookmarks/vancl.png
- /data/data/####/databases/downloads.db-journal
- /data/data/####/databases/dbkdlf-journal
- /data/data/####/files/searchengines/google.png
Другие:
Запускает следующие shell-скрипты:
- sh -c rm /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- getprop
- /system/bin/dexopt --dex 27 97 40 179024 /data/data/####/app_aty/classes.jar 1232228995 1002695851 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framewo
- rm /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- /system/bin/dexopt --dex 27 40 40 8260 /data/data/####/files/init.jar 1232636097 574711341 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/frame
- sh -c rm -f /data/data/####/files/1839jrhftJcw46N.dex > /dev/null 2>&1
- sh -c rm /data/data/####/files/1839jrhftJcw46N.jar > /dev/null 2>&1
- rm -f /data/data/####/files/1839jrhftJcw46N.jar
- /system/bin/dexopt --dex 27 50 40 13328 /data/data/####/files/1839jrhftJcw46N.jar 1243891767 -1868856523 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/f
- rwdm ac554db364f
- rwdw eb47495f7bb
- sh -c rm /data/data/####/files/1839jrhftJcw46N.dex > /dev/null 2>&1
- sh -c /system/usr/toolbox rm -f /data/data/####/files/1839jrhftJcw46N.dex > /dev/null 2>&1
- chmod 0771 /data/data/####/.syslib-
- sh /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h ef6480676fc649bf9616ad3afd8ad674 /data/data/####/.syslib-
- sh -c rm -f /data/data/####/files/1839jrhftJcw46N.jar > /dev/null 2>&1
- /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s -h ef6480676fc649bf9616ad3afd8ad674 /data/data/####/.syslib-
- rm -f /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s
- sh -c rm -f /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- conbb od2gf04pd9
- sh -c /system/usr/toolbox rm -f /data/data/####/files/1839us.908GhK3z1XIE6J7u3B4nRKlfEI88s > /dev/null 2>&1
- rm /data/data/####/files/1839jrhftJcw46N.jar
- rm /data/data/####/files/1839jrhftJcw46N.dex
- logcat -d -v raw -s AndroidRuntime:E -p ####
- sh -c /system/usr/toolbox rm -f /data/data/####/files/1839jrhftJcw46N.jar > /dev/null 2>&1
- rm -f /data/data/####/files/1839jrhftJcw46N.dex
- /system/bin/dexopt --dex 27 45 40 74636 /data/data/####/files/yhyq.jar 1232636096 245784742 45 /system/framework/core.jar /system/framework/core-junit.jar /system/framework/bouncycastle.jar /system/framework/ext.jar /system/framework/fram
- logcat -c
Может автоматически отправлять СМС-сообщения.
