Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.455.origin
- Android.DownLoader.502.origin
Сетевая активность:
Подключается к:
- 1####.####.18:8080
- 1####.####.18
- im####.####.net
- 1####.####.32:8080
- s####.####.net
- mei####.net
Запросы HTTP GET:
- im####.####.net/p/20111017/bbc59b270970a9da2f5fb0ae95bb7dc6_60x60.jpg
- im####.####.net/p/20111130/629aedacc88d9607d1d1caba2ec0af59_180x180.jpg
- s####.####.net/r/80/238/5684580/a5684580_149518772339776.jpg
- im####.####.net/p/20170518/1a01109bea77d21bc90ad75e1ba0cef7.jpg
- im####.####.net/p/20100812/f96f6afd16c08f92751d2478cd3abf60_150x150.jpg
- im####.####.net/p/20111208/a33af27d0cb180dfb0762fc1f5386819_60x60.jpg
- im####.####.net/p/20120921/d2d8c6d77718d9c2fe1071fd0ddba6e6.jpg
- s####.####.net/r/30/75/4706280/a4706280_149312529768172.jpg
- s####.####.net/r/21/119/2654771/a2654771_80989.jpg
- im####.####.net/p/20170518/8fa3a91eea5db723b48f4b3dfecea150.jpg
- im####.####.net/p/20161031/24cc5b1e8fa5a74698d729c1daff61e5_150x150.jpg
- mei####.net/chufang/diy/jiangchangcaipu/
- mei####.net/chufang/diy/gaodianxiaochi/
- 1####.####.32:8080/jfservice/a.jsp?k=####
- im####.####.net/p/20110915/ab18145a0d11ace74cdf43257837de2a_180x180.jpg
- im####.####.net/p/20110718/769130e8c9a062a32ed14383c083561f_180x180.jpg
- im####.####.net/p/20131015/3e0bb9f23216f8a9c796ea5a8b7d0001_60x60.jpg
- im####.####.net/p/20111130/9009e28cb2d0dd81aabef8aa6e6b8394_180x180.jpg
- s####.####.net/r/49/144/4036049/a4036049_147285548098785.jpg
- im####.####.net/p/20170330/23da49e7bb0dd02111b14d640c2a90eb_180x180.jpg
- im####.####.net/p/20170330/52c7f611c17459de9eaf1f4cdd6574cc_180x180.jpg
- s####.####.net/r/06/152/6163006/a6163006_149216390694633.jpg
- im####.####.net/p/20120221/73fb34f7b214dae7e9b7fa90f6bbec67_60x60.jpg
- im####.####.net/p/20111220/4ff2bf9cde61b13d92af7a130d993353_180x180.jpg
- im####.####.net/p/20150902/9dddf4b7bc308732488805bdedf87659_150x150.jpg
- im####.####.net/p/20150330/2b106469cee093e37dd71b17dd46d416_150x150.jpg
- mei####.net/chufang/diy/tangbaocaipu/
- s####.####.net/r/37/123/4218287/a4218287_146124404011762.jpg
- s####.####.net/shicaiimg/249/shicai249_60x60.jpg
- im####.####.net/p/20140704/0b5100453f24b68ff6ea3b5f3a39ad6a_60x60.jpg
- im####.####.net/p/20170330/23da49e7bb0dd02111b14d640c2a90eb_60x60.jpg
- s####.####.net/r/80/133/5970830/a5970830_149518846748807.jpg
- im####.####.net/p/20160229/4d4c0c37713bfb1cd72418b145725f96_150x150.jpg
- im####.####.net/p/20150331/e42c1901635df0e2483221ce2a644ad9_60x60.jpg
- mei####.net/chufang/diy/laonian/
- s####.####.net/r/47/119/5279797/a5279797_149071161074013.jpg
- im####.####.net/p/20170518/cfa18932b8dbe78147a497d4c1177032.jpg
- im####.####.net/p/20120111/a2bd346666ad98c2d0fd5ee03e419eef_180x180.jpg
- im####.####.net/p/20140418/dd9ddb1f27b62a6dc4fde1202472491e_150x150.jpg
- im####.####.net/p/20150331/d7a3900c9a76da2f95d8d3ede2c62ec2_150x150.jpg
- s####.####.net/r/87/02/6625587/a6625587_149070511708591.jpg
- mei####.net/chufang/diy/recaipu/
- im####.####.net/p/20160715/642c5ea3e925818150f4c1625fcd4612_150x150.jpg
- im####.####.net/p/20100925/48f18fc45131842db16f09d3c5963671_150x150.jpg
- s####.####.net/r/169/156/2789169/a2789169_149198170830088.jpg
- s####.####.net/r/124/42/3885624/a3885624_144740616755530.jpg
- s####.####.net/r/200/209/3552450/a3552450_143391612029563.jpg
- im####.####.net/p/20110825/1366284bc5375e27e000b7f962f0a039_180x180.jpg
- s####.####.net/p2/20170515/20170515150533_374.png
- im####.####.net/p/20160411/1494b2eb5b6cb77e569ef27a124ae715_150x150.jpg
- im####.####.net/p/20120904/ca606b21b15f95d96f618dcb73500de5.jpg
- im####.####.net/p/20160919/05de98b48a112728b0953f7edd7f23d9_150x150.jpg
- mei####.net/shicai/
- im####.####.net/p/20120904/483ca0bff4884d2a1b764c2d452e9e8f.jpg
- mei####.net/chufang/diy/sijiacai/
- im####.####.net/p/20170330/faa37fc1ad02dafb198a73bccf2c68c5_180x180.jpg
- s####.####.net/r/195/17/2004445/a2004445_149106118375215.jpg
- im####.####.net/p/20160728/ecddd6bbc5d0bf159927fe47b8eb1b2a_150x150.jpg
- im####.####.net/p/20110718/769130e8c9a062a32ed14383c083561f_60x60.jpg
- s####.####.net/r/198/47/3824448/a3824448_149445971334295.jpg
- s####.####.net/r/15/201/3050265/a3050265_146693128520117.jpg
- im####.####.net/p/20120904/6a781356ad0b69c699610fbf5f70f7fd.jpg
- im####.####.net/p/20110801/c2f4e35f70c94e7819b7ccdb1580624a_60x60.jpg
- mei####.net/%E6%B4%8B%E8%91%B1
- 1####.####.18/spotService/a.jsp?k=####
- im####.####.net/p/20150130/d37e654f54635ead545efa4decfbfe2b_150x150.jpg
- im####.####.net/p/20140611/bdcbf9b77377430e17006602c2af0da5_180x180.jpg
- im####.####.net/p/20170330/5ff27eba123f27615b1c0f0c406a5c27_180x180.jpg
- im####.####.net/p/20160328/678ca5cb34da14d2090889e4bc936a54_150x150.jpg
- im####.####.net/p/20151029/2cfe0875c45ccf103be85c50cb5c06d0_150x150.jpg
- im####.####.net/p/20160420/974fb685857f8e792cc02005c8aa4291_150x150.jpg
- 1####.####.18:8080/spotService/a.jsp?k=####
- im####.####.net/p/20140521/ae678d4457c59ce46629a78d7d4f2428_180x180.jpg
- im####.####.net/p/20111202/62c149c64a4c9a7a02911650cc50b256_180x180.jpg
- s####.####.net/r/156/208/6927156/a6927156_149518938647444.jpg
- im####.####.net/p/20110822/020d8b27b4c8449c75bc0b6cafa4b626_180x180.jpg
- im####.####.net/p/20121126/b3f66004d9644644de25e00ee84c91c3_180x180.jpg
- im####.####.net/p/20150410/e64666259c79da8856e5c833cc8ecea0_150x150.jpg
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/files/01495016880817.jar
- <Package Folder>/cache/webviewCacheChromium/f_000023
- <Package Folder>/shared_prefs/pa<IMEI>.xml.bak
- <Package Folder>/cache/webviewCacheChromium/f_000018
- <Package Folder>/cache/webviewCacheChromium/f_000019
- <Package Folder>/cache/webviewCacheChromium/f_000016
- <Package Folder>/cache/webviewCacheChromium/f_000017
- <Package Folder>/cache/webviewCacheChromium/f_000014
- <Package Folder>/cache/webviewCacheChromium/f_000015
- <Package Folder>/cache/webviewCacheChromium/f_000012
- <Package Folder>/cache/webviewCacheChromium/f_000013
- <Package Folder>/cache/webviewCacheChromium/f_000010
- <Package Folder>/cache/webviewCacheChromium/f_000011
- <Package Folder>/databases/sd.db-journal
- <Package Folder>/files/01495016855087.jar
- <Package Folder>/files/01495016895162.jar
- <Package Folder>/cache/webviewCacheChromium/f_00000a
- <Package Folder>/cache/webviewCacheChromium/f_00000c
- <Package Folder>/cache/webviewCacheChromium/f_00000b
- <Package Folder>/cache/webviewCacheChromium/f_00000e
- <Package Folder>/cache/webviewCacheChromium/f_00000d
- <Package Folder>/shared_prefs/pa<IMEI>.xml
- <Package Folder>/cache/webviewCacheChromium/f_00000f
- <Package Folder>/files/1495016886036p.jar
- <Package Folder>/files/01495016860392.jar
- <Package Folder>/shared_prefs/a<IMEI>.xml.bak
- <Package Folder>/shared_prefs/pa.xml
- <Package Folder>/files/01495016885655.jar
- <Package Folder>/files/01495016869795.jar
- <Package Folder>/files/1495016854511p.jar
- <Package Folder>/shared_prefs/c.xml
- <Package Folder>/files/01495016864700.jar
- <Package Folder>/files/01495016890819.jar
- <Package Folder>/shared_prefs/a.xml
- <Package Folder>/databases/p_d.db-journal
- <Package Folder>/cache/webviewCacheChromium/index
- <Package Folder>/files/1495016870215p.jar
- <Package Folder>/cache/webviewCacheChromium/f_000009
- <Package Folder>/cache/webviewCacheChromium/f_000008
- <Package Folder>/cache/webviewCacheChromium/f_000021
- <Package Folder>/cache/webviewCacheChromium/f_000020
- <Package Folder>/cache/webviewCacheChromium/f_000026
- <Package Folder>/cache/webviewCacheChromium/f_000025
- <Package Folder>/cache/webviewCacheChromium/f_000024
- <Package Folder>/cache/webviewCacheChromium/f_000001
- <Package Folder>/files/1495016895348p.jar
- <Package Folder>/cache/webviewCacheChromium/f_000003
- <Package Folder>/cache/webviewCacheChromium/f_000002
- <Package Folder>/cache/webviewCacheChromium/f_000005
- <Package Folder>/cache/webviewCacheChromium/f_000004
- <Package Folder>/cache/webviewCacheChromium/f_000007
- <Package Folder>/cache/webviewCacheChromium/f_000006
- <Package Folder>/shared_prefs/b<IMEI>.xml
- <Package Folder>/files/1495016865191p.jar
- <Package Folder>/cache/webviewCacheChromium/f_00001f
- <Package Folder>/shared_prefs/c<IMEI>.xml
- <Package Folder>/cache/webviewCacheChromium/f_00001d
- <Package Folder>/cache/webviewCacheChromium/f_00001e
- <Package Folder>/cache/webviewCacheChromium/f_00001b
- <Package Folder>/cache/webviewCacheChromium/f_00001c
- <Package Folder>/cache/webviewCacheChromium/f_000022
- <Package Folder>/cache/webviewCacheChromium/f_00001a
- <Package Folder>/files/utrlu
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/shared_prefs/c<IMEI>.xml.bak
- <Package Folder>/databases/webviewCookiesChromium.db-journal
- <Package Folder>/files/1495016891243p.jar
- <Package Folder>/files/1495016860639p.jar
- <Package Folder>/files/1495016881221p.jar
- <Package Folder>/shared_prefs/d.xml
- <Package Folder>/shared_prefs/a<IMEI>.xml
- <Package Folder>/cache/webviewCacheChromium/data_3
- <Package Folder>/cache/webviewCacheChromium/data_2
- <Package Folder>/cache/webviewCacheChromium/data_1
- <Package Folder>/cache/webviewCacheChromium/data_0
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
Может автоматически отправлять СМС-сообщения.
