Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.371.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Backdoor.371.origin
Сетевая активность:
Подключается к:
- doud####.com
- p####.####.biz
- api-ana####.####.com
- b####.ly
- p####.####.us
- ap####.us
- p####.####.com
- s####.####.net
- a####.####.com
Запросы HTTP GET:
- a####.####.com/m/imp?appid=####&cid=####&city=####&ckv=####&country_code...
- a####.####.com/m/open?v=####&id=####&udid=####&av=####
- p####.####.us/api/v1/android/applications.json?package=####
- p####.####.biz/details?id=####&c####
- a####.####.com/a4d7bfeed0556e351450428584122.dex
- api-ana####.####.com/1_0_5.json
- a####.####.com/m/aclk?appid=####&cid=####&city=####&ckv=####&country_cod...
- a####.####.com/m/pos?id=####&v=####&nsv=####&dn=####&udid=####&av=####
- a####.####.com/m/ad?id=####&nsv=####&dn=####&udid=####&z=####&o=####&sc_...
- b####.ly/1rO7m9J
- doud####.com/update.html?version=####
- b####.ly/1oSnJwZ
- p####.####.com/s/18E2tH
- ap####.us/usaapps/and_12booster/notify.json
- a####.####.com/m/ad?v=####&id=####&nv=####&dn=####&udid=####&z=####&o=##...
- s####.####.net/oapi/reqAd.jsp?pub=####&divid=####&adspace=####&format=##...
- s####.####.net/oapi/js/smaatoAdTag.js
Запросы HTTP POST:
- doud####.com/adCenter/app/get
- a####.####.com/app_logs
- doud####.com/adCenter/ad/get
- doud####.com/adCenter/seo/get
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/mopub-cache/0ff541163d5ba779dcdcab9f92b2c7be6ecb8f2c.0.tmp
- <Package Folder>/files/.imprint
- <Package Folder>/databases/KochavaFeatureTracker
- <Package Folder>/shared_prefs/initPrefs.xml.bak
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/shared_prefs/jp.igry.promotion.PromotionSettings.xml.bak
- <Package Folder>/cache/mopub-cache/2dd47f3f8682251332925309fb476f46f91998bc.0.tmp
- <Package Folder>/shared_prefs/d.xml
- <Package Folder>/shared_prefs/mopubSettings.xml
- <Package Folder>/shared_prefs/preiLibrary.xml
- <Package Folder>/cache/mopub-cache/be2637bbe9e0b94c78378e1cfedecd6bdeb92393.0.tmp
- <Package Folder>/files/gaClientId
- <Package Folder>/shared_prefs/initPrefs.xml
- <Package Folder>/cache/ads472640957.jar
- <Package Folder>/files/mobclick_agent_cached_<Package>2015042118
- <Package Folder>/databases/dbname-journal
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/databases/dbname
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/cache/d.dex
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/databases/google_analytics_v4.db-journal
- <Package Folder>/app_d/d.dex
- <Package Folder>/shared_prefs/jp.igry.promotion.PromotionSettings.xml
- <Package Folder>/shared_prefs/booster_us.xml.bak
- <Package Folder>/databases/KochavaFeatureTracker-journal
- <Package Folder>/shared_prefs/umeng_general_config.xml.bak
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/cache/mopub-cache/journal.tmp
- <Package Folder>/cache/mopub-cache/7a5148cf3808d65253df7839403e72ea1bc9e50a.0.tmp
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/shared_prefs/booster_us.xml
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/shared_prefs/mANALYTICS.xml
- <Package Folder>/databases/apps.db-journal
- <Package Folder>/databases/com.google.android.gms.ads.db/localstorage/https_googleads.g.doubleclick.net_0.localstorage-journal
- <Package Folder>/cache/ApplicationCache.db-journal
- <Package Folder>/shared_prefs/ddspname.xml
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
