Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.Xiny.20
Загружает из Интернета следующие детектируемые угрозы:
- Android.Xiny.20
Сетевая активность:
Подключается к:
- s####.####.com
- 3####.####.com
- coo####.com
- h####.com
- d####.####.cn
- o####.####.com
- c####.####.com
- f####.####.com
- y####.cn
- ci####.####.com
- a####.####.com
- b####.####.com
Запросы HTTP GET:
- coo####.com/en/
- h####.com/nav_images/c4482295b2098c07e10769e5adc36e98.png
- coo####.com/
- h####.com/favicon.ico
- h####.com/nav_images/31c62c4c4bd33fb4f5ac532b70963614.png
- h####.com/nav_images/1cd59add4277af8fac8afc0d4203c53e.png
- h####.com/nav.html
- y####.cn/union/u.jsp?p=####&site=####&tps=####
- h####.com/nav_images/db95c4674729d4976b74bb817831850a.png
- h####.com/nav_images/0c5fe17a3e40d227dda43af4fa454db6.png
- h####.com/nav_images/d8255bd03f7cbabfa7686338c93600b5.png
- h####.com/nav_images/banner-03.png
- c####.####.com/image?src=####&q=####&r=####&imgflag=####&cdn_cache=####&...
- coo####.com/en/static/css/index.css?a4510c3####
- coo####.com/favicon.ico
- ci####.####.com/
- coo####.com/en/static/js/index.js?a451####
- h####.com/nav_images/f4d775c62a6b76c5e3a0edb8acb4a37d.png
- b####.####.com/startpage_huosu.xml
- h####.com/nav_images/3f49fa67bb7e78587c21e4d877b771e9.png
- b####.####.com/startpage.php?versioncode=####&ver=####&xml=####
- h####.com/nav_images/510eed67bf0fb7c655e4bd5f89a83a89.png
- 3####.####.com/forum/img/v6/loading02.png
- f####.####.com/
- h####.com/nav_images/bd6411522b1868df87e32a48e48d9d2c.png
- h####.com/nav_images/4d0a7cb8d8c92ae266603f7c63bd3e53.png
- d####.####.cn/jarFile/SDKAutoUpdate/hyjwan.jar
- coo####.com/en/static/js/cms.js
- h####.com/nav_images/1b44bee972b5f66793627679caf5c22f.png
- coo####.com/en
- h####.com/nav_images/e27cdb8cab187deb63323c70792400e8.png
- h####.com/nav_images/dd80c605ce8e9e95f56d7fe36e657119.png
- h####.com/nav_images/c0e3092861ee5233dc12b2a37306d8b0.png
- h####.com/nav_images/u=933285818,3833474827&fm=23&gp=0.jpg
Запросы HTTP POST:
- s####.####.com/cw/interface!u2.action?protocol=####&version=####&cid=####
- a####.####.com/app_logs
- s####.####.com/cw/cp.action?requestId=####&g=####
- o####.####.com/check_config_update
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/shared_prefs/mobclick_agent_online_setting_<Package>.xml
- <Package Folder>/databases/HUOSU-journal
- <Package Folder>/databases/bookmarks.db-journal
- <Package Folder>/shared_prefs/mobclick_agent_header_<Package>.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml
- <Package Folder>/cache/webviewCacheChromium/f_00000a
- <Package Folder>/cache/webviewCacheChromium/f_00000c
- <Package Folder>/cache/webviewCacheChromium/f_00000b
- <Package Folder>/shared_prefs/mobclick_agent_state_<Package>.xml
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/shared_prefs/W_Key.xml.bak
- <Package Folder>/databases/downloadswc-journal
- <Package Folder>/app_icons/WebpageIcons.db-journal
- <Package Folder>/cache/webviewCacheChromium/f_000009
- <Package Folder>/cache/webviewCacheChromium/f_000008
- <Package Folder>/shared_prefs/mobclick_agent_state_<Package>.xml.bak
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/webviewCacheChromium/f_000005
- <Package Folder>/cache/webviewCacheChromium/f_000004
- <Package Folder>/cache/webviewCacheChromium/f_000007
- <Package Folder>/cache/webviewCacheChromium/f_000006
- <Package Folder>/databases/downloadswc
- <Package Folder>/shared_prefs/st.xml
- <Package Folder>/databases/HUOSU
- <Package Folder>/shared_prefs/W_Key.xml
- <Package Folder>/shared_prefs/<Package>_preferences.xml.bak
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/databases/weave.db-journal
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
