Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Backdoor.371.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.Backdoor.371.origin
Сетевая активность:
Подключается к:
- f####.####.com
- googl####.####.net
- p####.####.com
- a####.####.com
- pag####.####.com
Запросы HTTP GET:
- googl####.####.net/mads/static/mad/sdk/native/sdk-core-v40.appcache
- f####.####.com/update.html?version=####
- a####.####.com/my2/corea.jsp?banner=####&ver=####
- a####.####.com/a4d7bfeed0556e351450428584122.dex
- googl####.####.net/mads/static/sdk/native/sdk-core-v40.html
- pag####.####.com/activeview?avi=####&id=####&mtos=####&tos=####&p=####&r...
- a####.####.com/ajax/libs/jquery/1.7.2/jquery.min.js?&ver=####
- googl####.####.net/mads/static/mad/sdk/native/production/sdk-core-v40-im...
- a####.####.com/ext/files/classes.dex.zip
- googl####.####.net/mads/static/mad/sdk/native/sdk-core-v40.html
- a####.####.com/bi.adl?name=####&ver=####
- p####.####.com/s/18E2tH
- a####.####.com/my2/images/r.png?&ver=####
- googl####.####.net/mads/static/mad/sdk/native/sdk-core-v40.js
- googl####.####.net/mads/static/mad/sdk/native/canary/sdk-core-v40-impl.js
Запросы HTTP POST:
- f####.####.com/adCenter/seo/get
- a####.####.com/my2/parta.jsp
- f####.####.com/adCenter/ad/get
- f####.####.com/adCenter/app/get
- a####.####.com/report3.jsp
- a####.####.com/ext/rm.jsp
- a####.####.com/app_logs
- a####.####.com/rsch3.jsp
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/cache/Adlib-data/53d74abfe4b0b754955bfc3d/m.html
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap.tmp
- <Package Folder>/databases/ltvp.db
- <Package Folder>/cache/inmobi.cache
- <Package Folder>/shared_prefs/inmobisdkaid.xml
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/files/.imprint
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/591BFB9D033A-0001-0847-EA36B2D164AASessionOS.cls_temp
- <Package Folder>/app_data/eventlog
- <Package Folder>/shared_prefs/adlibr.xml
- <Package Folder>/databases/handytimetable.db-journal
- <Package Folder>/shared_prefs/inmobiAppAnalyticsAppId.xml
- <Package Folder>/shared_prefs/openudid_prefs.xml
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics_to_send/sa_888f6335-490f-4b88-adce-0cdd0d1cc9ca_1495006109849.tap
- <Package Folder>/shared_prefs/com.a.a.a.c.xml
- <Package Folder>/databases/ltvp.db-journal
- <Package Folder>/shared_prefs/inmobiAppAnalyticsSession.xml.bak
- <Package Folder>/shared_prefs/impref.xml
- <Package Folder>/cache/Adlib-data/53d74abfe4b0b754955bfc3d/ok
- <Package Folder>/databases/dbname-journal
- <Package Folder>/ADLIBr/rm.apk
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap
- <Package Folder>/cache/ddcp.dex
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/databases/dbname
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/591BFB9D033A-0001-0847-EA36B2D164AASessionApp.cls_temp
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/initialization_marker
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/webviewCacheChromium/f_000005
- <Package Folder>/cache/webviewCacheChromium/f_000004
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/com.crashlytics.settings.json
- <Package Folder>/cache/ads1805443963.jar
- <Package Folder>/cache/Adlib-data/53d74abfe4b0b754955bfc3d/i2
- <Package Folder>/cache/Adlib-data/53d74abfe4b0b754955bfc3d/i1
- <Package Folder>/cache/Adlib-data/53d74abfe4b0b754955bfc3d/i0
- <Package Folder>/shared_prefs/adlibr.xml.bak
- <Package Folder>/shared_prefs/inmobiAppAnalyticsSession.xml
- <Package Folder>/files/umeng_it.cache
- <Package Folder>/databases/com.google.android.gms.ads.db/localstorage/http_googleads.g.doubleclick.net_0.localstorage-journal
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/591BFB9D033A-0001-0847-EA36B2D164AABeginSession.cls_temp
- <Package Folder>/shared_prefs/IMAdTrackerStatusUpload.xml
- <Package Folder>/files/.TwitterSdk/cl/com.crashlytics.sdk.android/591BFB9D033A-0001-0847-EA36B2D164AASessionDevice.cls_temp
- <Package Folder>/shared_prefs/sharedPreferencesName.xml
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/shared_prefs/umeng_general_config.xml
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/shared_prefs/HandyTimetableSettings.xml
- <Package Folder>/cache/ApplicationCache.db-journal
- <Package Folder>/shared_prefs/ddspname.xml
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
